Update local debugging for RBAC key vaults (#4133)

* update * update core version --------- Co-authored-by: Tim Allen <[email protected]>
microsoft · Nov 12, 2024 · 897f1b1 · 897f1b1
1 parent 35cd559
commit 897f1b1
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 7 deletions.
diff --git a/core/terraform/json-to-env.sh b/core/terraform/json-to-env.sh
@@ -29,6 +29,10 @@ jq -r '
             "path": "keyvault_uri",
             "env_var": "KEYVAULT_URI"
         },
+        {
+            "path": "keyvault_resource_id",
+            "env_var": "KEYVAULT_RESOURCE_ID"
+        },
         {
             "path": "azure_tre_fqdn",
             "env_var": "FQDN"

diff --git a/core/terraform/outputs.tf b/core/terraform/outputs.tf
@@ -30,6 +30,10 @@ output "keyvault_uri" {
   value = azurerm_key_vault.kv.vault_uri
 }
 
+output "keyvault_resource_id" {
+  value = azurerm_key_vault.kv.id
+}
+
 output "service_bus_resource_id" {
   value = azurerm_servicebus_namespace.sb.id
 }

diff --git a/core/version.txt b/core/version.txt
@@ -1 +1 @@
-__version__ = "0.11.0"
+__version__ = "0.11.1"
diff --git a/devops/scripts/setup_local_debugging.sh b/devops/scripts/setup_local_debugging.sh
@@ -15,6 +15,7 @@ private_env_path="./core/private.env"
 : "${EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID?"Check EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID is defined in ${private_env_path}"}"
 : "${KEYVAULT_URI?"Check KEYVAULT_URI is defined in ${private_env_path}"}"
 : "${KEYVAULT?"Check KEYVAULT is defined in ${private_env_path}"}"
+: "${KEYVAULT_RESOURCE_ID?"Check KEYVAULT_RESOURCE_ID is defined in ${private_env_path}"}"
 
 set -o pipefail
 set -o nounset
@@ -135,13 +136,11 @@ az role assignment create \
     --assignee "${RP_TESTING_SP_APP_ID}" \
     --scope "${SERVICE_BUS_RESOURCE_ID}"
 
-
 # Assign get permissions on the keyvault
-az keyvault set-policy \
-  --name "${KEYVAULT}" \
-  --spn "${RP_TESTING_SP_APP_ID}" \
-  --secret-permissions get
-
+az role assignment create \
+    --role "Key Vault Secrets User" \
+    --assignee "${RP_TESTING_SP_APP_ID}" \
+    --scope "${KEYVAULT_RESOURCE_ID}"
 
 # Write the appId and secret to the private.env file which is used for RP debugging
 # First check if the env vars are there already and delete them