diff --git a/azure/scope/machine.go b/azure/scope/machine.go index 285b186e585..565811328eb 100644 --- a/azure/scope/machine.go +++ b/azure/scope/machine.go @@ -22,6 +22,7 @@ import ( "encoding/json" "strings" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" @@ -352,6 +353,7 @@ func (m *MachineScope) RoleAssignmentSpecs(principalID *string) []azure.Resource Scope: m.SystemAssignedIdentityScope(), RoleDefinitionID: m.SystemAssignedIdentityDefinitionID(), PrincipalID: principalID, + PrincipalType: armauthorization.PrincipalTypeServicePrincipal, } return roles } diff --git a/azure/scope/machine_test.go b/azure/scope/machine_test.go index 487d94499ae..2b99937f08a 100644 --- a/azure/scope/machine_test.go +++ b/azure/scope/machine_test.go @@ -22,6 +22,7 @@ import ( "testing" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2" azureautorest "github.com/Azure/go-autorest/autorest/azure" "github.com/Azure/go-autorest/autorest/azure/auth" "github.com/google/go-cmp/cmp" @@ -478,6 +479,7 @@ func TestMachineScope_RoleAssignmentSpecs(t *testing.T) { Name: "azure-role-assignment-name", ResourceGroup: "my-rg", PrincipalID: ptr.To("fakePrincipalID"), + PrincipalType: armauthorization.PrincipalTypeServicePrincipal, }, }, }, @@ -525,6 +527,7 @@ func TestMachineScope_RoleAssignmentSpecs(t *testing.T) { Scope: "/subscriptions/123/resourceGroups/my-rg", RoleDefinitionID: "/subscriptions/123/resourceGroups/my-rg/providers/Microsoft.Authorization/roleAssignments/123", PrincipalID: ptr.To("fakePrincipalID"), + PrincipalType: armauthorization.PrincipalTypeServicePrincipal, }, }, }, diff --git a/azure/scope/machinepool.go b/azure/scope/machinepool.go index 4204185326d..b7354bc9f53 100644 --- a/azure/scope/machinepool.go +++ b/azure/scope/machinepool.go @@ -24,6 +24,7 @@ import ( "io" "strings" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -798,6 +799,7 @@ func (m *MachinePoolScope) RoleAssignmentSpecs(principalID *string) []azure.Reso Scope: m.SystemAssignedIdentityScope(), RoleDefinitionID: m.SystemAssignedIdentityDefinitionID(), PrincipalID: principalID, + PrincipalType: armauthorization.PrincipalTypeServicePrincipal, } return roles } diff --git a/azure/scope/machinepool_test.go b/azure/scope/machinepool_test.go index 95ab23e02c6..0f410516f8d 100644 --- a/azure/scope/machinepool_test.go +++ b/azure/scope/machinepool_test.go @@ -23,6 +23,7 @@ import ( "testing" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2" azureautorest "github.com/Azure/go-autorest/autorest/azure" "github.com/Azure/go-autorest/autorest/azure/auth" . "github.com/onsi/gomega" @@ -800,6 +801,7 @@ func TestMachinePoolScope_RoleAssignmentSpecs(t *testing.T) { Name: "role-assignment-name", ResourceGroup: "my-rg", PrincipalID: ptr.To("fakePrincipalID"), + PrincipalType: armauthorization.PrincipalTypeServicePrincipal, }, }, }, @@ -847,6 +849,7 @@ func TestMachinePoolScope_RoleAssignmentSpecs(t *testing.T) { Scope: "scope", RoleDefinitionID: "role-definition-id", PrincipalID: ptr.To("fakePrincipalID"), + PrincipalType: armauthorization.PrincipalTypeServicePrincipal, }, }, }, diff --git a/azure/services/roleassignments/spec.go b/azure/services/roleassignments/spec.go index 5fc574de45f..42b86629146 100644 --- a/azure/services/roleassignments/spec.go +++ b/azure/services/roleassignments/spec.go @@ -31,6 +31,7 @@ type RoleAssignmentSpec struct { ResourceGroup string ResourceType string PrincipalID *string + PrincipalType armauthorization.PrincipalType RoleDefinitionID string Scope string } @@ -64,6 +65,7 @@ func (s *RoleAssignmentSpec) Parameters(ctx context.Context, existing interface{ Properties: &armauthorization.RoleAssignmentProperties{ PrincipalID: s.PrincipalID, RoleDefinitionID: ptr.To(s.RoleDefinitionID), + PrincipalType: ptr.To(s.PrincipalType), }, }, nil }