chores: add at22 (#91)

* add env suffix for mass transit role * add mass transit custom role with env suffix * add CI infra * rename templates
Altinn · Nov 14, 2024 · 78f46c9 · 78f46c9
1 parent 6eb6688
commit 78f46c9
Show file tree

Hide file tree

Showing 7 changed files with 9 additions and 9 deletions.
diff --git a/.github/workflows/_ci-infra-template.yml b/.github/workflows/_ci-infra-template.yml
@@ -1,4 +1,4 @@
-name: "Template: Deploy Infra"
+name: "Template: Terraform CI"
 
 on:
   workflow_call:

diff --git a/.github/workflows/_deploy-app-terraform.yml b/.github/workflows/_deploy-app-terraform.yml
@@ -1,4 +1,4 @@
-name: infra-cd-template.yml
+name: "Template: Terraform CD"
 
 on:
   workflow_call:

diff --git a/.github/workflows/ci-infra.yml b/.github/workflows/ci-infra.yml
@@ -12,7 +12,7 @@ jobs:
   cert:
     name: Cert
     secrets: inherit
-    uses: ./.github/workflows/_deploy-infra-template.yml
+    uses: ./.github/workflows/_ci-infra-template.yml
     with:
       environment: at21
       tf_state: cert.tfstate
@@ -21,7 +21,7 @@ jobs:
   auth:
     name: Auth
     secrets: inherit
-    uses: ./.github/workflows/_deploy-infra-template.yml
+    uses: ./.github/workflows/_ci-infra-template.yml
     with:
       environment: at21
       tf_state: auth.tfstate
@@ -30,7 +30,7 @@ jobs:
   register:
     name: Altinn Register
     secrets: inherit
-    uses: ./.github/workflows/_deploy-infra-template.yml
+    uses: ./.github/workflows/_ci-infra-template.yml
     with:
       environment: at21
       tf_state: Altinn.Register.tfstate

diff --git a/infra/deploy/altinn-register/main.tf b/infra/deploy/altinn-register/main.tf
@@ -90,7 +90,7 @@ resource "azurerm_role_assignment" "mass_transit_role" {
   scope                            = data.azurerm_servicebus_namespace.sb.id
   principal_type                   = "ServicePrincipal"
   skip_service_principal_aad_check = true
-  role_definition_name             = "Azure Service Bus Mass Transit"
+  role_definition_name             = "Azure Service Bus Mass Transit ${upper(var.environment)}"
 }
 
 resource "azurerm_role_assignment" "key_vault_secret_reader" {

diff --git a/infra/modules/container_app/main.tf b/infra/modules/container_app/main.tf
@@ -66,7 +66,7 @@ resource "azurerm_role_assignment" "rbac" {
     {
       id                   = "service_bus_mass_transit"
       scope                = data.azurerm_servicebus_namespace.sb.id
-      role_definition_name = "Azure Service Bus Mass Transit"
+      role_definition_name = "Azure Service Bus Mass Transit ${upper(var.environment)}"
       should_assign        = var.can_use_service_bus
     },
     {

diff --git a/infra/modules/container_app_api/main.tf b/infra/modules/container_app_api/main.tf
@@ -67,7 +67,7 @@ resource "azurerm_role_assignment" "rbac" {
     {
       id                   = "service_bus_mass_transit"
       scope                = data.azurerm_servicebus_namespace.sb.id
-      role_definition_name = "Azure Service Bus Mass Transit"
+      role_definition_name = "Azure Service Bus Mass Transit ${upper(var.environment)}"
       should_assign        = var.can_use_auth_service_bus
     },
     {

diff --git a/infra/modules/service_bus/main.tf b/infra/modules/service_bus/main.tf
@@ -74,7 +74,7 @@ resource "azurerm_private_endpoint" "service_bus_private_endpoint" {
 # Service bus Actions List: https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration#microsoftservicebus
 # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition
 resource "azurerm_role_definition" "service_bus_masstransit" {
-  name        = "Azure Service Bus Mass Transit"
+  name        = "Azure Service Bus Mass Transit ${upper(var.metadata.environment)}"
   scope       = azurerm_servicebus_namespace.service_bus.id
   description = "Allow C# Applications use MassTransit with Azure Service Bus"