Skip to content

Commit

Permalink
Stop using TerraformAdminsGHAFInfra group
Browse files Browse the repository at this point in the history
Signed-off-by: Henri Rosten <[email protected]>
  • Loading branch information
henrirosten committed Nov 12, 2024
1 parent 98fae78 commit 2a11dee
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ variable "tenant_id" {
type = string
}

variable "object_id" {
type = string
}

################################################################################

Expand Down Expand Up @@ -73,8 +76,7 @@ resource "azurerm_key_vault_secret" "binary_cache_signing_key_pub" {
resource "azurerm_key_vault_access_policy" "binary_cache_signing_key_terraform" {
key_vault_id = azurerm_key_vault.binary_cache_signing_key.id
tenant_id = var.tenant_id
# "TerraformAdminsGHAFInfra" group
object_id = "f80c2488-2301-4de8-89d6-4954b77f453e"
object_id = var.object_id

secret_permissions = [
"Get",
Expand Down
7 changes: 5 additions & 2 deletions terraform/persistent/builder-ssh-key/builder-ssh-key.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ variable "tenant_id" {
type = string
}

variable "object_id" {
type = string
}

################################################################################

# Create a ED25519 key, which the jenkins master will use to authenticate with
Expand Down Expand Up @@ -70,8 +74,7 @@ resource "azurerm_key_vault_secret" "ssh_remote_build_pub" {
resource "azurerm_key_vault_access_policy" "ssh_remote_build_terraform" {
key_vault_id = azurerm_key_vault.ssh_remote_build.id
tenant_id = var.tenant_id
# "TerraformAdminsGHAFInfra" group
object_id = "f80c2488-2301-4de8-89d6-4954b77f453e"
object_id = var.object_id

secret_permissions = [
"Get",
Expand Down
1 change: 1 addition & 0 deletions terraform/persistent/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ module "builder_ssh_key" {
resource_group_name = azurerm_resource_group.persistent.name
location = azurerm_resource_group.persistent.location
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
}

################################################################################
2 changes: 2 additions & 0 deletions terraform/persistent/resources/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ module "builder_ssh_key" {
resource_group_name = data.azurerm_resource_group.persistent.name
location = data.azurerm_resource_group.persistent.location
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
}

module "binary_cache_sigkey" {
Expand All @@ -90,6 +91,7 @@ module "binary_cache_sigkey" {
resource_group_name = data.azurerm_resource_group.persistent.name
location = data.azurerm_resource_group.persistent.location
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
}

module "binary_cache_storage" {
Expand Down

0 comments on commit 2a11dee

Please sign in to comment.