Rename and refactoring az-disk-encryption-set to az-des

using-system · using-system · commit da635205b777 · 2023-09-24T15:35:26.000+02:00
diff --git a/terraform/modules/az-des/main.tf b/terraform/modules/az-des/main.tf
@@ -1,8 +1,3 @@
-locals {
-  identity_ids_with_index = { for idx, id in var.identity_ids : idx => id }
-}
-
-
 resource "azurerm_key_vault_key" "des" {
   name         = var.name
   key_vault_id = var.kv_id
@@ -30,24 +25,26 @@ resource "azurerm_key_vault_key" "des" {
   expiration_date = var.expiration_date
 }
 
+resource "azurerm_role_assignment" "des" {
+  scope                = var.kv_id
+  role_definition_name = "Key Vault Crypto Service Encryption User"
+  principal_id         = var.principal_id
+}
+
 resource "azurerm_disk_encryption_set" "des" {
+
+  depends_on = [azurerm_role_assignment.des]
+
   name                = var.name
   resource_group_name = var.resource_group_name
   location            = var.location
   key_vault_key_id    = azurerm_key_vault_key.des.id
 
   identity {
     type         = "UserAssigned"
-    identity_ids = var.identity_ids
+    identity_ids = [var.identity_id]
   }
 
   tags = var.tags
 }
 
-resource "azurerm_role_assignment" "des" {
-  for_each = local.identity_ids_with_index
-
-  scope                = var.kv_id
-  role_definition_name = "Key Vault Crypto Service Encryption User"
-  principal_id         = each.value
-}
diff --git a/terraform/modules/az-des/variables.tf b/terraform/modules/az-des/variables.tf
@@ -48,9 +48,14 @@ variable "expiration_date" {
   default     = null
 }
 
-variable "identity_ids" {
-  description = "A list of User Assigned Identity IDs to assign to the Disk Encryption Set."
-  type        = list(string)
+variable "identity_id" {
+  description = "The ID of the identity to assign to the disk encryption set."
+  type        = string
+}
+
+variable "principal_id" {
+  description = "The ID of the principal to assign to the disk encryption set."
+  type        = string
 }
 
 variable "tags" {
