modify azure sa name generation

jksprattler · jksprattler · commit cc476e9626d6 · 2025-01-20T15:09:50.000-06:00
diff --git a/cloud_Azure/terraform/module/README.md b/cloud_Azure/terraform/module/README.md
@@ -50,12 +50,12 @@ NetworkWatcher is automatically created by Azure when VirtualNetwork is created
 | email | Kentik account email | `string` | none | yes |
 | token | Kentik account token | `string` | none | yes |
 | plan_id | Kentik billing plan ID | `string` | none | yes |
-| name | Cloudexport entry name in Kentik | `string` | none | yes |
+| name | Cloudexport entry name in Kentik will be appended with: resource_group_names and subscription_id to ensure uniqueness | `string` | none | yes |
 | enabled | Defines if cloud export to Kentik is enabled | `bool` | true | no |
 | description | Cloudexport entry description in Kentik | `string` | `Created using Terraform` | no |
 | resource_tag | Azure Tag value to apply to created resources | `string` | `flow_log_exporter` | no |
 | flow_exporter_application_id | Kentik VNet Flow Exporter application ID | `string` | `a20ce222-63c0-46db-86d5-58551eeee89f` | no |
-| storage_account_names | Names of Storage Accounts for storing flow logs. Names must meet Azure Storage Account naming restrictions.<br>The list should either contain 1 Storage Account name for each Resource Group, or be empty, in which case names will be generated automatically. | `list of strings` | `[]` | no |
+| storage_account_names | Names of Storage Accounts to be created for storing flow logs. Names must meet Azure Storage Account naming restrictions.<br>The list should either contain 1 Storage Account name for each Resource Group, or be empty, in which case names will be generated automatically. | `list of strings` | `[]` | no |
 
 
 ## Outputs
diff --git a/cloud_Azure/terraform/module/storage_account.tf b/cloud_Azure/terraform/module/storage_account.tf
@@ -1,14 +1,19 @@
 # Prepare names that meet Azure Storage Account naming restrictions (only alphanum letters, max 24 length, Azure-wide unique)
-# Each output name is concatenation of Resource Group name and Subscription ID, adjusted to naming restrictions
+resource "random_id" "storage_account_id" {
+  byte_length = 6 # 6 bytes = 12 characters when base64 encoded
+}
+
+# Each output name is concatenation of the exporter name and a random id, adjusted to naming restrictions
 locals {
-  _names                          = [for name in var.resource_group_names : "${name}${var.subscription_id}"]
+  truncated_name                  = substr(var.name, 0, 12)
+  _names                          = [for name in var.resource_group_names : "${truncated_name}${random_id.storage_account_id.hex}"]
   _lowercase_names                = [for name in local._names : lower(name)]
   _alphanum_lowercase_names       = [for name in local._lowercase_names : join("", regexall("[[:alnum:]]+", name))]
   generated_storage_account_names = [for name in local._alphanum_lowercase_names : substr(name, 0, 24)]
 }
 
+# Create a map of resource group names to storage account names
 locals {
-  # Create a map of resource group names to storage account names
   resource_group_to_storage_account = {
     for rg in var.resource_group_names : rg => (
       length(var.storage_account_names) == length(var.resource_group_names) ?
