Merge pull request #195 from Azure/pet-lz-fix

Add launchpad_identities for azuread groups and msi from launchpad to propagate
Azure · Jun 1, 2021 · fba5905 · fba5905
2 parents e162902 + 1ae9329
commit fba5905
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 13 deletions.
diff --git a/caf_launchpad/output.tf b/caf_launchpad/output.tf
@@ -24,3 +24,14 @@ output "tfstates" {
   value     = local.tfstates
   sensitive = true
 }
+
+
+output "launchpad_identities" {
+  value = var.propagate_launchpad_identities ? {
+    (var.landingzone.key) = {
+      azuread_groups = module.launchpad.azuread_groups
+      managed_identities = module.launchpad.managed_identities
+    }
+  } : {}
+  sensitive = true
+}
diff --git a/caf_launchpad/variables.tf b/caf_launchpad/variables.tf
@@ -211,4 +211,8 @@ variable "azurerm_routes" {
 
 variable "route_tables" {
   default = {}
+}
+
+variable "propagate_launchpad_identities" {
+  default = false
 }
diff --git a/caf_solution/add-ons/aks_applications/locals.remote_tfstates.tf b/caf_solution/add-ons/aks_applications/locals.remote_tfstates.tf
@@ -36,7 +36,7 @@ locals {
 
   remote = {
     aks_clusters = {
-      for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.aks_clusters[key], {}))
+      for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].aks_clusters, {}))
     }
   }
 

diff --git a/caf_solution/local.remote.tf b/caf_solution/local.remote.tf
@@ -3,9 +3,14 @@ locals {
     azuread_apps = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].azuread_apps, {}))
     }
-    azuread_groups = {
-      for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].azuread_groups, {}))
-    }
+    azuread_groups = merge(
+      tomap({"launchpad" = try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.launchpad_identities["launchpad"].azuread_groups, {})}),
+      {
+        for key, value in try(var.landingzone.tfstates, {}) : key => merge(
+          try(data.terraform_remote_state.remote[key].outputs.objects[key].azuread_groups, {})
+        )
+      }
+    )
     azuread_users = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].azuread_users, {}))
     }
@@ -42,9 +47,6 @@ locals {
     azuread_applications = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].azuread_applications, {}))
     }
-    azuread_groups = {
-      for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].azuread_groups, {}))
-    }
     azuread_users = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].azuread_users, {}))
     }
@@ -87,9 +89,14 @@ locals {
     machine_learning_workspaces = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].machine_learning_workspaces, {}))
     }
-    managed_identities = {
-      for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].managed_identities, {}))
-    }
+    managed_identities = merge(
+      tomap({"launchpad" = try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.launchpad_identities["launchpad"].managed_identities, {})}),
+      {
+        for key, value in try(var.landingzone.tfstates, {}) : key => merge(
+          try(data.terraform_remote_state.remote[key].outputs.objects[key].managed_identities, {})
+        )
+      }
+    )    
     mssql_databases = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].mssql_databases, {}))
     }

diff --git a/caf_solution/locals.remote_tfstates.tf b/caf_solution/locals.remote_tfstates.tf
@@ -37,7 +37,7 @@ locals {
     data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.global_settings, 
     var.global_settings
     )
-    
+
 
   diagnostics = {
     # Get the diagnostics settings of services to create

diff --git a/caf_solution/output.tf b/caf_solution/output.tf
@@ -11,16 +11,21 @@ output "objects" {
 }
 
 output "global_settings" {
-  value = module.solution.global_settings
+  value = local.global_settings
   sensitive = true
 }
 
 output "diagnostics" {
-  value = module.solution.diagnostics
+  value = merge(module.solution.diagnostics, local.diagnostics)
   sensitive = true
 }
 
 output "tfstates" {
   value     = local.tfstates
   sensitive = true
 }
+
+output "launchpad_identities" {
+  value     = var.propagate_launchpad_identities ? data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.launchpad_identities : {}
+  sensitive = true
+}
diff --git a/caf_solution/variables.tf b/caf_solution/variables.tf
@@ -238,4 +238,7 @@ variable "diagnostic_log_analytics" {
 }
 variable "var_folder_path" {
   default = null
+}
+variable "propagate_launchpad_identities" {
+  default = false
 }