Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use identity

Browse Source
This commit is contained in:
hezijie
2023-02-21 10:38:21 +08:00
parent ed79d1aa3b
commit a198987b19
3 changed files with 21 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
quickstart/201-aks-acr-identity/azuread.tf
View File

@ -1,30 +1,17 @@
resource "azuread_application" "default" {
name = "${var.name}-${var.environment}"
}
resource "azuread_service_principal" "default" {
application_id = azuread_application.default.application_id
}
resource "random_string" "password" {
length = 32
special = true
}
resource "azuread_service_principal_password" "default" {
service_principal_id = "${azuread_service_principal.default.id}"
value = "${random_string.password.result}"
end_date = "2099-01-01T01:00:00Z"
resource "azurerm_user_assigned_identity" "aks" {
location = azurerm_resource_group.default.location
name = "${random_pet.rg.id}-uai"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_role_assignment" "aks_network" {
scope = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}"
scope = azurerm_resource_group.default.id
role_definition_name = "Network Contributor"
principal_id = "${azuread_service_principal.default.id}"
principal_id = azurerm_user_assigned_identity.aks.principal_id
}
resource "azurerm_role_assignment" "aks_acr" {
scope = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}/providers/Microsoft.ContainerRegistry/registries/${azurerm_container_registry.default.name}"
scope = azurerm_container_registry.default.id
role_definition_name = "AcrPull"
principal_id = "${azuread_service_principal.default.id}"
principal_id = azurerm_user_assigned_identity.aks.principal_id
}