From 707e0f0c8011acd89b15c381821d45ac6906493b Mon Sep 17 00:00:00 2001 From: "Jenkins Infra Bot (updatecli)" <60776566+jenkins-infra-bot@users.noreply.github.com> Date: Fri, 27 Sep 2024 21:29:48 +0000 Subject: [PATCH 1/4] chore: Update Terraform lock file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .terraform.lock.hcl | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index a7b6ad35..a1fa0bce 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -26,24 +26,24 @@ provider "registry.terraform.io/cyrilgdn/postgresql" { } provider "registry.terraform.io/hashicorp/azuread" { - version = "2.53.1" + version = "3.0.1" hashes = [ - "h1:0z/718jtR2TJHQQMMqi4nvd6XFPV/iA1jb/5fyAcn5o=", - "h1:2rk36pu4YyhBVz/Mf4swYCQxaB31iPaXOiWNlqZMXbM=", - "h1:EZNO8sEtUABuRxujQrDrW1z1QsG0dq6iLbzWtnG7Om4=", - "h1:GS/WN8VS6Wp9hvs46lgDsR4ERV8o3Sr+zatF/z2XohU=", - "zh:162916b037e5133f49298b0ffa3e7dcef7d76530a8ca738e7293373980f73c68", + "h1:PgLVIoF07OA8ygDHQFzzmA54U33VVCQvSpO/Q7ZVvU0=", + "h1:YG/whP+QO8zeq5ulBW86qT0MzhZKaaAMg4fTLVf7DdY=", + "h1:lAVL2Wfe+g1jyL8mpeS0iCcBo8dqEdMn+cvpaxrvuYw=", + "h1:m4wMAbvXC3VGsqhRPpWVRbFMXlJT6fjNrFs95ikMzec=", + "zh:183d1e84298feb673fe7059d9941baee1c82b619f6757742bcc5b789f90dc6cf", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:492931cea4f30887ab5bca36a8556dfcb897288eddd44619c0217fc5da2d57e7", - "zh:4c895e450e18335ad8714cc6d3488fc1a78816ad2851a91b06cb2ef775dd7c66", - "zh:60d92fdaf7235574201f2d8f68f733ee00a822993b3fc95e6952e09e6ec76999", - "zh:67a169119efa41c1fb867ef1a8e79bf03472a2324384c36eb55370c817dcce42", - "zh:9dd4d5ed9233cf9329262200bc5a1aa60942b80dbc611e2ef4b09f47531b39b1", - "zh:a3c160e35b9e40fc1497b83c2f37a8e24565b05a1783c7733609f3695735c2a9", - "zh:a4a221da42b1f46e7c436c7145e5beaadfd9d03f3be6fd526d132c03f18a5979", - "zh:af0d3476a9702d2287e168e3baa670e64daab9c9b01c01e17025a5248f3e28e9", - "zh:e3579bff7894f3d36066b74ec324be6d28f56a42a387a2b8a0eabf33cbff86df", - "zh:f1749ee8ad972ae6424665aa9d2c0ece8c40c51d41ec2f38b863148cb437e865", + "zh:43c175d8fe55e2abaa4e6b715dccbef38028f0d99e10c478bde1f2e45b9c2751", + "zh:7164ddefa58fd95886beed0ebdedf7923fd6f6336a7ac64982ae342d3eba85a3", + "zh:82b74de05a260632dfe3818c79dacab2c7a31164cd31ae483cd0c1eeb5fa5c3d", + "zh:b306b796363ac9aa05da0ecbc59f684ba35aeaf7e8cb01181cce43cb4f383dc3", + "zh:b505ae5c04589cf156e7748587dff8262f0501bde050bd5250866b58bb60bc1f", + "zh:db3c617b24290386a01df989e173eb192b3edfb8fbce29f158ed4d0bb7840b78", + "zh:e6ebf29881b525a83c34dd74e6a58e595421888ed159ecfe452ea0d40fddd953", + "zh:e74b83a285a7973c1a0bd8b7aa5f5bf9fc6da4b2aef5b64b62cdfdf582b86a79", + "zh:e9f83cbf27fe16d9ecd82ec8fae7676985922db939d2a90b6c7e042d4be9a5e4", + "zh:f642ba7f8df413d5d0ce7229fae9cbb72dd8421282f2cb3168da537c2393e19e", ] } From 6695a2653d370d0a7680091df2da70c54f51db45 Mon Sep 17 00:00:00 2001 From: Damien Duportal Date: Sun, 29 Sep 2024 13:40:34 +0200 Subject: [PATCH 2/4] chore(terraform) fix deprecation with provider 3.x Signed-off-by: Damien Duportal --- .shared-tools | 2 +- cert.ci.jenkins.io.tf | 2 +- ci.jenkins.io.tf | 2 +- infra.ci.jenkins.io.tf | 12 ++++++------ packer-resources.tf | 4 ++-- publick8s.tf | 2 +- test.ci.jenkins.io.tf | 4 ++-- trusted.ci.jenkins.io.tf | 10 +++++----- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.shared-tools b/.shared-tools index 84dffd0b..66546b9f 160000 --- a/.shared-tools +++ b/.shared-tools @@ -1 +1 @@ -Subproject commit 84dffd0bb745cec165ea65ed7612b427f19f7316 +Subproject commit 66546b9f40fb06587df23222b498943808b66ddb diff --git a/cert.ci.jenkins.io.tf b/cert.ci.jenkins.io.tf index 057eac19..cf1f2636 100644 --- a/cert.ci.jenkins.io.tf +++ b/cert.ci.jenkins.io.tf @@ -25,7 +25,7 @@ module "cert_ci_jenkins_io" { } controller_service_principal_ids = [ - data.azuread_service_principal.terraform_production.id, + data.azuread_service_principal.terraform_production.object_id, ] controller_service_principal_end_date = "2024-11-06T00:00:00Z" controller_packer_rg_ids = [ diff --git a/ci.jenkins.io.tf b/ci.jenkins.io.tf index 111412b0..59983761 100644 --- a/ci.jenkins.io.tf +++ b/ci.jenkins.io.tf @@ -29,7 +29,7 @@ module "ci_jenkins_io_sponsorship" { privatevpn_subnet = data.azurerm_subnet.private_vnet_data_tier.address_prefixes } controller_service_principal_ids = [ - data.azuread_service_principal.terraform_production.id, + data.azuread_service_principal.terraform_production.object_id, ] controller_service_principal_end_date = "2025-01-13T00:00:00Z" controller_packer_rg_ids = [ diff --git a/infra.ci.jenkins.io.tf b/infra.ci.jenkins.io.tf index d56ed782..f734b990 100644 --- a/infra.ci.jenkins.io.tf +++ b/infra.ci.jenkins.io.tf @@ -19,7 +19,7 @@ resource "azurerm_storage_account" "infra_ci_jenkins_io_agents" { resource "azuread_application" "infra_ci_jenkins_io" { display_name = "infra.ci.jenkins.io" owners = [ - data.azuread_service_principal.terraform_production.id, + data.azuread_service_principal.terraform_production.object_id, ] tags = [for key, value in local.default_tags : "${key}:${value}"] required_resource_access { @@ -38,7 +38,7 @@ resource "azuread_service_principal" "infra_ci_jenkins_io" { client_id = azuread_application.infra_ci_jenkins_io.client_id app_role_assignment_required = false owners = [ - data.azuread_service_principal.terraform_production.id, + data.azuread_service_principal.terraform_production.object_id, ] } resource "azuread_application_password" "infra_ci_jenkins_io" { @@ -73,7 +73,7 @@ module "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "infra-ci-jenkins-io-fileshare_serviceprincipal_writer" - active_directory_owners = [data.azuread_service_principal.terraform_production.id] + active_directory_owners = [data.azuread_service_principal.terraform_production.object_id] active_directory_url = "https://github.com/jenkins-infra/azure" service_principal_end_date = local.end_dates.infra_ci_jenkins_io.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.end_date file_share_resource_manager_id = azurerm_storage_share.contributors_jenkins_io.resource_manager_id @@ -93,7 +93,7 @@ module "infraci_docsjenkinsio_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "infra-ci-jenkins-io-fileshare_serviceprincipal_writer" - active_directory_owners = [data.azuread_service_principal.terraform_production.id] + active_directory_owners = [data.azuread_service_principal.terraform_production.object_id] active_directory_url = "https://github.com/jenkins-infra/azure" service_principal_end_date = local.end_dates.infra_ci_jenkins_io.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.end_date file_share_resource_manager_id = azurerm_storage_share.docs_jenkins_io.resource_manager_id @@ -113,7 +113,7 @@ module "infraci_statsjenkinsio_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "infra-ci-jenkins-io-fileshare_serviceprincipal_writer" - active_directory_owners = [data.azuread_service_principal.terraform_production.id] + active_directory_owners = [data.azuread_service_principal.terraform_production.object_id] active_directory_url = "https://github.com/jenkins-infra/azure" service_principal_end_date = local.end_dates.infra_ci_jenkins_io.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.end_date file_share_resource_manager_id = azurerm_storage_share.stats_jenkins_io.resource_manager_id @@ -233,7 +233,7 @@ module "infraci_pluginsjenkinsio_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "infraci-pluginsjenkinsio-fileshare_serviceprincipal_writer" - active_directory_owners = [data.azuread_service_principal.terraform_production.id] + active_directory_owners = [data.azuread_service_principal.terraform_production.object_id] active_directory_url = "https://github.com/jenkins-infra/azure" service_principal_end_date = local.end_dates.infra_ci_jenkins_io.infraci_pluginsjenkinsio_fileshare_serviceprincipal_writer.end_date file_share_resource_manager_id = azurerm_storage_share.plugins_jenkins_io.resource_manager_id diff --git a/packer-resources.tf b/packer-resources.tf index 1a3a3684..5671dec2 100644 --- a/packer-resources.tf +++ b/packer-resources.tf @@ -3,7 +3,7 @@ resource "azuread_application" "packer" { display_name = "packer" owners = [ - data.azuread_service_principal.terraform_production.id, # terraform-production Service Principal, used by the CI system + data.azuread_service_principal.terraform_production.object_id, # terraform-production Service Principal, used by the CI system ] tags = [for key, value in local.default_tags : "${key}:${value}"] required_resource_access { @@ -24,7 +24,7 @@ resource "azuread_service_principal" "packer" { client_id = azuread_application.packer.client_id app_role_assignment_required = false owners = [ - data.azuread_service_principal.terraform_production.id, # terraform-production Service Principal, used by the CI system + data.azuread_service_principal.terraform_production.object_id, # terraform-production Service Principal, used by the CI system ] } diff --git a/publick8s.tf b/publick8s.tf index 7df40a10..31fac3d5 100644 --- a/publick8s.tf +++ b/publick8s.tf @@ -357,7 +357,7 @@ module "cronjob_geoip_data_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "${azurerm_resource_group.publick8s.name}-fileshare_serviceprincipal_writer-redirects" - active_directory_owners = [data.azuread_service_principal.terraform_production.id] + active_directory_owners = [data.azuread_service_principal.terraform_production.object_id] active_directory_url = "https://github.com/jenkins-infra/azure" service_principal_end_date = "2024-12-23T00:00:00Z" file_share_resource_manager_id = azurerm_storage_share.geoip_data.resource_manager_id diff --git a/test.ci.jenkins.io.tf b/test.ci.jenkins.io.tf index 0cab16cc..d3230967 100644 --- a/test.ci.jenkins.io.tf +++ b/test.ci.jenkins.io.tf @@ -31,7 +31,7 @@ data "azurerm_subnet" "test_azurevm_agents_agents_sponsorship" { #################################################################################### resource "azuread_application" "test_azurevm_agents_sponsorship" { display_name = "test.jay.onboarding" - owners = [data.azuread_service_principal.terraform_production.id] + owners = [data.azuread_service_principal.terraform_production.object_id] tags = [for key, value in local.default_tags : "${key}:${value}"] required_resource_access { resource_app_id = "00000003-0000-0000-c000-000000000000" # Microsoft Graph @@ -48,7 +48,7 @@ resource "azuread_application" "test_azurevm_agents_sponsorship" { resource "azuread_service_principal" "test_azurevm_agents_sponsorship" { client_id = azuread_application.test_azurevm_agents_sponsorship.client_id app_role_assignment_required = false - owners = [data.azuread_service_principal.terraform_production.id] + owners = [data.azuread_service_principal.terraform_production.object_id] } resource "azuread_application_password" "test_azurevm_agents_sponsorship" { application_id = azuread_application.test_azurevm_agents_sponsorship.id diff --git a/trusted.ci.jenkins.io.tf b/trusted.ci.jenkins.io.tf index 70bc919b..0f2ee4d9 100644 --- a/trusted.ci.jenkins.io.tf +++ b/trusted.ci.jenkins.io.tf @@ -41,7 +41,7 @@ module "trusted_ci_jenkins_io" { } controller_service_principal_ids = [ - data.azuread_service_principal.terraform_production.id, + data.azuread_service_principal.terraform_production.object_id, ] controller_service_principal_end_date = "2024-11-20T00:00:00Z" controller_packer_rg_ids = [ @@ -78,7 +78,7 @@ module "trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "${module.trusted_ci_jenkins_io.service_fqdn}-fileshare_serviceprincipal_writer" - active_directory_owners = [data.azuread_service_principal.terraform_production.id] + active_directory_owners = [data.azuread_service_principal.terraform_production.object_id] active_directory_url = "https://github.com/jenkins-infra/azure" service_principal_end_date = "2024-12-18T00:00:00Z" file_share_resource_manager_id = azurerm_storage_share.updates_jenkins_io_content.resource_manager_id @@ -90,7 +90,7 @@ module "trustedci_updatesjenkinsio_redirects_fileshare_serviceprincipal_writer" source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "${module.trusted_ci_jenkins_io.service_fqdn}-fileshare_serviceprincipal_writer-redirects" - active_directory_owners = [data.azuread_service_principal.terraform_production.id] + active_directory_owners = [data.azuread_service_principal.terraform_production.object_id] active_directory_url = "https://github.com/jenkins-infra/azure" service_principal_end_date = "2024-12-18T00:00:00Z" file_share_resource_manager_id = azurerm_storage_share.updates_jenkins_io_redirects.resource_manager_id @@ -103,7 +103,7 @@ module "trustedci_jenkinsio_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "trustedci-jenkinsio-fileshare_serviceprincipal_writer" - active_directory_owners = [data.azuread_service_principal.terraform_production.id] + active_directory_owners = [data.azuread_service_principal.terraform_production.object_id] active_directory_url = "https://github.com/jenkins-infra/azure" service_principal_end_date = "2025-01-12T00:00:00Z" file_share_resource_manager_id = azurerm_storage_share.jenkins_io.resource_manager_id @@ -116,7 +116,7 @@ module "trustedci_javadocjenkinsio_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "trustedci-javadocjenkinsio-fileshare_serviceprincipal_writer" - active_directory_owners = [data.azuread_service_principal.terraform_production.id] + active_directory_owners = [data.azuread_service_principal.terraform_production.object_id] active_directory_url = "https://github.com/jenkins-infra/azure" service_principal_end_date = "2025-01-12T00:00:00Z" file_share_resource_manager_id = azurerm_storage_share.javadoc_jenkins_io.resource_manager_id From adfcaba4edb3bc4491e42e5f809cb9378efaad4b Mon Sep 17 00:00:00 2001 From: Damien Duportal Date: Mon, 30 Sep 2024 08:47:59 +0200 Subject: [PATCH 3/4] fixup Signed-off-by: Damien Duportal --- .shared-tools | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.shared-tools b/.shared-tools index 66546b9f..6d7c1339 160000 --- a/.shared-tools +++ b/.shared-tools @@ -1 +1 @@ -Subproject commit 66546b9f40fb06587df23222b498943808b66ddb +Subproject commit 6d7c1339837a2b665d33b93e33f1d059ee21160d From 82f22bc402df9f2ff8dbd5a487c74124b21e4d14 Mon Sep 17 00:00:00 2001 From: Damien Duportal Date: Wed, 16 Oct 2024 18:22:55 +0200 Subject: [PATCH 4/4] chore: update attributes for azuread provider 3.x Signed-off-by: Damien Duportal --- .shared-tools | 2 +- infra.ci.jenkins.io.tf | 22 +++++++++++++--------- packer-resources.tf | 6 +++--- test.ci.jenkins.io.tf | 6 +++--- trusted.ci.jenkins.io.tf | 4 +++- 5 files changed, 23 insertions(+), 17 deletions(-) diff --git a/.shared-tools b/.shared-tools index 6d7c1339..c900744e 160000 --- a/.shared-tools +++ b/.shared-tools @@ -1 +1 @@ -Subproject commit 6d7c1339837a2b665d33b93e33f1d059ee21160d +Subproject commit c900744eedf563e8e7951a264667e69e138af687 diff --git a/infra.ci.jenkins.io.tf b/infra.ci.jenkins.io.tf index f734b990..bfbe89a6 100644 --- a/infra.ci.jenkins.io.tf +++ b/infra.ci.jenkins.io.tf @@ -50,22 +50,22 @@ resource "azuread_application_password" "infra_ci_jenkins_io" { resource "azurerm_role_assignment" "infra_ci_jenkins_io_allow_azurerm" { scope = azurerm_resource_group.infra_ci_jenkins_io_agents.id role_definition_name = "Contributor" - principal_id = azuread_service_principal.infra_ci_jenkins_io.id + principal_id = azuread_service_principal.infra_ci_jenkins_io.object_id } resource "azurerm_role_assignment" "infra_ci_jenkins_io_allow_packer" { scope = azurerm_resource_group.packer_images["prod"].id role_definition_name = "Reader" - principal_id = azuread_service_principal.infra_ci_jenkins_io.id + principal_id = azuread_service_principal.infra_ci_jenkins_io.object_id } resource "azurerm_role_assignment" "infra_ci_jenkins_io_privatek8s_subnet_role" { scope = data.azurerm_subnet.privatek8s_tier.id role_definition_name = "Virtual Machine Contributor" - principal_id = azuread_service_principal.infra_ci_jenkins_io.id + principal_id = azuread_service_principal.infra_ci_jenkins_io.object_id } resource "azurerm_role_assignment" "infra_ci_jenkins_io_privatek8s_subnet_private_vnet_reader" { scope = data.azurerm_virtual_network.private.id role_definition_id = azurerm_role_definition.private_vnet_reader.role_definition_resource_id - principal_id = azuread_service_principal.infra_ci_jenkins_io.id + principal_id = azuread_service_principal.infra_ci_jenkins_io.object_id } # Required to allow azcopy sync of contributors.jenkins.io File Share @@ -158,7 +158,7 @@ resource "azurerm_role_assignment" "infra_controller_vnet_reader" { provider = azurerm.jenkins-sponsorship scope = data.azurerm_virtual_network.infra_ci_jenkins_io_sponsorship.id role_definition_id = azurerm_role_definition.infra_ci_jenkins_io_controller_vnet_sponsorship_reader.role_definition_resource_id - principal_id = azuread_service_principal.infra_ci_jenkins_io.id + principal_id = azuread_service_principal.infra_ci_jenkins_io.object_id } module "infra_ci_jenkins_io_azurevm_agents_jenkins_sponsorship" { providers = { @@ -173,7 +173,7 @@ module "infra_ci_jenkins_io_azurevm_agents_jenkins_sponsorship" { ephemeral_agents_subnet_name = data.azurerm_subnet.infra_ci_jenkins_io_sponsorship_ephemeral_agents.name controller_rg_name = azurerm_resource_group.infra_ci_jenkins_io_controller_jenkins_sponsorship.name controller_ips = data.azurerm_subnet.privatek8s_infra_ci_controller_tier.address_prefixes # Pod IPs: controller IP may change in the pods IP subnet - controller_service_principal_id = azuread_service_principal.infra_ci_jenkins_io.id + controller_service_principal_id = azuread_service_principal.infra_ci_jenkins_io.object_id default_tags = local.default_tags storage_account_name = "infraciagentssub" # Max 24 chars @@ -366,7 +366,9 @@ resource "azurerm_resource_group" "updatecli_infra_ci_jenkins_io" { resource "azuread_application" "updatecli_infra_ci_jenkins_io" { display_name = "updatecli_infra.ci.jenkins.io" owners = [ - data.azuread_service_principal.terraform_production.id, + # Commenting out to migrate to new AzureAD provider + # data.azuread_service_principal.terraform_production.id, + "b847a030-25e1-4791-ad04-9e8484d87bce", ] tags = [for key, value in local.default_tags : "${key}:${value}"] required_resource_access { @@ -385,7 +387,9 @@ resource "azuread_service_principal" "updatecli_infra_ci_jenkins_io" { client_id = azuread_application.updatecli_infra_ci_jenkins_io.client_id app_role_assignment_required = false owners = [ - data.azuread_service_principal.terraform_production.id, + # Commenting out to migrate to new AzureAD provider + # data.azuread_service_principal.terraform_production.id, + "b847a030-25e1-4791-ad04-9e8484d87bce", ] } resource "azuread_application_password" "updatecli_infra_ci_jenkins_io" { @@ -406,5 +410,5 @@ resource "azurerm_role_definition" "vm_images_reader" { resource "azurerm_role_assignment" "updatecli_infra_ci_jenkins_io_allow_images_list" { scope = azurerm_resource_group.updatecli_infra_ci_jenkins_io.id role_definition_id = azurerm_role_definition.vm_images_reader.role_definition_resource_id - principal_id = azuread_service_principal.updatecli_infra_ci_jenkins_io.id + principal_id = azuread_service_principal.updatecli_infra_ci_jenkins_io.object_id } diff --git a/packer-resources.tf b/packer-resources.tf index 5671dec2..dfd8538f 100644 --- a/packer-resources.tf +++ b/packer-resources.tf @@ -119,7 +119,7 @@ resource "azurerm_role_assignment" "packer_role_images_assignement" { scope = each.value.id role_definition_name = "Contributor" - principal_id = azuread_service_principal.packer.id + principal_id = azuread_service_principal.packer.object_id } # Allow packer Service Principal to manage AzureRM resources inside the packer resource groups resource "azurerm_role_assignment" "packer_role_builds_assignement" { @@ -128,11 +128,11 @@ resource "azurerm_role_assignment" "packer_role_builds_assignement" { scope = each.value.id role_definition_name = "Contributor" - principal_id = azuread_service_principal.packer.id + principal_id = azuread_service_principal.packer.object_id } resource "azurerm_role_assignment" "packer_role_manage_subnet" { provider = azurerm.jenkins-sponsorship scope = data.azurerm_subnet.infra_ci_jenkins_io_sponsorship_packer_builds.id role_definition_name = "Network Contributor" - principal_id = azuread_service_principal.packer.id + principal_id = azuread_service_principal.packer.object_id } diff --git a/test.ci.jenkins.io.tf b/test.ci.jenkins.io.tf index d3230967..e4ecfc0b 100644 --- a/test.ci.jenkins.io.tf +++ b/test.ci.jenkins.io.tf @@ -58,7 +58,7 @@ resource "azuread_application_password" "test_azurevm_agents_sponsorship" { resource "azurerm_role_assignment" "controller_read_packer_prod_images" { scope = azurerm_resource_group.packer_images["prod"].id role_definition_name = "Reader" - principal_id = azuread_service_principal.test_azurevm_agents_sponsorship.id + principal_id = azuread_service_principal.test_azurevm_agents_sponsorship.object_id } resource "azurerm_role_definition" "jayonboarding_vnet_writer" { name = "write-test.jay.onboarding-VNET" @@ -71,7 +71,7 @@ resource "azurerm_role_definition" "jayonboarding_vnet_writer" { resource "azurerm_role_assignment" "jayonboarding_vnet_writer" { scope = data.azurerm_virtual_network.test_azurevm_agents_sponsorship.id role_definition_id = azurerm_role_definition.jayonboarding_vnet_writer.role_definition_resource_id - principal_id = azuread_service_principal.test_azurevm_agents_sponsorship.id + principal_id = azuread_service_principal.test_azurevm_agents_sponsorship.object_id } module "test_azurevm_agents_sponsorship" { @@ -90,7 +90,7 @@ module "test_azurevm_agents_sponsorship" { "135.237.163.64", # VM (manually managed) public IP "10.0.0.4", # VM (manually managed) private IP ]) - controller_service_principal_id = azuread_service_principal.test_azurevm_agents_sponsorship.id + controller_service_principal_id = azuread_service_principal.test_azurevm_agents_sponsorship.object_id default_tags = local.default_tags storage_account_name = "jayagentssub" # Max 24 chars diff --git a/trusted.ci.jenkins.io.tf b/trusted.ci.jenkins.io.tf index 0f2ee4d9..7ecd60bb 100644 --- a/trusted.ci.jenkins.io.tf +++ b/trusted.ci.jenkins.io.tf @@ -41,7 +41,9 @@ module "trusted_ci_jenkins_io" { } controller_service_principal_ids = [ - data.azuread_service_principal.terraform_production.object_id, + # Commenting out to migrate to new AzureAD provider + # data.azuread_service_principal.terraform_production.id, + "b847a030-25e1-4791-ad04-9e8484d87bce", ] controller_service_principal_end_date = "2024-11-20T00:00:00Z" controller_packer_rg_ids = [