Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CES-614] Added custom roles into Core Infra module #199

Closed
wants to merge 2 commits into from
Closed

[CES-614] Added custom roles into Core Infra module #199

wants to merge 2 commits into from

Conversation

mamu0
Copy link
Contributor

@mamu0 mamu0 commented Dec 23, 2024

List of changes

Added custom roles definition into module for core infrastructure.

Motivation and context

To permit least privilege for RBAC we can define custom roles in core infrastructure, the added role is to list secrets, useful to avoid Role API Management Service Contributor for a CI identity, with this we can use API Management Service Reader in combo with new one PagoPA API Management Service List Secrets

Type of changes

  • Add new resources
  • Update configuration to existing resources
  • Remove existing resources

Does this introduce a change to production resources with possible user impact?

  • Yes, users may be impacted applying this change
  • No

Other information

@mamu0 mamu0 requested review from a team as code owners December 23, 2024 15:15
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Dec 23, 2024

🦋 Changeset detected

Latest commit: 8673fbe

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
azure_core_infra Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@gunzip gunzip requested a review from Copilot December 24, 2024 11:27
Copilot
Copilot AI reviewed Dec 24, 2024
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 3 out of 8 changed files in this pull request and generated no comments.

Files not reviewed (5)
  • infra/modules/azure_core_infra/_modules/custom_roles/data.tf: Language not supported
  • infra/modules/azure_core_infra/_modules/custom_roles/locals.tf: Language not supported
  • infra/modules/azure_core_infra/_modules/custom_roles/outputs.tf: Language not supported
  • infra/modules/azure_core_infra/_modules/custom_roles/roles.tf: Language not supported
  • infra/modules/azure_core_infra/main.tf: Language not supported
Comments suppressed due to low confidence (1)

infra/modules/azure_core_infra/_modules/custom_roles/README.md:27

  • [nitpick] The output name pagopa_apim_list_secrets is ambiguous. Consider renaming it to something more descriptive like pagopa_api_management_list_secrets_role.
| <a name="output_pagopa_apim_list_secrets"></a> [pagopa\_apim\_list\_secrets](#output\_pagopa\_apim\_list\_secrets) | n/a |
@mamu0 mamu0 marked this pull request as draft December 24, 2024 15:26
@Krusty93
Copy link
Contributor

Krusty93 commented Jan 7, 2025

Is this ready for review?

@mamu0
Copy link
Contributor Author

mamu0 commented Jan 13, 2025

This PR is now moved into this pagopa/eng-azure-governance#159

@mamu0 mamu0 closed this Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@gunzip gunzip gunzip left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mamu0 @Krusty93 @gunzip