From 263d2409df7ec92e847851ae4f274a73f57d7a3c Mon Sep 17 00:00:00 2001 From: Dustin Scott Date: Tue, 4 Jun 2024 09:40:00 -0500 Subject: [PATCH] test: add additional permissions required for test This simply adds the 'Network Contributor' permission to both the cluster service principal and the resource provider service principal, as they are required to install a cluster. Without these permissions, the ARO RP will send back an error indicating that these permissions are missing. Signed-off-by: Dustin Scott --- .../redhat_openshift_cluster_resource_test.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/internal/services/redhatopenshift/redhat_openshift_cluster_resource_test.go b/internal/services/redhatopenshift/redhat_openshift_cluster_resource_test.go index cf569caad1b6..3cf886f9fdc3 100644 --- a/internal/services/redhatopenshift/redhat_openshift_cluster_resource_test.go +++ b/internal/services/redhatopenshift/redhat_openshift_cluster_resource_test.go @@ -628,6 +628,18 @@ resource "azurerm_subnet_network_security_group_association" "test_worker" { network_security_group_id = azurerm_network_security_group.test.id } +resource "azurerm_role_assignment" "role_network3" { + scope = azurerm_network_security_group.test.id + role_definition_name = "Network Contributor" + principal_id = azuread_service_principal.test.object_id +} + +resource "azurerm_role_assignment" "role_network4" { + scope = azurerm_network_security_group.test.id + role_definition_name = "Network Contributor" + principal_id = data.azuread_service_principal.redhatopenshift.object_id +} + resource "azurerm_redhat_openshift_cluster" "test" { name = "acctestaro%[2]d" location = azurerm_resource_group.test.location @@ -672,6 +684,8 @@ resource "azurerm_redhat_openshift_cluster" "test" { depends_on = [ "azurerm_role_assignment.role_network1", "azurerm_role_assignment.role_network2", + "azurerm_role_assignment.role_network3", + "azurerm_role_assignment.role_network4", ] } `, r.template(data), data.RandomInteger, data.RandomString)