From 38abf2e5f2f2ba1c91ab2ee19e159a47f1a5b938 Mon Sep 17 00:00:00 2001
From: Gerd Oberlechner <goberlec@redhat.com>
Date: Wed, 27 Nov 2024 09:17:39 +0100
Subject: [PATCH] remove imagesync setup from svc template

Signed-off-by: Gerd Oberlechner <goberlec@redhat.com>
---
 .../svc-cluster.tmpl.bicepparam               |  1 -
 .../templates/svc-cluster.bicep               | 45 -------------------
 2 files changed, 46 deletions(-)

diff --git a/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam b/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam
index 077fca8d9..d89f00e9d 100644
--- a/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam
+++ b/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam
@@ -42,7 +42,6 @@ param serviceKeyVaultSoftDelete = {{ .serviceKeyVault.softDelete }}
 param serviceKeyVaultPrivate = {{ .serviceKeyVault.private }}
 
 param acrPullResourceGroups = ['{{ .serviceComponentAcrResourceGroups }}']
-param imageSyncAcrResourceGroupNames = ['{{ .imageSync.acrRG }}']
 param clustersServiceAcrResourceGroupNames = ['{{ .clusterService.acrRG }}']
 
 param oidcStorageAccountName = '{{ .oidcStorageAccountName }}'
diff --git a/dev-infrastructure/templates/svc-cluster.bicep b/dev-infrastructure/templates/svc-cluster.bicep
index 69edf4d99..5a843bf69 100644
--- a/dev-infrastructure/templates/svc-cluster.bicep
+++ b/dev-infrastructure/templates/svc-cluster.bicep
@@ -125,9 +125,6 @@ param serviceKeyVaultSoftDelete bool = true
 @description('If true, make the service keyvault private and only accessible by the svc cluster via private link.')
 param serviceKeyVaultPrivate bool = true
 
-@description('Image sync ACR RG name')
-param imageSyncAcrResourceGroupNames array = []
-
 @description('OIDC Storage Account name')
 param oidcStorageAccountName string
 
@@ -348,48 +345,6 @@ module csDnsZoneContributor '../modules/dns/zone-contributor.bicep' = {
   }
 }
 
-//
-//   I M A G E   S Y N C
-//
-
-var imageSyncManagedIdentityPrincipalId = filter(
-  svcCluster.outputs.userAssignedIdentities,
-  id => id.uamiName == 'image-sync'
-)[0].uamiPrincipalID
-
-module imageServiceKeyVaultAccess '../modules/keyvault/keyvault-secret-access.bicep' = {
-  name: guid(serviceKeyVaultName, 'imagesync', 'read')
-  scope: resourceGroup(serviceKeyVaultResourceGroup)
-  params: {
-    keyVaultName: serviceKeyVaultName
-    roleName: 'Key Vault Secrets User'
-    managedIdentityPrincipalId: imageSyncManagedIdentityPrincipalId
-  }
-  dependsOn: [
-    serviceKeyVault
-    svcCluster
-  ]
-}
-
-resource imageSyncAcrResourceGroups 'Microsoft.Resources/resourceGroups@2023-07-01' existing = [
-  for rg in imageSyncAcrResourceGroupNames: {
-    name: rg
-    scope: subscription()
-  }
-]
-
-module acrPushRole '../modules/acr-permissions.bicep' = [
-  for (_, i) in imageSyncAcrResourceGroupNames: {
-    name: guid(imageSyncAcrResourceGroups[i].id, resourceGroup().name, 'image-sync', 'push')
-    scope: imageSyncAcrResourceGroups[i]
-    params: {
-      principalId: imageSyncManagedIdentityPrincipalId
-      grantPushAccess: true
-      acrResourceGroupid: imageSyncAcrResourceGroups[i].id
-    }
-  }
-]
-
 resource clustersServiceAcrResourceGroups 'Microsoft.Resources/resourceGroups@2023-07-01' existing = [
   for rg in clustersServiceAcrResourceGroupNames: {
     name: rg