DTOSS-12822: use relay namespace ID output for RBAC scope instead of data source

josielsouzanordcloud · josielsouzanordcloud · commit a54c8d3ed84b · 2026-04-28T15:45:41.000+01:00
diff --git a/infrastructure/modules/container-apps/data.tf b/infrastructure/modules/container-apps/data.tf
@@ -27,8 +27,3 @@ data "azurerm_private_dns_zone" "storage-account-queue" {
   resource_group_name = "rg-hub-${var.hub}-uks-private-dns-zones"
 }
 
-data "azurerm_relay_namespace" "relay" {
-  count               = var.relay_namespace_name != null ? 1 : 0
-  name                = var.relay_namespace_name
-  resource_group_name = var.resource_group_name_infra
-}
diff --git a/infrastructure/modules/container-apps/relay.tf b/infrastructure/modules/container-apps/relay.tf
@@ -27,6 +27,6 @@ module "relay_send_role_assignment" {
   source               = "../dtos-devops-templates/infrastructure/modules/rbac-assignment"
   principal_id         = module.relay_send_identity[0].principal_id
   role_definition_name = "Azure Relay Sender"
-  scope                = data.azurerm_relay_namespace.relay[0].id
+  scope                = var.relay_namespace_id
   depends_on           = [module.relay_send_identity]
 }
diff --git a/infrastructure/modules/container-apps/variables.tf b/infrastructure/modules/container-apps/variables.tf
@@ -206,6 +206,12 @@ variable "relay_namespace_name" {
   default     = null
 }
 
+variable "relay_namespace_id" {
+  description = "The ID of the Azure Relay namespace. Used for RBAC scope."
+  type        = string
+  default     = null
+}
+
 locals {
   resource_group_name = "rg-${var.app_short_name}-${var.environment}-container-app-uks"
 
diff --git a/infrastructure/modules/infra/output.tf b/infrastructure/modules/infra/output.tf
@@ -42,6 +42,10 @@ output "relay_namespace_name" {
   value = var.enable_relay ? module.relay_namespace[0].name : null
 }
 
+output "relay_namespace_id" {
+  value = var.enable_relay ? module.relay_namespace[0].id : null
+}
+
 output "servicebus_namespace_name" {
   value = var.enable_service_bus ? module.servicebus_namespace[0].namespace_name : null
 }
diff --git a/infrastructure/terraform/main.tf b/infrastructure/terraform/main.tf
@@ -82,4 +82,5 @@ module "container-apps" {
   container_memory                      = var.container_memory
   min_replicas                          = var.min_replicas
   relay_namespace_name                  = var.deploy_infra ? module.infra[0].relay_namespace_name : null
+  relay_namespace_id                    = var.deploy_infra ? module.infra[0].relay_namespace_id : null
 }

Original file line number	Diff line number	Diff line change
`@@ -27,8 +27,3 @@ data "azurerm_private_dns_zone" "storage-account-queue" {`
`27`	`27`	`resource_group_name = "rg-hub-${var.hub}-uks-private-dns-zones"`
`28`	`28`	`}`
`29`	`29`
`30`		`-data "azurerm_relay_namespace" "relay" {`
`31`		`- count = var.relay_namespace_name != null ? 1 : 0`
`32`		`- name = var.relay_namespace_name`
`33`		`- resource_group_name = var.resource_group_name_infra`
`34`		`-}`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,6 @@ module "relay_send_role_assignment" {`
`27`	`27`	`source = "../dtos-devops-templates/infrastructure/modules/rbac-assignment"`
`28`	`28`	`principal_id = module.relay_send_identity[0].principal_id`
`29`	`29`	`role_definition_name = "Azure Relay Sender"`
`30`		`- scope = data.azurerm_relay_namespace.relay[0].id`
	`30`	`+ scope = var.relay_namespace_id`
`31`	`31`	`depends_on = [module.relay_send_identity]`
`32`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,10 @@ output "relay_namespace_name" {`
`42`	`42`	`value = var.enable_relay ? module.relay_namespace[0].name : null`
`43`	`43`	`}`
`44`	`44`
	`45`	`+output "relay_namespace_id" {`
	`46`	`+ value = var.enable_relay ? module.relay_namespace[0].id : null`
	`47`	`+}`
	`48`	`+`
`45`	`49`	`output "servicebus_namespace_name" {`
`46`	`50`	`value = var.enable_service_bus ? module.servicebus_namespace[0].namespace_name : null`
`47`	`51`	`}`
Original file line number	Diff line number	Diff line change
`@@ -82,4 +82,5 @@ module "container-apps" {`
`82`	`82`	`container_memory = var.container_memory`
`83`	`83`	`min_replicas = var.min_replicas`
`84`	`84`	`relay_namespace_name = var.deploy_infra ? module.infra[0].relay_namespace_name : null`
	`85`	`+ relay_namespace_id = var.deploy_infra ? module.infra[0].relay_namespace_id : null`
`85`	`86`	`}`