Created
December 14, 2019 11:57
-
-
Save cdennig/e9425383f6a059b6835e0b5e964a0a09 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# AAD K8s Backend App | |
resource "azuread_application" "aks-aad-srv" { | |
name = "${var.clustername}srv" | |
homepage = "https://${var.clustername}srv" | |
identifier_uris = ["https://${var.clustername}srv"] | |
reply_urls = ["https://${var.clustername}srv"] | |
type = "webapp/api" | |
group_membership_claims = "All" | |
available_to_other_tenants = false | |
oauth2_allow_implicit_flow = false | |
required_resource_access { | |
resource_app_id = "00000003-0000-0000-c000-000000000000" | |
resource_access { | |
id = "7ab1d382-f21e-4acd-a863-ba3e13f7da61" | |
type = "Role" | |
} | |
resource_access { | |
id = "06da0dbc-49e2-44d2-8312-53f166ab848a" | |
type = "Scope" | |
} | |
resource_access { | |
id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d" | |
type = "Scope" | |
} | |
} | |
required_resource_access { | |
resource_app_id = "00000002-0000-0000-c000-000000000000" | |
resource_access { | |
id = "311a71cc-e848-46a1-bdf8-97ff7156d8e6" | |
type = "Scope" | |
} | |
} | |
} | |
resource "azuread_service_principal" "aks-aad-srv" { | |
application_id = "${azuread_application.aks-aad-srv.application_id}" | |
} | |
resource "random_password" "aks-aad-srv" { | |
length = 16 | |
special = true | |
} | |
resource "azuread_application_password" "aks-aad-srv" { | |
application_object_id = "${azuread_application.aks-aad-srv.object_id}" | |
value = "${random_password.aks-aad-srv.result}" | |
end_date = "2024-01-01T01:02:03Z" | |
} | |
# AAD AKS kubectl app | |
resource "azuread_application" "aks-aad-client" { | |
name = "${var.clustername}client" | |
homepage = "https://${var.clustername}client" | |
reply_urls = ["https://${var.clustername}client"] | |
type = "native" | |
required_resource_access { | |
resource_app_id = "${azuread_application.aks-aad-srv.application_id}" | |
resource_access { | |
id = "${azuread_application.aks-aad-srv.oauth2_permissions.0.id}" | |
type = "Scope" | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment