From 7917b89eba4f94b09edfd7f120a2488fa9536dd2 Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Tue, 9 Jul 2024 09:41:04 +0300 Subject: [PATCH] fixed rbac --- azure_jumpstart_arcbox/ARM/azuredeploy.json | 18 +++++++++++------- .../bicep/clientVm/clientVm.bicep | 3 +++ .../bicep/kubernetes/aks.bicep | 2 ++ 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/azure_jumpstart_arcbox/ARM/azuredeploy.json b/azure_jumpstart_arcbox/ARM/azuredeploy.json index 4c5728b5fa..888475959c 100644 --- a/azure_jumpstart_arcbox/ARM/azuredeploy.json +++ b/azure_jumpstart_arcbox/ARM/azuredeploy.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "15004056108128901746" + "templateHash": "13401064883874791691" } }, "parameters": { @@ -1094,7 +1094,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "7748500223683903108" + "templateHash": "22323604518571401" } }, "parameters": { @@ -1474,7 +1474,8 @@ "name": "[guid(resourceId('Microsoft.Compute/virtualMachines', parameters('vmName')), 'Microsoft.Authorization/roleAssignments', 'Administrator')]", "properties": { "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('vmName')), '2022-03-01', 'full').identity.principalId]", - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483')]" + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483')]", + "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]" @@ -1486,7 +1487,8 @@ "name": "[guid(resourceId('Microsoft.Compute/virtualMachines', parameters('vmName')), 'Microsoft.Authorization/roleAssignments', 'Owner')]", "properties": { "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('vmName')), '2022-03-01', 'full').identity.principalId]", - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]" + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]" @@ -8413,7 +8415,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "16902719430194420979" + "templateHash": "5843142477636067178" } }, "parameters": { @@ -8631,7 +8633,8 @@ "name": "[guid(resourceId('Microsoft.ContainerService/managedClusters', parameters('aksClusterName')), 'Microsoft.Authorization/roleAssignments', 'Owner')]", "properties": { "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('aksClusterName')), '2023-10-02-preview', 'full').identity.principalId]", - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]" + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.ContainerService/managedClusters', parameters('aksClusterName'))]" @@ -8643,7 +8646,8 @@ "name": "[guid(resourceId('Microsoft.ContainerService/managedClusters', parameters('drClusterName')), 'Microsoft.Authorization/roleAssignments', 'Owner')]", "properties": { "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('drClusterName')), '2023-10-02-preview', 'full').identity.principalId]", - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]" + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.ContainerService/managedClusters', parameters('drClusterName'))]" diff --git a/azure_jumpstart_arcbox/bicep/clientVm/clientVm.bicep b/azure_jumpstart_arcbox/bicep/clientVm/clientVm.bicep index c6f3bb2a69..19d3e7ed0e 100644 --- a/azure_jumpstart_arcbox/bicep/clientVm/clientVm.bicep +++ b/azure_jumpstart_arcbox/bicep/clientVm/clientVm.bicep @@ -239,6 +239,8 @@ resource vmRoleAssignment_KeyVaultAdministrator 'Microsoft.Authorization/roleAss properties: { principalId: vm.identity.principalId roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') + principalType: 'ServicePrincipal' + } } @@ -249,6 +251,7 @@ resource vmRoleAssignment_Owner 'Microsoft.Authorization/roleAssignments@2022-04 properties: { principalId: vm.identity.principalId roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + principalType: 'ServicePrincipal' } } diff --git a/azure_jumpstart_arcbox/bicep/kubernetes/aks.bicep b/azure_jumpstart_arcbox/bicep/kubernetes/aks.bicep index 235a98b4fc..a2340d3d8c 100644 --- a/azure_jumpstart_arcbox/bicep/kubernetes/aks.bicep +++ b/azure_jumpstart_arcbox/bicep/kubernetes/aks.bicep @@ -157,6 +157,7 @@ resource aksRoleAssignment_Owner 'Microsoft.Authorization/roleAssignments@2022-0 properties: { principalId: aksClusterName_resource.identity.principalId roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + principalType: 'ServicePrincipal' } } @@ -167,5 +168,6 @@ resource aksDRRoleAssignment_Owner 'Microsoft.Authorization/roleAssignments@2022 properties: { principalId: drClusterName_resource.identity.principalId roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + principalType: 'ServicePrincipal' } }