I have the following code:
resource "random_string" "password" {
length = 16
special = true
override_special = "_%@"
}
resource "azuread_service_principal_password" "auth" {
service_principal_id = azuread_service_principal.auth.id
value = random_string.password.result
end_date_relative = "240h"
}
I want to use the password in a resource to create an AKS cluster:
resource "azurerm_kubernetes_cluster" "default" {
name = "${random_pet.prefix.id}-aks"
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
dns_prefix = "${random_pet.prefix.id}-k8s"
default_node_pool {
name = var.node_pool
node_count = var.node_count
vm_size = var.vm_size
os_disk_size_gb = 30
}
service_principal {
client_id = azuread_service_principal.auth.application_id
client_secret = azuread_service_principal_password.auth.value
}
role_based_access_control {
enabled = true
}
tags = {
environment = "Demo"
}
}
However, when I run terraform apply, I get:
Error: Value for unconfigurable attribute
│
│ with azuread_service_principal_password.auth,
│ on aks-cluster.tf line 26, in resource "azuread_service_principal_password" "auth":
│ 26: value = random_string.password.result
│
│ Can't configure a value for "value": its value will be decided automatically based on the result of applying this
│ configuration.
Is there a way of generating the service principal password in my config and then using it later on in the same configuration ?
2
Answers
If your question is to set a user defined password/secret for a Service Principal, then it is not possible to do so.
azuread_service_principal_password
is essentially a wrapper overservicePrincipal: addPassword
Graph API call which does not allow you to specify your own password/secret.You need to use
azuread_application_password
instead ofazuread_service_principal_password
so you can specify the random string value.