Added create_sa variable

README.md

@@ -18,7 +18,7 @@ To use this module and leverage your existing credentials without provisioning a
 ```hcl
 module "azure_cloud_credentials" {
   source  = "f5devcentral/azure-cloud-credentials/xc"
-  version = "0.0.3"
+  version = "0.0.6"
 
   name                  = "azure-tf-demo-creds"
   azure_subscription_id = "your_azure_subscription_id"
@@ -33,9 +33,10 @@ If you want to create a new Azure Service Principal
 ```hcl
 module "azure_cloud_credentials" {
   source  = "f5devcentral/azure-cloud-credentials/xc"
-  version = "0.0.3"
+  version = "0.0.6"
 
   name              = "azure-tf-demo-creds"
+  create_sa         = true
   end_date_relative = "10d"
 }
 ```

examples/azure-new-account/main.tf

@@ -19,5 +19,6 @@ module "azure_cloud_credentials" {
   source            = "../.."
 
   name              = "azure-tf-demo-creds"
+  create_sa         = true
   end_date_relative = "10h"
 }

main.tf

@@ -1,13 +1,9 @@
-locals {
-  create_sa = var.azure_subscription_id == null || var.azure_tenant_id == null || var.azure_client_secret == null || var.azure_client_id == null
-}
-
 data "azuread_client_config" "current" {}
 
 data "azurerm_subscription" "primary" {}
 
 resource "azurerm_role_definition" "this" {
-  count       = local.create_sa ? 1 : 0
+  count       = var.create_sa ? 1 : 0
 
   name        = var.name
   scope       = data.azurerm_subscription.primary.id
@@ -71,7 +67,7 @@ resource "azurerm_role_definition" "this" {
 }
 
 resource "azuread_application" "this" {
-  count        = local.create_sa ? 1 : 0
+  count        = var.create_sa ? 1 : 0
 
   display_name = var.name
   owners = [
@@ -80,7 +76,7 @@ resource "azuread_application" "this" {
 }
 
 resource "azuread_service_principal" "this" {
-  count     = local.create_sa ? 1 : 0
+  count     = var.create_sa ? 1 : 0
 
   client_id = azuread_application.this[0].client_id
   owners = [
@@ -89,15 +85,15 @@ resource "azuread_service_principal" "this" {
 }
 
 resource "azuread_service_principal_password" "this" {
-  count                = local.create_sa ? 1 : 0
+  count                = var.create_sa ? 1 : 0
 
   service_principal_id = azuread_service_principal.this[0].id
   end_date_relative    = var.end_date_relative
   end_date             = var.end_date
 }
 
 resource "azurerm_role_assignment" "this" {
-  count                = local.create_sa ? 1 : 0
+  count                = var.create_sa ? 1 : 0
 
   scope                = data.azurerm_subscription.primary.id
   role_definition_id   = azurerm_role_definition.this[0].role_definition_resource_id
@@ -108,13 +104,13 @@ resource "volterra_cloud_credentials" "this" {
   name      = var.name
   namespace = "system"
   azure_client_secret {
-    client_id = local.create_sa ? azuread_application.this[0].client_id : var.azure_client_id
+    client_id = var.create_sa ? azuread_application.this[0].client_id : var.azure_client_id
     client_secret {
         clear_secret_info {
-            url = "string:///${base64encode(local.create_sa ? azuread_service_principal_password.this[0].value : var.azure_client_secret)}"
+            url = "string:///${base64encode(var.create_sa ? azuread_service_principal_password.this[0].value : var.azure_client_secret)}"
         }
     }
-    subscription_id = local.create_sa ? replace(data.azurerm_subscription.primary.id, "//subscriptions//", "")  : var.azure_subscription_id
-    tenant_id       = local.create_sa ? data.azuread_client_config.current.tenant_id : var.azure_tenant_id
+    subscription_id = var.create_sa ? replace(data.azurerm_subscription.primary.id, "//subscriptions//", "")  : var.azure_subscription_id
+    tenant_id       = var.create_sa ? data.azuread_client_config.current.tenant_id : var.azure_tenant_id
   }
 }

outputs.tf

@@ -1,32 +1,37 @@
 output "azure_subscription_id" {
-  value       = local.create_sa ? replace(data.azurerm_subscription.primary.id, "//subscriptions//", "")  : var.azure_subscription_id
+  value       = var.create_sa ? replace(data.azurerm_subscription.primary.id, "//subscriptions//", "")  : var.azure_subscription_id
+  sensitive   = true
   description = "Azure Subscription ID"
 }
 
 output "azure_tenant_id" {
-  value       = local.create_sa ? data.azuread_client_config.current.tenant_id : var.azure_tenant_id
+  value       = var.create_sa ? data.azuread_client_config.current.tenant_id : var.azure_tenant_id
+  sensitive   = true
   description = "Azure Tenant ID"
 }
 
 output "azure_client_id" {
-  value       = local.create_sa ? azuread_application.this[0].client_id : var.azure_client_id
-  description = "Azure Service Principal Application ID"
+  value       = var.create_sa ? azuread_application.this[0].client_id : null
+  sensitive   = true
+  description = "Created Azure Service Principal Application ID"
 }
 
 output "azure_client_secret" {
-  value       = local.create_sa ? azuread_service_principal_password.this[0].value : var.azure_client_secret
+  value       = var.create_sa ? azuread_service_principal_password.this[0].value : null
   sensitive   = true
-  description = "Azure Service Principal Password"
+  description = "Created Azure Service Principal Password"
 }
 
 output "azure_role_definition_resource_id" {
-  value       = local.create_sa ? azurerm_role_definition.this[0].role_definition_resource_id : null
-  description = "Azure Service Principal Password"
+  value       = var.create_sa ? azurerm_role_definition.this[0].role_definition_resource_id : null
+  sensitive   = true
+  description = "Created Azure Role Definition Resource ID"
 }
 
 output "azure_service_principal_id" {
-  value       = local.create_sa ? azuread_service_principal.this[0].id : null
-  description = "Azure Service Principal ID"
+  value       = var.create_sa ? azuread_service_principal.this[0].id : null
+  sensitive   = true
+  description = "Created Azure Service Principal ID"
 }
 
 output "name" {

variables.tf

@@ -10,6 +10,12 @@ variable "name" {
   default     = ""
 }
 
+variable "create_sa" {
+  description = "Create a new Service Principal"
+  type        = bool
+  default     = false
+}
+
 variable "azure_subscription_id" {
   description = "Existing Azure Subscription ID"
   type        = string