-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlocals.tf
78 lines (69 loc) · 2.13 KB
/
locals.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
locals {
resource_names = module.resource_names.resource_names
}
locals {
tenant_id = data.azurerm_client_config.current.tenant_id
}
locals {
plan_key = "plan"
apply_key = "apply"
}
locals {
team_name = local.resource_names.version_control_system_team
environments = {
(local.plan_key) = local.resource_names.version_control_system_environment_plan,
(local.apply_key) = local.resource_names.version_control_system_environment_apply,
}
}
locals {
role_definitions = {
owner = {
name = "Owner"
}
reader = {
name = "Reader"
}
storage_owner = {
name = "Storage Blob Data Owner"
}
storage_reader = {
name = "Storage Blob Data Reader"
}
}
user_assigned_managed_identities = {
(local.plan_key) = local.resource_names.identity_plan_name
(local.apply_key) = local.resource_names.identity_apply_name
}
federated_credentials = {
for key in [local.plan_key, local.apply_key] : key => {
federated_credential_name = "${local.resource_names.user_assigned_managed_identity_federated_credentials_prefix}-${key}"
federated_credential_issuer = module.github.issuer
user_assigned_managed_identity_key = key
federated_credential_subject = module.github.subjects[key]
}
}
managed_identity_client_ids = {
(local.plan_key) = module.azure.managed_identity_client_ids[local.plan_key]
(local.apply_key) = module.azure.managed_identity_client_ids[local.apply_key]
}
role_assignments_for_landing_zone = {
(local.plan_key) = {
role_definition = "reader"
user_assigned_managed_identities = [local.plan_key]
}
(local.apply_key) = {
role_definition = "owner"
user_assigned_managed_identities = [local.apply_key]
}
}
role_assignments_for_landing_zone_state = {
(local.plan_key) = {
role_definition = "storage_owner"
user_assigned_managed_identities = [local.plan_key]
}
(local.apply_key) = {
role_definition = "storage_owner"
user_assigned_managed_identities = [local.apply_key]
}
}
}