Added RBAC to project

WHY: RBAC is a requisite feature to enhance security
HOW: By make the authentication and authorisation go through the new RBAC feature in MAKEFILE

.github/workflows/delete_review_app_aks.yml

@@ -23,7 +23,7 @@ jobs:
         terraform_version: 1.6.4
         terraform_wrapper: false
 
-    - uses: DFE-Digital/github-actions/set-arm-environment-variables@master
+    - uses: DFE-Digital/github-actions/set-kubelogin-environment@master
       with:
         azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
 

.github/workflows/deploy_aks.yml

@@ -69,7 +69,7 @@ jobs:
               terraform_version: 1.6.4
               terraform_wrapper: false
 
-          - uses: DFE-Digital/github-actions/set-arm-environment-variables@master
+          - uses: DFE-Digital/github-actions/set-kubelogin-environment@master
             with:
               azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
 

Makefile

@@ -93,6 +93,7 @@ production-cluster:
 
 get-cluster-credentials: set-azure-account
 	az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME}
+	kubelogin convert-kubeconfig -l $(if ${GITHUB_ACTIONS},spn,azurecli)
 
 bin/konduit.sh:
 	curl -s https://raw.githubusercontent.com/DFE-Digital/teacher-services-cloud/main/scripts/konduit.sh -o bin/konduit.sh \

terraform/application/terraform.tf

@@ -28,4 +28,14 @@ provider "kubernetes" {
   client_certificate     = module.cluster_data.kubernetes_client_certificate
   client_key             = module.cluster_data.kubernetes_client_key
   cluster_ca_certificate = module.cluster_data.kubernetes_cluster_ca_certificate
+
+  dynamic "exec" {
+    for_each = module.cluster_data.azure_RBAC_enabled ? [1] : []
+    content {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "kubelogin"
+      args        = module.cluster_data.kubelogin_args
+    }
+   }
+
 }