WIP use cluster service key vault

Azure · Sep 2, 2024 · 1a56f83 · 1a56f83
1 parent 13ab24c
commit 1a56f83
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 3 deletions.
diff --git a/dev-infrastructure/Makefile b/dev-infrastructure/Makefile
@@ -69,11 +69,11 @@ cleanup-orphaned-rolebindings:
 first-party-identity: # hardcoded name, since there should be only one in the global RG
 	az deployment group create \
 		--name "aro-hcp-dev-first-party" \
-		--resource-group $(GLOBAL_RESOURCEGROUP) \
+		--resource-group $(RESOURCEGROUP) \
 		--template-file templates/first-party-identity.bicep $(PROMPT_TO_CONFIRM) \
 		--parameters configurations/mvp-first-party.bicepparam
 	APPLICATION_NAME=aro-hcp-dev-first-party \
-	KEY_VAULT_NAME=aro-hcp-dev-global-kv \
+	KEY_VAULT_NAME=service-kv-aro-hcp-dev \
 	CERTIFICATE_NAME=firstPartyMock \
 	ROLE_DEFINITION_NAME=dev-first-party-mock \
 	SUBSCRIPTION_ID=$(shell az account show --query id --output tsv) \

diff --git a/dev-infrastructure/configurations/mvp-first-party.bicepparam b/dev-infrastructure/configurations/mvp-first-party.bicepparam
@@ -1,4 +1,4 @@
 using '../templates/first-party-identity.bicep'
 
 param kvCertOfficerManagedIdentityName = 'aro-hcp-dev-first-party'
-param globalKeyVaultName = 'aro-hcp-dev-global-kv'
+param globalKeyVaultName = 'service-kv-aro-hcp-dev'
diff --git a/dev-infrastructure/modules/first-party-identity.bicep b/dev-infrastructure/modules/first-party-identity.bicep
@@ -86,6 +86,7 @@ resource customRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
     assignableScopes: [
       subscription().id
       subscriptionResourceId('Microsoft.Resources/resourceGroups/', 'global')
+      subscriptionResourceId('Microsoft.Resources/resourceGroups/', 'aro-hcp-dev-westus3-sc')
     ]
   }
 }