mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
iam: assign uami role to base resource group (#1247)
* iam: assign uami role to base resource group * fixup: also change app registration
This commit is contained in:
parent
ff31f20488
commit
ce09b9dae5
@ -48,13 +48,13 @@ resource "azurerm_user_assigned_identity" "identity_uami" {
|
|||||||
|
|
||||||
# Assign roles to managed identity
|
# Assign roles to managed identity
|
||||||
resource "azurerm_role_assignment" "virtual_machine_contributor_role" {
|
resource "azurerm_role_assignment" "virtual_machine_contributor_role" {
|
||||||
scope = azurerm_resource_group.identity_resource_group.id
|
scope = azurerm_resource_group.base_resource_group.id
|
||||||
role_definition_name = "Virtual Machine Contributor"
|
role_definition_name = "Virtual Machine Contributor"
|
||||||
principal_id = azurerm_user_assigned_identity.identity_uami.principal_id
|
principal_id = azurerm_user_assigned_identity.identity_uami.principal_id
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "azurerm_role_assignment" "application_insights_component_contributor_role" {
|
resource "azurerm_role_assignment" "application_insights_component_contributor_role" {
|
||||||
scope = azurerm_resource_group.identity_resource_group.id
|
scope = azurerm_resource_group.base_resource_group.id
|
||||||
role_definition_name = "Application Insights Component Contributor"
|
role_definition_name = "Application Insights Component Contributor"
|
||||||
principal_id = azurerm_user_assigned_identity.identity_uami.principal_id
|
principal_id = azurerm_user_assigned_identity.identity_uami.principal_id
|
||||||
}
|
}
|
||||||
@ -73,7 +73,7 @@ resource "azuread_service_principal" "application_principal" {
|
|||||||
|
|
||||||
# Set identity as base resource group owner
|
# Set identity as base resource group owner
|
||||||
resource "azurerm_role_assignment" "owner_role" {
|
resource "azurerm_role_assignment" "owner_role" {
|
||||||
scope = azurerm_resource_group.identity_resource_group.id
|
scope = azurerm_resource_group.base_resource_group.id
|
||||||
role_definition_name = "Owner"
|
role_definition_name = "Owner"
|
||||||
principal_id = azuread_service_principal.application_principal.object_id
|
principal_id = azuread_service_principal.application_principal.object_id
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user