Add role assignments for app insights

marvinbuss · marvinbuss · commit 32786755b421 · 2023-06-14T17:35:36.000+02:00
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -40,7 +40,7 @@ jobs:
     uses: ./.github/workflows/_terraformApplyTemplate.yml
     name: "Terraform Apply"
     needs: [terraform_plan_dev]
-    if: github.event_name == 'push' || github.event_name == 'release'
+    # if: github.event_name == 'push' || github.event_name == 'release'
     with:
       environment: "dev"
       terraform_version: "1.4.6"
diff --git a/code/infra/logging.tf b/code/infra/logging.tf
@@ -10,7 +10,7 @@ resource "azurerm_application_insights" "application_insights" {
   force_customer_storage_for_profiler   = false
   internet_ingestion_enabled            = true
   internet_query_enabled                = true
-  local_authentication_disabled         = false
+  local_authentication_disabled         = true
   retention_in_days                     = 90
   sampling_percentage                   = 100
   workspace_id                          = azurerm_log_analytics_workspace.log_analytics_workspace.id
diff --git a/code/infra/roleassignments.tf b/code/infra/roleassignments.tf
@@ -9,3 +9,9 @@ resource "azurerm_role_assignment" "function_role_assignment_key_vault" {
   role_definition_name = "Key Vault Secrets User"
   principal_id         = azapi_resource.function.identity[0].principal_id
 }
+
+resource "azurerm_role_assignment" "function_role_assignment_application_insights" {
+  scope                = azurerm_application_insights.application_insights.id
+  role_definition_name = "Monitoring Metrics Publisher"
+  principal_id         = azapi_resource.function.identity[0].principal_id
+}
