Revert "hotfix(dns) use existing Azure AD application for Let's Encry…

…pt instead of managing it(s)" (#32) This reverts commit 77267a9.
jenkins-infra · Jan 14, 2023 · 9f0b938 · 9f0b938
1 parent 77267a9
commit 9f0b938
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/dns.tf b/dns.tf
@@ -30,14 +30,22 @@ resource "azurerm_dns_ns_record" "child_zone_ns_records" {
   records = azurerm_dns_zone.child_zones[each.key].name_servers
 }
 
-data "azuread_application" "letsencrypt_dns_challenge" {
-  display_name = "letsencrypt-dns-challenge"
+resource "azuread_application" "letsencrypt_dns_challenges" {
+  for_each = { for key, value in local.lets_encrypt_dns_challenged_domains : key => value if value == "service_principal" }
+
+  display_name = replace(each.key, ".", "_")
+  owners       = [data.azuread_client_config.current.object_id]
+  tags         = [for key, value in local.default_tags : "${key}:${value}"]
+
+  web {
+    homepage_url = "https://github.com/jenkins-infra/azure-net"
+  }
 }
 
 resource "azuread_service_principal" "child_zone_service_principals" {
   for_each = { for key, value in local.lets_encrypt_dns_challenged_domains : key => value if value == "service_principal" }
 
-  application_id = data.azuread_application.letsencrypt_dns_challenge.application_id
+  application_id = azuread_application.letsencrypt_dns_challenges[each.key].application_id
 }
 
 resource "azuread_service_principal_password" "child_zone_service_principal_passwords" {

diff --git a/main.tf b/main.tf
@@ -0,0 +1,2 @@
+# This data source allows referencing the identity used by Terraform to connect to the Azure API
+data "azuread_client_config" "current" {}