feat: added App Key Vault RBAC role assignments

Author: patrickmoore-nc

infrastructure/modules/infra/main.tf

@@ -1,3 +1,10 @@
+locals {
+  key_vault_secrets_officers = [
+    "mi-lungcs-poc-ghtoaz-uks",
+    "Azure-Lung-Cancer-Screening---Dev-Owner"
+  ]
+}
+
 resource "azurerm_resource_group" "main" {
   name     = var.resource_group_name
   location = var.region
@@ -24,6 +31,22 @@ module "app-key-vault" {
   purge_protection_enabled      = var.protect_keyvault
 }
 
+data "azuread_service_principal" "identity" {
+  for_each = local.key_vault_secrets_officers
+
+  display_name = each.value
+}
+
+module "key_vault_rbac_assignments" {
+  for_each = data.azuread_service_principal.identity
+
+  source = "../dtos-devops-templates/infrastructure/modules/rbac-assignment"
+
+  principal_id         = each.value.object_id
+  role_definition_name = "Key Vault Secrets Officer"
+  scope                = module.app-key-vault.key_vault_id
+}
+
 module "log_analytics_workspace_audit" {
   source = "../dtos-devops-templates/infrastructure/modules/log-analytics-workspace"
 

infrastructure/modules/infra/providers.tf

@@ -4,5 +4,10 @@ terraform {
       source                = "hashicorp/azurerm"
       configuration_aliases = [azurerm.hub]
     }
+
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "3.6.0"
+    }
   }
 }