azuread/applications¶
Overview¶
This page documents the Terraform module implementation, key configuration surfaces, and how it integrates with CAF.
Dependency diagram (Mermaid)¶
graph TD
azuread_application.app["azuread_application.app"]
azuread_service_principal.app["azuread_service_principal.app"]
azuread_service_principal_password.pwd["azuread_service_principal_password.pwd"]
azurerm_key_vault_secret.client_id["azurerm_key_vault_secret.client_id"]
azurerm_key_vault_secret.client_secret["azurerm_key_vault_secret.client_secret"]
azurerm_key_vault_secret.tenant_id["azurerm_key_vault_secret.tenant_id"]
random_password.pwd["random_password.pwd"]
terraform_data.grant_admin_consent["terraform_data.grant_admin_consent"]
time_rotating.pwd["time_rotating.pwd"]
time_sleep.wait_for_directory_propagation["time_sleep.wait_for_directory_propagation"]
azuread_service_principal.app --> azuread_application.app
azuread_service_principal_password.pwd --> azuread_service_principal.app
azuread_service_principal_password.pwd --> random_password.pwd
azuread_service_principal_password.pwd --> time_rotating.pwd
azurerm_key_vault_secret.client_id --> azuread_application.app
azurerm_key_vault_secret.client_secret --> azuread_service_principal_password.pwd
azurerm_key_vault_secret.client_secret --> time_rotating.pwd
random_password.pwd --> time_rotating.pwd
terraform_data.grant_admin_consent --> azuread_application.app
terraform_data.grant_admin_consent --> azuread_service_principal.app
terraform_data.grant_admin_consent --> time_sleep.wait_for_directory_propagation
time_sleep.wait_for_directory_propagation --> azuread_service_principal.app
Module Reference¶
Category: azuread
Path: modules/azuread/applications
Azure Resources: azuread_application, azuread_service_principal, azuread_service_principal_password, azurerm_key_vault_secret, random_password, terraform_data, time_rotating, time_sleep
Inputs¶
| Name | Description | Type | Required | Default | Validation |
|---|---|---|---|---|---|
"global_settings" |
any |
no | {} |
- | |
"settings" |
any |
no | {} |
- | |
"azuread_api_permissions" |
any |
no | {} |
- | |
"client_config" |
"Client configuration object (see module README.md)." | any |
yes | - |
- |
"user_type" |
any |
no | - |
- | |
"keyvaults" |
any |
no | {} |
- | |
"password_policy" |
"Default password policy applies when not set in tfvars." | any |
no | {"expire_in_days": 180, "length": 250, "number": true, "rotation": {"months": 1}, "special": false, "upper": true} |
- |
Outputs¶
| Name | Description | Sensitive | Value |
|---|---|---|---|
"tenant_id" |
- | var.client_config.tenant_id |
|
"azuread_application" |
- | {"client_id": "${azuread_application.app.client_id}", "id": "${azuread_application.app.id}", "object_id": "${azuread_application.app.object_id}"} |
|
"azuread_service_principal" |
- | {"id": "${azuread_service_principal.app.id}", "object_id": "${azuread_service_principal.app.object_id}"} |
|
"keyvaults" |
- | {for key, value in try(var.settings.keyvaults, {}) : key => {id = azurerm_key_vault_secret.client_id[key].key_vault_id, secret_name_client_secret = value.secret_prefix}} |
|
"rbac_id" |
"This attribute is used to set the role assignment" | - | azuread_service_principal.app.object_id |
Sources¶
modules/azuread/applications/api_permissions.tfmodules/azuread/applications/keyvault_secrets.tfmodules/azuread/applications/module.tfmodules/azuread/applications/outputs.tfmodules/azuread/applications/variables.tf