azuread/applications¶
Overview¶
This page documents the Terraform module implementation, key configuration surfaces, and how it integrates with CAF.
Dependency diagram (Mermaid)¶
graph TD
azuread_application.app["azuread_application.app"]
azuread_service_principal.app["azuread_service_principal.app"]
azuread_service_principal_password.pwd["azuread_service_principal_password.pwd"]
azurerm_key_vault_secret.client_id["azurerm_key_vault_secret.client_id"]
azurerm_key_vault_secret.client_secret["azurerm_key_vault_secret.client_secret"]
azurerm_key_vault_secret.tenant_id["azurerm_key_vault_secret.tenant_id"]
random_password.pwd["random_password.pwd"]
terraform_data.grant_admin_consent["terraform_data.grant_admin_consent"]
time_rotating.pwd["time_rotating.pwd"]
time_sleep.wait_for_directory_propagation["time_sleep.wait_for_directory_propagation"]
azuread_service_principal.app --> azuread_application.app
azuread_service_principal_password.pwd --> azuread_service_principal.app
azuread_service_principal_password.pwd --> random_password.pwd
azuread_service_principal_password.pwd --> time_rotating.pwd
azurerm_key_vault_secret.client_id --> azuread_application.app
azurerm_key_vault_secret.client_secret --> azuread_service_principal_password.pwd
azurerm_key_vault_secret.client_secret --> time_rotating.pwd
random_password.pwd --> time_rotating.pwd
terraform_data.grant_admin_consent --> azuread_application.app
terraform_data.grant_admin_consent --> azuread_service_principal.app
terraform_data.grant_admin_consent --> time_sleep.wait_for_directory_propagation
time_sleep.wait_for_directory_propagation --> azuread_service_principal.app
Module Reference¶
Category: azuread
Path: modules/azuread/applications
Azure Resources: azuread_application, azuread_service_principal, azuread_service_principal_password, azurerm_key_vault_secret, random_password, terraform_data, time_rotating, time_sleep
Inputs¶
| Name | Description | Type | Required | Default | Validation |
|---|---|---|---|---|---|
global_settings |
any |
no | {} |
- | |
settings |
any |
no | {} |
- | |
azuread_api_permissions |
any |
no | {} |
- | |
client_config |
Client configuration object (see module README.md). | any |
yes | - |
- |
user_type |
any |
no | - |
- | |
keyvaults |
any |
no | {} |
- | |
password_policy |
Default password policy applies when not set in tfvars. | any |
no | {"expire_in_days": 180, "length": 250, "number": true, "rotation": {"months": 1}, "special": false, "upper": true} |
- |
Outputs¶
| Name | Description | Sensitive | Value |
|---|---|---|---|
tenant_id |
- | var.client_config.tenant_id |
|
azuread_application |
- | {"client_id": "${azuread_application.app.client_id}", "id": "${azuread_application.app.id}", "object_id": "${azuread_application.app.object_id}"} |
|
azuread_service_principal |
- | {"id": "${azuread_service_principal.app.id}", "object_id": "${azuread_service_principal.app.object_id}"} |
|
keyvaults |
- | {for key , value in try(var.settings.keyvaults, {}) : key => {"id": "${azurerm_key_vault_secret.client_id[key].key_vault_id}", "secret_name_client_secret": "${value.secret_prefix}"}} |
|
rbac_id |
This attribute is used to set the role assignment | - | azuread_service_principal.app.object_id |
Sources¶
modules/azuread/applications/api_permissions.tfmodules/azuread/applications/keyvault_secrets.tfmodules/azuread/applications/module.tfmodules/azuread/applications/outputs.tfmodules/azuread/applications/variables.tf