[DEVEX-50] Fix azure_federated_identity_with_github module (#12)

pagopa · May 7, 2024 · 8c3adcc · 8c3adcc
1 parent eb49ec5
commit 8c3adcc
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 28 deletions.
diff --git a/infra/modules/azure_federated_identity_with_github/README.md b/infra/modules/azure_federated_identity_with_github/README.md
@@ -31,8 +31,8 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_continuos_delivery"></a> [continuos\_delivery](#input\_continuos\_delivery) | Continuos Delivery identity properties, such as repositories to federated with and RBAC roles | <pre>object({<br>    enable = bool<br>    roles = object({<br>      subscription    = set(string)<br>      resource_groups = map(list(string))<br>    })<br>  })</pre> | <pre>{<br>  "enable": true,<br>  "roles": {<br>    "resource_groups": {<br>      "terraform-state-rg": [<br>        "Storage Blob Data Contributor"<br>      ]<br>    },<br>    "subscription": [<br>      "Contributor"<br>    ]<br>  }<br>}</pre> | no |
-| <a name="input_continuos_integration"></a> [continuos\_integration](#input\_continuos\_integration) | Continuos Integration identity properties, such as repositories to federated with and RBAC roles | <pre>object({<br>    enable = bool<br>    roles = object({<br>      subscription    = set(string)<br>      resource_groups = map(list(string))<br>    })<br>  })</pre> | <pre>{<br>  "enable": true,<br>  "roles": {<br>    "resource_groups": {<br>      "terraform-state-rg": [<br>        "Storage Blob Data Contributor"<br>      ]<br>    },<br>    "subscription": [<br>      "Reader",<br>      "Reader and Data Access",<br>      "PagoPA IaC Reader",<br>      "DocumentDB Account Contributor"<br>    ]<br>  }<br>}</pre> | no |
+| <a name="input_continuos_delivery"></a> [continuos\_delivery](#input\_continuos\_delivery) | Continuos Delivery identity properties, such as repositories to federated with and RBAC roles | <pre>object({<br>    enable = bool<br>    roles = optional(object({<br>      subscription    = set(string)<br>      resource_groups = map(list(string))<br>    }))<br>  })</pre> | <pre>{<br>  "enable": true,<br>  "roles": {<br>    "resource_groups": {<br>      "terraform-state-rg": [<br>        "Storage Blob Data Contributor"<br>      ]<br>    },<br>    "subscription": [<br>      "Contributor"<br>    ]<br>  }<br>}</pre> | no |
+| <a name="input_continuos_integration"></a> [continuos\_integration](#input\_continuos\_integration) | Continuos Integration identity properties, such as repositories to federated with and RBAC roles | <pre>object({<br>    enable = bool<br>    roles = optional(object({<br>      subscription    = set(string)<br>      resource_groups = map(list(string))<br>    }))<br>  })</pre> | <pre>{<br>  "enable": true,<br>  "roles": {<br>    "resource_groups": {<br>      "terraform-state-rg": [<br>        "Storage Blob Data Contributor"<br>      ]<br>    },<br>    "subscription": [<br>      "Reader",<br>      "Reader and Data Access",<br>      "PagoPA IaC Reader",<br>      "DocumentDB Account Contributor"<br>    ]<br>  }<br>}</pre> | no |
 | <a name="input_domain"></a> [domain](#input\_domain) | (Optional) Domain of the project | `string` | `""` | no |
 | <a name="input_env"></a> [env](#input\_env) | Environment name | `string` | n/a | yes |
 | <a name="input_env_short"></a> [env\_short](#input\_env\_short) | Environment short name | `string` | n/a | yes |

diff --git a/infra/modules/azure_federated_identity_with_github/outputs.tf b/infra/modules/azure_federated_identity_with_github/outputs.tf
@@ -1,31 +1,25 @@
 output "federated_ci_identity" {
-  value = {
-    id                  = module.federated_ci_identity[0].identity_principal_id
-    client_id           = module.federated_ci_identity[0].identity_client_id
-    name                = module.federated_ci_identity[0].identity_app_name
-    resource_group_name = module.federated_ci_identity[0].identity_resource_group
-  }
-
-  precondition {
-    condition     = var.continuos_integration.enable == true
-    error_message = "Continuos Integration is not enabled"
-  }
+  value = try(
+    {
+      id                  = module.federated_ci_identity[0].identity_principal_id
+      client_id           = module.federated_ci_identity[0].identity_client_id
+      name                = module.federated_ci_identity[0].identity_app_name
+      resource_group_name = module.federated_ci_identity[0].identity_resource_group
+    }, {}
+  )
 
   description = "Data about the Continuos Integration managed identity created"
 }
 
 output "federated_cd_identity" {
-  value = {
-    id                  = module.federated_cd_identity[0].identity_principal_id
-    client_id           = module.federated_cd_identity[0].identity_client_id
-    name                = module.federated_cd_identity[0].identity_app_name
-    resource_group_name = module.federated_cd_identity[0].identity_resource_group
-  }
-
-  precondition {
-    condition     = var.continuos_delivery.enable == true
-    error_message = "Continuos Delivery is not enabled"
-  }
+  value = try(
+    {
+      id                  = module.federated_cd_identity[0].identity_principal_id
+      client_id           = module.federated_cd_identity[0].identity_client_id
+      name                = module.federated_cd_identity[0].identity_app_name
+      resource_group_name = module.federated_cd_identity[0].identity_resource_group
+    }, {}
+  )
 
   description = "Data about the Continuos Delivery managed identity created"
 }
diff --git a/infra/modules/azure_federated_identity_with_github/variables.tf b/infra/modules/azure_federated_identity_with_github/variables.tf
@@ -32,10 +32,10 @@ variable "repositories" {
 variable "continuos_integration" {
   type = object({
     enable = bool
-    roles = object({
+    roles = optional(object({
       subscription    = set(string)
       resource_groups = map(list(string))
-    })
+    }))
   })
 
   default = {
@@ -61,10 +61,10 @@ variable "continuos_integration" {
 variable "continuos_delivery" {
   type = object({
     enable = bool
-    roles = object({
+    roles = optional(object({
       subscription    = set(string)
       resource_groups = map(list(string))
-    })
+    }))
   })
 
   default = {