Skip to content

Commit

Permalink
update apps permission
Browse files Browse the repository at this point in the history
  • Loading branch information
andreasisnes committed Jul 16, 2024
1 parent f0e367b commit 92cd2c5
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion infrastructure/products/azure_arm.tf
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ resource "azurerm_role_assignment" "admins" {

# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment
resource "azurerm_role_assignment" "product_admins_storage_blob_owner" {
scope = azurerm_storage_container.container.resource_manager_id
scope = azurerm_storage_account.backend.id
principal_id = azuread_group.product_admins.object_id
role_definition_name = data.azurerm_role_definition.storage_blob_data_owner.name
# skip_service_principal_aad_check = true
Expand All @@ -224,6 +224,8 @@ resource "azurerm_role_assignment" "products" {
principal_id = azuread_group.admins[each.value.slug].object_id
role_definition_name = data.azurerm_role_definition.storage_blob_data_owner.name

depends_on = [azurerm_role_assignment.product_admins_contributor]

condition_version = "2.0"
condition = <<-EOT
(
Expand All @@ -249,6 +251,8 @@ resource "azurerm_role_assignment" "appregg" {
role_definition_name = data.azurerm_role_definition.storage_blob_data_owner.name
skip_service_principal_aad_check = true

depends_on = [azurerm_role_assignment.product_admins_contributor]

condition_version = "2.0"
condition = <<-EOT
(
Expand Down

0 comments on commit 92cd2c5

Please sign in to comment.