Allow zero days secret expiration (#47)

* Update providers

* Allow secret_expiration_days = 0

* Ignore backend.tf

* Set TF_VAR_resource_suffix

Author: geekzter

.gitignore

@@ -4,6 +4,7 @@
 # .tfstate files
 *.tfstate
 *.tfstate.*
+backend.tf
 
 # Crash log files
 crash.log

terraform/azure-devops/create-service-connection/.terraform.lock.hcl

@@ -132,6 +132,7 @@ jobs:
       TF_VAR_azdo_creates_identity: ${{ lower(eq(parameters.serviceConnectionCreationMode, 'Automatic')) }}
       TF_VAR_create_federation: ${{ lower(contains(parameters.identityType, 'federation')) }}
       TF_VAR_create_managed_identity: ${{ lower(contains(parameters.identityType, 'Managed Identity')) }}
+      TF_VAR_resource_suffix: $(Build.BuildId)
     managedIdentityResourceGroupLocation: centralus
     managedIdentityResourceGroupName: ${{ split(variables['System.CollectionUri'], '/')[3] }}-service-connections
 

terraform/azure-devops/create-service-connection/azure-pipelines.yml

@@ -2,7 +2,7 @@ data azuread_client_config current {}
 
 locals {
   owner_object_id              = var.owner_object_id != null && var.owner_object_id != "" ? lower(var.owner_object_id) : data.azuread_client_config.current.object_id
-  expiration_expression        = "${var.secret_expiration_days * 24}h"
+  expiration_expression        = "${var.secret_expiration_days * 24}h01m"
 }
 
 resource azuread_application app_registration {
@@ -28,7 +28,7 @@ resource azuread_application_federated_identity_credential fic {
 }
 
 resource time_rotating secret_expiration {
-  rotation_days                = var.secret_expiration_days
+  rotation_days                = max(var.secret_expiration_days,1)
 
   count                        = var.create_federation ? 0 : 1
 }