Skip to content

Fix bundle server changes

Aayushi Jain requested to merge fix-BundleServerChanges into master

All Submissions:

  • [YES/NO] Have you added an explanation of what your changes do and why you'd like us to include them?
  • [YES/NO] I have updated the documentation accordingly.
  • [YES/NO/NA] My code follows the code style of this project. Yes

Current Behavior or Linked Issues

Work Item : https://dev.azure.com/OpenEnergyPlatform/Open%20Energy%20Platform/_workitems/edit/240/ The changes are for provisioning the bundle server which OPA will use to evaluate the policies. The MR contains changes to use the common resource service principal which is part of pre-requisite create infra for role assignments. The aad application principal which creates as part of infra apply or come as byoa is removed for role assignment. A new api permission is provided to application.

Does this introduce a breaking change?

Yes

Minor Impact

Other information

SR Principal terraform plan

      # azurerm_role_assignment.storage_blob_contributor[0] must be replaced
-/+ resource "azurerm_role_assignment" "storage_blob_contributor" {
      ~ id                               = "/subscriptions/7c052588-ead2-45c9-9346-5b156a157bd1/resourceGroups/osdu-mvp-srdev-z98y-rg/providers/Microsoft.Storage/storageAccounts/osdumvpsrdevz98ydata/providers/Microsoft.Authorization/roleAssignments/46768bb7-2dec-7a78-4e7c-c9f683e51364" -> (known after apply)
      ~ name                             = "46768bb7-2dec-7a78-4e7c-c9f683e51364" -> (known after apply)
      ~ principal_id                     = "ce6676e9-75a8-439b-b438-6973919be2b3" -> "7559d102-c270-4b9e-907c-da34e6134243" # forces replacement
      ~ principal_type                   = "ServicePrincipal" -> (known after apply)
      ~ role_definition_id               = "/subscriptions/7c052588-ead2-45c9-9346-5b156a157bd1/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe" -> (known after apply)
      ~ scope                            = "/subscriptions/7c052588-ead2-45c9-9346-5b156a157bd1/resourceGroups/osdu-mvp-srdev-z98y-rg/providers/Microsoft.Storage/storageAccounts/osdumvpsrdevz98ydata" -> "/subscriptions/7c052588-ead2-45c9-9346-5b156a157bd1/resourceGroups/osdu-mvp-srdev-z98y-rg/providers/Microsoft.Storage/storageAccounts/osdumvpsrdevz98yconfig" # forces replacement
      + skip_service_principal_aad_check = (known after apply)
        # (1 unchanged attribute hidden)
    }

  # azurerm_role_assignment.storage_blob_contributor[1] will be created
  + resource "azurerm_role_assignment" "storage_blob_contributor" {
      + id                               = (known after apply)
      + name                             = (known after apply)
      + principal_id                     = "e5f4c7bd-9982-4f9e-abfe-0636b33bbf8f"
      + principal_type                   = (known after apply)
      + role_definition_id               = (known after apply)
      + role_definition_name             = "Storage Blob Data Contributor"
      + scope                            = "/subscriptions/7c052588-ead2-45c9-9346-5b156a157bd1/resourceGroups/osdu-mvp-srdev-z98y-rg/providers/Microsoft.Storage/storageAccounts/osdumvpsrdevz98yconfig"
      + skip_service_principal_aad_check = (known after apply)
    }

Common Resource Terraform Plan

  ~ resource "azuread_application" "main" {
        id                         = "177a585c-e08a-4cec-a6ee-f1831024e8c8"
        name                       = "osdu-mvp-crdev-vq1b-app"
        # (14 unchanged attributes hidden)

      - required_resource_access {
          - resource_app_id = "e406a681-f3d4-42a8-90b6-c2b029497af1" -> null

          - resource_access {
              - id   = "03e0da56-190b-40ad-a80c-ea378c433f7f" -> null
              - type = "Scope" -> null
            }
        }
        # (1 unchanged block hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

Changes to Outputs:
  - storage_app_principal_id = "ce6676e9-75a8-439b-b438-6973919be2b3" -> null
Edited by Aayushi Jain

Merge request reports