Feature/modify workflow description (#8)

* DEVOPS-257 updated app.tf t have time based expiry for secret

* updated outut file to ahve woners and expiry date DEVOPS-257

* added variable to have expiry date as input DEVOPS-257

* Added `app_registation_expiry` input to GitHub workflow with default value and options, and updated `Terraform Plan` step to include this new input. DEVOPS-257

* "Updated Terraform Plan step in Azure create app registrations workflow to use a multi-line command"

* "Update workflow YAML: modify descriptions for app_registration_description and app_registration_owners inputs" DEVOPS-257

* "Added 'sensitive = false' to 'azure_app_registration_secret' output in output.tf"

Author: githubofkrishnadhas

.github/workflows/azure-create-app-registrations-using-terraform.yaml

@@ -9,11 +9,23 @@ on:
       app_registration_description:
         type: string
         required: false
-        description: 'Provide description for your application if any'
+        description: 'Provide description for your application if any. Donot enclose in quotes'
       app_registration_owners:
         type: string
         required: true
-        description: 'Owners of Application registration. Seperate by comma if more than one owner. Donot enclose in quotes'
+        description: 'Owners of Application registration. Seperate by comma if more than one owner.'
+      app_registation_expiry:
+        default : "60"
+        type: choice
+        options:
+          - 30
+          - 60
+          - 90
+          - 120
+          - 150
+          - 180
+          - 270
+          - 360
 
 run-name: Creating app registration ${{ inputs.app_registration_name }} in azure
 jobs:
@@ -39,7 +51,13 @@ jobs:
         run: terraform init
 
       - name: Terraform Plan
-        run: terraform plan -var="app_registration_name=${{ inputs.app_registration_name }}" -var="app_registration_owners=${{ inputs.app_registration_owners }}" -var="app_registration_description=${{ inputs.app_registration_description }}" -out "plan.out"
+        run: |
+          terraform plan \
+          -var="app_registration_name=${{ inputs.app_registration_name }}" \
+          -var="app_registration_owners=${{ inputs.app_registration_owners }}" \
+          -var="app_registration_description=${{ inputs.app_registration_description }}" \
+          -var="app_registation_expiry=${{ inputs.app_registation_expiry }}" \
+          -out "plan.out"
 
       - name: Terraform show
         run: terraform show "plan.out"

app.tf

@@ -17,10 +17,15 @@ resource "azuread_application" "app" {
   description  = var.app_registration_description
 }
 
+# Time based expiry
+resource "time_rotating" "time" {
+  rotation_days = var.app_registation_expiry
+}
+
 # Azure app registration secret
 resource "azuread_application_password" "app" {
   application_id    = azuread_application.app.id
-  end_date_relative = "720h" # a month
+  end_date = time_rotating.time.rotation_rfc3339
   display_name      = "Secret Created Using Terraform"
 }
 

output.tf

@@ -4,8 +4,17 @@ output "azure_app_registration_id" {
 
 output "azure_app_registration_secret" {
   value = nonsensitive(azuread_application_password.app.value)
+  sensitive = false
 }
 
 output "azure_app_registation_tenant" {
   value = azuread_service_principal.sp.application_tenant_id
+}
+
+output "azure_app_registation_owners" {
+  value = var.app_registration_owners
+}
+
+output "azure_app_registation_expiry_date" {
+  value = azuread_application_password.app.end_date
 }

variable.tf

@@ -1,5 +1,5 @@
 variable "app_registration_name" {
-  default     = "test-app"
+  default     = "ewtest-app"
   type        = string
   description = "New azure App registration name"
 }
@@ -13,4 +13,9 @@ variable "app_registration_description" {
   type        = string
   description = "Description for you app"
   default     = "Azure App registration created using terraform"
+}
+
+variable "app_registation_expiry" {
+  type = string
+  description = "App registration secret expiration period"
 }