pre-commit fixs (#3)

diegolagospagopa · web-flow · commit fecac6408772 · 2023-03-22T10:29:55.000+01:00
diff --git a/app-github-runner-cd/README.md b/app-github-runner-cd/README.md
@@ -1,5 +1,6 @@
 # app-github-runner-ci
 
+<!-- markdownlint-disable -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
diff --git a/app-github-runner-ci/README.md b/app-github-runner-ci/README.md
@@ -1,5 +1,6 @@
 # app-github-runner-ci
 
+<!-- markdownlint-disable -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
diff --git a/app-github-runner-creator/README.md b/app-github-runner-creator/README.md
@@ -1,5 +1,6 @@
 # app-github-runner-ci
 
+<!-- markdownlint-disable -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
@@ -24,6 +25,7 @@ No modules.
 | [azuread_application_federated_identity_credential.github_app](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application_federated_identity_credential) | resource |
 | [azuread_service_principal.github_app](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal) | resource |
 | [azurerm_role_assignment.environment_runner_github_runner_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.pagopa_iac_reader](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_resource_group.github_runner_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 
 ## Inputs
diff --git a/app-github-runner-creator/main.tf b/app-github-runner-creator/main.tf
@@ -27,3 +27,12 @@ resource "azurerm_role_assignment" "environment_runner_github_runner_rg" {
   role_definition_name = "Contributor"
   principal_id         = azuread_service_principal.github_app.object_id
 }
+
+#
+# Associate custom role
+#
+resource "azurerm_role_assignment" "pagopa_iac_reader" {
+  scope                = var.subscription_id
+  role_definition_name = "PagoPA IaC Reader"
+  principal_id         = azuread_service_principal.github_app.object_id
+}
diff --git a/app-github-runner-creator/variables.tf b/app-github-runner-creator/variables.tf
@@ -1,14 +1,5 @@
 locals {
-  # github_app_roles = {
-  #   subscription = [
-  #     "Contributor",
-  #     "Storage Account Contributor",
-  #     "Storage Blob Data Contributor",
-  #     "Storage File Data SMB Share Contributor",
-  #     "Storage Queue Data Contributor",
-  #     "Storage Table Data Contributor",
-  #   ]
-  # }
+
 }
 
 variable "app_name" {
@@ -26,11 +17,6 @@ variable "github_repository" {
   description = "GitHub Repository"
 }
 
-# variable "iac_aad_group_name" {
-#   type        = string
-#   description = "Azure AD group name for iac sp apps (with Directory Reader permissions at leats)"
-# }
-
 variable "subscription_id" {
   type        = string
   description = "Suscription ID"
