feat: 1.2.0 - update provider blocks

Author: radomarina

README.md

@@ -69,6 +69,7 @@ provider "azuread" {
 
 provider "azurerm" {
   features {}
+  alias                           = "deployment_subscription"
   client_id                       = var.client_id
   client_secret                   = var.client_secret
   tenant_id                       = var.tenant_id
@@ -77,7 +78,10 @@ provider "azurerm" {
 }
 
 module "firefly_azure" {
-  source  = "github.com/gofireflyio/terraform-firefly-azure-onboarding?ref=v1.1.0"
+  source  = "github.com/gofireflyio/terraform-firefly-azure-onboarding?ref=v1.2.0"
+  providers = {
+    azurerm.deployment_subscription = azurerm.deployment_subscription
+  }
   
   client_id       = var.client_id
   client_secret   = var.client_secret
@@ -105,7 +109,7 @@ Use this option if you want to integrate Firefly with specific Azure subscriptio
 
 ```hcl
 module "firefly_azure_subscription_1" {
-  source  = "github.com/gofireflyio/terraform-firefly-azure-onboarding?ref=v1.1.0"
+  source  = "github.com/gofireflyio/terraform-firefly-azure-onboarding?ref=v1.2.0"
   
   client_id       = var.client_id
   client_secret   = var.client_secret
@@ -128,7 +132,7 @@ module "firefly_azure_subscription_1" {
 
 # For additional subscriptions, create new modules and reference existing resources
 module "firefly_azure_subscription_2" {
-  source  = "github.com/gofireflyio/terraform-firefly-azure-onboarding?ref=v1.1.0"
+  source  = "github.com/gofireflyio/terraform-firefly-azure-onboarding?ref=v1.2.0"
   
   # ... (similar configuration as above)
   

eventdriven.tf

@@ -1,30 +1,33 @@
 resource "azurerm_resource_group" "current" {
   count    = var.eventdriven_enabled && var.existing_resource_group_name == "" ? 1 : 0
+  provider = azurerm.deployment_subscription
   location = var.location
   name     = "${module.naming.resource_group.name}-${var.prefix}firefly${var.suffix}"
   tags     = local.tags
 }
 
 resource "azurerm_storage_account" "current" {
   count                            = var.eventdriven_enabled && var.existing_storage_account_id == "" ? 1 : 0
+  provider                         = azurerm.deployment_subscription
   account_replication_type         = "LRS"
   cross_tenant_replication_enabled = false
   account_tier                     = "Standard"
   location                         = var.location
   name                             = "${module.naming.storage_account.name}${var.prefix != "" ? regex("\\w+", var.prefix) : ""}firefly${var.suffix != "" ? regex("\\w+", var.suffix) : ""}"
   resource_group_name              = local.resource_group_name
+  tags                             = local.tags
   dynamic "network_rules" {
     for_each = var.enforce_storage_network_rules ? [1] : []
     content {
       default_action = "Deny"
-      ip_rules = var.firefly_eips
+      ip_rules       = var.firefly_eips
     }
   }
-  tags                             = local.tags
 }
 
 resource "azurerm_eventgrid_system_topic" "current" {
   count                  = var.eventdriven_enabled && var.existing_eventgrid_topic_name == "" ? 1 : 0
+  provider               = azurerm.deployment_subscription
   name                   = "${module.naming.eventgrid_topic.name}-${var.prefix}firefly${var.suffix}"
   location               = var.location
   resource_group_name    = local.resource_group_name
@@ -35,6 +38,7 @@ resource "azurerm_eventgrid_system_topic" "current" {
 
 resource "azurerm_eventgrid_system_topic_event_subscription" "current" {
   count                = var.eventdriven_enabled && var.existing_eventgrid_topic_name == "" ? 1 : 0
+  provider             = azurerm.deployment_subscription
   name                 = "${module.naming.eventgrid_event_subscription.name}-${var.prefix}firefly${var.suffix}"
   resource_group_name  = local.resource_group_name
   system_topic         = local.eventgrid_system_topic_name
@@ -52,7 +56,9 @@ resource "azurerm_eventgrid_system_topic_event_subscription" "current" {
 }
 
 resource "azurerm_role_definition" "FireflyStorageAccountBlobReader" {
-  count       = var.eventdriven_enabled ? 1 : 0
+  count    = var.eventdriven_enabled ? 1 : 0
+  provider = azurerm.deployment_subscription
+
   name        = "${module.naming.role_definition.name}-${var.prefix}FireflyStorageAccountBlobReader-${var.subscription_id}${var.suffix}"
   scope       = "/subscriptions/${var.subscription_id}"
   description = "Firefly's requested permissions"
@@ -68,7 +74,9 @@ resource "azurerm_role_definition" "FireflyStorageAccountBlobReader" {
 }
 
 resource "azurerm_role_assignment" "FireflyStorageAccountBlobReader" {
-  count                = var.eventdriven_enabled ? 1 : 0
+  count    = var.eventdriven_enabled ? 1 : 0
+  provider = azurerm.deployment_subscription
+
   principal_id         = azuread_service_principal.current.id
   role_definition_name = azurerm_role_definition.FireflyStorageAccountBlobReader[0].name
   scope                = "/subscriptions/${var.subscription_id}"
@@ -93,6 +101,7 @@ EOT
 
 resource "azurerm_monitor_diagnostic_setting" "current" {
   for_each           = var.eventdriven_enabled ? local.kv_filtered_subscriptions : {}
+  provider           = azurerm.deployment_subscription
   name               = "${module.naming.monitor_diagnostic_setting.name}-${var.prefix}firefly${each.key}${var.suffix}"
   target_resource_id = "/subscriptions/${each.key}"
   storage_account_id = local.storage_account_id

locals.tf

@@ -15,5 +15,5 @@ locals {
 }
 
 module "naming" {
-  source  = "Azure/naming/azurerm"
+  source = "Azure/naming/azurerm"
 }

permission.tf

@@ -18,30 +18,37 @@ resource "azuread_service_principal_password" "current" {
 
 resource "azurerm_role_assignment" "BillingReader" {
   principal_id         = azuread_service_principal.current.object_id
+  provider             = azurerm.deployment_subscription
   role_definition_name = "Billing Reader"
   scope                = local.scope
 }
 
 resource "azurerm_role_assignment" "Reader" {
   principal_id         = azuread_service_principal.current.object_id
+  provider             = azurerm.deployment_subscription
   role_definition_name = "Reader"
   scope                = local.scope
 }
 
 resource "azurerm_role_assignment" "AppConfigurationDataReader" {
-  principal_id         = azuread_service_principal.current.object_id
+  principal_id = azuread_service_principal.current.object_id
+  provider     = azurerm.deployment_subscription
+
   role_definition_name = "App Configuration Data Reader"
   scope                = local.scope
 }
 
 resource "azurerm_role_assignment" "SecurityReader" {
-  principal_id         = azuread_service_principal.current.object_id
+  principal_id = azuread_service_principal.current.object_id
+  provider     = azurerm.deployment_subscription
+
   role_definition_name = "Security Reader"
   scope                = local.scope
 }
 
 resource "azurerm_role_definition" "Firefly" {
   name        = "${module.naming.role_definition.name}-${var.prefix}Firefly${var.suffix}"
+  provider    = azurerm.deployment_subscription
   scope       = local.scope
   description = "Firefly's requested permissions"
 
@@ -67,7 +74,9 @@ resource "azurerm_role_definition" "Firefly" {
 }
 
 resource "azurerm_role_assignment" "Firefly" {
-  principal_id         = azuread_service_principal.current.object_id
+  principal_id = azuread_service_principal.current.object_id
+  provider     = azurerm.deployment_subscription
+
   role_definition_name = azurerm_role_definition.Firefly.name
   scope                = local.scope
 }

providers.tf

@@ -1,8 +1,9 @@
 terraform {
   required_providers {
     azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "4.3.0"
+      source                = "hashicorp/azurerm"
+      version               = "4.3.0"
+      configuration_aliases = [azurerm.deployment_subscription]
     }
     azuread = {
       source  = "hashicorp/azuread"
@@ -11,17 +12,11 @@ terraform {
   }
 }
 
-# provider "azuread" {
-#   client_id     = var.client_id
-#   client_secret = var.client_secret
-#   tenant_id     = var.tenant_id
-# }
-#
-# provider "azurerm" {
-#   features {}
-#   client_id                       = var.client_id
-#   client_secret                   = var.client_secret
-#   tenant_id                       = var.tenant_id
-#   subscription_id                 = var.subscription_id
-#   resource_provider_registrations = "none"
-# }
+provider "azurerm" {
+  features {}
+  client_id                       = var.client_id
+  client_secret                   = var.client_secret
+  tenant_id                       = var.tenant_id
+  subscription_id                 = var.subscription_id
+  resource_provider_registrations = "none"
+}

vars.tf

@@ -111,7 +111,7 @@ variable "client_secret" {
 }
 
 variable "enforce_storage_network_rules" {
-  type = bool
+  type    = bool
   default = false
 }