feat(azure): more flexible subscription ids

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>

azure/modules/ad_application/main.tf

@@ -1,5 +1,6 @@
 locals {
-  tenant_id = length(var.tenant_id) > 0 ? var.tenant_id : data.azurerm_subscription.primary.tenant_id
+  tenant_id       = length(var.tenant_id) > 0 ? var.tenant_id : data.azurerm_subscription.primary.tenant_id
+  subscription_id = length(var.subscription_id) > 0 ? var.subscription_id : data.azurerm_subscription.primary.subscription_id
   application_id = var.create ? (
     length(azuread_application.lacework) > 0 ? azuread_application.lacework[0].application_id : ""
   ) : ""
@@ -95,8 +96,10 @@ resource "azurerm_key_vault_access_policy" "default" {
 
 data "azurerm_subscriptions" "available" {}
 resource "azurerm_role_assignment" "grant_reader_role_to_subscriptions" {
-  count = var.create ? length(data.azurerm_subscriptions.available.subscriptions) : 0
-  scope = "/subscriptions/${data.azurerm_subscriptions.available.subscriptions[count.index].subscription_id}"
+  #count = var.create ? length(data.azurerm_subscriptions.available.subscriptions) : 0
+  #scope = "/subscriptions/${data.azurerm_subscriptions.available.subscriptions[count.index].subscription_id}"
+  count = var.create ? 1 : 0
+  scope = "/subscriptions/${local.subscription_id}"
 
   principal_id         = local.service_principal_id
   role_definition_name = "Reader"

azure/modules/ad_application/variables.tf

@@ -4,6 +4,12 @@ variable "create" {
   description = "Set to false to prevent the module from creating any resources"
 }
 
+variable "subscription_id" {
+  type        = string
+  default     = ""
+  description = "Subscription ID"
+}
+
 variable "application_name" {
   type        = string
   default     = "lacework_security_audit"