ci: query identity directly instead of searching in list (#2985)

* ci: add debug information when UAMI is missing

* ci: query identity directly instead of searching in list
This commit is contained in:
Markus Rudy 2024-03-18 08:40:15 +01:00 committed by GitHub
parent 0b13c5bca9
commit 1a10cf645d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -40,8 +40,15 @@ runs:
if: inputs.cloudProvider == 'azure' if: inputs.cloudProvider == 'azure'
shell: bash shell: bash
run: | run: |
UAMI=$(yq eval ".provider.azure.userAssignedIdentity | upcase" constellation-conf.yaml) UAMI=$(yq eval ".provider.azure.userAssignedIdentity" constellation-conf.yaml)
PRINCIPAL_ID=$(az identity list | yq ".[] | select(.id | test(\"(?i)$UAMI\"; \"g\")) | .principalId") PRINCIPAL_ID=$(az identity show --ids "$UAMI" | yq ".principalId")
if [ -z "$PRINCIPAL_ID" ]; then
echo "::error::PRINCIPAL_ID for \"$UAMI\" not found"
echo "::group::Available identities"
az identity list | yq ".[].id"
echo "::endgroup::"
exit 1
fi
az role assignment create --role "Key Vault Secrets User" \ az role assignment create --role "Key Vault Secrets User" \
--assignee "$PRINCIPAL_ID" \ --assignee "$PRINCIPAL_ID" \
--scope /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/e2e-test-creds/providers/Microsoft.KeyVault/vaults/opensearch-creds --scope /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/e2e-test-creds/providers/Microsoft.KeyVault/vaults/opensearch-creds