made sure the code works with latest providers

munnep · munnep · commit d74fff8ea202 · 2025-09-17T14:43:50.000+02:00
diff --git a/azure/azure.tf b/azure/azure.tf
@@ -1,12 +1,10 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-provider "azurerm" {
-  features {}
-}
-
-provider "azuread" {
-}
+# Data source used to get information about the current Azure AD tenant.
+#
+# https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/client_config
+data "azuread_client_config" "current" {}
 
 # Data source used to get the current subscription's ID.
 #
@@ -19,14 +17,16 @@ data "azurerm_subscription" "current" {
 # https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application
 resource "azuread_application" "tfc_application" {
   display_name = "tfc-application"
+  owners       = [data.azuread_client_config.current.object_id]
 }
 
 # Creates a service principal associated with the previously created
 # application registration.
 #
 # https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal
 resource "azuread_service_principal" "tfc_service_principal" {
-  application_id = azuread_application.tfc_application.application_id
+  # application_id = azuread_application.tfc_application.application_id
+  client_id = azuread_application.tfc_application.client_id
 }
 
 # Creates a role assignment which controls the permissions the service
@@ -44,22 +44,22 @@ resource "azurerm_role_assignment" "tfc_role_assignment" {
 #
 # https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application_federated_identity_credential
 resource "azuread_application_federated_identity_credential" "tfc_federated_credential_plan" {
-  application_object_id = azuread_application.tfc_application.object_id
-  display_name          = "my-tfc-federated-credential-plan"
-  audiences             = [var.tfc_azure_audience]
-  issuer                = "https://${var.tfc_hostname}"
-  subject               = "organization:${var.tfc_organization_name}:project:${var.tfc_project_name}:workspace:${var.tfc_workspace_name}:run_phase:plan"
+  application_id = azuread_application.tfc_application.id
+  display_name   = "my-tfc-federated-credential-plan"
+  audiences      = [var.tfc_azure_audience]
+  issuer         = "https://${var.tfc_hostname}"
+  subject        = "organization:${var.tfc_organization_name}:project:${var.tfc_project_name}:workspace:${var.tfc_workspace_name}:run_phase:plan"
 }
 
 # Creates a federated identity credential which ensures that the given
 # workspace will be able to authenticate to Azure for the "apply" run phase.
 #
 # https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application_federated_identity_credential
 resource "azuread_application_federated_identity_credential" "tfc_federated_credential_apply" {
-  application_object_id = azuread_application.tfc_application.object_id
-  display_name          = "my-tfc-federated-credential-apply"
-  audiences             = [var.tfc_azure_audience]
-  issuer                = "https://${var.tfc_hostname}"
-  subject               = "organization:${var.tfc_organization_name}:project:${var.tfc_project_name}:workspace:${var.tfc_workspace_name}:run_phase:apply"
+  application_id = azuread_application.tfc_application.id
+  display_name   = "my-tfc-federated-credential-apply"
+  audiences      = [var.tfc_azure_audience]
+  issuer         = "https://${var.tfc_hostname}"
+  subject        = "organization:${var.tfc_organization_name}:project:${var.tfc_project_name}:workspace:${var.tfc_workspace_name}:run_phase:apply"
 }
 
diff --git a/azure/providers.tf b/azure/providers.tf
@@ -0,0 +1,29 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "4.44.0"
+    }
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "3.5.0"
+    }
+    tfe = {
+      source  = "hashicorp/tfe"
+      version = "0.69.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+  subscription_id = var.az_subscription_id
+}
+
+provider "azuread" {
+}
+
+provider "tfe" {
+  hostname = var.tfc_hostname
+  token    = var.tfc_token
+}
diff --git a/azure/terraform.tfvars.example b/azure/terraform.tfvars.example
@@ -1 +1,4 @@
-tfc_organization_name = "my-organization"
+tfc_organization_name = "<my_organization>"
+az_subscription_id    = "<my_azure_subscription_id>"
+tfc_token             = "<my_tfc_token>"
+tfc_hostname          = "<my_tfc_hostname>"
diff --git a/azure/vars.tf b/azure/vars.tf
@@ -29,3 +29,13 @@ variable "tfc_workspace_name" {
   default     = "my-azure-workspace"
   description = "The name of the workspace that you'd like to create and connect to Azure"
 }
+
+variable "az_subscription_id" {
+  type        = string
+  description = "Azure Subscription ID where resources will be created"
+}
+
+variable "tfc_token" {
+  type        = string
+  description = "Terraform Cloud API token"
+}
