Add EventGrid Datasender role to Status Changed Topic (!866) · Merge requests · OSDU Software / OSDU Data Platform / Deployment and Operations / infra-azure-provisioning · GitLab

saketh somaraju requested to merge az/add-roles-msi into master Jun 23, 2023

All Submissions:

[YES] Have you added an explanation of what your changes do and why you'd like us to include them?
[YES] I have updated the documentation accordingly.
[YES] My code follows the code style of this project.

Current Behavior or Linked Issues

Adding EventGrid Data Sender role for status changed topic in Data Partition resources to the OSDU Identity principal.
When AZURE_MSI_ISENABLED falg is enabled, file service which is using status changed topic could not access it with lack of permissions.

`"error": {

    "code": "Unauthorized",

    "message": "The principal associated with access token presented with the incoming request does not have permission to send data to /subscriptions/7c052588-ead2-45c9-9346-5b156a157bd1/resourceGroups/osdu-mvp-dp1glab-ky7v-rg/providers/Microsoft.EventGrid/topics/osdu-mvp-dp1glab-ky7v-grid-statuschangedtopic.`

After this permission is assigned to the OSDU identity principal, service should connect with eventgrid with no issues, even with AZURE_MSI_ISENABLED falg is enabled.
Tested changes with Data partition pipeline

Does this introduce a breaking change?

[NO]

Edited Jun 25, 2023 by saketh somaraju