Merge branch 'eg_topic_contributor_role' into 'master'

Adding topic permissions to Event Grid. See merge request !32

Merge branch 'eg_topic_contributor_role' into 'master'
Adding topic permissions to Event Grid. See merge request !32
bfa87233 · Daniel Scholl · fc10e793 · 11d6b0d8 · bfa87233 · bfa87233
Commit bfa87233 authored Nov 10, 2020 by Daniel Scholl
--- a/infra/modules/providers/azure/event-grid/output.tf
+++ b/infra/modules/providers/azure/event-grid/output.tf
@@ -12,6 +12,18 @@
 //  See the License for the specific language governing permissions and
 //  limitations under the License.
+// topics_flattend is used to create the map of Topic Name to Topic Id.
+locals {
+  topics_flattend = flatten([
+    for topic in azurerm_eventgrid_topic.main : [
+      {
+        key   = topic.name
+        value = topic.id
+      }
+    ]
+  ])
+}
 output "name" {
  value       = azurerm_eventgrid_domain.main.name
  description = "The domain name."
@@ -25,4 +37,9 @@ output "id" {
 output "primary_access_key" {
  description = "The primary shared access key associated with the eventgrid Domain."
  value       = azurerm_eventgrid_domain.main.primary_access_key
+}
+output "topics" {
+  description = "The Topic Name to Topic Id map for the given list of topics."
+  value       = { for item in local.topics_flattend : item.key => item.value }
 }
\ No newline at end of file
--- a/infra/templates/osdu-r3-mvp/data_partition/main.tf
+++ b/infra/templates/osdu-r3-mvp/data_partition/main.tf
@@ -280,17 +280,15 @@ module "event_grid" {
  resource_tags = var.resource_tags
 }
-// Add Access Control to Principal
+// Add EventGrid EventSubscription Contributor access to Principal
-resource "azurerm_role_assignment" "eventgrid_access" {
+resource "azurerm_role_assignment" "event_grid_topics_role" {
  count = length(local.rbac_principals)
-  role_definition_name = "Contributor"
+  role_definition_name = "EventGrid EventSubscription Contributor"
  principal_id         = local.rbac_principals[count.index]
-  scope                = module.event_grid.id
+  scope                = lookup(module.event_grid.topics, local.eventgrid_records_topic)
 }
 #-------------------------------
 # Locks
 #-------------------------------

--- a/infra/templates/osdu-r3-mvp/data_partition/output.tf
+++ b/infra/templates/osdu-r3-mvp/data_partition/output.tf
@@ -57,3 +57,8 @@ output "cosmosdb_properties" {
  sensitive   = true
  value       = module.cosmosdb_account.properties
 }
+output "eventgrid_topics" {
+  description = "Properties of the event grid topics."
+  value       = module.event_grid.topics
+}
--- a/infra/templates/osdu-r3-mvp/data_partition/tests/integration/integration_test.go
+++ b/infra/templates/osdu-r3-mvp/data_partition/tests/integration/integration_test.go
@@ -39,7 +39,7 @@ func TestDataEnvironment(t *testing.T) {
 	testFixture := infratests.IntegrationTestFixture{
 		GoTest:                t,
 		TfOptions:             tfOptions,
-		ExpectedTfOutputCount: 7,
+		ExpectedTfOutputCount: 8,
 		TfOutputAssertions: []infratests.TerraformOutputValidation{
 			storageIntegTests.InspectStorageAccount("storage_account", "storage_containers", "data_partition_group_name"),
 			cosmosIntegTests.InspectProvisionedCosmosDBAccount("data_partition_group_name", "cosmosdb_account_name", "cosmosdb_properties"),