From 64ee2b319d446f4cd03100d6c922331a104673dc Mon Sep 17 00:00:00 2001
From: Rui Fu <freeznet@users.noreply.github.com>
Date: Tue, 14 Jan 2025 11:48:08 +0800
Subject: [PATCH] fix(azure): add `depends_on` for azure vendor-access module
 (#109)

prevent destroy velero_backup_role before user_access_administrator
---
 modules/azure/vendor-access/main.tf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/azure/vendor-access/main.tf b/modules/azure/vendor-access/main.tf
index 1eec7c8..400562d 100644
--- a/modules/azure/vendor-access/main.tf
+++ b/modules/azure/vendor-access/main.tf
@@ -62,6 +62,7 @@ resource "azurerm_role_definition" "velero_backup_role" {
     not_data_actions = []
     not_actions      = []
   }
+  depends_on = [azurerm_resource_group.aks]
 }
 
 # Grand the sn automation service principal as the Contributor to the AKS resource group
@@ -69,6 +70,7 @@ resource "azurerm_role_assignment" "sn_automation" {
   scope                = azurerm_resource_group.aks.id
   role_definition_name = "Contributor"
   principal_id         = var.sn_automation_principal_id
+  depends_on           = [azurerm_resource_group.aks]
 }
 
 # Grand the sn automation service principal as the Azure Kubernetes Service Cluster Admin Role to the AKS resource group
@@ -76,6 +78,7 @@ resource "azurerm_role_assignment" "sn_automation_cluster_admin" {
   scope                = azurerm_resource_group.aks.id
   role_definition_name = "Azure Kubernetes Service Cluster Admin Role"
   principal_id         = var.sn_automation_principal_id
+  depends_on           = [azurerm_resource_group.aks]
 }
 
 # Grand the sn support service principal as the Azure Kubernetes Service Cluster User Role to the AKS resource group
@@ -83,6 +86,7 @@ resource "azurerm_role_assignment" "sn_support" {
   scope                = azurerm_resource_group.aks.id
   role_definition_name = "Azure Kubernetes Service Cluster User Role"
   principal_id         = var.sn_support_principal_id
+  depends_on           = [azurerm_resource_group.aks]
 }
 
 # Grand the sn automation service principal as the Constrain roles by Role Based Access Control Administrator to the AKS resource group
@@ -92,4 +96,5 @@ resource "azurerm_role_assignment" "user_access_administrator" {
   principal_id         = var.sn_automation_principal_id
   condition_version    = "2.0"
   condition            = templatefile("${path.module}/role-assignment-condition.tpl", { role_definition_id = azurerm_role_definition.velero_backup_role.role_definition_id })
-}
\ No newline at end of file
+  depends_on           = [azurerm_role_definition.velero_backup_role]
+}