Add workload code into service principal name

arkahna · Nov 21, 2022 · 9807f5d · 9807f5d
1 parent 9e57476
commit 9807f5d
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 11 deletions.
diff --git a/.changeset/twelve-singers-sell.md b/.changeset/twelve-singers-sell.md
@@ -0,0 +1,5 @@
+---
+'@arkahna/nx-terraform': patch
+---
+
+Fixed service principal naming
diff --git a/libs/nx-terraform/src/generators/create-environment-sp/generator.ts b/libs/nx-terraform/src/generators/create-environment-sp/generator.ts
@@ -21,7 +21,7 @@ export default async function (
 
     const servicePrincipalName =
         options.name ??
-        `gh-actions-${repoSettings.azureResourcePrefix}-${options.environmentName}-sp`
+        `gh-actions-${repoSettings.azureResourcePrefix}-${options.environmentName}-${repoSettings.azureWorkloadCode}-sp`
     const scopes = `/subscriptions/${environmentConfig.subscriptionId}/resourcegroups/${environmentConfig.resourceGroupName}`
     const containerScope = `/subscriptions/${environmentConfig.subscriptionId}/resourceGroups/${environmentConfig.resourceGroupName}/providers/Microsoft.Storage/storageAccounts/${environmentConfig.terraformStorageAccount}/blobServices/default/containers/${environmentConfig.terraformStorageContainer}`
 
@@ -62,16 +62,7 @@ export default async function (
     }
 
     return async () => {
-        console.log('Ensuring logged in to correct tenant')
-        const accountShow = await getCurrentAzAccount()
-        if (accountShow.tenantId !== environmentConfig.tenantId) {
-            console.log(
-                'Current subscription belongs to wrong Tenant, select the correct subscription using:',
-            )
-            console.log(`> az account set --subscription ${environmentConfig.subscriptionId}`)
-
-            throw new Error('Tenant id does not match')
-        }
+        await ensureLoggedIntoCorrectTenant(environmentConfig)
 
         console.log(`> ${getEscapedCommand(`az`, createServicePrincipalArgs)}`)
         await execa(`az`, createServicePrincipalArgs, {
@@ -125,3 +116,31 @@ ${environmentConfig.environmentFileBody}
         )
     }
 }
+async function ensureLoggedIntoCorrectTenant(environmentConfig: {
+    environment: string
+    subscriptionId: string
+    tenantId: string
+    resourceGroupName: string
+    resourceLocation: string
+    terraformStorageAccount: string
+    terraformStorageContainer: string
+    keyVaultName: string
+    environmentMarkdownFilePath: string
+    environmentAttributes: Record<string, string>
+    terragruntConfigFile: string
+    terraformCloudWorkspaceName: string
+    environmentFile: string
+    attributes: Record<string, string>
+    environmentFileBody: string
+}) {
+    console.log('Ensuring logged in to correct tenant')
+    const accountShow = await getCurrentAzAccount()
+    if (accountShow.tenantId !== environmentConfig.tenantId) {
+        console.log(
+            'Current subscription belongs to wrong Tenant, select the correct subscription using:',
+        )
+        console.log(`> az account set --subscription ${environmentConfig.subscriptionId}`)
+
+        throw new Error('Tenant id does not match')
+    }
+}