From 99510b15c800fab8bb53771fab9de838ae577f38 Mon Sep 17 00:00:00 2001 From: Jacopo Date: Tue, 12 Sep 2023 16:39:49 +0200 Subject: [PATCH] [PAGOPA-1176] login --- .github/workflows/release_deploy.yml | 4 +++- .identity/00_data.tf | 6 +++++- .identity/02_application_action.tf | 6 ++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml index e1fe6f2..3f66f8a 100644 --- a/.github/workflows/release_deploy.yml +++ b/.github/workflows/release_deploy.yml @@ -132,7 +132,9 @@ jobs: - name: 'Login via Azure CLI' uses: azure/login@v1 with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + client-id: ${{ secrets.CLIENT_ID }} + tenant-id: ${{ secrets.TENANT_ID }} + subscription-id: ${{ secrets.SUBSCRIPTION_ID }} - name: 'Run Azure Functions Container Action' uses: Azure/functions-container-action@v1.2.1 diff --git a/.identity/00_data.tf b/.identity/00_data.tf index 06c0ac9..4079dde 100644 --- a/.identity/00_data.tf +++ b/.identity/00_data.tf @@ -12,6 +12,10 @@ data "github_organization_teams" "all" { summary_only = true } +data "azurerm_resource_group" "gpd_rg" { + name = "pagopa-${var.env_short}-weu-gps-gpd-rg" +} + data "azurerm_key_vault" "key_vault" { name = "pagopa-${var.env_short}-kv" resource_group_name = "pagopa-${var.env_short}-sec-rg" @@ -45,4 +49,4 @@ data "azurerm_key_vault_secret" "key_vault_integration_test_subkey" { data "azurerm_key_vault_secret" "flow_sa_connection_string" { name = "flows-sa-${var.env_short}-connection-string" key_vault_id = data.azurerm_key_vault.domain_key_vault.id -} \ No newline at end of file +} diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf index 9926884..26bd8ff 100644 --- a/.identity/02_application_action.tf +++ b/.identity/02_application_action.tf @@ -47,6 +47,12 @@ resource "azurerm_role_assignment" "environment_terraform_resource_group_dashboa principal_id = module.github_runner_app.object_id } +resource "azurerm_role_assignment" "environment_function" { + scope = data.azurerm_resource_group.gpd_rg.id + role_definition_name = "Contributor" + principal_id = module.github_runner_app.object_id +} + resource "azurerm_role_assignment" "environment_key_vault" { scope = data.azurerm_key_vault.key_vault.id role_definition_name = "Reader"