Merge pull request #38 from pagopa/PAGOPA-1465-devops-gec-switch-mana…

…ged-identity-utils-afm fix fed ident
pagopa · Apr 29, 2024 · 0221e69 · 0221e69
2 parents c1d7e7d + 7c13a58
commit 0221e69
Show file tree

Hide file tree

Showing 7 changed files with 12 additions and 91 deletions.
diff --git a/.github/workflows/code_review.yml b/.github/workflows/code_review.yml
@@ -59,7 +59,7 @@ jobs:
  # from https://github.com/Azure/login/commits/master
  uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
  with:
- client-id: ${{ secrets.CLIENT_ID }}
+ client-id: ${{ secrets.CD_CLIENT_ID }}
  tenant-id: ${{ secrets.TENANT_ID }}
  subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
 

diff --git a/.github/workflows/create_dashboard.yaml b/.github/workflows/create_dashboard.yaml
@@ -43,7 +43,7 @@ jobs:
  environment: ${{ matrix.environment }}
  api-name:
  config: .opex/env/${{ matrix.environment }}/config.yaml
- client-id: ${{ secrets.CLIENT_ID }}
+ client-id: ${{ secrets.CD_CLIENT_ID }}
  tenant-id: ${{ secrets.TENANT_ID }}
  subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
  # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action

diff --git a/.github/workflows/deploy_with_github_runner.yml b/.github/workflows/deploy_with_github_runner.yml
@@ -36,7 +36,7 @@ jobs:
  # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
  uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
  with:
- client_id: ${{ secrets.CLIENT_ID }}
+ client_id: ${{ secrets.CD_CLIENT_ID }}
  tenant_id: ${{ secrets.TENANT_ID }}
  subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
  container_app_environment_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_NAME }}
@@ -54,7 +54,7 @@ jobs:
  uses: pagopa/github-actions-template/aks-deploy@main
  with:
  branch: ${{ github.ref_name }}
- client_id: ${{ secrets.CLIENT_ID }}
+ client_id: ${{ secrets.CD_CLIENT_ID }}
  subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
  tenant_id: ${{ secrets.TENANT_ID }}
  env: ${{ inputs.environment }}
@@ -76,7 +76,7 @@ jobs:
  # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action
  uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@0ee2f58fd46d10ac7f00bce4304b98db3dbdbe9a
  with:
- client_id: ${{ secrets.CLIENT_ID }}
+ client_id: ${{ secrets.CD_CLIENT_ID }}
  tenant_id: ${{ secrets.TENANT_ID }}
  subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
  resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }}

diff --git a/.github/workflows/integration_test.yml b/.github/workflows/integration_test.yml
@@ -47,7 +47,7 @@ jobs:
  # from https://github.com/Azure/login/commits/master
  uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
  with:
- client-id: ${{ secrets.CLIENT_ID }}
+ client-id: ${{ secrets.CD_CLIENT_ID }}
  tenant-id: ${{ secrets.TENANT_ID }}
  subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
 

diff --git a/.identity/00_data.tf b/.identity/00_data.tf
@@ -1,3 +1,8 @@
+data "azurerm_user_assigned_identity" "identity_cd" {
+ resource_group_name = "${local.product}-identity-rg"
+ name = "${local.product}-${local.domain}-01-github-cd-identity"
+}
+
 data "azurerm_resource_group" "dashboards" {
  name = "dashboards"
 }

diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf
diff --git a/.identity/03_github_environment.tf b/.identity/03_github_environment.tf
@@ -21,7 +21,7 @@ resource "github_repository_environment" "github_repository_environment" {
 
 locals {
  env_secrets = {
- "CLIENT_ID" : module.github_runner_app.application_id,
+ "CD_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_cd.client_id,
  "TENANT_ID" : data.azurerm_client_config.current.tenant_id,
  "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id,
  "SUBKEY" : data.azurerm_key_vault_secret.key_vault_integration_test_subkey.value,