From ce09b9dae534ace2818503360900143f036b7847 Mon Sep 17 00:00:00 2001
From: 3u13r <lc@edgeless.systems>
Date: Wed, 22 Feb 2023 09:29:24 +0100
Subject: [PATCH] iam: assign uami role to base resource group (#1247)

* iam: assign uami role to base resource group

* fixup: also change app registration
---
 cli/internal/terraform/terraform/iam/azure/main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cli/internal/terraform/terraform/iam/azure/main.tf b/cli/internal/terraform/terraform/iam/azure/main.tf
index dc2b99b47..b33e05ecf 100644
--- a/cli/internal/terraform/terraform/iam/azure/main.tf
+++ b/cli/internal/terraform/terraform/iam/azure/main.tf
@@ -48,13 +48,13 @@ resource "azurerm_user_assigned_identity" "identity_uami" {
 
 # Assign roles to managed identity
 resource "azurerm_role_assignment" "virtual_machine_contributor_role" {
-  scope                = azurerm_resource_group.identity_resource_group.id
+  scope                = azurerm_resource_group.base_resource_group.id
   role_definition_name = "Virtual Machine Contributor"
   principal_id         = azurerm_user_assigned_identity.identity_uami.principal_id
 }
 
 resource "azurerm_role_assignment" "application_insights_component_contributor_role" {
-  scope                = azurerm_resource_group.identity_resource_group.id
+  scope                = azurerm_resource_group.base_resource_group.id
   role_definition_name = "Application Insights Component Contributor"
   principal_id         = azurerm_user_assigned_identity.identity_uami.principal_id
 }
@@ -73,7 +73,7 @@ resource "azuread_service_principal" "application_principal" {
 
 # Set identity as base resource group owner
 resource "azurerm_role_assignment" "owner_role" {
-  scope                = azurerm_resource_group.identity_resource_group.id
+  scope                = azurerm_resource_group.base_resource_group.id
   role_definition_name = "Owner"
   principal_id         = azuread_service_principal.application_principal.object_id
 }