Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TES-359: Fine tune role assignments #21

Merged
merged 1 commit into from
Nov 29, 2023
Merged

TES-359: Fine tune role assignments #21

merged 1 commit into from
Nov 29, 2023

Conversation

mihailradkov
Copy link
Contributor

@mihailradkov mihailradkov commented Nov 24, 2023
edited
Loading

TES-359: Role assignments overhaul

The overhaul focuses on simplifying the module dependencies and responsibilities.

  • Vault and backup modules no longer depend on an identity
  • Added a new module rules dedicated for role assignments to anything required by the VMSS such as the key vault and backup storage account
  • Moved custom roles to the new roles module
  • Removed the storage account custom role in favor of directly providing the storage container in the user data script
  • Removed useless empty BLOB creation in the storage account
  • Optimized configurations role assignments for least privilege
  • Updated some comments/descriptions

@mihailradkov mihailradkov force-pushed the TES-359-role-assigments branch 4 times, most recently from cccad56 to 7a36329 Compare November 28, 2023 20:54
@mihailradkov mihailradkov marked this pull request as ready for review November 28, 2023 20:57
mihailradkov
mihailradkov commented Nov 29, 2023
View reviewed changes
modules/roles/main.tf Outdated Show resolved Hide resolved
@mihailradkov
TES-359: Role assignments overhaul
4ba06d0 
The overhaul focuses on simplifying the module dependencies
and responsibilities.

- Vault and backup modules no longer depend on an identity
- Added a new module rules dedicated for role assignments
  to anything required by the VMSS such as the key vault and
  backup storage account
- Moved custom roles to the new roles module
- Removed the storage account custom role in favor of directly
  providing the storage container in the user data script
- Removed useless empty BLOB creation in the storage account
- Optimized configurations role assignments for least privilege
- Updated some comments/descriptions
@mihailradkov mihailradkov merged commit 6b3bf82 into main Nov 29, 2023
2 checks passed
@mihailradkov mihailradkov deleted the TES-359-role-assigments branch November 29, 2023 12:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@viktor-ribchev viktor-ribchev viktor-ribchev approved these changes

@yaskoo yaskoo Awaiting requested review from yaskoo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mihailradkov @viktor-ribchev