# Generate random string to be used for Service Principal password
## <https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string>
resource "random_string" "password" {
length = 32
special = true
}
# Create Azure AD App
## <https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application>
resource "azuread_application" "aks" {
name = "${var.prefix}-aks-app"
available_to_other_tenants = false
}
# Create Service Principal associated with the Azure AD App
## <https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal>
resource "azuread_service_principal" "aks" {
application_id = azuread_application.aks.application_id
app_role_assignment_required = false
}
# Create Service Principal password
## <https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal_password>
resource "azuread_service_principal_password" "aks" {
service_principal_id = azuread_service_principal.aks.id
value = random_string.password.result
end_date_relative = "17520h"
}
# Create role assignment for service principal to VNET RG
## <https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment>
resource "azurerm_role_assignment" "aks" {
scope = azurerm_virtual_network.vnet.id
role_definition_name = "Contributor"
principal_id = azuread_service_principal.aks.id
}