Update Terraform pre-cluster config in playground

equinor · Dec 19, 2024 · 9571b25 · 9571b25
1 parent e20c08d
commit 9571b25
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 23 deletions.
diff --git a/terraform/subscriptions/s940/c2/common/main.tf b/terraform/subscriptions/s940/c2/common/main.tf
@@ -209,7 +209,7 @@ module "radix_id_gitrunner" {
       scope_id = "/subscriptions/${module.config.subscription}/resourceGroups/${data.azurerm_virtual_network.this.resource_group_name}"
     }
     app_registry_contributor = {
-      role = "Contributor"
+      role     = "Contributor"
       scope_id = "/subscriptions/${module.config.subscription}/resourceGroups/common/providers/Microsoft.ContainerRegistry/registries/radix${module.config.environment}app"
     }
   }

diff --git a/terraform/subscriptions/s940/prod/common/main.tf b/terraform/subscriptions/s940/prod/common/main.tf
@@ -206,7 +206,7 @@ module "radix_id_gitrunner" {
       scope_id = "/subscriptions/${module.config.subscription}/resourceGroups/${data.azurerm_virtual_network.this.resource_group_name}"
     }
     app_registry_contributor = {
-      role = "Contributor"
+      role     = "Contributor"
       scope_id = "/subscriptions/${module.config.subscription}/resourceGroups/common/providers/Microsoft.ContainerRegistry/registries/radixprodapp" # TODO: Replace resource name when fixed
     }
   }

diff --git a/terraform/subscriptions/s941/dev/common/main.tf b/terraform/subscriptions/s941/dev/common/main.tf
@@ -206,7 +206,7 @@ module "radix_id_gitrunner" {
       scope_id = "/subscriptions/${module.config.subscription}/resourceGroups/${data.azurerm_virtual_network.this.resource_group_name}"
     }
     app_registry_contributor = {
-      role = "Contributor"
+      role     = "Contributor"
       scope_id = "/subscriptions/${module.config.subscription}/resourceGroups/common/providers/Microsoft.ContainerRegistry/registries/radix${module.config.environment}app"
     }
   }

diff --git a/terraform/subscriptions/s941/playground/common/main.tf b/terraform/subscriptions/s941/playground/common/main.tf
@@ -197,7 +197,7 @@ module "radix_id_gitrunner" {
       scope_id = "/subscriptions/${module.config.subscription}/resourceGroups/${data.azurerm_virtual_network.this.resource_group_name}"
     }
     app_registry_contributor = {
-      role = "Contributor"
+      role     = "Contributor"
       scope_id = "/subscriptions/${module.config.subscription}/resourceGroups/common/providers/Microsoft.ContainerRegistry/registries/radix${module.config.environment}app"
     }
   }

diff --git a/terraform/subscriptions/s941/playground/post-clusters/cert-manager.tf b/terraform/subscriptions/s941/playground/post-clusters/cert-manager.tf
diff --git a/terraform/subscriptions/s941/playground/pre-clusters/backend.tf b/terraform/subscriptions/s941/playground/pre-clusters/backend.tf
@@ -31,3 +31,9 @@ module "config" {
   source = "../../../modules/config"
 }
 
+module "clusters" {
+  source              = "../../../modules/active-clusters"
+  resource_group_name = module.config.cluster_resource_group
+  subscription        = module.config.subscription
+}
+
diff --git a/terraform/subscriptions/s941/playground/pre-clusters/cert-manager.tf b/terraform/subscriptions/s941/playground/pre-clusters/cert-manager.tf
@@ -3,10 +3,9 @@ data "azurerm_user_assigned_identity" "cert-manager-mi" {
   name                = "radix-id-certmanager-${module.config.environment}"
 }
 
-resource "azurerm_federated_identity_credential" "cert-manager-mi-fedcred" {
-  for_each = module.clusters.oidc_issuer_url
-
-  audience            = ["api://AzureADTokenExchange"]
+module "cert-manager-mi-fedcred" {
+  source              = "../../../modules/federated-credentials"
+  for_each            = module.clusters.oidc_issuer_url
   name                = "k8s-cert-manager-dns01-${each.key}-${module.config.environment}"
   issuer              = each.value
   subject             = "system:serviceaccount:cert-manager:cert-manager"