fixup! wip: basic test for peerpods

don't create app
edgelesssys · Nov 12, 2024 · 1c09644 · 1c09644
1 parent 7cbf7db
commit 1c09644
Showing 1 changed file with 5 additions and 30 deletions.
diff --git a/infra/azure-peerpods/main.tf b/infra/azure-peerpods/main.tf
@@ -40,45 +40,20 @@ data "azurerm_resource_group" "rg" {
   name = "${var.resource_group}"
 }
 
-resource "azuread_application" "app" {
-  display_name = local.name
-  owners       = [data.azuread_client_config.current.object_id]
-}
-
-resource "azuread_service_principal" "sp" {
-  client_id                    = azuread_application.app.client_id
-  app_role_assignment_required = false
-  owners                       = [data.azuread_client_config.current.object_id]
-}
-
-resource "azurerm_role_assignment" "ra_vm_contributor" {
-  scope                = data.azurerm_resource_group.rg.id
-  role_definition_name = "Virtual Machine Contributor"
-  principal_id         = azuread_service_principal.sp.object_id
-}
-
-resource "azurerm_role_assignment" "ra_reader" {
-  scope                = data.azurerm_resource_group.rg.id
-  role_definition_name = "Reader"
-  principal_id         = azuread_service_principal.sp.object_id
-}
-
-resource "azurerm_role_assignment" "ra_network_contributor" {
-  scope                = data.azurerm_resource_group.rg.id
-  role_definition_name = "Network Contributor"
-  principal_id         = azuread_service_principal.sp.object_id
+data "azuread_application" "app" {
+  display_name = "contrast-peerpod-ci"
 }
 
 resource "azuread_application_federated_identity_credential" "federated_credentials" {
   display_name   = local.name
-  application_id = azuread_application.app.id
+  application_id = data.azuread_application.app.id
   issuer         = azurerm_kubernetes_cluster.cluster.oidc_issuer_url
   subject        = "system:serviceaccount:confidential-containers-system:cloud-api-adaptor"
   audiences      = ["api://AzureADTokenExchange"]
 }
 
 resource "azuread_application_password" "cred" {
-  application_id = azuread_application.app.id
+  application_id = data.azuread_application.app.id
 }
 
 resource "azurerm_virtual_network" "main" {
@@ -149,7 +124,7 @@ metadata:
   name: cloud-api-adaptor
   namespace: confidential-containers-system
   annotations:
-    azure.workload.identity/client-id: ${azuread_application.app.client_id}
+    azure.workload.identity/client-id: ${data.azuread_application.app.client_id}
 EOF
 }