Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azure_rm_diskencryptionset - Add managed identity support #1676

Merged
merged 1 commit into from
Aug 26, 2024
Merged

azure_rm_diskencryptionset - Add managed identity support #1676

merged 1 commit into from
Aug 26, 2024

Conversation

nirarg
Copy link
Collaborator

@nirarg nirarg commented Aug 15, 2024

SUMMARY

Add managed identity support to "azure_rm_diskencryptionset" module

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

azure_rm_diskencryptionset

ADDITIONAL INFORMATION

@nirarg nirarg added the work in In trying to solve, or in working with contributors label Aug 15, 2024
@nirarg nirarg requested a review from p3ck August 15, 2024 06:59
@nirarg
Copy link
Collaborator Author

nirarg commented Aug 15, 2024
edited
Loading

Current status:
Has an issue to run with user assigned identity
Need to grant get, wrap and unwrap key permissions to user-assigned identity
Changes required in the integration test preparation steps
Work in progress

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error creating or updating disk encryption set des7500d96e289d3d0663a893 - (KeyVaultAccessForbidden) Unable to access key vault resource '********' to enable encryption at rest. Please grant get, wrap and unwrap key permissions to user-assigned identity '/subscriptions/bb273dab-fa83-4ae8-b5b6-a0384d20bb4a/resourcegroups/nargaman-eastus/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ansible-test-diskencriptionset-identity'. Please visit https://aka.ms/keyvaultaccessssecmk for more information.\nCode: KeyVaultAccessForbidden\nMessage: Unable to access key vault resource '********' to enable encryption at rest. Please grant get, wrap and unwrap key permissions to user-assigned identity '/subscriptions/bb273dab-fa83-4ae8-b5b6-a0384d20bb4a/resourcegroups/nargaman-eastus/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ansible-test-diskencriptionset-identity'. Please visit https://aka.ms/keyvaultaccessssecmk for more information."}

@p3ck
Copy link
Collaborator

p3ck commented Aug 16, 2024

I took your suggestion and updated the test cases to grant the proper permission for the keyvault to the user assigned identities. Had to make a few other changes as well and the code should restrict to only one user_assigned_identity.

p3ck@110ee1a

You can see my changes there. Feel free to cherry pick and change as needed.

@nirarg
Copy link
Collaborator Author

nirarg commented Aug 21, 2024

The PR is completed and ready for review
CI execution was started, for more details:
https://dev.azure.com/azclitools/public/_build/results?buildId=183285&view=results

@nirarg nirarg added ready_for_review The PR has been modified and can be reviewed and merged and removed work in In trying to solve, or in working with contributors labels Aug 21, 2024
@p3ck p3ck requested a review from Fred-sun August 21, 2024 13:34
@Fred-sun Fred-sun added medium_priority Medium priority new_feature New feature requirments labels Aug 26, 2024
@xuzhang3 xuzhang3 changed the title Add managed identity support to "azure_rm_diskencryptionset" module azure_rm_diskencryptionset - Add managed identity support Aug 26, 2024
@xuzhang3 xuzhang3 merged commit c4c81f1 into ansible-collections:dev Aug 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@p3ck p3ck p3ck approved these changes

@xuzhang3 xuzhang3 xuzhang3 approved these changes

@Fred-sun Fred-sun Awaiting requested review from Fred-sun

Assignees

@xuzhang3 xuzhang3

Labels
medium_priority Medium priority new_feature New feature requirments ready_for_review The PR has been modified and can be reviewed and merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nirarg @p3ck @xuzhang3 @Fred-sun