Infra Changes for Provisioning of bundle server
Infrastructure Submissions:
- [YES/NO] Have you added an explanation of what your changes do and why you'd like us to include them? Yes
- [YES/NO] I have updated the documentation accordingly. No
- [YES/NO/NA] I have added tests to cover my changes. No
- [YES/NO/NA] All new and existing tests passed. Yes
- [YES/NO/NA] I have formatted the terraform code. (
terraform fmt -recursive && go fmt ./...
) Yes
Current Behavior or Linked Issues
Work Item: https://dev.azure.com/OpenEnergyPlatform/Open%20Energy%20Platform/_workitems/edit/240/ The previous MR changes has to be reverted because the role assignment was not correct. This MR contains the changes for central resources and services resource for provisioning of bundle server. Changes are:
- CR: Adding a new API permission for Application
- CR: Creating a service principal for application which will be used in role assignment of storage account
- CR: Output the service principal id which will be used in another MR (as CR changes should be apply first) for role assignment in Service resource
- SR: Addition of a new container where policies will be stored
Does this introduce a breaking change?
Yes. Verified in local but there is slight risk factor
Impact would be less.
MR Guildelines
-
Paste TF Plan for the MR. -
Pre-Merge pipeline should be run before merging. (Azure team) -
Does the module exists for new resource. -
Is there a new variable added in the MR. (Don’t use library variables and use locals)
Other information
Terraform Plan for CR
+ resource "azuread_service_principal" "app_service_principal" {
+ application_id = "c47d7590-b904-4d67-85cc-c5415dc76ed5"
+ display_name = (known after apply)
+ id = (known after apply)
+ object_id = (known after apply)
+ oauth2_permissions {
+ admin_consent_description = (known after apply)
+ admin_consent_display_name = (known after apply)
+ id = (known after apply)
+ is_enabled = (known after apply)
+ type = (known after apply)
+ user_consent_description = (known after apply)
+ user_consent_display_name = (known after apply)
+ value = (known after apply)
}
}
# module.ad_application.azuread_application.main[0] will be updated in-place
~ resource "azuread_application" "main" {
id = "177a585c-e08a-4cec-a6ee-f1831024e8c8"
name = "osdu-mvp-crdev-vq1b-app"
# (14 unchanged attributes hidden)
+ required_resource_access {
+ resource_app_id = "e406a681-f3d4-42a8-90b6-c2b029497af1"
+ resource_access {
+ id = "03e0da56-190b-40ad-a80c-ea378c433f7f"
+ type = "Scope"
}
}
# (1 unchanged block hidden)
}
Changes to Outputs:
+ storage_app_principal_id = (known after apply)
Terraform Plan for SR
+ resource "azurerm_storage_container" "main" {
+ container_access_type = "private"
+ has_immutability_policy = (known after apply)
+ has_legal_hold = (known after apply)
+ id = (known after apply)
+ metadata = (known after apply)
+ name = "policy-bundles"
+ resource_manager_id = (known after apply)
+ storage_account_name = "osdumvpsrdevz98yconfig"
}
Changes to Outputs:
~ storage_containers = {
+ policy-bundles = {
+ id = (known after apply)
+ name = "policy-bundles"
}
# (1 unchanged element hidden)
}
Edited by Aayushi Jain