diff --git a/modules/azure/aks/backplane/main.tf b/modules/azure/aks/backplane/main.tf
index 61c43dce..9fe9f103 100644
--- a/modules/azure/aks/backplane/main.tf
+++ b/modules/azure/aks/backplane/main.tf
@@ -133,16 +133,16 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
}
resource "azurerm_role_assignment" "existing_principals" {
- for_each = var.existing_principal_ids
-
+ for_each = var.existing_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = each.value
scope = var.scope
}
resource "azurerm_role_assignment" "created_principal" {
- count = var.create_service_principal_name != null ? 1 : 0
-
+ count = var.create_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = azuread_service_principal.buildingblock_deploy[0].object_id
scope = var.scope
@@ -193,8 +193,8 @@ resource "azurerm_role_definition" "buildingblock_landingzone_to_hub" {
}
resource "azurerm_role_assignment" "existing_principals_hub" {
- for_each = var.existing_hub_principal_ids
-
+ for_each = var.existing_hub_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
description = azurerm_role_definition.buildingblock_deploy_hub.description
principal_id = each.value
@@ -202,8 +202,8 @@ resource "azurerm_role_assignment" "existing_principals_hub" {
}
resource "azurerm_role_assignment" "created_principal_hub" {
- count = var.create_hub_service_principal_name != null ? 1 : 0
-
+ count = var.create_hub_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
description = azurerm_role_definition.buildingblock_deploy_hub.description
principal_id = azuread_service_principal.buildingblock_deploy_hub[0].object_id
@@ -211,32 +211,32 @@ resource "azurerm_role_assignment" "created_principal_hub" {
}
resource "azurerm_role_assignment" "existing_principals_hub_to_landingzone" {
- for_each = var.existing_hub_principal_ids
-
+ for_each = var.existing_hub_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
principal_id = each.value
scope = var.scope
}
resource "azurerm_role_assignment" "created_principal_hub_to_landingzone" {
- count = var.create_hub_service_principal_name != null ? 1 : 0
-
+ count = var.create_hub_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
principal_id = azuread_service_principal.buildingblock_deploy_hub[0].object_id
scope = var.scope
}
resource "azurerm_role_assignment" "existing_principals_landingzone_to_hub" {
- for_each = var.existing_principal_ids
-
+ for_each = var.existing_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
principal_id = each.value
scope = var.hub_scope
}
resource "azurerm_role_assignment" "created_principal_landingzone_to_hub" {
- count = var.create_service_principal_name != null ? 1 : 0
-
+ count = var.create_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
principal_id = azuread_service_principal.buildingblock_deploy[0].object_id
scope = var.hub_scope
diff --git a/modules/azure/azure-bastion/backplane/main.tf b/modules/azure/azure-bastion/backplane/main.tf
index 306bedc8..e0c8d093 100644
--- a/modules/azure/azure-bastion/backplane/main.tf
+++ b/modules/azure/azure-bastion/backplane/main.tf
@@ -26,6 +26,7 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
resource "azurerm_role_assignment" "buildingblock_deploy" {
for_each = var.principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = each.value
scope = var.scope
diff --git a/modules/azure/azure-virtual-machine/backplane/main.tf b/modules/azure/azure-virtual-machine/backplane/main.tf
index 055c4844..6c17e8fe 100644
--- a/modules/azure/azure-virtual-machine/backplane/main.tf
+++ b/modules/azure/azure-virtual-machine/backplane/main.tf
@@ -97,6 +97,7 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
resource "azurerm_role_assignment" "existing_principals" {
for_each = var.existing_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = each.value
scope = var.scope
@@ -106,6 +107,7 @@ resource "azurerm_role_assignment" "existing_principals" {
resource "azurerm_role_assignment" "created_principal" {
count = var.create_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = azuread_service_principal.buildingblock_deploy[0].object_id
scope = var.scope
diff --git a/modules/azure/budget-alert/backplane/README.md b/modules/azure/budget-alert/backplane/README.md
index 87867209..dd02a5f7 100644
--- a/modules/azure/budget-alert/backplane/README.md
+++ b/modules/azure/budget-alert/backplane/README.md
@@ -49,7 +49,7 @@ No modules.
| Name | Description |
|------|-------------|
-| [application\_password](#output\_application\_password) | Information about the created application password (excludes the actual password value for security). |
+| [application\_password](#output\_application\_password) | Information about the created application password including the password value. |
| [created\_application](#output\_created\_application) | Information about the created Azure AD application. |
| [created\_service\_principal](#output\_created\_service\_principal) | Information about the created service principal. |
| [documentation\_md](#output\_documentation\_md) | Markdown documentation with information about the Budget Alert building block backplane |
diff --git a/modules/azure/budget-alert/backplane/main.tf b/modules/azure/budget-alert/backplane/main.tf
index 057ddc2e..cbacfc68 100644
--- a/modules/azure/budget-alert/backplane/main.tf
+++ b/modules/azure/budget-alert/backplane/main.tf
@@ -55,6 +55,7 @@ resource "azurerm_role_assignment" "existing_principals" {
for_each = var.existing_principal_ids
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
+ principal_type = "ServicePrincipal"
principal_id = each.value
scope = var.scope
}
@@ -63,6 +64,7 @@ resource "azurerm_role_assignment" "created_principal" {
count = var.create_service_principal_name != null ? 1 : 0
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
+ principal_type = "ServicePrincipal"
principal_id = azuread_service_principal.buildingblock_deploy[0].object_id
scope = var.scope
}
diff --git a/modules/azure/budget-alert/backplane/outputs.tf b/modules/azure/budget-alert/backplane/outputs.tf
index 2810be8f..d8b7c381 100644
--- a/modules/azure/budget-alert/backplane/outputs.tf
+++ b/modules/azure/budget-alert/backplane/outputs.tf
@@ -58,8 +58,9 @@ output "application_password" {
value = var.create_service_principal_name != null && var.workload_identity_federation == null ? {
key_id = azuread_application_password.buildingblock_deploy[0].key_id
display_name = azuread_application_password.buildingblock_deploy[0].display_name
+ value = azuread_application_password.buildingblock_deploy[0].value
} : null
- description = "Information about the created application password (excludes the actual password value for security)."
+ description = "Information about the created application password including the password value."
sensitive = true
}
diff --git a/modules/azure/container-registry/backplane/main.tf b/modules/azure/container-registry/backplane/main.tf
index 316300f6..ae1e7347 100644
--- a/modules/azure/container-registry/backplane/main.tf
+++ b/modules/azure/container-registry/backplane/main.tf
@@ -149,6 +149,7 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
resource "azurerm_role_assignment" "existing_principals" {
for_each = var.existing_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = each.value
scope = var.scope
@@ -157,6 +158,7 @@ resource "azurerm_role_assignment" "existing_principals" {
resource "azurerm_role_assignment" "created_principal" {
count = var.create_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = azuread_service_principal.buildingblock_deploy[0].object_id
scope = var.scope
@@ -209,6 +211,7 @@ resource "azurerm_role_definition" "buildingblock_landingzone_to_hub" {
resource "azurerm_role_assignment" "existing_principals_hub" {
for_each = var.existing_hub_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
description = azurerm_role_definition.buildingblock_deploy_hub.description
principal_id = each.value
@@ -218,6 +221,7 @@ resource "azurerm_role_assignment" "existing_principals_hub" {
resource "azurerm_role_assignment" "created_principal_hub" {
count = var.create_hub_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
description = azurerm_role_definition.buildingblock_deploy_hub.description
principal_id = azuread_service_principal.buildingblock_deploy_hub[0].object_id
@@ -227,6 +231,7 @@ resource "azurerm_role_assignment" "created_principal_hub" {
resource "azurerm_role_assignment" "existing_principals_hub_to_landingzone" {
for_each = var.existing_hub_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
principal_id = each.value
scope = var.scope
@@ -235,6 +240,7 @@ resource "azurerm_role_assignment" "existing_principals_hub_to_landingzone" {
resource "azurerm_role_assignment" "created_principal_hub_to_landingzone" {
count = var.create_hub_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
principal_id = azuread_service_principal.buildingblock_deploy_hub[0].object_id
scope = var.scope
@@ -243,6 +249,7 @@ resource "azurerm_role_assignment" "created_principal_hub_to_landingzone" {
resource "azurerm_role_assignment" "existing_principals_landingzone_to_hub" {
for_each = var.existing_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
principal_id = each.value
scope = var.hub_scope
@@ -251,6 +258,7 @@ resource "azurerm_role_assignment" "existing_principals_landingzone_to_hub" {
resource "azurerm_role_assignment" "created_principal_landingzone_to_hub" {
count = var.create_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
principal_id = azuread_service_principal.buildingblock_deploy[0].object_id
scope = var.hub_scope
diff --git a/modules/azure/key-vault/backplane/main.tf b/modules/azure/key-vault/backplane/main.tf
index 0232aade..bc73fbc6 100644
--- a/modules/azure/key-vault/backplane/main.tf
+++ b/modules/azure/key-vault/backplane/main.tf
@@ -133,16 +133,16 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
}
resource "azurerm_role_assignment" "existing_principals" {
- for_each = var.existing_principal_ids
-
+ for_each = var.existing_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = each.value
scope = var.scope
}
resource "azurerm_role_assignment" "created_principal" {
- count = var.create_service_principal_name != null ? 1 : 0
-
+ count = var.create_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = azuread_service_principal.buildingblock_deploy[0].object_id
scope = var.scope
@@ -193,8 +193,8 @@ resource "azurerm_role_definition" "buildingblock_landingzone_to_hub" {
}
resource "azurerm_role_assignment" "existing_principals_hub" {
- for_each = var.existing_hub_principal_ids
-
+ for_each = var.existing_hub_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
description = azurerm_role_definition.buildingblock_deploy_hub.description
principal_id = each.value
@@ -202,8 +202,8 @@ resource "azurerm_role_assignment" "existing_principals_hub" {
}
resource "azurerm_role_assignment" "created_principal_hub" {
- count = var.create_hub_service_principal_name != null ? 1 : 0
-
+ count = var.create_hub_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
description = azurerm_role_definition.buildingblock_deploy_hub.description
principal_id = azuread_service_principal.buildingblock_deploy_hub[0].object_id
@@ -211,32 +211,32 @@ resource "azurerm_role_assignment" "created_principal_hub" {
}
resource "azurerm_role_assignment" "existing_principals_hub_to_landingzone" {
- for_each = var.existing_hub_principal_ids
-
+ for_each = var.existing_hub_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
principal_id = each.value
scope = var.scope
}
resource "azurerm_role_assignment" "created_principal_hub_to_landingzone" {
- count = var.create_hub_service_principal_name != null ? 1 : 0
-
+ count = var.create_hub_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
principal_id = azuread_service_principal.buildingblock_deploy_hub[0].object_id
scope = var.scope
}
resource "azurerm_role_assignment" "existing_principals_landingzone_to_hub" {
- for_each = var.existing_principal_ids
-
+ for_each = var.existing_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
principal_id = each.value
scope = var.hub_scope
}
resource "azurerm_role_assignment" "created_principal_landingzone_to_hub" {
- count = var.create_service_principal_name != null ? 1 : 0
-
+ count = var.create_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
principal_id = azuread_service_principal.buildingblock_deploy[0].object_id
scope = var.hub_scope
diff --git a/modules/azure/postgresql/backplane/main.tf b/modules/azure/postgresql/backplane/main.tf
index 9bda2841..b0549383 100644
--- a/modules/azure/postgresql/backplane/main.tf
+++ b/modules/azure/postgresql/backplane/main.tf
@@ -18,6 +18,7 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
resource "azurerm_role_assignment" "buildingblock_deploy" {
for_each = var.principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = each.value
scope = var.scope
diff --git a/modules/azure/spoke-network/backplane/main.tf b/modules/azure/spoke-network/backplane/main.tf
index 12e986f8..e4784272 100644
--- a/modules/azure/spoke-network/backplane/main.tf
+++ b/modules/azure/spoke-network/backplane/main.tf
@@ -31,6 +31,7 @@ resource "azurerm_role_definition" "buildingblock_deploy_hub" {
resource "azurerm_role_assignment" "buildingblock_deploy_hub" {
for_each = var.principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
description = azurerm_role_definition.buildingblock_deploy_hub.description
principal_id = each.key
diff --git a/modules/azure/storage-account/backplane/main.tf b/modules/azure/storage-account/backplane/main.tf
index 44e93d18..9b79382d 100644
--- a/modules/azure/storage-account/backplane/main.tf
+++ b/modules/azure/storage-account/backplane/main.tf
@@ -72,6 +72,7 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
resource "azurerm_role_assignment" "existing_principals" {
for_each = var.existing_principal_ids
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = each.value
scope = var.scope
@@ -81,6 +82,7 @@ resource "azurerm_role_assignment" "existing_principals" {
resource "azurerm_role_assignment" "created_principal" {
count = var.create_service_principal_name != null ? 1 : 0
+ principal_type = "ServicePrincipal"
role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
principal_id = azuread_service_principal.buildingblock_deploy[0].object_id
scope = var.scope