diff --git a/scripts/radix-zone/base-infrastructure/bootstrap.sh b/scripts/radix-zone/base-infrastructure/bootstrap.sh index d9890c61a..6713a0d12 100755 --- a/scripts/radix-zone/base-infrastructure/bootstrap.sh +++ b/scripts/radix-zone/base-infrastructure/bootstrap.sh @@ -160,7 +160,6 @@ echo -e " - AZ_IPPRE_INBOUND_LENGTH : $AZ_IPPRE_INBOUND_L echo -e " - AZ_RESOURCE_CONTAINER_REGISTRY : $AZ_RESOURCE_CONTAINER_REGISTRY" echo -e " - AZ_RESOURCE_DNS : $AZ_RESOURCE_DNS" echo -e "" -echo -e " - AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER : $AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER" echo -e " - AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD : $AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD" echo -e " - APP_REGISTRATION_WEB_CONSOLE : $APP_REGISTRATION_WEB_CONSOLE" echo -e " - APP_REGISTRATION_GRAFANA : $APP_REGISTRATION_GRAFANA" @@ -232,7 +231,7 @@ function create_common_resources() { --tag "issue" \ --value "letsencrypt.org" \ --output none - + az network dns record-set caa add-record \ --resource-group "${AZ_RESOURCE_GROUP_COMMON}" \ --zone-name "${AZ_RESOURCE_DNS}" \ @@ -242,7 +241,7 @@ function create_common_resources() { --tag "issue" \ --value "digicert.com" \ --output none - + az network dns record-set caa add-record \ --resource-group "${AZ_RESOURCE_GROUP_COMMON}" \ --zone-name "${AZ_RESOURCE_DNS}" \ @@ -425,7 +424,6 @@ EOF # Create service principals function create_base_system_users_and_store_credentials() { - create_service_principal_and_store_credentials "$AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER" "Service principal that provide read-only access to container registry" create_service_principal_and_store_credentials "$AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD" "Service principal that provide push, pull, build in container registry" create_service_principal_and_store_credentials "$APP_REGISTRATION_GRAFANA" "Grafana OAuth" create_service_principal_and_store_credentials "$APP_REGISTRATION_WEB_CONSOLE" "Used by web console for login and other AD information" @@ -441,9 +439,9 @@ function create_servicenow_proxy_server_app_registration() { "value":"Application.Read", "type":"User", "isEnabled":true, - "userConsentDescription":"Allows the app to read ServiceNow applications", + "userConsentDescription":"Allows the app to read ServiceNow applications", "userConsentDisplayName":"Read applications from ServiceNow", - "adminConsentDescription":"Allows the app to read ServiceNow applications", + "adminConsentDescription":"Allows the app to read ServiceNow applications", "adminConsentDisplayName":"Read applications from ServiceNow" } ] diff --git a/scripts/radix-zone/base-infrastructure/lib_acr.sh b/scripts/radix-zone/base-infrastructure/lib_acr.sh index 2a8ee9e9a..ad1fa287b 100644 --- a/scripts/radix-zone/base-infrastructure/lib_acr.sh +++ b/scripts/radix-zone/base-infrastructure/lib_acr.sh @@ -3,7 +3,7 @@ ####################################################################################### ### PURPOSE -### +### # Library for often used ACR functions. @@ -68,13 +68,6 @@ function set_permissions_on_acr() { local id printf "Working on container registry \"${AZ_RESOURCE_CONTAINER_REGISTRY}\": " - printf "Setting permissions for \"${AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER}\"..." # radix-cr-reader-dev - id="$(az ad sp list --display-name ${AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD} --query [].appId --output tsv)" - # Delete any existing roles - az role assignment delete --assignee "${id}" --scope "${scope}" --output none - # Configure new roles - az role assignment create --assignee "${id}" --role AcrPull --scope "${scope}" --output none - printf "Setting permissions for \"${AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD}\"..." # radix-cr-cicd-dev id="$(az ad sp list --filter "displayname eq '${AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD}'" --query [].appId --output tsv)" # Delete any existing roles @@ -253,12 +246,12 @@ stepTimeout: 3600 steps: - cmd: buildx create --use # start buildkit - cmd: >- - buildx build {{.Values.PUSH}} {{.Values.CACHE}} - {{.Values.TAGS}} - --file {{.Values.DOCKER_FILE_NAME}} - --cache-from=type=registry,ref={{.Values.DOCKER_REGISTRY}}.azurecr.io/{{.Values.REPOSITORY_NAME}}:radix-cache-{{.Values.BRANCH}} {{.Values.CACHE_TO_OPTIONS}} - . - {{.Values.BUILD_ARGS}} + buildx build {{.Values.PUSH}} {{.Values.CACHE}} + {{.Values.TAGS}} + --file {{.Values.DOCKER_FILE_NAME}} + --cache-from=type=registry,ref={{.Values.DOCKER_REGISTRY}}.azurecr.io/{{.Values.REPOSITORY_NAME}}:radix-cache-{{.Values.BRANCH}} {{.Values.CACHE_TO_OPTIONS}} + . + {{.Values.BUILD_ARGS}} EOF printf "Create ACR Task for internal use: ${TASK_NAME} in ACR: ${ACR_NAME}..." az acr task create \ @@ -299,7 +292,7 @@ function add_task_credential() { local TASK_NAME="$1" local ACR_NAME="$2" printf "Add credentials for system-assigned identity to task: ${TASK_NAME}..." - if [[ + if [[ $(az acr task credential list --registry ${ACR_NAME} --name ${TASK_NAME} | jq '.["'${ACR_NAME}'.azurecr.io"].identity') == null || -z $(az acr task credential list --registry ${ACR_NAME} --name ${TASK_NAME} | jq '.["'${ACR_NAME}'.azurecr.io"].identity') ]]; then @@ -368,4 +361,4 @@ function run_task() { echo $? # Exit code of last executed command. echo "Done." -} \ No newline at end of file +} diff --git a/scripts/radix-zone/base-infrastructure/teardown.sh b/scripts/radix-zone/base-infrastructure/teardown.sh index 5167a2395..c4423ac94 100755 --- a/scripts/radix-zone/base-infrastructure/teardown.sh +++ b/scripts/radix-zone/base-infrastructure/teardown.sh @@ -2,14 +2,14 @@ ####################################################################################### ### PURPOSE -### +### # Tear down radix zone infrastructure ####################################################################################### ### INPUTS -### +### # Required: # - RADIX_ZONE_ENV : Path to *.env file @@ -20,14 +20,14 @@ ####################################################################################### ### HOW TO USE -### +### # RADIX_ZONE_ENV=../radix_zone_playground.env ./teardown.sh ####################################################################################### ### START -### +### echo "" echo "Start tear down of Radix Zone... " @@ -111,7 +111,6 @@ printf "\n" printf "\n - AZ_RESOURCE_AAD_SERVER : $AZ_RESOURCE_AAD_SERVER" printf "\n - AZ_RESOURCE_AAD_CLIENT : $AZ_RESOURCE_AAD_CLIENT" printf "\n" -printf "\n - AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER : $AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER" printf "\n - AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD : $AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD" printf "\n - AZ_SYSTEM_USER_CLUSTER : $AZ_SYSTEM_USER_CLUSTER" printf "\n" @@ -139,7 +138,6 @@ fi ### Remove infrastructure ### -delete_service_principal_and_stored_credentials "$AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER" delete_service_principal_and_stored_credentials "$AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD" delete_service_principal_and_stored_credentials "$AZ_SYSTEM_USER_CLUSTER" @@ -155,7 +153,7 @@ printf "...Done.\n" printf "Working on resource groups: \n" printf "Deleting ${AZ_RESOURCE_GROUP_CLUSTERS}...\n" -az group delete --yes --name "${AZ_RESOURCE_GROUP_CLUSTERS}" --output none +az group delete --yes --name "${AZ_RESOURCE_GROUP_CLUSTERS}" --output none printf "Deleting ${AZ_RESOURCE_GROUP_COMMON}...\n" az group delete --yes --name "${AZ_RESOURCE_GROUP_COMMON}" --output none printf "Deleting ${AZ_RESOURCE_GROUP_MONITORING}...\n" @@ -169,4 +167,4 @@ printf "...Done.\n" ### echo "" -echo "Teardown done!" \ No newline at end of file +echo "Teardown done!" diff --git a/scripts/radix-zone/radix_zone_c2.env b/scripts/radix-zone/radix_zone_c2.env index 364daa8c4..136afe2bd 100644 --- a/scripts/radix-zone/radix_zone_c2.env +++ b/scripts/radix-zone/radix_zone_c2.env @@ -94,7 +94,6 @@ AZ_RESOURCE_ACR_AGENT_POOL_COUNT=2 ### System users ### -AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER="radix-cr-reader-${RADIX_ZONE}" AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD="radix-cr-cicd-${RADIX_ZONE}" AZ_SYSTEM_USER_APP_REGISTRY_SECRET_KEY="radix-app-registry-secret" AZ_SYSTEM_USER_APP_REGISTRY_USERNAME="radix-app-registry-secret-${RADIX_ZONE}" diff --git a/scripts/radix-zone/radix_zone_dev.env b/scripts/radix-zone/radix_zone_dev.env index c03d0ee1c..a5e8de2c2 100644 --- a/scripts/radix-zone/radix_zone_dev.env +++ b/scripts/radix-zone/radix_zone_dev.env @@ -96,7 +96,6 @@ AZ_RESOURCE_ACR_AGENT_POOL_COUNT=2 ### System users ### -AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER="radix-cr-reader-${RADIX_ZONE}" AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD="radix-cr-cicd-${RADIX_ZONE}" AZ_SYSTEM_USER_APP_REGISTRY_SECRET_KEY="radix-app-registry-secret" AZ_SYSTEM_USER_APP_REGISTRY_USERNAME="radix-app-registry-secret-${RADIX_ZONE}" diff --git a/scripts/radix-zone/radix_zone_playground.env b/scripts/radix-zone/radix_zone_playground.env index 15a8b24c9..f3654c9f4 100644 --- a/scripts/radix-zone/radix_zone_playground.env +++ b/scripts/radix-zone/radix_zone_playground.env @@ -95,7 +95,6 @@ AZ_RESOURCE_ACR_AGENT_POOL_COUNT=2 ### System users ### -AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER="radix-cr-reader-${RADIX_ZONE}" AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD="radix-cr-cicd-${RADIX_ZONE}" AZ_SYSTEM_USER_APP_REGISTRY_SECRET_KEY="radix-app-registry-secret" AZ_SYSTEM_USER_APP_REGISTRY_USERNAME="radix-app-registry-secret-${RADIX_ZONE}" diff --git a/scripts/radix-zone/radix_zone_prod.env b/scripts/radix-zone/radix_zone_prod.env index a20d9684e..83007e4a5 100644 --- a/scripts/radix-zone/radix_zone_prod.env +++ b/scripts/radix-zone/radix_zone_prod.env @@ -95,7 +95,6 @@ AZ_RESOURCE_ACR_AGENT_POOL_COUNT=8 ### System users ### -AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER="radix-cr-reader-platform" AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD="radix-cr-cicd-platform" AZ_SYSTEM_USER_APP_REGISTRY_SECRET_KEY="radix-app-registry-secret" AZ_SYSTEM_USER_APP_REGISTRY_USERNAME="radix-app-registry-secret-${RADIX_ZONE}" diff --git a/scripts/radix-zone/radix_zone_test.env b/scripts/radix-zone/radix_zone_test.env index 88a404c11..2f3895319 100644 --- a/scripts/radix-zone/radix_zone_test.env +++ b/scripts/radix-zone/radix_zone_test.env @@ -73,7 +73,6 @@ AZ_RESOURCE_DNS="${RADIX_ZONE}.radix.equinor.com" ### System users ### -AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER="radix-cr-reader-${RADIX_ZONE}" AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD="radix-cr-cicd-${RADIX_ZONE}" AZ_SYSTEM_USER_CLUSTER="radix-cluster-${RADIX_ENVIRONMENT}" diff --git a/scripts/service-principals-and-aad-apps/bootstrap.sh b/scripts/service-principals-and-aad-apps/bootstrap.sh index b6b5548af..113dda58d 100755 --- a/scripts/service-principals-and-aad-apps/bootstrap.sh +++ b/scripts/service-principals-and-aad-apps/bootstrap.sh @@ -119,7 +119,6 @@ echo -e " - RADIX_ENVIRONMENT : $RADIX_ENVIRONMENT" echo -e "" echo -e " > WHAT:" echo -e " -------------------------------------------------------------------" -echo -e " - AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER : $AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER" echo -e " - AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD : $AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD" echo -e "" echo -e " > WHO:" @@ -150,7 +149,6 @@ fi ### Create service principal ### -create_service_principal_and_store_credentials "$AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER" "Provide read-only access to container registry" create_service_principal_and_store_credentials "$AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD" "Provide push, pull, build in container registry" ####################################################################################### diff --git a/scripts/service-principals-and-aad-apps/teardown.sh b/scripts/service-principals-and-aad-apps/teardown.sh index 8f8589340..77d42923b 100755 --- a/scripts/service-principals-and-aad-apps/teardown.sh +++ b/scripts/service-principals-and-aad-apps/teardown.sh @@ -3,14 +3,14 @@ ####################################################################################### ### PURPOSE -### +### # Teardown radix service principals: delete them and delete credentials in az keyvault ####################################################################################### ### INPUTS -### +### # Required: # - RADIX_ZONE_ENV : Path to *.env file @@ -21,14 +21,14 @@ ####################################################################################### ### HOW TO USE -### +### # RADIX_ZONE_ENV=../radix-zone/radix_zone_dev.env ./teardown.sh ####################################################################################### ### START -### +### echo "" echo "Start teardown radix service principals... " @@ -104,7 +104,6 @@ echo -e " - RADIX_ENVIRONMENT : $RADIX_ENVIRONMENT" echo -e "" echo -e " > WHAT:" echo -e " -------------------------------------------------------------------" -echo -e " - AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER : $AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER" echo -e " - AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD : $AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD" echo -e "" echo -e " > WHO:" @@ -142,7 +141,6 @@ function delete_service_principal() { printf "Done.\n" } -delete_service_principal "$AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER" delete_service_principal "$AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD" @@ -152,4 +150,4 @@ delete_service_principal "$AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD" echo "" -echo "Teardown of radix service principals done!" \ No newline at end of file +echo "Teardown of radix service principals done!" diff --git a/terraform/subscriptions/modules/acr/main.tf b/terraform/subscriptions/modules/acr/main.tf index 908e10900..30228bfaf 100644 --- a/terraform/subscriptions/modules/acr/main.tf +++ b/terraform/subscriptions/modules/acr/main.tf @@ -107,12 +107,6 @@ resource "azurerm_role_assignment" "env" { principal_id = var.radix_cr_cicd } -resource "azurerm_role_assignment" "env_pull" { - scope = azurerm_container_registry.env.id - role_definition_name = "AcrPull" - principal_id = var.radix_cr_reader -} - resource "azurerm_private_endpoint" "env" { name = var.acr == "c2" ? "pe-radix-acr-c2prod" : "pe-radix-acr-${var.acr}" resource_group_name = var.vnet_resource_group diff --git a/terraform/subscriptions/modules/acr/variables.tf b/terraform/subscriptions/modules/acr/variables.tf index b42e4fa73..3690f293c 100644 --- a/terraform/subscriptions/modules/acr/variables.tf +++ b/terraform/subscriptions/modules/acr/variables.tf @@ -162,8 +162,3 @@ variable "radix_cr_cicd" { type = string description = "ID of radix-cr Contributor" } - -variable "radix_cr_reader" { - type = string - description = "ID of radix-cr Reader" -} diff --git a/terraform/subscriptions/s940/c2/common/main.tf b/terraform/subscriptions/s940/c2/common/main.tf index 2b7af2efe..a7c547d4b 100644 --- a/terraform/subscriptions/s940/c2/common/main.tf +++ b/terraform/subscriptions/s940/c2/common/main.tf @@ -89,7 +89,6 @@ module "acr" { subnet_id = data.azurerm_subnet.this.id dockercredentials_id = "/subscriptions/${module.config.subscription}/resourceGroups/${module.config.common_resource_group}/providers/Microsoft.ContainerRegistry/registries/radix${module.config.environment}cache/credentialSets/radix-service-account-docker" radix_cr_cicd = module.radix-cr-cicd.azuread_service_principal_id - radix_cr_reader = module.radix-cr-reader.azuread_service_principal_id } module "radix-id-acr-workflows" { @@ -239,18 +238,6 @@ module "radix-cr-cicd" { } } -module "radix-cr-reader" { - source = "../../../modules/app_registration" - display_name = "radix-cr-reader-${module.config.environment}" - service_id = "110327" - owners = keys(jsondecode(data.azurerm_key_vault_secret.radixowners.value)) - expose_API = true - implicit_grant = { - access_token_issuance_enabled = false - id_token_issuance_enabled = true - } -} - output "workspace_id" { value = module.loganalytics.workspace_id } diff --git a/terraform/subscriptions/s940/c2/post-clusters/.terraform.lock.hcl b/terraform/subscriptions/s940/c2/post-clusters/.terraform.lock.hcl index b0aeefdb9..6202c3339 100644 --- a/terraform/subscriptions/s940/c2/post-clusters/.terraform.lock.hcl +++ b/terraform/subscriptions/s940/c2/post-clusters/.terraform.lock.hcl @@ -2,59 +2,60 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/azure/azapi" { - version = "1.14.0" + version = "2.1.0" + constraints = ">= 2.0.0" hashes = [ - "h1:D8AhiIgpSH6pG05WuslOg3XS0O9I5VxOoD3W3i8N+Xo=", - "zh:083709be750b878dfb33747ba1d326d23619a0ed654f95bce9c808e424923c90", - "zh:261b5060297b732d97b4363ad753355bfee00e93d773fd329023a5619b964c39", - "zh:51adfdaeb1b2c3d9e7aeba97c9c73d469712223dd125b14d90377d445d1cd3df", - "zh:5bcbedc9eeefa5e6267042604af20f93cadceba41d8d90a91040f60f6c5e38a9", - "zh:6da127f306083e740767f53dd0cc8787166a8af4f44519873dd8775ca981ddef", - "zh:7604cf377b8ea31a5a44db5b8566f5eea4d73acdfaaeb8ba10fcac46cbf4a738", - "zh:77789ef8906acabbf7eb55378e1f9c407499bb765811f193d256897d2925d66d", - "zh:8a333c53279b3b0b65519191dbba8ef7dc390f5d96216e4e6f165cac8b3e5dc2", - "zh:8c0dfe57dc2c29f8953db3037144d2254ce28bfa55dae537707ae4bdb4460f64", - "zh:debdeabcbcb6b421c2cdf2093d520c67e75a11d28d357b0ba32dd748105a5460", - "zh:e252ee062513904836fcc5e6548243429819e68aa7cfaeac7da8d816c4c4d1e8", - "zh:f48d1fd67b463d2121516911b5d20f8a72217e43e7740bb74929a17dbd43bb59", + "h1:WhF1KaR2SqirmYu2uRCnNtr5ra+iZCl/ze8J424gYBA=", + "zh:01ef28621c5393c1172fdc3ab677370f11a59c224bc86eda13038702f4082f1c", + "zh:0ba010575a416a0c7c97e92e783e50a0d0911a0e9d8114d810d20a76e458135f", + "zh:1211a9d51f5248a9252ecf26c2d7d03b01d32c167d438a48338c99325ed03080", + "zh:5411691f107ce3633751d9124dbabaac29de3008d0bcb8d7643523a0108c3d1a", + "zh:5bfc583d645963b4811b9ef66989b164f1ca44ca29a70c34b30c62170103ca60", + "zh:5fc81eb921ae9c13a3aa3290dfa674b0a605dd737a38d18ce557328089c99c9c", + "zh:a0349c3de522b617e0fc071b30c02c1c1bc8887da868065175053f589f3548b9", + "zh:af96b7f9ae189c55f5f0013d148dad22a0c817510e5633e470412301c4398ea4", + "zh:bce4f97802e76380aa0962eb3078847a1e8f81d65b9865a02ff73fd83097a3f6", + "zh:c800c89f20f19471616305bf382af76eab4d7ef210165ba93a226facd0d9f876", + "zh:e39f41191e8854681b9872fa571e314c60d694a44670ff56681a5eefabc969ad", + "zh:f8ebf058a8a95cda19c9effa2640613d7f36cb68137827233ac9a64abe13ab1b", ] } provider "registry.terraform.io/hashicorp/azuread" { - version = "2.53.1" + version = "3.0.2" hashes = [ - "h1:0z/718jtR2TJHQQMMqi4nvd6XFPV/iA1jb/5fyAcn5o=", - "zh:162916b037e5133f49298b0ffa3e7dcef7d76530a8ca738e7293373980f73c68", + "h1:sYCyzbPpSYu2XDah8XqBUITQAfB0x4j4Twh6lw2C4CA=", + "zh:16e724b80a9004c7978c30f69a73c98ff63eb8a03937dd44c2a8f0ea0438b7a3", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:492931cea4f30887ab5bca36a8556dfcb897288eddd44619c0217fc5da2d57e7", - "zh:4c895e450e18335ad8714cc6d3488fc1a78816ad2851a91b06cb2ef775dd7c66", - "zh:60d92fdaf7235574201f2d8f68f733ee00a822993b3fc95e6952e09e6ec76999", - "zh:67a169119efa41c1fb867ef1a8e79bf03472a2324384c36eb55370c817dcce42", - "zh:9dd4d5ed9233cf9329262200bc5a1aa60942b80dbc611e2ef4b09f47531b39b1", - "zh:a3c160e35b9e40fc1497b83c2f37a8e24565b05a1783c7733609f3695735c2a9", - "zh:a4a221da42b1f46e7c436c7145e5beaadfd9d03f3be6fd526d132c03f18a5979", - "zh:af0d3476a9702d2287e168e3baa670e64daab9c9b01c01e17025a5248f3e28e9", - "zh:e3579bff7894f3d36066b74ec324be6d28f56a42a387a2b8a0eabf33cbff86df", - "zh:f1749ee8ad972ae6424665aa9d2c0ece8c40c51d41ec2f38b863148cb437e865", + "zh:2bbbf13713ca4767267b889471c9fc14a56a8fdf5d1013da3ca78667e3caec64", + "zh:409ccb05431d643a079da082d89db2d95d6afed4769997ac537c8b7de3bff867", + "zh:53e4bca0f5d015380f7f524f36344afe6211ccaf614bfc69af73ca64a9f47d6c", + "zh:5780be2c1981d090604d7fa4cef675462f17f40e7f3dc501a031488e87a35b8f", + "zh:850e61a1b3e64c752c418526ccf48653514c861b36f5feb631619f906f7e99a0", + "zh:8c3565bfcea006a734149cc080452a9daf7d2a9d5362eb7e0a088b6c0d7f0f03", + "zh:908b9e6ad49d5d21173ecefc7924902047611be93bbf8e7d021aa9563358396f", + "zh:a2a79765c029bc58966eff61cb6e9b0ee14d2ac52b0a22fc7dfa35c9a49af669", + "zh:c7f56cbe8743e9ba81fce871bc97d9c07abe86770d9ee7ffefbf3882a61ba89a", + "zh:d4dba80e33421b30d81c62611fb7fc62ad39afecc6484436e635913cd8553e67", ] } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.113.0" + version = "4.14.0" constraints = ">= 3.110.0" hashes = [ - "h1:eEUtt0lrLdpVaF6FiDq8BGQPgEcykmhj0aNIL7hTOGw=", - "zh:12479f5664288943400447b55e50df675c28ae82ad8d373cc2e5682f3a3411f0", - "zh:1b42a14e80e568429d3b55fed753ca3ef0df9dcdfa107890d7264599c020940f", - "zh:381be6ca617f848de3baa3985a6e1788e91a803afe04a3c5c727453528b6310d", - "zh:3e70e2e07b6db1c363de3e5d0ca47f27fc956473df03329c7d2e54d3ac29176b", - "zh:87c7633aeaa828098c6055da9e67d4acaf4b46748b6b3f0267e105e55f05de25", - "zh:8d0d98226901f874770dd5220d4701a12ae8bd586994615aa7dcba12b9736bec", - "zh:9fd913acd42a60c3a90a18ce803567ef861db8779a59aacced91f2cbd86de9d9", - "zh:b6f3f7ae0a055437fb36c139af9bb3135e7f4dad172157ae1eb0177dc74d703f", - "zh:b927027ba2bf40d34e03d742fd2b6c5299023b5ab8e6f05e50aac76a46ad1094", - "zh:ceb5187b9d2a439f4e48944f3ffeeeaf47a03dbe6f3325ea1775bf659ce0aa88", + "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", + "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", + "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", + "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", + "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", + "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", + "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", + "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", + "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", + "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", + "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fb9d78dfeca7489bffca9b1a1f3abee7f16dbbcba31388aea1102062c1d6dce8", + "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", ] } diff --git a/terraform/subscriptions/s940/prod/common/main.tf b/terraform/subscriptions/s940/prod/common/main.tf index 6849d4d31..f93b532d5 100644 --- a/terraform/subscriptions/s940/prod/common/main.tf +++ b/terraform/subscriptions/s940/prod/common/main.tf @@ -86,7 +86,6 @@ module "acr" { subnet_id = data.azurerm_subnet.this.id dockercredentials_id = "/subscriptions/${module.config.subscription}/resourceGroups/${module.config.common_resource_group}/providers/Microsoft.ContainerRegistry/registries/radix${module.config.environment}cache/credentialSets/radix-service-account-docker" radix_cr_cicd = module.radix-cr-cicd.azuread_service_principal_id - radix_cr_reader = module.radix-cr-reader.azuread_service_principal_id } module "radix-id-acr-workflows" { @@ -236,18 +235,6 @@ module "radix-cr-cicd" { } } -module "radix-cr-reader" { - source = "../../../modules/app_registration" - display_name = "radix-cr-reader-${module.config.environment}" - service_id = "110327" - owners = keys(jsondecode(data.azurerm_key_vault_secret.radixowners.value)) - expose_API = true - implicit_grant = { - access_token_issuance_enabled = false - id_token_issuance_enabled = true - } -} - output "workspace_id" { value = module.loganalytics.workspace_id } diff --git a/terraform/subscriptions/s940/prod/post-clusters/.terraform.lock.hcl b/terraform/subscriptions/s940/prod/post-clusters/.terraform.lock.hcl index 38b1f037e..bbde44fd7 100644 --- a/terraform/subscriptions/s940/prod/post-clusters/.terraform.lock.hcl +++ b/terraform/subscriptions/s940/prod/post-clusters/.terraform.lock.hcl @@ -2,78 +2,79 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/azure/azapi" { - version = "1.14.0" + version = "2.1.0" + constraints = ">= 2.0.0" hashes = [ - "h1:D8AhiIgpSH6pG05WuslOg3XS0O9I5VxOoD3W3i8N+Xo=", - "zh:083709be750b878dfb33747ba1d326d23619a0ed654f95bce9c808e424923c90", - "zh:261b5060297b732d97b4363ad753355bfee00e93d773fd329023a5619b964c39", - "zh:51adfdaeb1b2c3d9e7aeba97c9c73d469712223dd125b14d90377d445d1cd3df", - "zh:5bcbedc9eeefa5e6267042604af20f93cadceba41d8d90a91040f60f6c5e38a9", - "zh:6da127f306083e740767f53dd0cc8787166a8af4f44519873dd8775ca981ddef", - "zh:7604cf377b8ea31a5a44db5b8566f5eea4d73acdfaaeb8ba10fcac46cbf4a738", - "zh:77789ef8906acabbf7eb55378e1f9c407499bb765811f193d256897d2925d66d", - "zh:8a333c53279b3b0b65519191dbba8ef7dc390f5d96216e4e6f165cac8b3e5dc2", - "zh:8c0dfe57dc2c29f8953db3037144d2254ce28bfa55dae537707ae4bdb4460f64", - "zh:debdeabcbcb6b421c2cdf2093d520c67e75a11d28d357b0ba32dd748105a5460", - "zh:e252ee062513904836fcc5e6548243429819e68aa7cfaeac7da8d816c4c4d1e8", - "zh:f48d1fd67b463d2121516911b5d20f8a72217e43e7740bb74929a17dbd43bb59", + "h1:WhF1KaR2SqirmYu2uRCnNtr5ra+iZCl/ze8J424gYBA=", + "zh:01ef28621c5393c1172fdc3ab677370f11a59c224bc86eda13038702f4082f1c", + "zh:0ba010575a416a0c7c97e92e783e50a0d0911a0e9d8114d810d20a76e458135f", + "zh:1211a9d51f5248a9252ecf26c2d7d03b01d32c167d438a48338c99325ed03080", + "zh:5411691f107ce3633751d9124dbabaac29de3008d0bcb8d7643523a0108c3d1a", + "zh:5bfc583d645963b4811b9ef66989b164f1ca44ca29a70c34b30c62170103ca60", + "zh:5fc81eb921ae9c13a3aa3290dfa674b0a605dd737a38d18ce557328089c99c9c", + "zh:a0349c3de522b617e0fc071b30c02c1c1bc8887da868065175053f589f3548b9", + "zh:af96b7f9ae189c55f5f0013d148dad22a0c817510e5633e470412301c4398ea4", + "zh:bce4f97802e76380aa0962eb3078847a1e8f81d65b9865a02ff73fd83097a3f6", + "zh:c800c89f20f19471616305bf382af76eab4d7ef210165ba93a226facd0d9f876", + "zh:e39f41191e8854681b9872fa571e314c60d694a44670ff56681a5eefabc969ad", + "zh:f8ebf058a8a95cda19c9effa2640613d7f36cb68137827233ac9a64abe13ab1b", ] } provider "registry.terraform.io/hashicorp/azuread" { - version = "2.53.1" + version = "3.0.2" hashes = [ - "h1:0z/718jtR2TJHQQMMqi4nvd6XFPV/iA1jb/5fyAcn5o=", - "zh:162916b037e5133f49298b0ffa3e7dcef7d76530a8ca738e7293373980f73c68", + "h1:sYCyzbPpSYu2XDah8XqBUITQAfB0x4j4Twh6lw2C4CA=", + "zh:16e724b80a9004c7978c30f69a73c98ff63eb8a03937dd44c2a8f0ea0438b7a3", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:492931cea4f30887ab5bca36a8556dfcb897288eddd44619c0217fc5da2d57e7", - "zh:4c895e450e18335ad8714cc6d3488fc1a78816ad2851a91b06cb2ef775dd7c66", - "zh:60d92fdaf7235574201f2d8f68f733ee00a822993b3fc95e6952e09e6ec76999", - "zh:67a169119efa41c1fb867ef1a8e79bf03472a2324384c36eb55370c817dcce42", - "zh:9dd4d5ed9233cf9329262200bc5a1aa60942b80dbc611e2ef4b09f47531b39b1", - "zh:a3c160e35b9e40fc1497b83c2f37a8e24565b05a1783c7733609f3695735c2a9", - "zh:a4a221da42b1f46e7c436c7145e5beaadfd9d03f3be6fd526d132c03f18a5979", - "zh:af0d3476a9702d2287e168e3baa670e64daab9c9b01c01e17025a5248f3e28e9", - "zh:e3579bff7894f3d36066b74ec324be6d28f56a42a387a2b8a0eabf33cbff86df", - "zh:f1749ee8ad972ae6424665aa9d2c0ece8c40c51d41ec2f38b863148cb437e865", + "zh:2bbbf13713ca4767267b889471c9fc14a56a8fdf5d1013da3ca78667e3caec64", + "zh:409ccb05431d643a079da082d89db2d95d6afed4769997ac537c8b7de3bff867", + "zh:53e4bca0f5d015380f7f524f36344afe6211ccaf614bfc69af73ca64a9f47d6c", + "zh:5780be2c1981d090604d7fa4cef675462f17f40e7f3dc501a031488e87a35b8f", + "zh:850e61a1b3e64c752c418526ccf48653514c861b36f5feb631619f906f7e99a0", + "zh:8c3565bfcea006a734149cc080452a9daf7d2a9d5362eb7e0a088b6c0d7f0f03", + "zh:908b9e6ad49d5d21173ecefc7924902047611be93bbf8e7d021aa9563358396f", + "zh:a2a79765c029bc58966eff61cb6e9b0ee14d2ac52b0a22fc7dfa35c9a49af669", + "zh:c7f56cbe8743e9ba81fce871bc97d9c07abe86770d9ee7ffefbf3882a61ba89a", + "zh:d4dba80e33421b30d81c62611fb7fc62ad39afecc6484436e635913cd8553e67", ] } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.113.0" + version = "4.14.0" constraints = ">= 3.110.0" hashes = [ - "h1:eEUtt0lrLdpVaF6FiDq8BGQPgEcykmhj0aNIL7hTOGw=", - "zh:12479f5664288943400447b55e50df675c28ae82ad8d373cc2e5682f3a3411f0", - "zh:1b42a14e80e568429d3b55fed753ca3ef0df9dcdfa107890d7264599c020940f", - "zh:381be6ca617f848de3baa3985a6e1788e91a803afe04a3c5c727453528b6310d", - "zh:3e70e2e07b6db1c363de3e5d0ca47f27fc956473df03329c7d2e54d3ac29176b", - "zh:87c7633aeaa828098c6055da9e67d4acaf4b46748b6b3f0267e105e55f05de25", - "zh:8d0d98226901f874770dd5220d4701a12ae8bd586994615aa7dcba12b9736bec", - "zh:9fd913acd42a60c3a90a18ce803567ef861db8779a59aacced91f2cbd86de9d9", - "zh:b6f3f7ae0a055437fb36c139af9bb3135e7f4dad172157ae1eb0177dc74d703f", - "zh:b927027ba2bf40d34e03d742fd2b6c5299023b5ab8e6f05e50aac76a46ad1094", - "zh:ceb5187b9d2a439f4e48944f3ffeeeaf47a03dbe6f3325ea1775bf659ce0aa88", + "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", + "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", + "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", + "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", + "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", + "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", + "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", + "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", + "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", + "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", + "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fb9d78dfeca7489bffca9b1a1f3abee7f16dbbcba31388aea1102062c1d6dce8", + "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", ] } provider "registry.terraform.io/hashicorp/local" { - version = "2.5.1" + version = "2.5.2" hashes = [ - "h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=", - "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561", - "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561", - "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5", - "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24", - "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667", - "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8", - "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635", + "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=", + "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", + "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", + "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0", + "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b", + "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038", + "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0", - "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867", - "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4", - "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520", + "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4", + "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464", + "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b", + "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e", + "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1", ] } diff --git a/terraform/subscriptions/s941/dev/common/main.tf b/terraform/subscriptions/s941/dev/common/main.tf index ae7723cd8..f221337f1 100644 --- a/terraform/subscriptions/s941/dev/common/main.tf +++ b/terraform/subscriptions/s941/dev/common/main.tf @@ -82,7 +82,6 @@ module "acr" { subnet_id = data.azurerm_subnet.this.id dockercredentials_id = "/subscriptions/${module.config.subscription}/resourceGroups/${module.config.common_resource_group}/providers/Microsoft.ContainerRegistry/registries/radix${module.config.environment}cache/credentialSets/radix-service-account-docker" radix_cr_cicd = module.radix-cr-cicd.azuread_service_principal_id - radix_cr_reader = module.radix-cr-reader.azuread_service_principal_id } module "radix-id-acr-workflows" { @@ -236,18 +235,6 @@ module "radix-cr-cicd" { } } -module "radix-cr-reader" { - source = "../../../modules/app_registration" - display_name = "radix-cr-reader-${module.config.environment}" - service_id = "110327" - owners = keys(jsondecode(data.azurerm_key_vault_secret.radixowners.value)) - expose_API = true - implicit_grant = { - access_token_issuance_enabled = false - id_token_issuance_enabled = true - } -} - output "workspace_id" { value = module.loganalytics.workspace_id } diff --git a/terraform/subscriptions/s941/playground/common/main.tf b/terraform/subscriptions/s941/playground/common/main.tf index a52f4f99a..546553085 100644 --- a/terraform/subscriptions/s941/playground/common/main.tf +++ b/terraform/subscriptions/s941/playground/common/main.tf @@ -77,7 +77,6 @@ module "acr" { subnet_id = data.azurerm_subnet.this.id dockercredentials_id = "/subscriptions/${module.config.subscription}/resourceGroups/${module.config.common_resource_group}/providers/Microsoft.ContainerRegistry/registries/radix${module.config.environment}cache/credentialSets/radix-service-account-docker" radix_cr_cicd = module.radix-cr-cicd.azuread_service_principal_id - radix_cr_reader = module.radix-cr-reader.azuread_service_principal_id } module "radix-id-acr-workflows" { @@ -227,18 +226,6 @@ module "radix-cr-cicd" { } } -module "radix-cr-reader" { - source = "../../../modules/app_registration" - display_name = "radix-cr-reader-${module.config.environment}" - service_id = "110327" - owners = keys(jsondecode(data.azurerm_key_vault_secret.radixowners.value)) - expose_API = true - implicit_grant = { - access_token_issuance_enabled = false - id_token_issuance_enabled = true - } -} - output "workspace_id" { value = module.loganalytics.workspace_id }