DTSPO-30178 - Grant new Jenkins MIs access to keyvault

Author: ryanmcalary11

key-vault.tf

@@ -5,6 +5,7 @@ module "vault" {
   env                 = var.env
   tenant_id           = var.tenant_id
   object_id           = var.jenkins_AAD_objectId
+  jenkins_object_id   = data.azurerm_user_assigned_identity.jenkins.principal_id
   resource_group_name = azurerm_resource_group.rg.name
   product_group_name  = "dcd_ccd"
 
@@ -14,6 +15,12 @@ module "vault" {
   create_managed_identity              = true
 }
 
+data "azurerm_user_assigned_identity" "jenkins" {
+  name                = "jenkins-${var.env}-mi"
+  resource_group_name = "managed-identities-${var.env}-rg"
+}
+
+
 data "azurerm_key_vault" "s2s_vault" {
   name                = "s2s-${var.env}"
   resource_group_name = "rpe-service-auth-provider-${var.env}"