Skip to content

Commit

Permalink
Add keyvault access to resource lock SP (#1069)
Browse files Browse the repository at this point in the history 
* try to add kv-policy

* change id to appid

* changed AR to SP

* remove comment

* use sp ID

* add commentout functions

---------

Co-authored-by: Richard Hagen <[email protected]>
  • Loading branch information
@sondresjolyst @Richard87
sondresjolyst and Richard87 authored Oct 23, 2023
1 parent 66b1901 commit e37eb39
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions scripts/service-principals-and-aad-apps/bootstrap.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,8 @@ if [[ "$RADIX_ENVIRONMENT" == "dev" ]]; then
create_oidc_and_federated_credentials "$APP_REGISTRATION_GITHUB_MAINTENANCE" "${AZ_SUBSCRIPTION_ID}" "radix-platform" "operations"
create_oidc_and_federated_credentials "$APP_REGISTRATION_RESOURCE_LOCK_OPERATOR" "${AZ_SUBSCRIPTION_ID}" "radix-platform" "lock-operations-dev"
assign_role "$APP_REGISTRATION_RESOURCE_LOCK_OPERATOR" "Omnia Authorization Locks Operator" "/subscriptions/${AZ_SUBSCRIPTION_ID}/resourceGroups/${AZ_RESOURCE_GROUP_CLUSTERS}"
assign_role "$APP_REGISTRATION_RESOURCE_LOCK_OPERATOR" "Reader" "/subscriptions/${AZ_SUBSCRIPTION_ID}/resourceGroups/${AZ_RESOURCE_GROUP_COMMON}/providers/Microsoft.KeyVault/vaults/${AZ_RESOURCE_KEYVAULT}"
set-kv-policy "$(az ad sp list --filter "displayname eq '$APP_REGISTRATION_RESOURCE_LOCK_OPERATOR'" | jq -r .[].id)" "get"
create_github_maintenance_mi
fi

Expand Down

0 comments on commit e37eb39

Please sign in to comment.