mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
cli: fix Terraform resource group dependencies (#1048)
This commit is contained in:
parent
6708aff984
commit
b8648261e3
@ -48,13 +48,13 @@ resource "azurerm_user_assigned_identity" "identity_uami" {
|
|||||||
|
|
||||||
# Assign roles to managed identity
|
# Assign roles to managed identity
|
||||||
resource "azurerm_role_assignment" "virtual_machine_contributor_role" {
|
resource "azurerm_role_assignment" "virtual_machine_contributor_role" {
|
||||||
scope = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${var.resource_group_name}"
|
scope = azurerm_resource_group.identity_resource_group.id
|
||||||
role_definition_name = "Virtual Machine Contributor"
|
role_definition_name = "Virtual Machine Contributor"
|
||||||
principal_id = azurerm_user_assigned_identity.identity_uami.principal_id
|
principal_id = azurerm_user_assigned_identity.identity_uami.principal_id
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "azurerm_role_assignment" "application_insights_component_contributor_role" {
|
resource "azurerm_role_assignment" "application_insights_component_contributor_role" {
|
||||||
scope = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${var.resource_group_name}"
|
scope = azurerm_resource_group.identity_resource_group.id
|
||||||
role_definition_name = "Application Insights Component Contributor"
|
role_definition_name = "Application Insights Component Contributor"
|
||||||
principal_id = azurerm_user_assigned_identity.identity_uami.principal_id
|
principal_id = azurerm_user_assigned_identity.identity_uami.principal_id
|
||||||
}
|
}
|
||||||
@ -73,7 +73,7 @@ resource "azuread_service_principal" "application_principal" {
|
|||||||
|
|
||||||
# Set identity as base resource group owner
|
# Set identity as base resource group owner
|
||||||
resource "azurerm_role_assignment" "owner_role" {
|
resource "azurerm_role_assignment" "owner_role" {
|
||||||
scope = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${var.resource_group_name}"
|
scope = azurerm_resource_group.identity_resource_group.id
|
||||||
role_definition_name = "Owner"
|
role_definition_name = "Owner"
|
||||||
principal_id = azuread_service_principal.application_principal.object_id
|
principal_id = azuread_service_principal.application_principal.object_id
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user