From 2304bca8d4e4a17bd2f5db9b5f6ec5a8a74db854 Mon Sep 17 00:00:00 2001 From: cruizba Date: Thu, 11 Sep 2025 20:28:23 +0200 Subject: [PATCH] openvidu-deployment: azure - Fix race condition on role assignment --- .../pro/elastic/azure/cf-openvidu-elastic.bicep | 2 ++ .../pro/elastic/azure/cf-openvidu-elastic.json | 8 +++++--- .../pro/ha/azure/cf-openvidu-ha.bicep | 5 +++++ .../pro/ha/azure/cf-openvidu-ha.json | 17 +++++++++++------ 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep index d08073d7..ddd1580f 100644 --- a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep +++ b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep @@ -1460,6 +1460,7 @@ resource roleAssignmentMasterNode 'Microsoft.Authorization/roleAssignments@2022- 'b24988ac-6180-42a0-ab88-20f7382dd24c' ) principalId: openviduMasterNode.identity.principalId + principalType: 'ServicePrincipal' } } @@ -1472,6 +1473,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { 'b24988ac-6180-42a0-ab88-20f7382dd24c' ) principalId: openviduScaleSetMediaNode.identity.principalId + principalType: 'ServicePrincipal' } } diff --git a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json index c0ce5dbb..5803b35b 100644 --- a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json +++ b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.37.4.10188", - "templateHash": "11516095718306106611" + "templateHash": "5930269170537641508" } }, "parameters": { @@ -769,7 +769,8 @@ "name": "[guid(format('roleAssignmentForMasterNode{0}', variables('masterNodeVMSettings').vmName))]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', variables('masterNodeVMSettings').vmName), '2023-09-01', 'full').identity.principalId]" + "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', variables('masterNodeVMSettings').vmName), '2023-09-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', variables('masterNodeVMSettings').vmName)]" @@ -781,7 +782,8 @@ "name": "[guid(format('roleAssignmentForScaleSet{0}', format('{0}-mediaNodeScaleSet', parameters('stackName'))))]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachineScaleSets', format('{0}-mediaNodeScaleSet', parameters('stackName'))), '2024-07-01', 'full').identity.principalId]" + "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachineScaleSets', format('{0}-mediaNodeScaleSet', parameters('stackName'))), '2024-07-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachineScaleSets', format('{0}-mediaNodeScaleSet', parameters('stackName')))]" diff --git a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep index 8d4c175d..875c74cf 100644 --- a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep +++ b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep @@ -1781,6 +1781,7 @@ resource roleAssignmentMasterNode1 'Microsoft.Authorization/roleAssignments@2022 'b24988ac-6180-42a0-ab88-20f7382dd24c' ) principalId: openviduMasterNode1.identity.principalId + principalType: 'ServicePrincipal' } } @@ -1793,6 +1794,7 @@ resource roleAssignmentMasterNode2 'Microsoft.Authorization/roleAssignments@2022 'b24988ac-6180-42a0-ab88-20f7382dd24c' ) principalId: openviduMasterNode2.identity.principalId + principalType: 'ServicePrincipal' } } @@ -1805,6 +1807,7 @@ resource roleAssignmentMasterNode3 'Microsoft.Authorization/roleAssignments@2022 'b24988ac-6180-42a0-ab88-20f7382dd24c' ) principalId: openviduMasterNode3.identity.principalId + principalType: 'ServicePrincipal' } } @@ -1817,6 +1820,7 @@ resource roleAssignmentMasterNode4 'Microsoft.Authorization/roleAssignments@2022 'b24988ac-6180-42a0-ab88-20f7382dd24c' ) principalId: openviduMasterNode4.identity.principalId + principalType: 'ServicePrincipal' } } @@ -1829,6 +1833,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { 'b24988ac-6180-42a0-ab88-20f7382dd24c' ) principalId: openviduScaleSetMediaNode.identity.principalId + principalType: 'ServicePrincipal' } } diff --git a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json index 2ef8810f..e4b17a1a 100644 --- a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json +++ b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.37.4.10188", - "templateHash": "14527112771015407913" + "templateHash": "11078520118740523375" } }, "parameters": { @@ -1009,7 +1009,8 @@ "name": "[guid(format('roleAssignmentForMasterNode{0}', format('{0}-VM-MasterNode1', parameters('stackName'))))]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode1', parameters('stackName'))), '2023-09-01', 'full').identity.principalId]" + "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode1', parameters('stackName'))), '2023-09-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode1', parameters('stackName')))]" @@ -1021,7 +1022,8 @@ "name": "[guid(format('roleAssignmentForMasterNode{0}', format('{0}-VM-MasterNode2', parameters('stackName'))))]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode2', parameters('stackName'))), '2023-09-01', 'full').identity.principalId]" + "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode2', parameters('stackName'))), '2023-09-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode2', parameters('stackName')))]" @@ -1033,7 +1035,8 @@ "name": "[guid(format('roleAssignmentForMasterNode{0}', format('{0}-VM-MasterNode3', parameters('stackName'))))]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode3', parameters('stackName'))), '2023-09-01', 'full').identity.principalId]" + "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode3', parameters('stackName'))), '2023-09-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode3', parameters('stackName')))]" @@ -1045,7 +1048,8 @@ "name": "[guid(format('roleAssignmentForMasterNode{0}', format('{0}-VM-MasterNode4', parameters('stackName'))))]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode4', parameters('stackName'))), '2023-09-01', 'full').identity.principalId]" + "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode4', parameters('stackName'))), '2023-09-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', format('{0}-VM-MasterNode4', parameters('stackName')))]" @@ -1057,7 +1061,8 @@ "name": "[guid(format('roleAssignmentForScaleSet{0}', format('{0}-mediaNodeScaleSet', parameters('stackName'))))]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachineScaleSets', format('{0}-mediaNodeScaleSet', parameters('stackName'))), '2024-07-01', 'full').identity.principalId]" + "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachineScaleSets', format('{0}-mediaNodeScaleSet', parameters('stackName'))), '2024-07-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachineScaleSets', format('{0}-mediaNodeScaleSet', parameters('stackName')))]"