From 181ea2179b89070476fcdcf4e0fcd9cc5c1a1822 Mon Sep 17 00:00:00 2001
From: jksprattler <jksprattler@users.noreply.github.com>
Date: Wed, 15 Jan 2025 15:49:04 -0600
Subject: [PATCH] cleanup service_principal creation

---
 README.md                                      |  4 ++--
 cloud_Azure/terraform/module/README.md         |  2 +-
 cloud_Azure/terraform/module/output.tf         |  4 ++--
 cloud_Azure/terraform/module/roles.tf          |  4 ++--
 .../terraform/module/service_principal.tf      | 18 +++++++++---------
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 663eb05..fbd185e 100644
--- a/README.md
+++ b/README.md
@@ -41,8 +41,8 @@
 ## Terraform
 * [Tearraform](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_Azure/terraform)
 ### Examples
-#### Subnet-list, Single region
-* [all_nsg](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_Azure/terraform/module/examples/all_nsg)
+#### All Virtual Networks from multiple Resource Groups
+* [single_account_multiple_resource_groups](https://github.com/kentik/config-snippets-cloud/tree/master/cloud_Azure/terraform/module/examples/single_account_multiple_resource_groups)
 
 ## Ansible
 * [Ansible](cloud_Azure/ansible/roles/kentik_az)
diff --git a/cloud_Azure/terraform/module/README.md b/cloud_Azure/terraform/module/README.md
index b90146e..fbdf7eb 100644
--- a/cloud_Azure/terraform/module/README.md
+++ b/cloud_Azure/terraform/module/README.md
@@ -19,7 +19,7 @@ NetworkWatcher is automatically created by Azure when VirtualNetwork is created
 
 ## Usage examples
 
-* [All Network Security Groups in requested Resource Groups in single Azure Account](examples/single_account_multiple_resource_groups)
+* [All Virtual Networks in requested Resource Groups in single Azure Account](examples/single_account_multiple_resource_groups)
 * [All Network Security Groups in requested Resource Groups in multiple Azure Accounts](examples/multiple_accounts_multiple_resource_group)
 
 ## Requirements
diff --git a/cloud_Azure/terraform/module/output.tf b/cloud_Azure/terraform/module/output.tf
index 6e7ee7a..70053e9 100644
--- a/cloud_Azure/terraform/module/output.tf
+++ b/cloud_Azure/terraform/module/output.tf
@@ -19,6 +19,6 @@ output "storage_accounts" {
 }
 
 output "principal_id" {
-  value       = local.kentik_nsg_flow_exporter_id
-  description = "Service Principal ID created for Kentik NSG Flow Exporter application"
+  value       = local.kentik_vnet_flow_exporter_id
+  description = "Service Principal ID created for Kentik VNet Flow Exporter application"
 }
diff --git a/cloud_Azure/terraform/module/roles.tf b/cloud_Azure/terraform/module/roles.tf
index c83d57b..73b5e2b 100644
--- a/cloud_Azure/terraform/module/roles.tf
+++ b/cloud_Azure/terraform/module/roles.tf
@@ -4,7 +4,7 @@ resource "azurerm_role_assignment" "kentik_role_contributor" {
 
   scope                = each.value.id
   role_definition_name = "Contributor"
-  principal_id         = local.kentik_nsg_flow_exporter_id
+  principal_id         = local.kentik_vnet_flow_exporter_id
 }
 
 # Provide service principal Reader role to each Resource Group
@@ -13,5 +13,5 @@ resource "azurerm_role_assignment" "kentik_role_reader" {
 
   scope                = "/subscriptions/${var.subscription_id}/resourceGroups/${each.value}"
   role_definition_name = "Reader"
-  principal_id         = local.kentik_nsg_flow_exporter_id
+  principal_id         = local.kentik_vnet_flow_exporter_id
 }
diff --git a/cloud_Azure/terraform/module/service_principal.tf b/cloud_Azure/terraform/module/service_principal.tf
index d625e84..f5e0bc7 100644
--- a/cloud_Azure/terraform/module/service_principal.tf
+++ b/cloud_Azure/terraform/module/service_principal.tf
@@ -1,20 +1,20 @@
 data "azuread_client_config" "current" {}
 
-data "azuread_service_principals" "existing_nsg_flow_exporter" {
-  client_ids = [var.flow_exporter_application_id]
+data "azuread_service_principals" "existing_vnet_flow_exporter" {
+  client_ids     = [var.flow_exporter_application_id]
   ignore_missing = true
 }
 
 locals {
-  nsg_flow_exporter_already_exists = length(data.azuread_service_principals.existing_nsg_flow_exporter.object_ids) == 1 ? true : false
+  vnet_flow_exporter_already_exists = length(data.azuread_service_principals.existing_vnet_flow_exporter.object_ids) == 1
 }
 
-# Creates Service Principal for pre-existing "Kentik NSG Flow Exporter" app, so the app can access flow logs in Azure cloud
+# Creates Service Principal for pre-existing "Kentik VNet Flow Exporter" app, so the app can access flow logs in Azure cloud
 # This resource is shared across Azure Account, so only create it if doesn't exist yet
-resource "azuread_service_principal" "new_nsg_flow_exporter" {
-  count = local.nsg_flow_exporter_already_exists ? 0 : 1
+resource "azuread_service_principal" "new_vnet_flow_exporter" {
+  count = local.vnet_flow_exporter_already_exists ? 0 : 1
 
-  client_id               = var.flow_exporter_application_id
+  client_id                    = var.flow_exporter_application_id
   app_role_assignment_required = false
   owners                       = [data.azuread_client_config.current.object_id]
 
@@ -24,5 +24,5 @@ resource "azuread_service_principal" "new_nsg_flow_exporter" {
 }
 
 locals {
-  kentik_nsg_flow_exporter_id = local.nsg_flow_exporter_already_exists ? data.azuread_service_principals.existing_nsg_flow_exporter.object_ids[0] : azuread_service_principal.new_nsg_flow_exporter[0].object_id
-}
\ No newline at end of file
+  kentik_vnet_flow_exporter_id = local.vnet_flow_exporter_already_exists ? data.azuread_service_principals.existing_vnet_flow_exporter.object_ids[0] : azuread_service_principal.new_vnet_flow_exporter[0].object_id
+}