Merge branch 'main' into marrobi/issue2943

CHANGELOG.md

@@ -19,6 +19,7 @@ BUG FIXES:
 * Private endpoints for AppInsights are now provisioning successfully and consistently ([#2841](https://github.com/microsoft/AzureTRE/pull/2841))
 * Enable upgrade step of base workspace ([#2899](https://github.com/microsoft/AzureTRE/pull/2899))
 * Fix get shared service by template name to filter by active service only ([#2947](https://github.com/microsoft/AzureTRE/pull/2947))
+* Fix untagged cost reporting reader role assignment ([#2951](https://github.com/microsoft/AzureTRE/pull/2951))
 
 COMPONENTS:
 

templates/core/terraform/api-identity.tf

@@ -8,6 +8,13 @@ resource "azurerm_user_assigned_identity" "id" {
   lifecycle { ignore_changes = [tags] }
 }
 
+# Needed to include untagged resources in cost reporting #2933
+resource "azurerm_role_assignment" "resource_group_reader" {
+  scope                = azurerm_resource_group.core.id
+  role_definition_name = "Reader"
+  principal_id         = azurerm_user_assigned_identity.id.principal_id
+}
+
 resource "azurerm_role_assignment" "billing_reader" {
   scope                = data.azurerm_subscription.current.id
   role_definition_name = "Billing Reader"

templates/core/version.txt

@@ -1 +1 @@
-__version__ = "0.4.44"
+__version__ = "0.4.45"

templates/workspaces/base/terraform/api-permissions.tf

@@ -13,3 +13,10 @@ resource "azurerm_role_assignment" "api_vm_contributor" {
   role_definition_name = "Virtual Machine Contributor"
   principal_id         = data.azurerm_user_assigned_identity.api_id.principal_id
 }
+
+# Needed to include untagged resources in cost reporting #2933
+resource "azurerm_role_assignment" "api_reader" {
+  scope                = azurerm_resource_group.ws.id
+  role_definition_name = "Reader"
+  principal_id         = data.azurerm_user_assigned_identity.api_id.principal_id
+}