chore: principal_type = "ServicePrincipal"

modules/azure/aks/backplane/main.tf

@@ -133,16 +133,16 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
 }
 
 resource "azurerm_role_assignment" "existing_principals" {
-  for_each = var.existing_principal_ids
-
+  for_each           = var.existing_principal_ids
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = each.value
   scope              = var.scope
 }
 
 resource "azurerm_role_assignment" "created_principal" {
-  count = var.create_service_principal_name != null ? 1 : 0
-
+  count              = var.create_service_principal_name != null ? 1 : 0
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = azuread_service_principal.buildingblock_deploy[0].object_id
   scope              = var.scope
@@ -193,50 +193,50 @@ resource "azurerm_role_definition" "buildingblock_landingzone_to_hub" {
 }
 
 resource "azurerm_role_assignment" "existing_principals_hub" {
-  for_each = var.existing_hub_principal_ids
-
+  for_each           = var.existing_hub_principal_ids
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
   description        = azurerm_role_definition.buildingblock_deploy_hub.description
   principal_id       = each.value
   scope              = var.hub_scope
 }
 
 resource "azurerm_role_assignment" "created_principal_hub" {
-  count = var.create_hub_service_principal_name != null ? 1 : 0
-
+  count              = var.create_hub_service_principal_name != null ? 1 : 0
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
   description        = azurerm_role_definition.buildingblock_deploy_hub.description
   principal_id       = azuread_service_principal.buildingblock_deploy_hub[0].object_id
   scope              = var.hub_scope
 }
 
 resource "azurerm_role_assignment" "existing_principals_hub_to_landingzone" {
-  for_each = var.existing_hub_principal_ids
-
+  for_each           = var.existing_hub_principal_ids
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
   principal_id       = each.value
   scope              = var.scope
 }
 
 resource "azurerm_role_assignment" "created_principal_hub_to_landingzone" {
-  count = var.create_hub_service_principal_name != null ? 1 : 0
-
+  count              = var.create_hub_service_principal_name != null ? 1 : 0
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
   principal_id       = azuread_service_principal.buildingblock_deploy_hub[0].object_id
   scope              = var.scope
 }
 
 resource "azurerm_role_assignment" "existing_principals_landingzone_to_hub" {
-  for_each = var.existing_principal_ids
-
+  for_each           = var.existing_principal_ids
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
   principal_id       = each.value
   scope              = var.hub_scope
 }
 
 resource "azurerm_role_assignment" "created_principal_landingzone_to_hub" {
-  count = var.create_service_principal_name != null ? 1 : 0
-
+  count              = var.create_service_principal_name != null ? 1 : 0
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
   principal_id       = azuread_service_principal.buildingblock_deploy[0].object_id
   scope              = var.hub_scope

modules/azure/azure-bastion/backplane/main.tf

@@ -26,6 +26,7 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
 resource "azurerm_role_assignment" "buildingblock_deploy" {
   for_each = var.principal_ids
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = each.value
   scope              = var.scope

modules/azure/azure-virtual-machine/backplane/main.tf

@@ -97,6 +97,7 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
 resource "azurerm_role_assignment" "existing_principals" {
   for_each = var.existing_principal_ids
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = each.value
   scope              = var.scope
@@ -106,6 +107,7 @@ resource "azurerm_role_assignment" "existing_principals" {
 resource "azurerm_role_assignment" "created_principal" {
   count = var.create_service_principal_name != null ? 1 : 0
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = azuread_service_principal.buildingblock_deploy[0].object_id
   scope              = var.scope

modules/azure/budget-alert/backplane/README.md

@@ -49,7 +49,7 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_application_password"></a> [application\_password](#output\_application\_password) | Information about the created application password (excludes the actual password value for security). |
+| <a name="output_application_password"></a> [application\_password](#output\_application\_password) | Information about the created application password including the password value. |
 | <a name="output_created_application"></a> [created\_application](#output\_created\_application) | Information about the created Azure AD application. |
 | <a name="output_created_service_principal"></a> [created\_service\_principal](#output\_created\_service\_principal) | Information about the created service principal. |
 | <a name="output_documentation_md"></a> [documentation\_md](#output\_documentation\_md) | Markdown documentation with information about the Budget Alert building block backplane |

modules/azure/budget-alert/backplane/main.tf

@@ -55,6 +55,7 @@ resource "azurerm_role_assignment" "existing_principals" {
   for_each = var.existing_principal_ids
 
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
+  principal_type     = "ServicePrincipal"
   principal_id       = each.value
   scope              = var.scope
 }
@@ -63,6 +64,7 @@ resource "azurerm_role_assignment" "created_principal" {
   count = var.create_service_principal_name != null ? 1 : 0
 
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
+  principal_type     = "ServicePrincipal"
   principal_id       = azuread_service_principal.buildingblock_deploy[0].object_id
   scope              = var.scope
 }

modules/azure/budget-alert/backplane/outputs.tf

@@ -58,8 +58,9 @@ output "application_password" {
   value = var.create_service_principal_name != null && var.workload_identity_federation == null ? {
     key_id       = azuread_application_password.buildingblock_deploy[0].key_id
     display_name = azuread_application_password.buildingblock_deploy[0].display_name
+    value        = azuread_application_password.buildingblock_deploy[0].value
   } : null
-  description = "Information about the created application password (excludes the actual password value for security)."
+  description = "Information about the created application password including the password value."
   sensitive   = true
 }
 

modules/azure/container-registry/backplane/main.tf

@@ -149,6 +149,7 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
 resource "azurerm_role_assignment" "existing_principals" {
   for_each = var.existing_principal_ids
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = each.value
   scope              = var.scope
@@ -157,6 +158,7 @@ resource "azurerm_role_assignment" "existing_principals" {
 resource "azurerm_role_assignment" "created_principal" {
   count = var.create_service_principal_name != null ? 1 : 0
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = azuread_service_principal.buildingblock_deploy[0].object_id
   scope              = var.scope
@@ -209,6 +211,7 @@ resource "azurerm_role_definition" "buildingblock_landingzone_to_hub" {
 resource "azurerm_role_assignment" "existing_principals_hub" {
   for_each = var.existing_hub_principal_ids
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
   description        = azurerm_role_definition.buildingblock_deploy_hub.description
   principal_id       = each.value
@@ -218,6 +221,7 @@ resource "azurerm_role_assignment" "existing_principals_hub" {
 resource "azurerm_role_assignment" "created_principal_hub" {
   count = var.create_hub_service_principal_name != null ? 1 : 0
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
   description        = azurerm_role_definition.buildingblock_deploy_hub.description
   principal_id       = azuread_service_principal.buildingblock_deploy_hub[0].object_id
@@ -227,6 +231,7 @@ resource "azurerm_role_assignment" "created_principal_hub" {
 resource "azurerm_role_assignment" "existing_principals_hub_to_landingzone" {
   for_each = var.existing_hub_principal_ids
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
   principal_id       = each.value
   scope              = var.scope
@@ -235,6 +240,7 @@ resource "azurerm_role_assignment" "existing_principals_hub_to_landingzone" {
 resource "azurerm_role_assignment" "created_principal_hub_to_landingzone" {
   count = var.create_hub_service_principal_name != null ? 1 : 0
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
   principal_id       = azuread_service_principal.buildingblock_deploy_hub[0].object_id
   scope              = var.scope
@@ -243,6 +249,7 @@ resource "azurerm_role_assignment" "created_principal_hub_to_landingzone" {
 resource "azurerm_role_assignment" "existing_principals_landingzone_to_hub" {
   for_each = var.existing_principal_ids
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
   principal_id       = each.value
   scope              = var.hub_scope
@@ -251,6 +258,7 @@ resource "azurerm_role_assignment" "existing_principals_landingzone_to_hub" {
 resource "azurerm_role_assignment" "created_principal_landingzone_to_hub" {
   count = var.create_service_principal_name != null ? 1 : 0
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
   principal_id       = azuread_service_principal.buildingblock_deploy[0].object_id
   scope              = var.hub_scope

modules/azure/key-vault/backplane/main.tf

@@ -133,16 +133,16 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
 }
 
 resource "azurerm_role_assignment" "existing_principals" {
-  for_each = var.existing_principal_ids
-
+  for_each           = var.existing_principal_ids
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = each.value
   scope              = var.scope
 }
 
 resource "azurerm_role_assignment" "created_principal" {
-  count = var.create_service_principal_name != null ? 1 : 0
-
+  count              = var.create_service_principal_name != null ? 1 : 0
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = azuread_service_principal.buildingblock_deploy[0].object_id
   scope              = var.scope
@@ -193,50 +193,50 @@ resource "azurerm_role_definition" "buildingblock_landingzone_to_hub" {
 }
 
 resource "azurerm_role_assignment" "existing_principals_hub" {
-  for_each = var.existing_hub_principal_ids
-
+  for_each           = var.existing_hub_principal_ids
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
   description        = azurerm_role_definition.buildingblock_deploy_hub.description
   principal_id       = each.value
   scope              = var.hub_scope
 }
 
 resource "azurerm_role_assignment" "created_principal_hub" {
-  count = var.create_hub_service_principal_name != null ? 1 : 0
-
+  count              = var.create_hub_service_principal_name != null ? 1 : 0
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
   description        = azurerm_role_definition.buildingblock_deploy_hub.description
   principal_id       = azuread_service_principal.buildingblock_deploy_hub[0].object_id
   scope              = var.hub_scope
 }
 
 resource "azurerm_role_assignment" "existing_principals_hub_to_landingzone" {
-  for_each = var.existing_hub_principal_ids
-
+  for_each           = var.existing_hub_principal_ids
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
   principal_id       = each.value
   scope              = var.scope
 }
 
 resource "azurerm_role_assignment" "created_principal_hub_to_landingzone" {
-  count = var.create_hub_service_principal_name != null ? 1 : 0
-
+  count              = var.create_hub_service_principal_name != null ? 1 : 0
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_hub_to_landingzone.role_definition_resource_id
   principal_id       = azuread_service_principal.buildingblock_deploy_hub[0].object_id
   scope              = var.scope
 }
 
 resource "azurerm_role_assignment" "existing_principals_landingzone_to_hub" {
-  for_each = var.existing_principal_ids
-
+  for_each           = var.existing_principal_ids
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
   principal_id       = each.value
   scope              = var.hub_scope
 }
 
 resource "azurerm_role_assignment" "created_principal_landingzone_to_hub" {
-  count = var.create_service_principal_name != null ? 1 : 0
-
+  count              = var.create_service_principal_name != null ? 1 : 0
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_landingzone_to_hub.role_definition_resource_id
   principal_id       = azuread_service_principal.buildingblock_deploy[0].object_id
   scope              = var.hub_scope

modules/azure/postgresql/backplane/main.tf

@@ -18,6 +18,7 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
 resource "azurerm_role_assignment" "buildingblock_deploy" {
   for_each = var.principal_ids
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = each.value
   scope              = var.scope

modules/azure/spoke-network/backplane/main.tf

@@ -31,6 +31,7 @@ resource "azurerm_role_definition" "buildingblock_deploy_hub" {
 resource "azurerm_role_assignment" "buildingblock_deploy_hub" {
   for_each = var.principal_ids
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy_hub.role_definition_resource_id
   description        = azurerm_role_definition.buildingblock_deploy_hub.description
   principal_id       = each.key

modules/azure/storage-account/backplane/main.tf

@@ -72,6 +72,7 @@ resource "azurerm_role_definition" "buildingblock_deploy" {
 resource "azurerm_role_assignment" "existing_principals" {
   for_each = var.existing_principal_ids
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = each.value
   scope              = var.scope
@@ -81,6 +82,7 @@ resource "azurerm_role_assignment" "existing_principals" {
 resource "azurerm_role_assignment" "created_principal" {
   count = var.create_service_principal_name != null ? 1 : 0
 
+  principal_type     = "ServicePrincipal"
   role_definition_id = azurerm_role_definition.buildingblock_deploy.role_definition_resource_id
   principal_id       = azuread_service_principal.buildingblock_deploy[0].object_id
   scope              = var.scope