From 897f1b1067bcab2b586a444e31c3416ff74f5ea4 Mon Sep 17 00:00:00 2001 From: Tim Allen Date: Tue, 12 Nov 2024 11:39:24 +0000 Subject: [PATCH] Update local debugging for RBAC key vaults (#4133) * update * update core version --------- Co-authored-by: Tim Allen --- core/terraform/json-to-env.sh | 4 ++++ core/terraform/outputs.tf | 4 ++++ core/version.txt | 2 +- devops/scripts/setup_local_debugging.sh | 11 +++++------ 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/core/terraform/json-to-env.sh b/core/terraform/json-to-env.sh index b6c17f534..cf307d982 100755 --- a/core/terraform/json-to-env.sh +++ b/core/terraform/json-to-env.sh @@ -29,6 +29,10 @@ jq -r ' "path": "keyvault_uri", "env_var": "KEYVAULT_URI" }, + { + "path": "keyvault_resource_id", + "env_var": "KEYVAULT_RESOURCE_ID" + }, { "path": "azure_tre_fqdn", "env_var": "FQDN" diff --git a/core/terraform/outputs.tf b/core/terraform/outputs.tf index 7e02c66aa..1e2850a8a 100644 --- a/core/terraform/outputs.tf +++ b/core/terraform/outputs.tf @@ -30,6 +30,10 @@ output "keyvault_uri" { value = azurerm_key_vault.kv.vault_uri } +output "keyvault_resource_id" { + value = azurerm_key_vault.kv.id +} + output "service_bus_resource_id" { value = azurerm_servicebus_namespace.sb.id } diff --git a/core/version.txt b/core/version.txt index a4219a8e5..cb73775c4 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.11.0" \ No newline at end of file +__version__ = "0.11.1" \ No newline at end of file diff --git a/devops/scripts/setup_local_debugging.sh b/devops/scripts/setup_local_debugging.sh index 704910bb5..4cb2dbdb5 100755 --- a/devops/scripts/setup_local_debugging.sh +++ b/devops/scripts/setup_local_debugging.sh @@ -15,6 +15,7 @@ private_env_path="./core/private.env" : "${EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID?"Check EVENT_GRID_AIRLOCK_NOTIFICATION_TOPIC_RESOURCE_ID is defined in ${private_env_path}"}" : "${KEYVAULT_URI?"Check KEYVAULT_URI is defined in ${private_env_path}"}" : "${KEYVAULT?"Check KEYVAULT is defined in ${private_env_path}"}" +: "${KEYVAULT_RESOURCE_ID?"Check KEYVAULT_RESOURCE_ID is defined in ${private_env_path}"}" set -o pipefail set -o nounset @@ -135,13 +136,11 @@ az role assignment create \ --assignee "${RP_TESTING_SP_APP_ID}" \ --scope "${SERVICE_BUS_RESOURCE_ID}" - # Assign get permissions on the keyvault -az keyvault set-policy \ - --name "${KEYVAULT}" \ - --spn "${RP_TESTING_SP_APP_ID}" \ - --secret-permissions get - +az role assignment create \ + --role "Key Vault Secrets User" \ + --assignee "${RP_TESTING_SP_APP_ID}" \ + --scope "${KEYVAULT_RESOURCE_ID}" # Write the appId and secret to the private.env file which is used for RP debugging # First check if the env vars are there already and delete them