Skip to content

GitLab

Closed
Created by Komal Makkar@komakkarDeveloper

Event Grid Topic should have right roles and the Secrets missing

Register Service is the first service that will be using the Event Grid which has been provisioned by the infrastructure and is part of the Data Partition Resource Group. This issue is to track the necessary changes needed in the infrastructure for the Event Grid to be utilized.

Requirement: Service Principal Role Assignment

The register service needs the access to be able to create and delete subscriptions to a topic that has been created. The architecture design of how identity is handled in OSDU is to use Managed Identities with the Pod Identity access control. Managed Identity is not at this time supported for Event Grid so a different approach will be necessary.

These results in a Service Principal requiring the proper Role Assignments and the service leveraging Service Principal Roles to accomplish adding and removing subscriptions to a topic.

Required Role Assignment: EventGrid EventSubscription Contributor.

Requirement: Key Vault Encryption Key

The register service is an R3 service that is coming up now. It entails Event Grid addition to the infrastructure. Register service interacts with Event Grid Topic by creating subscriptions, deleting them, and modifying them. The application code is written to achieve the same.

The creation of roles requires the application service principal to have EventGrid EventSubscription Contributor.

The architecture design of how identity is handled in OSDU is to use Managed Identities with the Pod Identity access control. Managed Identity is not at this time supported for Event Grid so a different approach will be necessary.

These results in a Service Principal requiring the proper Role Assignments and the service leveraging Service Principal Roles to accomplish adding and removing subscriptions to a topic.

locals {
  encryption_key_name              = format("%s-encryption-key", var.data_partition_name)
}

resource "azurerm_key_vault_key" "encryption_key" {
  name         = local.encryption_key_name
  key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
  key_type     = "RSA"
  key_size     = 2048

  key_opts = [
    "decrypt",
    "encrypt"
  ]
}

Requirement 3: Key Valut Secret for capturing EG RG name

The register service is an R3 service which is adding to the capabilities of OSDU. One of the functions of the service is to create, delete modify subscriptions to Event Grid Topic. This is achieved via application code. The same requires the EG resource group name.

creating subscription

Edited by Komal Makkar