Commit d9d93f1f authored by Aman Verma's avatar Aman Verma
Browse files

mergin with latest master

parents 6566cd3e bcf2513a
Pipeline #67064 passed with stages
in 49 seconds
......@@ -66,6 +66,7 @@ resource "kubernetes_config_map" "appgw_configmap" {
ENV_SR_GROUP_NAME = azurerm_resource_group.main.name
ENV_KEYVAULT_NAME = data.terraform_remote_state.central_resources.outputs.keyvault_name
ENV_CLUSTER_NAME = module.aks.name
ENV_APPGW_NAME = module.istio_appgateway[count.index].name
}
depends_on = [kubernetes_namespace.osdu]
depends_on = [kubernetes_namespace.osdu, module.istio_appgateway]
}
......@@ -441,6 +441,39 @@ data "azurerm_resource_group" "aks_node_resource_group" {
name = module.aks.node_resource_group
}
// Give AD Principal Access rights to Change the Istio Application Gateway
resource "azurerm_role_assignment" "agic_istio_appgw_contributor" {
count = var.feature_flag.autoscaling ? 1 : 0
principal_id = data.terraform_remote_state.central_resources.outputs.osdu_service_principal_id
scope = module.istio_appgateway[count.index].id
role_definition_name = "Contributor"
depends_on = [module.istio_appgateway]
}
// Give AD Principal Access rights to Operate the Istio Application Gateway Identity
resource "azurerm_role_assignment" "agic_istio_app_gw_contributor_for_adsp" {
count = var.feature_flag.autoscaling ? 1 : 0
principal_id = data.terraform_remote_state.central_resources.outputs.osdu_service_principal_id
scope = module.istio_appgateway[count.index].managed_identity_resource_id
role_definition_name = "Managed Identity Operator"
depends_on = [module.istio_appgateway]
}
// Give AD Principal the rights to look at the Resource Group
resource "azurerm_role_assignment" "agic_istio_resourcegroup_reader" {
count = var.feature_flag.autoscaling ? 1 : 0
principal_id = data.terraform_remote_state.central_resources.outputs.osdu_service_principal_id
scope = azurerm_resource_group.main.id
role_definition_name = "Reader"
depends_on = [module.istio_appgateway]
}
// Give AKS Access rights to Operate the Node Resource Group
resource "azurerm_role_assignment" "all_mi_operator" {
principal_id = module.aks.kubelet_object_id
......
......@@ -36,8 +36,8 @@ var tfOptions = &terraform.Options{
}
var istioEnabled = os.Getenv("AUTOSCALING_ENABLED")
var istioResourses = 11
var totalResources = 138
var istioResourses = 14
var totalResources = 141
func TestTemplate(t *testing.T) {
expectedAppDevResourceGroup := asMap(t, `{
......
......@@ -18,6 +18,10 @@ Login to Azure CLI using the OSDU Environment Service Principal.
```bash
# This logs your local Azure CLI in using the configured service principal.
ARM_CLIENT_ID="<arm client id>"
ARM_CLIENT_SECRET="<arm client secret>"
ARM_TENANT_ID="<tenant id>"
az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
```
......@@ -26,6 +30,7 @@ __Upload Storage Blob Test Data__
This [file](../tools/test_data/Legal_COO.json) needs to be loaded into the Data Partition Storage Account in the container `legal-service-azure-configuration`.
```bash
UNIQUE="<your_osdu_unique>"
GROUP=$(az group list --query "[?contains(name, 'cr${UNIQUE}')].name" -otsv)
ENV_VAULT=$(az keyvault list --resource-group $GROUP --query [].name -otsv)
PARTITION_NAME=opendes
......@@ -65,6 +70,7 @@ These files need to be uploaded into the proper Cosmos Collections with the requ
```bash
# Retrieve Values from Common Key Vault
COMMON_VAULT="<common keyvault created in common prepare phase>"
export NO_DATA_ACCESS_TESTER=$(az keyvault secret show --id https://$COMMON_VAULT.vault.azure.net/secrets/osdu-mvp-${UNIQUE}-noaccess-clientid --query value -otsv)
# Retrieve Values from Environment Key Vault
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment