-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvariables.tf
253 lines (250 loc) · 8.83 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
variable "key_vault_secret" {
type = any
default = {}
description = "resource definition, default settings are defined within locals and merged with var settings"
}
variable "user" {
type = any
default = {}
description = "resource definition, default settings are defined within locals and merged with var settings"
}
variable "group" {
type = any
default = {}
description = "resource definition, default settings are defined within locals and merged with var settings"
}
variable "group_member" {
type = any
default = {}
description = "resource definition, default settings are defined within locals and merged with var settings"
}
variable "application" {
type = any
default = {}
description = "resource definition, default settings are defined within locals and merged with var settings"
}
variable "application_password" {
type = any
default = {}
description = "resource definition, default settings are defined within locals and merged with var settings"
}
variable "service_principal" {
type = any
default = {}
description = "resource definition, default settings are defined within locals and merged with var settings"
}
variable "service_principal_password" {
type = any
default = {}
description = "resource definition, default settings are defined within locals and merged with var settings"
}
variable "role_assignment" {
type = any
default = {}
description = "resource definition, default settings are defined within locals and merged with var settings"
}
locals {
default = {
# resource definition
key_vault_secret = {
name = ""
content_type = null
not_before_date = null
expiration_date = null
tags = {}
}
user = {
account_enabled = true
age_group = null
business_phones = null
city = null
company_name = null
consent_provided_for_minor = null
cost_center = null
country = null
department = null
disable_password_expiration = false
disable_strong_password = false
display_name = ""
division = null
employee_id = null
employee_type = null
fax_number = null
force_password_change = true
given_name = null
job_title = null
mail = null
mail_nickname = null
manager_id = null
mobile_phone = null
office_location = null
onpremises_immutable_id = null
other_mails = null
password = "change_IT#9"
postal_code = null
preferred_language = null
show_in_address_list = false
state = null
street_address = null
surname = null
usage_location = null
}
group = {
assignable_to_role = false
auto_subscribe_new_members = null
behaviors = null
description = null
display_name = ""
external_senders_allowed = null
hide_from_address_lists = null
hide_from_outlook_clients = null
mail_enabled = false
mail_nickname = null
members = []
owners = null
prevent_duplicate_names = true
provisioning_options = null
security_enabled = true
theme = null
types = null
visibility = null
dynamic_membership = {
enabled = true
rule = ""
}
}
group_member = {}
application = {
device_only_auth_enabled = false
display_name = ""
fallback_public_client_enabled = false
group_membership_claims = null
identifier_uris = []
logo_image = null
marketing_url = null
oauth2_post_response_required = null
owners = null
prevent_duplicate_names = true
privacy_statement_url = null
sign_in_audience = null
support_url = null
template_id = null
terms_of_service_url = null
api = {}
app_role = {}
feature_tags = {}
optional_claims = {}
public_client = {}
required_resource_access = {}
single_page_application = {}
web = {
homepage_url = null
logout_url = null
redirect_uris = []
}
tags = null
}
application_password = {
display_name = ""
end_date = null
end_date_relative = null
rotate_when_changed = null
start_date = null
}
service_principal = {
account_enabled = true
alternative_names = null
app_role_assignment_required = false
description = ""
login_url = null
notes = null
notification_email_addresses = null
owners = null
preferred_single_sign_on_mode = null
use_existing = null
feature_tags = null
saml_single_sign_on = {
relay_state = null
}
tags = null
}
service_principal_password = {
display_name = ""
end_date = null
end_date_relative = null
rotate_when_changed = null
start_date = null
}
role_assignment = {
name = null
role_definition_name = null
role_definition_id = null
condition = null
condition_version = null
delegated_managed_identity_resource_id = null
description = null
skip_service_principal_aad_check = null
}
}
# compare and merge custom and default values
group_values = {
for group in keys(var.group) :
group => merge(local.default.group, var.group[group])
}
application_values = {
for application in keys(var.application) :
application => merge(local.default.application, var.application[application])
}
# merge all custom and default values
key_vault_secret = {
for key_vault_secret in keys(var.key_vault_secret) :
key_vault_secret => merge(local.default.key_vault_secret, var.key_vault_secret[key_vault_secret])
}
user = {
for user in keys(var.user) :
user => merge(local.default.user, var.user[user])
}
group = {
for group in keys(var.group) :
group => merge(
local.group_values[group],
{
for config in ["dynamic_membership"] :
config => merge(local.default.group[config], local.group_values[group][config])
}
)
}
group_member = {
for group_member in keys(var.group_member) :
group_member => merge(local.default.group_member, var.group_member[group_member])
}
application = {
for application in keys(var.application) :
application => merge(
local.application_values[application],
{
for config in ["required_resource_access"] :
config => {
for key in keys(local.application_values[application][config]) :
key => merge(local.default.application[config], local.application_values[application][config][key])
}
},
)
}
application_password = {
for application_password in keys(var.application_password) :
application_password => merge(local.default.application_password, var.application_password[application_password])
}
service_principal = {
for service_principal in keys(var.service_principal) :
service_principal => merge(local.default.service_principal, var.service_principal[service_principal])
}
service_principal_password = {
for service_principal_password in keys(var.service_principal_password) :
service_principal_password => merge(local.default.service_principal_password, var.service_principal_password[service_principal_password])
}
role_assignment = {
for role_assignment in keys(var.role_assignment) :
role_assignment => merge(local.default.role_assignment, var.role_assignment[role_assignment])
}
}