diff --git a/terraform/subscriptions/modules/federated-credentials/servicenow_proxy/main.tf b/terraform/subscriptions/modules/federated-credentials/servicenow_proxy/main.tf index f082f753..2dc0fd0c 100644 --- a/terraform/subscriptions/modules/federated-credentials/servicenow_proxy/main.tf +++ b/terraform/subscriptions/modules/federated-credentials/servicenow_proxy/main.tf @@ -4,7 +4,7 @@ variable "oidc_issuer_url" { } data "azuread_application" "this" { - display_name = "ar-radix-servicenow-proxy-client" + display_name = "radix-ar-servicenow-proxy-client" } locals { @@ -19,7 +19,7 @@ locals { ]) } -resource "azuread_application_federated_identity_credential" "ar-radix-servicenow-proxy-client" { +resource "azuread_application_federated_identity_credential" "radix-ar-servicenow-proxy-client" { for_each = { for item in local.oidc_issuers : "${item.cluster}-${item.env}" => item } application_id = data.azuread_application.this.id display_name = "k8s-radix-servicenow-proxy-client-${each.value.cluster}-${each.value.env}" diff --git a/terraform/subscriptions/modules/mssqldatabase/iam.tf b/terraform/subscriptions/modules/mssqldatabase/iam.tf index 78f0d7ae..e76fddf5 100644 --- a/terraform/subscriptions/modules/mssqldatabase/iam.tf +++ b/terraform/subscriptions/modules/mssqldatabase/iam.tf @@ -10,7 +10,7 @@ resource "azurerm_user_assigned_identity" "server" { tags = { IaC = "terraform" } - + } resource "azurerm_user_assigned_identity" "admin" { name = var.managed_identity_admin_name diff --git a/terraform/subscriptions/s940/c2/post-clusters/backend.tf b/terraform/subscriptions/s940/c2/post-clusters/backend.tf index 5dbb4ca3..9e66c063 100644 --- a/terraform/subscriptions/s940/c2/post-clusters/backend.tf +++ b/terraform/subscriptions/s940/c2/post-clusters/backend.tf @@ -41,7 +41,7 @@ module "clusters" { } data "azuread_service_principal" "this" { - display_name = "ar-radix-resource-lock-operator-prod" + display_name = "radix-ar-resource-lock-operator-prod" } data "azurerm_role_definition" "this" { diff --git a/terraform/subscriptions/s940/c2/post-clusters/grafana.tf b/terraform/subscriptions/s940/c2/post-clusters/grafana.tf index d0dbc61d..a8193df8 100644 --- a/terraform/subscriptions/s940/c2/post-clusters/grafana.tf +++ b/terraform/subscriptions/s940/c2/post-clusters/grafana.tf @@ -7,7 +7,7 @@ locals { module "grafana" { source = "../../../modules/app_registration" - display_name = "ar-radix-grafana-c2-prod" #TODO + display_name = "radix-ar-grafana-${module.config.environment}" notes = "Grafana Oauth, main app for user authentication to Grafana" service_id = "110327" web_uris = concat(["https://grafana.c2.radix.equinor.com/login/generic_oauth"], local.grafana_uris) diff --git a/terraform/subscriptions/s940/c2/post-clusters/web-console.tf b/terraform/subscriptions/s940/c2/post-clusters/web-console.tf index f33569d1..6766d4ba 100644 --- a/terraform/subscriptions/s940/c2/post-clusters/web-console.tf +++ b/terraform/subscriptions/s940/c2/post-clusters/web-console.tf @@ -27,7 +27,7 @@ locals { data "azuread_application_published_app_ids" "well_known" {} data "azuread_service_principal" "servicenow" { - display_name = "ar-radix-servicenow-proxy-server" + display_name = "radix-ar-servicenow-proxy-server" } data "azuread_service_principal" "msgraph" { client_id = data.azuread_application_published_app_ids.well_known.result["MicrosoftGraph"] diff --git a/terraform/subscriptions/s940/extmon/post-clusters/.terraform.lock.hcl b/terraform/subscriptions/s940/extmon/post-clusters/.terraform.lock.hcl index 0b9ec5ff..50ac7b90 100644 --- a/terraform/subscriptions/s940/extmon/post-clusters/.terraform.lock.hcl +++ b/terraform/subscriptions/s940/extmon/post-clusters/.terraform.lock.hcl @@ -2,59 +2,59 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/azure/azapi" { - version = "1.12.1" + version = "1.14.0" hashes = [ - "h1:Gv1HwQMV7+3ctMPr1nKmOhEGu+UWb6FlQmrgaHxknJ4=", - "zh:1cf52e685ceb04e73e13fbf3f3036bff23a3274a4ceda8693c0612076a588166", - "zh:321b59c2a67c6cb4e5cf0dbe2cc978f5389d781e8b391f9b75bf4d830abd2ffe", - "zh:49046bd8020c3b44c6b5dc67041f181e4fff45e3bc1a9ff0646dd20c21c8ce47", - "zh:5784d0c326ec4825571577bc39b253019bd3b1030c19d67ca3436df2d7ba01c8", - "zh:5ad7e18d26f170c01888d8e65dab7aa475089aac7bf0106526fd57cdd56533bc", - "zh:6695854f4f655673bea85e37444bf0c070b440dba4bc269aa144d0f6b7c1cc5f", - "zh:7f372c897da6b9ad90869a8eb85b37dad4dff2d5d311b3eca1a2e6373e2271ed", - "zh:8afa1a2be1dada4e8be4ab72d9d56f36af1e486c9353d04aabf6e79db7310125", - "zh:90809364619238c45185bff25c7d9c4fde34253561d8183ebbe797456c44bc9c", - "zh:9338d44650c9e68e10a6bc2d69f7beacd5059e6ac681d2e388e80a1652d9c183", - "zh:c94ee6fb1df2c1d35f338107b5e73cdba86c4ecf9dcde95e2ca0132cbbd4bd7c", - "zh:de231d363b1a664c6b5d3af8d3b9cf542d04d4506fb9458ba6c8ebf94e0e32ae", + "h1:D8AhiIgpSH6pG05WuslOg3XS0O9I5VxOoD3W3i8N+Xo=", + "zh:083709be750b878dfb33747ba1d326d23619a0ed654f95bce9c808e424923c90", + "zh:261b5060297b732d97b4363ad753355bfee00e93d773fd329023a5619b964c39", + "zh:51adfdaeb1b2c3d9e7aeba97c9c73d469712223dd125b14d90377d445d1cd3df", + "zh:5bcbedc9eeefa5e6267042604af20f93cadceba41d8d90a91040f60f6c5e38a9", + "zh:6da127f306083e740767f53dd0cc8787166a8af4f44519873dd8775ca981ddef", + "zh:7604cf377b8ea31a5a44db5b8566f5eea4d73acdfaaeb8ba10fcac46cbf4a738", + "zh:77789ef8906acabbf7eb55378e1f9c407499bb765811f193d256897d2925d66d", + "zh:8a333c53279b3b0b65519191dbba8ef7dc390f5d96216e4e6f165cac8b3e5dc2", + "zh:8c0dfe57dc2c29f8953db3037144d2254ce28bfa55dae537707ae4bdb4460f64", + "zh:debdeabcbcb6b421c2cdf2093d520c67e75a11d28d357b0ba32dd748105a5460", + "zh:e252ee062513904836fcc5e6548243429819e68aa7cfaeac7da8d816c4c4d1e8", + "zh:f48d1fd67b463d2121516911b5d20f8a72217e43e7740bb74929a17dbd43bb59", ] } provider "registry.terraform.io/hashicorp/azuread" { - version = "2.47.0" + version = "2.53.1" hashes = [ - "h1:KB9BNRNStbdsfdRmVXUwXtN77qgX5VjBy2UALcqp218=", - "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", + "h1:0z/718jtR2TJHQQMMqi4nvd6XFPV/iA1jb/5fyAcn5o=", + "zh:162916b037e5133f49298b0ffa3e7dcef7d76530a8ca738e7293373980f73c68", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", - "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", - "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", - "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", - "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", - "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", - "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", - "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", - "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", - "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", + "zh:492931cea4f30887ab5bca36a8556dfcb897288eddd44619c0217fc5da2d57e7", + "zh:4c895e450e18335ad8714cc6d3488fc1a78816ad2851a91b06cb2ef775dd7c66", + "zh:60d92fdaf7235574201f2d8f68f733ee00a822993b3fc95e6952e09e6ec76999", + "zh:67a169119efa41c1fb867ef1a8e79bf03472a2324384c36eb55370c817dcce42", + "zh:9dd4d5ed9233cf9329262200bc5a1aa60942b80dbc611e2ef4b09f47531b39b1", + "zh:a3c160e35b9e40fc1497b83c2f37a8e24565b05a1783c7733609f3695735c2a9", + "zh:a4a221da42b1f46e7c436c7145e5beaadfd9d03f3be6fd526d132c03f18a5979", + "zh:af0d3476a9702d2287e168e3baa670e64daab9c9b01c01e17025a5248f3e28e9", + "zh:e3579bff7894f3d36066b74ec324be6d28f56a42a387a2b8a0eabf33cbff86df", + "zh:f1749ee8ad972ae6424665aa9d2c0ece8c40c51d41ec2f38b863148cb437e865", ] } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.69.0" - constraints = "<= 3.69.0" + version = "3.112.0" + constraints = ">= 3.110.0" hashes = [ - "h1:Y9P5uiObriBw8Ky39QPu/+I3P9om2M07xBfrhge06c0=", - "zh:00de2580c92828edf5ac02c1287dd247f647ceaa34f8a1e5bf0e2962a99240e4", - "zh:074412944b7d0f5aaf65c0d30c8c82dfb35f0f987a6c94ddfc0e0d9989ea35c2", - "zh:09e1a23ef5331191cee641a71a525c77418e16f666a1c9c82baf01d44d5db66c", - "zh:1c2172a661130d17d982bb6e9228e338bec92763a8cb86bba799357c85238003", - "zh:2f9c7a3a2c269dd3b62dec4a94495694f0ed29b3d7a16bcc6baf8ded9af734d1", - "zh:3d75d487e03ea2f711ffc760aab29aa5a67a19948a4430e61da658edcd2ecb86", - "zh:6e9c98be1768f2b53d43178638832b336e405e65bfa9feb3ec6b7b9444ebd4ea", - "zh:7bbdbb7448147a380077fbf8a356ab9a0e279043a6e7e4beef8cdbebd6243d30", - "zh:ad22c8472f5ec4133860a690ce0b0091a2a834523a0d05e57006b5d86cf0b78e", - "zh:dffe3bce5564841bec9039005aedb464048dad55942e01756d08362b7e81999a", - "zh:e63928a70be9a7afe26b9276b5f1825157670596dec974923759c98fd7e68208", + "h1:5KSVV/O2eG6ty/3/qpOLQFQqJd96KEPzsTHItslJaMw=", + "zh:341c22454d24a75792aa99fbbc0c156f368534b7bb04eef4701b85995c7526a4", + "zh:3708656d75061c92f7208cc731b946c991ad343a443f8ff0ef082f077b7580b9", + "zh:38ca06f9f45705c648f04f272bd9483397693ea8da6db788cd7955f49ab79d6b", + "zh:3f305adb5ee0032e0ea68d198a089ecfd0127092930e99fa51377a250292b592", + "zh:4ae2fc6065164a819f576f705e634ebf5059f983149a41dad909719fea96145a", + "zh:5d376ac7dd71898a94038d6b6b8036dfec4c0216d832ec1135c855bf3e58eb5f", + "zh:63d2ff296d3aee5787e12c759a6a3d5aa15a574456aebbe11b833f01adf3faef", + "zh:8ad8746741f7f0ac10da6f1d105f26ebeb6e4d944f58ba749e86d7c9a67da3db", + "zh:abec182594ee8a21d72a5f23d3aa7fa45247488539fce6ed648c9c255d8bf972", + "zh:bf704b400be4181333b38c0306949f26326a9aa5ae68b4167e2fb8ee7fb13618", + "zh:c072938f8695f725fc5fbe986a54890f00d520cce570006390dc5bbc51b2a4ea", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/terraform/subscriptions/s940/extmon/post-clusters/grafana.tf b/terraform/subscriptions/s940/extmon/post-clusters/grafana.tf index ae4e076d..a4270fa4 100644 --- a/terraform/subscriptions/s940/extmon/post-clusters/grafana.tf +++ b/terraform/subscriptions/s940/extmon/post-clusters/grafana.tf @@ -12,12 +12,13 @@ resource "azuread_application_federated_identity_credential" "grafana-logreader" application_id = data.azuread_application.grafana-logreader.id } -resource "azuread_application_federated_identity_credential" "grafana-mi-fedcred" { - for_each = module.clusters.oidc_issuer_url +# resource "azuread_application_federated_identity_credential" "grafana-mi-fedcred" { +# for_each = module.clusters.oidc_issuer_url + +# display_name = "k8s-grafana-${each.key}" +# audiences = ["api://AzureADTokenExchange"] +# issuer = each.value +# subject = "system:serviceaccount:monitor:grafana" +# application_id = data.azuread_application.grafana-logreader.id +# } - audience = ["api://AzureADTokenExchange"] - name = "k8s-grafana-${each.key}" - issuer = each.value - subject = "system:serviceaccount:monitor:grafana" - application_id = data.azuread_application.grafana-logreader.id -} diff --git a/terraform/subscriptions/s940/prod/post-clusters/backend.tf b/terraform/subscriptions/s940/prod/post-clusters/backend.tf index 5d00f50d..21b56120 100644 --- a/terraform/subscriptions/s940/prod/post-clusters/backend.tf +++ b/terraform/subscriptions/s940/prod/post-clusters/backend.tf @@ -37,7 +37,7 @@ module "clusters" { } data "azuread_service_principal" "this" { - display_name = "ar-radix-resource-lock-operator-prod" + display_name = "radix-ar-resource-lock-operator-prod" } data "azurerm_role_definition" "this" { diff --git a/terraform/subscriptions/s940/prod/post-clusters/grafana.tf b/terraform/subscriptions/s940/prod/post-clusters/grafana.tf index 037547ee..7f49d8fe 100644 --- a/terraform/subscriptions/s940/prod/post-clusters/grafana.tf +++ b/terraform/subscriptions/s940/prod/post-clusters/grafana.tf @@ -7,7 +7,7 @@ locals { module "grafana" { source = "../../../modules/app_registration" - display_name = "ar-radix-grafana-production" #TODO + display_name = "radix-ar-grafana-${module.config.environment}" notes = "Grafana Oauth, main app for user authentication to Grafana" service_id = "110327" web_uris = concat(["https://grafana.radix.equinor.com/login/generic_oauth"], local.grafana_uris) diff --git a/terraform/subscriptions/s941/dev/post-clusters/grafana.tf b/terraform/subscriptions/s941/dev/post-clusters/grafana.tf index ba092ab3..0b67a4ff 100644 --- a/terraform/subscriptions/s941/dev/post-clusters/grafana.tf +++ b/terraform/subscriptions/s941/dev/post-clusters/grafana.tf @@ -7,7 +7,7 @@ locals { module "grafana" { source = "../../../modules/app_registration" - display_name = "ar-radix-grafana-development" #TODO + display_name = "radix-ar-grafana-${module.config.environment}" notes = "Grafana Oauth, main app for user authentication to Grafana" service_id = "110327" web_uris = concat(["https://grafana.${module.config.environment}.radix.equinor.com/login/generic_oauth"], local.grafana_uris) diff --git a/terraform/subscriptions/s941/dev/post-clusters/web-console.tf b/terraform/subscriptions/s941/dev/post-clusters/web-console.tf index 5f4d5fa2..87e129f7 100644 --- a/terraform/subscriptions/s941/dev/post-clusters/web-console.tf +++ b/terraform/subscriptions/s941/dev/post-clusters/web-console.tf @@ -38,7 +38,7 @@ locals { data "azuread_application_published_app_ids" "well_known" {} data "azuread_service_principal" "servicenow" { - display_name = "ar-radix-servicenow-proxy-server" + display_name = "radix-ar-servicenow-proxy-server" } data "azuread_service_principal" "msgraph" { client_id = data.azuread_application_published_app_ids.well_known.result["MicrosoftGraph"] diff --git a/terraform/subscriptions/s941/playground/post-clusters/grafana.tf b/terraform/subscriptions/s941/playground/post-clusters/grafana.tf index 9ae97a9c..59315ab1 100644 --- a/terraform/subscriptions/s941/playground/post-clusters/grafana.tf +++ b/terraform/subscriptions/s941/playground/post-clusters/grafana.tf @@ -7,7 +7,7 @@ locals { module "grafana" { source = "../../../modules/app_registration" - display_name = "ar-radix-grafana-${module.config.environment}" + display_name = "radix-ar-grafana-${module.config.environment}" notes = "Grafana Oauth, main app for user authentication to Grafana" service_id = "110327" web_uris = concat(["https://grafana.${module.config.environment}.radix.equinor.com/login/generic_oauth"], local.grafana_uris) diff --git a/terraform/subscriptions/s941/playground/post-clusters/web-console.tf b/terraform/subscriptions/s941/playground/post-clusters/web-console.tf index 43995336..7b64dd42 100644 --- a/terraform/subscriptions/s941/playground/post-clusters/web-console.tf +++ b/terraform/subscriptions/s941/playground/post-clusters/web-console.tf @@ -36,7 +36,7 @@ locals { data "azuread_application_published_app_ids" "well_known" {} data "azuread_service_principal" "servicenow" { - display_name = "ar-radix-servicenow-proxy-server" + display_name = "radix-ar-servicenow-proxy-server" } data "azuread_service_principal" "msgraph" { client_id = data.azuread_application_published_app_ids.well_known.result["MicrosoftGraph"]