diff --git a/bootstrap/helm/cluster-api-provider-azure/values.yaml.tpl b/bootstrap/helm/cluster-api-provider-azure/values.yaml.tpl index d2e586964..e688b83aa 100644 --- a/bootstrap/helm/cluster-api-provider-azure/values.yaml.tpl +++ b/bootstrap/helm/cluster-api-provider-azure/values.yaml.tpl @@ -2,4 +2,4 @@ cluster-api-provider-azure: asoControllerSettings: azureSubscriptionId: {{ .Context.SubscriptionId }} azureTenantId: {{ .Context.TenantId }} - azureClientId: {{ importValue "Terraform" "aso_assigned_identity_client_id" }} \ No newline at end of file + azureClientId: {{ importValue "Terraform" "capz_assigned_identity_client_id" }} \ No newline at end of file diff --git a/bootstrap/terraform/azure-bootstrap/deps.yaml b/bootstrap/terraform/azure-bootstrap/deps.yaml index 323657a80..321dde70a 100644 --- a/bootstrap/terraform/azure-bootstrap/deps.yaml +++ b/bootstrap/terraform/azure-bootstrap/deps.yaml @@ -17,7 +17,6 @@ spec: kubelet_msi_id: kubelet_msi_id node_resource_group: node_resource_group capz_assigned_identity_client_id: capz_assigned_identity_client_id - aso_assigned_identity_client_id: aso_assigned_identity_client_id provider_wirings: cluster: module.azure-bootstrap.cluster provider_vsn: "0.1.4" diff --git a/bootstrap/terraform/azure-bootstrap/main.tf b/bootstrap/terraform/azure-bootstrap/main.tf index d2945cd1d..c354bb632 100644 --- a/bootstrap/terraform/azure-bootstrap/main.tf +++ b/bootstrap/terraform/azure-bootstrap/main.tf @@ -180,14 +180,8 @@ resource "azurerm_user_assigned_identity" "capz" { resource_group_name = data.azurerm_resource_group.group.name } -resource "azurerm_role_assignment" "rg-contributor" { - scope = data.azurerm_resource_group.group.id - role_definition_name = "Contributor" - principal_id = azurerm_user_assigned_identity.capz.principal_id -} - -resource "azurerm_role_assignment" "node-rg-contributor" { - scope = data.azurerm_resource_group.node_group.id +resource "azurerm_role_assignment" "capz-sub-contributor" { + scope = data.azurerm_subscription.sub.id role_definition_name = "Contributor" principal_id = azurerm_user_assigned_identity.capz.principal_id } @@ -201,24 +195,12 @@ resource "azurerm_federated_identity_credential" "capz" { subject = "system:serviceaccount:${var.namespace}:bootstrap-capz-capz-manager" } -resource "azurerm_user_assigned_identity" "aso" { - location = data.azurerm_resource_group.group.location - name = "${var.name}-capz-aso" - resource_group_name = data.azurerm_resource_group.group.name -} - -resource "azurerm_role_assignment" "aso-sub-contributor" { - scope = data.azurerm_subscription.sub.id - role_definition_name = "Contributor" - principal_id = azurerm_user_assigned_identity.aso.principal_id -} - resource "azurerm_federated_identity_credential" "aso" { name = "${var.name}-aso-federated-identity" resource_group_name = data.azurerm_resource_group.group.name audience = ["api://AzureADTokenExchange"] issuer = var.cluster_api ? one(data.azurerm_kubernetes_cluster.cluster[*].oidc_issuer_url) : one(module.aks[*].oidc_issuer_url) - parent_id = azurerm_user_assigned_identity.aso.id + parent_id = azurerm_user_assigned_identity.capz.id subject = "system:serviceaccount:${var.namespace}:bootstrap-capz-aso-default" } diff --git a/bootstrap/terraform/azure-bootstrap/outputs.tf b/bootstrap/terraform/azure-bootstrap/outputs.tf index b2e16e4f0..dd327d132 100644 --- a/bootstrap/terraform/azure-bootstrap/outputs.tf +++ b/bootstrap/terraform/azure-bootstrap/outputs.tf @@ -32,6 +32,3 @@ output "capz_assigned_identity_client_id" { value = azurerm_user_assigned_identity.capz.client_id } -output "aso_assigned_identity_client_id" { - value = azurerm_user_assigned_identity.aso.client_id -}