Altinn / altinn-authorization-tmp

Altinn Authorization
MIT License
1 stars 0 forks source link

chore: use each value in kv module for role assignment #23

Closed andreasisnes closed 3 weeks ago

andreasisnes commented 3 weeks ago

Verification

Documentation

github-actions[bot] commented 3 weeks ago

Terraform environment at21

Format and Style 🖌success

Initialization ⚙️success

Validation 🤖success

Validation Output ``` Success! The configuration is valid. ```

Plan 📖success

Show Plan ``` [Lines containing Refreshing state removed] [Maybe further truncated see logs for complete plan output] Acquiring state lock. This may take a few moments... module.key_vault.data.azurerm_client_config.current: Reading... module.app_configuration.data.azurerm_client_config.current: Reading... module.key_vault.data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD03MjQ0YzE3OS1kZTg2LTRjMDYtYTY3YS0xMTQ3N2ExNGNhMzc7b2JqZWN0SWQ9NmVhZWQyM2UtZGY3Zi00NzA4LTljOGUtYTdmMzRkZWVhZGI0O3N1YnNjcmlwdGlvbklkPTQ1MTc3YTBhLWQyN2UtNDkwZi05ZjIzLWI0NzI2ZGU4Y2NjMTt0ZW5hbnRJZD1jZDAwMjZkOC0yODNiLTRhNTUtOWJmYS1kMGVmNGE4YmEyMWM=] module.application_gateway.data.azurerm_key_vault.cert: Reading... module.app_configuration.data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD03MjQ0YzE3OS1kZTg2LTRjMDYtYTY3YS0xMTQ3N2ExNGNhMzc7b2JqZWN0SWQ9NmVhZWQyM2UtZGY3Zi00NzA4LTljOGUtYTdmMzRkZWVhZGI0O3N1YnNjcmlwdGlvbklkPTQ1MTc3YTBhLWQyN2UtNDkwZi05ZjIzLWI0NzI2ZGU4Y2NjMTt0ZW5hbnRJZD1jZDAwMjZkOC0yODNiLTRhNTUtOWJmYS1kMGVmNGE4YmEyMWM=] module.application_gateway.data.azurerm_user_assigned_identity.cert: Reading... module.application_gateway.data.azurerm_key_vault.cert: Read complete after 2s [id=/subscriptions/45177a0a-d27e-490f-9f23-b4726de8ccc1/resourceGroups/rgcert001at21/providers/Microsoft.KeyVault/vaults/kvaltinnauthcert001at21] module.application_gateway.data.azurerm_user_assigned_identity.cert: Read complete after 1s [id=/subscriptions/45177a0a-d27e-490f-9f23-b4726de8ccc1/resourceGroups/rgcert001at21/providers/Microsoft.ManagedIdentity/userAssignedIdentities/micert001at21] module.application_gateway.data.azurerm_key_vault_certificate.cert: Reading... module.application_gateway.data.azurerm_key_vault_certificate.cert: Read complete after 1s [id=https://kvaltinnauthcert001at21.vault.azure.net/certificates/cert/234e40b053ee46d4b512b64b334adc67] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # module.app_configuration.azurerm_app_configuration_key.key["Sentinel"] will be updated in-place ~ resource "azurerm_app_configuration_key" "key" { id = "https://appconfaltinnauth001at21.azconfig.io/kv/Sentinel?label=default" tags = { "environment" = "at21" "instance" = "001" "name" = "auth" "repository" = "github.com/altinn/altinn-authorization" "suffix" = "auth001at21" } ~ value = "2024-09-30T14:30:11Z" -> (known after apply) # (6 unchanged attributes hidden) } # module.key_vault.azurerm_role_assignment.key_vault_administrator["app"] will be created + resource "azurerm_role_assignment" "key_vault_administrator" { + id = (known after apply) + name = (known after apply) + principal_id = "1e93d640-decc-493d-bb8b-1eb715ff1a95" + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = "Key Vault Administrator" + scope = "/subscriptions/45177a0a-d27e-490f-9f23-b4726de8ccc1/resourceGroups/rgauth001at21/providers/Microsoft.KeyVault/vaults/kvaltinnauth001at21" + skip_service_principal_aad_check = (known after apply) } # module.key_vault.azurerm_role_assignment.key_vault_administrator["current"] will be created + resource "azurerm_role_assignment" "key_vault_administrator" { + id = (known after apply) + name = (known after apply) + principal_id = "6eaed23e-df7f-4708-9c8e-a7f34deeadb4" + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = "Key Vault Administrator" + scope = "/subscriptions/45177a0a-d27e-490f-9f23-b4726de8ccc1/resourceGroups/rgauth001at21/providers/Microsoft.KeyVault/vaults/kvaltinnauth001at21" + skip_service_principal_aad_check = (known after apply) } # module.postgres_server.azurerm_postgresql_flexible_server.postgres_server will be updated in-place ~ resource "azurerm_postgresql_flexible_server" "postgres_server" { id = "/subscriptions/45177a0a-d27e-490f-9f23-b4726de8ccc1/resourceGroups/rgauth001at21/providers/Microsoft.DBforPostgreSQL/flexibleServers/psqlsrvaltinnauth001at21" name = "psqlsrvaltinnauth001at21" tags = { "environment" = "at21" "instance" = "001" "name" = "auth" "repository" = "github.com/altinn/altinn-authorization" "suffix" = "auth001at21" } # (14 unchanged attributes hidden) - identity { - identity_ids = [ - "/subscriptions/45177a0a-d27e-490f-9f23-b4726de8ccc1/resourceGroups/rgauth001at21/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mipsqlsrvadminauth001at21", ] -> null - type = "UserAssigned" -> null } # (1 unchanged block hidden) } # module.postgres_server.azurerm_postgresql_flexible_server_active_directory_administrator.admin["miappadminauth001at21"] will be created + resource "azurerm_postgresql_flexible_server_active_directory_administrator" "admin" { + id = (known after apply) + object_id = "1e93d640-decc-493d-bb8b-1eb715ff1a95" + principal_name = "miappadminauth001at21" + principal_type = "ServicePrincipal" + resource_group_name = "rgauth001at21" + server_name = "psqlsrvaltinnauth001at21" + tenant_id = "cd0026d8-283b-4a55-9bfa-d0ef4a8ba21c" } Plan: 3 to add, 2 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: tfplan.out To perform exactly these actions, run the following command to apply: terraform apply "tfplan.out" Releasing state lock. This may take a few moments... ```
Context Values
Pusher @andreasisnes
Action push
Working Directory infra/deploy/auth
State File github.com/altinn/altinn-authorization-tmp/environments/at21/auth.tfstate
Plan File github.com_altinn_altinn-authorization-tmp_environments_at21_auth.tfstate.tfplan