[NOD-933] fix: migrated to new identity procedure

pagopa · Jun 5, 2024 · a867f05 · a867f05
1 parent 51ea0a1
commit a867f05
Show file tree

Hide file tree

Showing 5 changed files with 100 additions and 96 deletions.
diff --git a/.gitignore b/.gitignore
@@ -33,6 +33,9 @@ hs_err_pid*
 # macOS
 .DS_Store
 
+# Terraform
+**/.terraform/
+
 # Azure Functions
 local.settings.json
 bin/

diff --git a/.identity/.terraform.lock.hcl b/.identity/.terraform.lock.hcl
diff --git a/.identity/00_data.tf b/.identity/00_data.tf
@@ -1,3 +1,8 @@
+data "azurerm_user_assigned_identity" "identity_cd" {
+  resource_group_name = "${local.product}-identity-rg"
+  name                = "${local.product}-${local.domain}-01-github-cd-identity"
+}
+
 data "azurerm_resource_group" "dashboards" {
   name = "dashboards"
 }
@@ -22,6 +27,10 @@ data "azurerm_key_vault" "domain_key_vault" {
   resource_group_name = "pagopa-${var.env_short}-${local.domain}-sec-rg"
 }
 
+data "azurerm_resource_group" "apim_resource_group" {
+  name = "${local.product}-api-rg"
+}
+
 data "azurerm_key_vault_secret" "key_vault_sonar" {
   name         = "sonar-token"
   key_vault_id = data.azurerm_key_vault.key_vault.id
@@ -35,8 +44,4 @@ data "azurerm_key_vault_secret" "key_vault_bot_token" {
 data "azurerm_key_vault_secret" "key_vault_slack_webhook_url" {
   name         = "slack-webhook-url"
   key_vault_id = data.azurerm_key_vault.domain_key_vault.id
-}
-
-data "azurerm_resource_group" "nodo_verifyko_rg" {
-  name  = "pagopa-${var.env_short}-${local.location_short}-nodo-verifyko-to-datastore-rg"
-}
+}
diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf
diff --git a/.identity/03_github_environment.tf b/.identity/03_github_environment.tf
@@ -21,7 +21,7 @@ resource "github_repository_environment" "github_repository_environment" {
 
 locals {
   env_secrets = {
-    "CLIENT_ID" : module.github_runner_app.application_id,
+    "CD_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_cd.client_id,
     "TENANT_ID" : data.azurerm_client_config.current.tenant_id,
     "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id,
   }
@@ -59,6 +59,7 @@ resource "github_actions_environment_secret" "github_environment_runner_secrets"
 # ENV Variables #
 #################
 
+
 resource "github_actions_environment_variable" "github_environment_runner_variables" {
   for_each      = local.env_variables
   repository    = local.github.repository
@@ -79,6 +80,7 @@ resource "github_actions_secret" "repo_secrets" {
   plaintext_value = each.value
 }
 
+
 ############
 ## Labels ##
 ############
@@ -93,3 +95,4 @@ resource "github_issue_label" "ignore_for_release" {
   name       = "ignore-for-release"
   color      = "008000"
 }
+