Update comments, use coalesce

Author: avatus

examples/terraform-modules/teleport-azure-discovery/README.md

@@ -2,12 +2,12 @@
 
 This Terraform module creates the Azure and Teleport cluster resources necessary for a Teleport cluster to discover Azure virtual machines:
 
-- Azure user-assigned managed identity for Teleport Discovery Service to use.
-- Azure federated identity credential that trusts the Teleport proxy as an issuer.
-- Azure custom role definition and assignment that grant the minimum VM discovery and install permissions.
-- Teleport `discovery_config` cluster resource that configures Teleport for Azure VM discovery.
-- Teleport `integration` cluster resource for Azure OIDC.
-- Teleport `token` cluster resource that allows Teleport nodes to join the cluster using Azure credentials.
+- **Azure user-assigned managed identity**: Used by the Teleport Discovery Service to authenticate to Azure APIs for scanning and managing VMs in the specified resource groups.
+- **Azure federated identity credential**: Establishes trust between Azure and your Teleport cluster by allowing the managed identity to authenticate using OIDC tokens issued by your Teleport proxy.
+- **Azure custom role definition and assignment**: Grants the managed identity the minimum required permissions to discover VMs and run installation commands on them.
+- **Teleport `discovery_config` cluster resource**: Configures the discovery parameters (subscriptions, resource groups, tags) that determine which Azure VMs will be discovered and enrolled.
+- **Teleport `integration` cluster resource**: Stores the Azure OIDC integration configuration in your Teleport cluster, linking the Azure tenant and client ID to enable authentication.
+- **Teleport `token` cluster resource**: Provides the join token that discovered Azure VMs will use to authenticate and join your Teleport cluster.
 
 ## Prerequisites
 
@@ -31,14 +31,14 @@ For bugs related to this code, please [open an issue](https://github.com/gravita
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | >= 1.6.0 |
 | <a name="requirement_azurerm"></a> [azurerm](#requirement_azurerm) | ~> 4.0 |
-| <a name="requirement_teleport"></a> [teleport](#requirement_teleport) | ~> 18.5 |
+| <a name="requirement_teleport"></a> [teleport](#requirement_teleport) | ~> 18.7 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_azurerm"></a> [azurerm](#provider_azurerm) | ~> 4.0 |
-| <a name="provider_teleport"></a> [teleport](#provider_teleport) | ~> 18.5 |
+| <a name="provider_teleport"></a> [teleport](#provider_teleport) | ~> 18.7 |
 
 ## Modules
 

examples/terraform-modules/teleport-azure-discovery/main.tf

@@ -8,7 +8,7 @@ terraform {
     }
     teleport = {
       source  = "terraform.releases.teleport.dev/gravitational/teleport"
-      version = "~> 18.5"
+      version = "~> 18.7"
     }
   }
 }
@@ -20,8 +20,14 @@ locals {
   discovery_resource_groups = var.discovery_resource_group_names
   proxy_addr                = var.proxy_addr
   discovery_group           = var.discovery_group_name
-  identity_resource_group   = var.identity_resource_group_name != "" ? var.identity_resource_group_name : local.discovery_resource_groups[0]
-  tags                      = var.tags
+  # Use the specified identity resource group, or default to the first discovery resource group
+  # if none is provided. This allows managed identity groups to be in a separate resource group
+  # from where VMs are discovered.
+  identity_resource_group = coalesce(
+    var.identity_resource_group_name,
+    local.discovery_resource_groups[0]
+  )
+  tags = var.tags
 
   names = {
     identity         = "${var.prefix}-discovery-identity"
@@ -32,7 +38,8 @@ locals {
     role             = "${var.prefix}-discovery-role"
   }
 
-  issuer = "https://${replace(local.proxy_addr, ":443", "")}"
+  # Extract the host from proxy_addr (format: host:port) to construct the OIDC issuer URL
+  issuer = "https://${split(":", local.proxy_addr)[0]}"
 }
 
 # User-assigned managed identity for discovery

examples/terraform-modules/teleport-azure-discovery/variables.tf

@@ -38,7 +38,7 @@ variable "tags" {
 variable "identity_resource_group_name" {
   type        = string
   description = "Resource group to place identity resources; defaults to first discovery RG when empty."
-  default     = ""
+  default     = null
 }
 
 variable "discovery_group_name" {