minor fix

pagopa · Mar 4, 2025 · 1c45724 · 1c45724
1 parent c6b54b9
commit 1c45724
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/src/domains/qi-common/00_azuread.tf b/src/domains/qi-common/00_azuread.tf
@@ -22,14 +22,19 @@ data "azuread_group" "adgroup_security" {
 resource "azuread_application" "qi_app" {
   display_name = "${local.product}-qi"
   owners       = ["c7636d10-4f78-43bd-89f6-555c7d82e02c"]
+  lifecycle {
+    ignore_changes = [
+      owners
+    ]
+  }
 }
 
 resource "azuread_service_principal" "qi_sp" {
   application_id = azuread_application.qi_app.application_id
 }
 
 # https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#role-based-access-control-administrator
-resource "azurerm_role_assignment" "qi_monitoring_contributor" {
+resource "azurerm_role_assignment" "qi_monitoring_reader" {
   scope = data.azurerm_subscription.current.id
   #  https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/monitor#monitoring-reader
   role_definition_name = "Monitoring Reader"

diff --git a/src/domains/qi-common/README.md b/src/domains/qi-common/README.md
@@ -50,7 +50,7 @@
 | [azurerm_resource_group.qi_evh_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.qi_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
-| [azurerm_role_assignment.qi_monitoring_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.qi_monitoring_reader](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_subnet.eventhub_qi_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
 | [null_resource.github_runner_app_permissions_to_namespace_cd_01](https://registry.terraform.io/providers/hashicorp/null/3.2.1/docs/resources/resource) | resource |
 | [null_resource.github_runner_app_permissions_to_namespace_ci_01](https://registry.terraform.io/providers/hashicorp/null/3.2.1/docs/resources/resource) | resource |