@@ -205,9 +205,9 @@ resource "azurerm_subnet_route_table_association" "uks" {
205205
206206data "azurerm_client_config" "current" {}
207207
208- data "azuread_service_principal" "pipeline" {
209- application_id = " c3449e53-d66a-4be6-b023-92f5cf0882af"
210- }
208+ # data "azuread_service_principal" "pipeline" {
209+ # application_id = "c3449e53-d66a-4be6-b023-92f5cf0882af"
210+ # }
211211
212212resource "azurerm_key_vault" "kv1" {
213213 depends_on = azurerm_resource_group . uks ]
@@ -263,14 +263,29 @@ resource "azurerm_key_vault" "kv1" {
263263 storage_permissions = " Get"
264264 }
265265
266- # access_policy {
267- # # Access policy for SP
268- # tenant_id = data.azurerm_client_config.current.tenant_id
269- # object_id = data.azuread_service_principal.pipeline.object_id
270- # key_permissions = ["Get", "Create", "List", "Delete", "GetRotationPolicy", "SetRotationPolicy"]
271- # secret_permissions = ["Get", "List"]
272- # storage_permissions = ["Get"]
273- # }
266+ access_policy {
267+ # Access policy for ServiceBus
268+ tenant_id = . azurerm_client_config . current . tenant_id
269+ object_id = . azurerm_servicebus_namespace . cs_servicebus_ns [0 ]. principal_id
270+ key_permissions = " Get" " Create" " List" " Delete" " GetRotationPolicy" " SetRotationPolicy"
271+
272+ secret_permissions =
273+ " Get" " Backup" " Delete" " List" " Purge" " Recover" " Restore" " Set"
274+ ]
275+ storage_permissions = " Get"
276+ }
277+
278+ access_policy {
279+ # Access policy for CosmosDB
280+ tenant_id = . azurerm_client_config . current . tenant_id
281+ object_id = . azurerm_cosmosdb_account . cs_cosmosdb [0 ]. principal_id
282+ key_permissions = " Get" " Create" " List" " Delete" " GetRotationPolicy" " SetRotationPolicy"
283+
284+ secret_permissions =
285+ " Get" " Backup" " Delete" " List" " Purge" " Recover" " Restore" " Set"
286+ ]
287+ storage_permissions = " Get"
288+ }
274289
275290 tags =
276291 Owner = var.owner_tag
@@ -882,7 +897,7 @@ resource "azurerm_linux_function_app" "uks-fa" {
882897 " WEBSITE_RUN_FROM_PACKAGE" = " 1"
883898 # Adding secrets from Key Vault
884899 " appsecret1" = " ${ azurerm_app_configuration_key . ck1 . value } "
885- " appsecret2" = " ${ azurerm_app_configuration_key . ck2 . value } ) "
900+ " appsecret2" = " ${ azurerm_app_configuration_key . ck2 . value } "
886901 }
887902
888903 identity {
@@ -916,6 +931,10 @@ resource "azurerm_servicebus_namespace" "cs_servicebus_ns" {
916931 type = " SystemAssigned"
917932 }
918933}
934+ data "azurerm_servicebus_namespace" "cs_servicebus_ns" {
935+ name = . cs_servicebus_ns . name
936+ resource_group_name = . cs_servicebus_ns . resource_group_name
937+ }
919938
920939resource "azurerm_servicebus_queue" "ingress" {
921940 name = " ingress_queue"
@@ -987,6 +1006,11 @@ resource "azurerm_key_vault_key" "cosmosdb_key" {
9871006 expiration_date = . expiration_date
9881007}
9891008
1009+ data "azurerm_cosmosdb_account" "cs_cosmosdb" {
1010+ name = . cs_cosmosdb . name
1011+ resource_group_name = . cs_cosmosdb . resource_group_name
1012+ }
1013+
9901014/* ******************************************************************************
9911015 CREATE EVENT HUB
9921016*******************************************************************************/
@@ -1178,7 +1202,7 @@ resource "azurerm_role_assignment" "key_vault" {
11781202resource "azurerm_role_assignment" "kv_crypto_officer" {
11791203 scope = . kv1 . id
11801204 role_definition_name = " Key Vault Crypto Officer"
1181- principal_id = var . pipeline_sp_object_id
1205+ principal_id = azurerm_user_assigned_identity . uai-uks . principal_id
11821206}
11831207
11841208resource "azurerm_role_assignment" "nsg" {
0 commit comments