From 2a11dee943a06f577cde164b5584e6c6d0005975 Mon Sep 17 00:00:00 2001 From: Henri Rosten Date: Fri, 8 Nov 2024 14:25:31 +0200 Subject: [PATCH] Stop using TerraformAdminsGHAFInfra group Signed-off-by: Henri Rosten --- .../persistent/binary-cache-sigkey/binary-cache-sigkey.tf | 6 ++++-- terraform/persistent/builder-ssh-key/builder-ssh-key.tf | 7 +++++-- terraform/persistent/main.tf | 1 + terraform/persistent/resources/main.tf | 2 ++ 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/terraform/persistent/binary-cache-sigkey/binary-cache-sigkey.tf b/terraform/persistent/binary-cache-sigkey/binary-cache-sigkey.tf index fe2784ce..95f44761 100644 --- a/terraform/persistent/binary-cache-sigkey/binary-cache-sigkey.tf +++ b/terraform/persistent/binary-cache-sigkey/binary-cache-sigkey.tf @@ -33,6 +33,9 @@ variable "tenant_id" { type = string } +variable "object_id" { + type = string +} ################################################################################ @@ -73,8 +76,7 @@ resource "azurerm_key_vault_secret" "binary_cache_signing_key_pub" { resource "azurerm_key_vault_access_policy" "binary_cache_signing_key_terraform" { key_vault_id = azurerm_key_vault.binary_cache_signing_key.id tenant_id = var.tenant_id - # "TerraformAdminsGHAFInfra" group - object_id = "f80c2488-2301-4de8-89d6-4954b77f453e" + object_id = var.object_id secret_permissions = [ "Get", diff --git a/terraform/persistent/builder-ssh-key/builder-ssh-key.tf b/terraform/persistent/builder-ssh-key/builder-ssh-key.tf index e35dc221..c48f785d 100644 --- a/terraform/persistent/builder-ssh-key/builder-ssh-key.tf +++ b/terraform/persistent/builder-ssh-key/builder-ssh-key.tf @@ -21,6 +21,10 @@ variable "tenant_id" { type = string } +variable "object_id" { + type = string +} + ################################################################################ # Create a ED25519 key, which the jenkins master will use to authenticate with @@ -70,8 +74,7 @@ resource "azurerm_key_vault_secret" "ssh_remote_build_pub" { resource "azurerm_key_vault_access_policy" "ssh_remote_build_terraform" { key_vault_id = azurerm_key_vault.ssh_remote_build.id tenant_id = var.tenant_id - # "TerraformAdminsGHAFInfra" group - object_id = "f80c2488-2301-4de8-89d6-4954b77f453e" + object_id = var.object_id secret_permissions = [ "Get", diff --git a/terraform/persistent/main.tf b/terraform/persistent/main.tf index 0767a308..7ca2a0a1 100644 --- a/terraform/persistent/main.tf +++ b/terraform/persistent/main.tf @@ -75,6 +75,7 @@ module "builder_ssh_key" { resource_group_name = azurerm_resource_group.persistent.name location = azurerm_resource_group.persistent.location tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azurerm_client_config.current.object_id } ################################################################################ diff --git a/terraform/persistent/resources/main.tf b/terraform/persistent/resources/main.tf index d1c50596..4afdc55a 100644 --- a/terraform/persistent/resources/main.tf +++ b/terraform/persistent/resources/main.tf @@ -79,6 +79,7 @@ module "builder_ssh_key" { resource_group_name = data.azurerm_resource_group.persistent.name location = data.azurerm_resource_group.persistent.location tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azurerm_client_config.current.object_id } module "binary_cache_sigkey" { @@ -90,6 +91,7 @@ module "binary_cache_sigkey" { resource_group_name = data.azurerm_resource_group.persistent.name location = data.azurerm_resource_group.persistent.location tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azurerm_client_config.current.object_id } module "binary_cache_storage" {