From 0373d2d2344e8a836898caed062f6f4fe4f3d67c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Antonio=20Calvo?=
 <491695+jacalvo@users.noreply.github.com>
Date: Mon, 5 Feb 2024 23:35:09 +0100
Subject: [PATCH] fix(event-hub): do not try to access root mgmt group in
 non-org mode (SSPROD-36994) (#30)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The change in #27 fixes the onboarding of the organizational mode
but introduces a regression when onboarding a single subscription:

```
Error: Invalid index

  on .terraform/modules/single-subscription-threat-detection/modules/services/event-hub-data-source/organizational.tf line 14, in locals:
  14:   selected_management_group = length(data.azurerm_management_group.onboarded_management_group) > 0 ? values(data.azurerm_management_group.onboarded_management_group) : [data.azurerm_management_group.root_management_group[0]]
    ├────────────────
    │ data.azurerm_management_group.root_management_group is empty tuple
```

Avoiding to access the undefined `root_management_group` if
`is_organizational` is false fixes the issue.

This was caught by the automated daily regression tests and the fix has
been confirmed by testing manually modifying the `source` on `main.tf`
to point to my local `terraform-azurerm-secure` repo.
---
 modules/services/event-hub-data-source/organizational.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/services/event-hub-data-source/organizational.tf b/modules/services/event-hub-data-source/organizational.tf
index 4039318..34c6df4 100644
--- a/modules/services/event-hub-data-source/organizational.tf
+++ b/modules/services/event-hub-data-source/organizational.tf
@@ -11,7 +11,7 @@ data "azurerm_management_group" "root_management_group" {
 }
 
 locals {
-  selected_management_group = length(data.azurerm_management_group.onboarded_management_group) > 0 ? values(data.azurerm_management_group.onboarded_management_group) : [data.azurerm_management_group.root_management_group[0]]
+  selected_management_group = var.is_organizational ? (length(data.azurerm_management_group.onboarded_management_group) > 0 ? values(data.azurerm_management_group.onboarded_management_group) : [data.azurerm_management_group.root_management_group[0]]) : []
   all_mg_subscription_ids = flatten([
     for mg in local.selected_management_group : mg.all_subscription_ids
   ])