chore: remove service principal

meshcloud · Mar 6, 2024 · 05767d9 · 05767d9
1 parent 64a1062
commit 05767d9
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 28 deletions.
diff --git a/kit/azure/bootstrap/README.md b/kit/azure/bootstrap/README.md
@@ -104,11 +104,10 @@ collie foundation deploy --bootstrap -- destroy
 | <a name="input_aad_tenant_id"></a> [aad\_tenant\_id](#input\_aad\_tenant\_id) | Id of the AAD Tenant. This is also the simultaneously the id of the root management group. | `string` | n/a | yes |
 | <a name="input_platform_engineers_group"></a> [platform\_engineers\_group](#input\_platform\_engineers\_group) | the name of the cloud foundation platform engineers group | `string` | `"cloudfoundation-platform-engineers"` | no |
 | <a name="input_platform_engineers_members"></a> [platform\_engineers\_members](#input\_platform\_engineers\_members) | Set up a group of platform engineers. If enabled, this group will receive access to terraform\_state\_storage | <pre>list(object({<br>    email = string,<br>    upn   = string,<br>  }))</pre> | n/a | yes |
-| <a name="input_service_principal_name"></a> [service\_principal\_name](#input\_service\_principal\_name) | name of the Service Principal used to perform all deployments in this platform | `string` | `null` | no |
 | <a name="input_terraform_state_storage"></a> [terraform\_state\_storage](#input\_terraform\_state\_storage) | Configure this object to enable setting up a terraform state store in Azure Storage. | <pre>object({<br>    location         = string,<br>    name             = string,<br>    config_file_path = string<br>  })</pre> | `null` | no |
 | <a name="input_uami_documentation_issuer"></a> [uami\_documentation\_issuer](#input\_uami\_documentation\_issuer) | Specifies the subject for this Federated Identity Credential, for example a github action pipeline | `string` | `"https://token.actions.githubusercontent.com"` | no |
 | <a name="input_uami_documentation_name"></a> [uami\_documentation\_name](#input\_uami\_documentation\_name) | name of the Service Principal used to perform documentation and validation tasks | `string` | `"cloudfoundation_tf_docs_user"` | no |
-| <a name="input_uami_documentation_spn"></a> [uami\_documentation\_spn](#input\_uami\_documentation\_spn) | here you can activate a read-only user for the states to host the documentation or activate a drift detection pipeline | `bool` | `false` | no |
+| <a name="input_uami_documentation_spn"></a> [uami\_documentation\_spn](#input\_uami\_documentation\_spn) | read-only user for the states to host the documentation or activate a drift detection pipeline | `bool` | `false` | no |
 | <a name="input_uami_documentation_subject"></a> [uami\_documentation\_subject](#input\_uami\_documentation\_subject) | Specifies the subject for this Federated Identity Credential, for example a github action pipeline | `string` | n/a | yes |
 
 ## Outputs

diff --git a/kit/azure/logging/README.md b/kit/azure/logging/README.md
@@ -62,13 +62,11 @@ AzureActivity
 | [azurerm_log_analytics_workspace.law](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource |
 | [azurerm_management_group_subscription_association.logging](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_subscription_association) | resource |
 | [azurerm_resource_group.law_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
-| [azurerm_role_assignment.cloudfoundation_tfdeploy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.logging](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.security_admins](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.security_admins_law](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.security_auditors](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.security_auditors_law](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
-| [azurerm_role_definition.cloudfoundation_tfdeploy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition) | resource |
 | [azurerm_subscription.logging](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription) | resource |
 | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
 
@@ -77,7 +75,6 @@ AzureActivity
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cloudfoundation"></a> [cloudfoundation](#input\_cloudfoundation) | this is the name of your cloud foundation | `string` | n/a | yes |
-| <a name="input_cloudfoundation_deploy_principal_id"></a> [cloudfoundation\_deploy\_principal\_id](#input\_cloudfoundation\_deploy\_principal\_id) | service principal id | `string` | n/a | yes |
 | <a name="input_location"></a> [location](#input\_location) | location of the resources created for logging | `string` | n/a | yes |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | amount of time of log retention | `number` | `30` | no |
 | <a name="input_logging_subscription_name"></a> [logging\_subscription\_name](#input\_logging\_subscription\_name) | Name of your logging subscription | `string` | `"logging"` | no |
@@ -91,6 +88,10 @@ AzureActivity
 | Name | Description |
 |------|-------------|
 | <a name="output_documentation_md"></a> [documentation\_md](#output\_documentation\_md) | n/a |
+| <a name="output_law_workspace_id"></a> [law\_workspace\_id](#output\_law\_workspace\_id) | n/a |
+| <a name="output_law_workspace_id_short"></a> [law\_workspace\_id\_short](#output\_law\_workspace\_id\_short) | n/a |
+| <a name="output_law_workspace_resource_id"></a> [law\_workspace\_resource\_id](#output\_law\_workspace\_resource\_id) | n/a |
+| <a name="output_logging_subscription"></a> [logging\_subscription](#output\_logging\_subscription) | n/a |
 | <a name="output_security_admins_azuread_group_id"></a> [security\_admins\_azuread\_group\_id](#output\_security\_admins\_azuread\_group\_id) | n/a |
 | <a name="output_security_auditors_azuread_group_id"></a> [security\_auditors\_azuread\_group\_id](#output\_security\_auditors\_azuread\_group\_id) | n/a |
 <!-- END_TF_DOCS -->
diff --git a/kit/azure/networking/README.md b/kit/azure/networking/README.md
@@ -52,14 +52,8 @@ No modules.
 | [azurerm_public_ip_prefix.fw](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip_prefix) | resource |
 | [azurerm_resource_group.hub_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.netwatcher](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
-| [azurerm_role_assignment.cloudfoundation_tfdeploy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
-| [azurerm_role_assignment.cloudfoundation_tfdeploy_lz](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.network_admins](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.network_admins_dns](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
-| [azurerm_role_assignment.network_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
-| [azurerm_role_assignment.network_contributor_lz](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
-| [azurerm_role_definition.cloudfoundation_tfdeploy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition) | resource |
-| [azurerm_role_definition.cloudfoundation_tfdeploy_lz](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition) | resource |
 | [azurerm_route.fw](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route) | resource |
 | [azurerm_route_table.out](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table) | resource |
 | [azurerm_storage_account.flowlogs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
@@ -86,7 +80,6 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_address_space"></a> [address\_space](#input\_address\_space) | List of address spaces for virtual networks | `string` | n/a | yes |
 | <a name="input_cloudfoundation"></a> [cloudfoundation](#input\_cloudfoundation) | Name of your cloud foundation | `string` | n/a | yes |
-| <a name="input_cloudfoundation_deploy_principal_id"></a> [cloudfoundation\_deploy\_principal\_id](#input\_cloudfoundation\_deploy\_principal\_id) | Principal ID authorized for deploying Cloud Foundation resources | `string` | n/a | yes |
 | <a name="input_connectivity_scope"></a> [connectivity\_scope](#input\_connectivity\_scope) | Identifier for the management group connectivity | `string` | n/a | yes |
 | <a name="input_create_ddos_plan"></a> [create\_ddos\_plan](#input\_create\_ddos\_plan) | Create a DDos protection plan and attach it to the virtual network. | `bool` | `false` | no |
 | <a name="input_deploy_firewall"></a> [deploy\_firewall](#input\_deploy\_firewall) | Toggle to deploy or bypass the firewall. | `bool` | `false` | no |
@@ -96,12 +89,10 @@ No modules.
 | <a name="input_firewall_network_rules"></a> [firewall\_network\_rules](#input\_firewall\_network\_rules) | List of network rules to apply to the firewall. | <pre>list(object({<br>    name                  = string<br>    action                = string<br>    source_addresses      = list(string)<br>    destination_ports     = list(string)<br>    destination_addresses = list(string)<br>    protocols             = list(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_firewall_sku_tier"></a> [firewall\_sku\_tier](#input\_firewall\_sku\_tier) | Specify the tier for the firewall, choosing from options like Basic or Standard, Premium. | `string` | `"Basic"` | no |
 | <a name="input_firewall_zones"></a> [firewall\_zones](#input\_firewall\_zones) | Collection of availability zones to distribute the Firewall across. | `list(string)` | `null` | no |
-| <a name="input_hub_networking_deploy"></a> [hub\_networking\_deploy](#input\_hub\_networking\_deploy) | Service Principal responsible for deploying the central hub networking | `string` | `"cloudfoundation_hub_network_deploy_user"` | no |
 | <a name="input_hub_resource_group"></a> [hub\_resource\_group](#input\_hub\_resource\_group) | Name of the central hub resource group | `string` | `"hub-vnet-rg"` | no |
 | <a name="input_hub_vnet_name"></a> [hub\_vnet\_name](#input\_hub\_vnet\_name) | Name of the central virtual network | `string` | `"hub-vnet"` | no |
 | <a name="input_landingzone_scope"></a> [landingzone\_scope](#input\_landingzone\_scope) | Identifier for the management group landinzone | `string` | n/a | yes |
 | <a name="input_location"></a> [location](#input\_location) | Region for resource deployment | `string` | n/a | yes |
-| <a name="input_lz_networking_deploy"></a> [lz\_networking\_deploy](#input\_lz\_networking\_deploy) | Service Principal responsible for deploying the landing zone networking | `string` | `"cloudfoundation_lz_network_deploy_user"` | no |
 | <a name="input_management_nsg_rules"></a> [management\_nsg\_rules](#input\_management\_nsg\_rules) | Network security rules to add to the management subnet. Refer to README for setup details. | `list(any)` | `[]` | no |
 | <a name="input_netwatcher"></a> [netwatcher](#input\_netwatcher) | Properties for creating network watcher. If set, it creates a Network Watcher resource using standard naming conventions. | <pre>object({<br>    log_analytics_workspace_id       = string<br>    log_analytics_workspace_id_short = string<br>    log_analytics_resource_id        = string<br>  })</pre> | `null` | no |
 | <a name="input_network_admin_group"></a> [network\_admin\_group](#input\_network\_admin\_group) | Name of the Cloud Foundation network administration group | `string` | `"cloudfoundation-network-admins"` | no |

diff --git a/kit/azure/networking/template/platform-module/terragrunt.hcl b/kit/azure/networking/template/platform-module/terragrunt.hcl
@@ -43,14 +43,13 @@ EOF
 
 inputs = {
   # todo: set input variables
-  scope                               = "${dependency.organization-hierarchy.outputs.landingzones_id}"
-  scope_network_admin                 = "${dependency.organization-hierarchy.outputs.parent_id}"
-  cloudfoundation                     = "${include.platform.locals.cloudfoundation.name}"
-  cloudfoundation_deploy_principal_id = "${dependency.bootstrap.outputs.client_principal_id}"
-  parent_management_group_id          = "${dependency.organization-hierarchy.outputs.connectivity_id}"
-  address_space                       = "10.0.0.0/16"
-  location                            = "germanywestcentral"
-  hub_resource_group                  = "hub-vnet-rg"
+  scope                      = "${dependency.organization-hierarchy.outputs.landingzones_id}"
+  scope_network_admin        = "${dependency.organization-hierarchy.outputs.parent_id}"
+  cloudfoundation            = "${include.platform.locals.cloudfoundation.name}"
+  parent_management_group_id = "${dependency.organization-hierarchy.outputs.connectivity_id}"
+  address_space              = "10.0.0.0/16"
+  location                   = "germanywestcentral"
+  hub_resource_group         = "hub-vnet-rg"
   diagnostics = {
     destination = "${dependency.logging.outputs.law_workspace_id}"
     logs        = ["all"]

diff --git a/kit/azure/networking/variables.tf b/kit/azure/networking/variables.tf
@@ -1,4 +1,3 @@
-
 variable "connectivity_scope" {
   type        = string
   description = "Identifier for the management group connectivity"
@@ -15,11 +14,6 @@ variable "cloudfoundation" {
   description = "Name of your cloud foundation"
 }
 
-variable "cloudfoundation_deploy_principal_id" {
-  type        = string
-  description = "Principal ID authorized for deploying Cloud Foundation resources"
-}
-
 variable "location" {
   type        = string
   description = "Region for resource deployment"