Skip to content

Instantly share code, notes, and snippets.

@cdennig
Created December 14, 2019 11:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cdennig/d2a6909323cff0d35a0d7e8c9b404bdf to your computer and use it in GitHub Desktop.
Save cdennig/d2a6909323cff0d35a0d7e8c9b404bdf to your computer and use it in GitHub Desktop.
# Service Principal for AKS
resource "azuread_application" "aks_sp" {
name = "${var.clustername}"
homepage = "https://${var.clustername}"
identifier_uris = ["https://${var.clustername}"]
reply_urls = ["https://${var.clustername}"]
available_to_other_tenants = false
oauth2_allow_implicit_flow = false
}
resource "azuread_service_principal" "aks_sp" {
application_id = "${azuread_application.aks_sp.application_id}"
}
resource "random_password" "aks_sp_pwd" {
length = 16
special = true
}
resource "azuread_service_principal_password" "aks_sp_pwd" {
service_principal_id = "${azuread_service_principal.aks_sp.id}"
value = "${random_password.aks_sp_pwd.result}"
end_date = "2024-01-01T01:02:03Z"
}
resource "azurerm_role_assignment" "aks_sp_role_assignment" {
scope = "${data.azurerm_subscription.current.id}"
role_definition_name = "Contributor"
principal_id = "${azuread_service_principal.aks_sp.id}"
depends_on = [
azuread_service_principal_password.aks_sp_pwd
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment