Skip to content

Commit d3c5026

Browse files
sbaidachnisbaidachni
committed
final tuning
1 parent 0bbff3e commit d3c5026

File tree

2 files changed

+8
-17
lines changed

2 files changed

+8
-17
lines changed

infra/main.search_configuration.tf

Lines changed: 6 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -235,22 +235,16 @@ resource "time_sleep" "wait_for_rbac" {
235235
azurerm_role_assignment.terraform_deployment_container_storage_access,
236236
azurerm_role_assignment.terraform_deployment_container_file_access,
237237
# Script identity storage permissions
238-
# azurerm_role_assignment.script_deployment_container_storage_contributor,
239238
azurerm_role_assignment.script_deployment_container_blob_contributor,
240-
azurerm_role_assignment.script_deployment_container_file_owner,
239+
azurerm_role_assignment.script_deployment_container_file_contributo,
241240
# Main storage permissions (write access needed for upload_data.py to upload data files)
242-
# azurerm_role_assignment.script_main_storage_queue_contributor,
243-
azurerm_role_assignment.script_main_storage_blob_owner,
244-
# azurerm_role_assignment.script_main_storage_file_contributor,
241+
azurerm_role_assignment.script_main_storage_blob_contributor,
245242
# AI Search permissions
246243
azurerm_role_assignment.script_search_service_contributor,
247-
# azurerm_role_assignment.script_search_index_data_contributor,
248244
# Azure OpenAI permissions
249245
azurerm_role_assignment.script_cognitive_services_openai_user,
250-
# Other permissions
251-
# azurerm_role_assignment.script_container_apps_contributor
252246
]
253-
create_duration = "30s"
247+
create_duration = "60s"
254248
}
255249

256250
# Additional time sleep for storage account to be fully ready for network access
@@ -455,15 +449,12 @@ resource "null_resource" "verify_rbac_propagation" {
455449
depends_on = [
456450
time_sleep.wait_for_rbac,
457451
# Storage permissions
458-
# azurerm_role_assignment.script_main_storage_queue_contributor,
459-
azurerm_role_assignment.script_main_storage_blob_owner,
460-
# azurerm_role_assignment.script_main_storage_file_contributor,
461-
# azurerm_role_assignment.script_deployment_container_storage_contributor,
452+
azurerm_role_assignment.script_main_storage_reader,
453+
azurerm_role_assignment.script_main_storage_blob_contributor,
462454
azurerm_role_assignment.script_deployment_container_blob_contributor,
463-
azurerm_role_assignment.script_deployment_container_file_owner,
455+
azurerm_role_assignment.script_deployment_container_file_contributor,
464456
# AI Search permissions
465457
azurerm_role_assignment.script_search_service_contributor,
466-
# azurerm_role_assignment.script_search_index_data_contributor,
467458
# Azure OpenAI permissions
468459
azurerm_role_assignment.script_cognitive_services_openai_user
469460
]

infra/main.security.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ resource "azurerm_role_assignment" "script_search_service_contributor" {
4949
}
5050

5151
# --- Main Storage Account Permissions ---
52-
resource "azurerm_role_assignment" "script_main_storage_blob_owner" {
52+
resource "azurerm_role_assignment" "script_main_storage_blob_contributor" {
5353
principal_id = azurerm_user_assigned_identity.script_identity.principal_id
5454
scope = module.storage_account_and_container.resource_id
5555
role_definition_name = "Storage Blob Data Contributor"
@@ -68,7 +68,7 @@ resource "azurerm_role_assignment" "script_deployment_container_blob_contributor
6868
role_definition_name = "Storage Blob Data Contributor"
6969
}
7070

71-
resource "azurerm_role_assignment" "script_deployment_container_file_owner" {
71+
resource "azurerm_role_assignment" "script_deployment_container_file_contributo" {
7272
principal_id = azurerm_user_assigned_identity.script_identity.principal_id
7373
scope = azurerm_storage_account.deployment_container.id
7474
role_definition_name = "Storage File Data Privileged Contributor"

0 commit comments

Comments
 (0)