Commit 11d6b0d8 authored by Komal Makkar's avatar Komal Makkar Committed by Daniel Scholl
Browse files

Adding topic permissions to Event Grid.

parent fc10e793
...@@ -12,6 +12,18 @@ ...@@ -12,6 +12,18 @@
// See the License for the specific language governing permissions and // See the License for the specific language governing permissions and
// limitations under the License. // limitations under the License.
// topics_flattend is used to create the map of Topic Name to Topic Id.
locals {
topics_flattend = flatten([
for topic in azurerm_eventgrid_topic.main : [
{
key = topic.name
value = topic.id
}
]
])
}
output "name" { output "name" {
value = azurerm_eventgrid_domain.main.name value = azurerm_eventgrid_domain.main.name
description = "The domain name." description = "The domain name."
...@@ -25,4 +37,9 @@ output "id" { ...@@ -25,4 +37,9 @@ output "id" {
output "primary_access_key" { output "primary_access_key" {
description = "The primary shared access key associated with the eventgrid Domain." description = "The primary shared access key associated with the eventgrid Domain."
value = azurerm_eventgrid_domain.main.primary_access_key value = azurerm_eventgrid_domain.main.primary_access_key
}
output "topics" {
description = "The Topic Name to Topic Id map for the given list of topics."
value = { for item in local.topics_flattend : item.key => item.value }
} }
\ No newline at end of file
...@@ -280,17 +280,15 @@ module "event_grid" { ...@@ -280,17 +280,15 @@ module "event_grid" {
resource_tags = var.resource_tags resource_tags = var.resource_tags
} }
// Add Access Control to Principal // Add EventGrid EventSubscription Contributor access to Principal
resource "azurerm_role_assignment" "eventgrid_access" { resource "azurerm_role_assignment" "event_grid_topics_role" {
count = length(local.rbac_principals) count = length(local.rbac_principals)
role_definition_name = "Contributor" role_definition_name = "EventGrid EventSubscription Contributor"
principal_id = local.rbac_principals[count.index] principal_id = local.rbac_principals[count.index]
scope = module.event_grid.id scope = lookup(module.event_grid.topics, local.eventgrid_records_topic)
} }
#------------------------------- #-------------------------------
# Locks # Locks
#------------------------------- #-------------------------------
......
...@@ -57,3 +57,8 @@ output "cosmosdb_properties" { ...@@ -57,3 +57,8 @@ output "cosmosdb_properties" {
sensitive = true sensitive = true
value = module.cosmosdb_account.properties value = module.cosmosdb_account.properties
} }
output "eventgrid_topics" {
description = "Properties of the event grid topics."
value = module.event_grid.topics
}
...@@ -39,7 +39,7 @@ func TestDataEnvironment(t *testing.T) { ...@@ -39,7 +39,7 @@ func TestDataEnvironment(t *testing.T) {
testFixture := infratests.IntegrationTestFixture{ testFixture := infratests.IntegrationTestFixture{
GoTest: t, GoTest: t,
TfOptions: tfOptions, TfOptions: tfOptions,
ExpectedTfOutputCount: 7, ExpectedTfOutputCount: 8,
TfOutputAssertions: []infratests.TerraformOutputValidation{ TfOutputAssertions: []infratests.TerraformOutputValidation{
storageIntegTests.InspectStorageAccount("storage_account", "storage_containers", "data_partition_group_name"), storageIntegTests.InspectStorageAccount("storage_account", "storage_containers", "data_partition_group_name"),
cosmosIntegTests.InspectProvisionedCosmosDBAccount("data_partition_group_name", "cosmosdb_account_name", "cosmosdb_properties"), cosmosIntegTests.InspectProvisionedCosmosDBAccount("data_partition_group_name", "cosmosdb_account_name", "cosmosdb_properties"),
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment