cleanup service_principal creation

README.md

@@ -41,8 +41,8 @@
 ## Terraform
 * [Tearraform](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_Azure/terraform)
 ### Examples
-#### Subnet-list, Single region
-* [all_nsg](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_Azure/terraform/module/examples/all_nsg)
+#### All Virtual Networks from multiple Resource Groups
+* [single_account_multiple_resource_groups](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups)
 
 ## Ansible
 * [Ansible](cloud_Azure/ansible/roles/kentik_az)

cloud_Azure/terraform/module/README.md

@@ -19,7 +19,7 @@ NetworkWatcher is automatically created by Azure when VirtualNetwork is created
 
 ## Usage examples
 
-* [All Network Security Groups in requested Resource Groups in single Azure Account](examples/single_account_multiple_resource_groups)
+* [All Virtual Networks in requested Resource Groups in single Azure Account](examples/single_account_multiple_resource_groups)
 * [All Network Security Groups in requested Resource Groups in multiple Azure Accounts](examples/multiple_accounts_multiple_resource_group)
 
 ## Requirements

cloud_Azure/terraform/module/output.tf

@@ -19,6 +19,6 @@ output "storage_accounts" {
 }
 
 output "principal_id" {
-  value       = local.kentik_nsg_flow_exporter_id
-  description = "Service Principal ID created for Kentik NSG Flow Exporter application"
+  value       = local.kentik_vnet_flow_exporter_id
+  description = "Service Principal ID created for Kentik VNet Flow Exporter application"
 }

cloud_Azure/terraform/module/roles.tf

@@ -4,7 +4,7 @@ resource "azurerm_role_assignment" "kentik_role_contributor" {
 
   scope                = each.value.id
   role_definition_name = "Contributor"
-  principal_id         = local.kentik_nsg_flow_exporter_id
+  principal_id         = local.kentik_vnet_flow_exporter_id
 }
 
 # Provide service principal Reader role to each Resource Group
@@ -13,5 +13,5 @@ resource "azurerm_role_assignment" "kentik_role_reader" {
 
   scope                = "/subscriptions/${var.subscription_id}/resourceGroups/${each.value}"
   role_definition_name = "Reader"
-  principal_id         = local.kentik_nsg_flow_exporter_id
+  principal_id         = local.kentik_vnet_flow_exporter_id
 }

cloud_Azure/terraform/module/service_principal.tf

@@ -1,20 +1,20 @@
 data "azuread_client_config" "current" {}
 
-data "azuread_service_principals" "existing_nsg_flow_exporter" {
-  client_ids = [var.flow_exporter_application_id]
+data "azuread_service_principals" "existing_vnet_flow_exporter" {
+  client_ids     = [var.flow_exporter_application_id]
   ignore_missing = true
 }
 
 locals {
-  nsg_flow_exporter_already_exists = length(data.azuread_service_principals.existing_nsg_flow_exporter.object_ids) == 1 ? true : false
+  vnet_flow_exporter_already_exists = length(data.azuread_service_principals.existing_vnet_flow_exporter.object_ids) == 1
 }
 
-# Creates Service Principal for pre-existing "Kentik NSG Flow Exporter" app, so the app can access flow logs in Azure cloud
+# Creates Service Principal for pre-existing "Kentik VNet Flow Exporter" app, so the app can access flow logs in Azure cloud
 # This resource is shared across Azure Account, so only create it if doesn't exist yet
-resource "azuread_service_principal" "new_nsg_flow_exporter" {
-  count = local.nsg_flow_exporter_already_exists ? 0 : 1
+resource "azuread_service_principal" "new_vnet_flow_exporter" {
+  count = local.vnet_flow_exporter_already_exists ? 0 : 1
 
-  client_id               = var.flow_exporter_application_id
+  client_id                    = var.flow_exporter_application_id
   app_role_assignment_required = false
   owners                       = [data.azuread_client_config.current.object_id]
 
@@ -24,5 +24,5 @@ resource "azuread_service_principal" "new_nsg_flow_exporter" {
 }
 
 locals {
-  kentik_nsg_flow_exporter_id = local.nsg_flow_exporter_already_exists ? data.azuread_service_principals.existing_nsg_flow_exporter.object_ids[0] : azuread_service_principal.new_nsg_flow_exporter[0].object_id
-}
+  kentik_vnet_flow_exporter_id = local.vnet_flow_exporter_already_exists ? data.azuread_service_principals.existing_vnet_flow_exporter.object_ids[0] : azuread_service_principal.new_vnet_flow_exporter[0].object_id
+}