DOM-54279 Remove AD groups (#53)

dominodatalab · Apr 11, 2024 · 77de1bd · 77de1bd
1 parent 4db724e
commit 77de1bd
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 45 deletions.
diff --git a/modules/flyte/README.md b/modules/flyte/README.md
@@ -4,14 +4,12 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
-| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | ~> 2.0 |
 | <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.45 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azuread"></a> [azuread](#provider\_azuread) | ~> 2.0 |
 | <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 3.45 |
 
 ## Modules
@@ -22,12 +20,10 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [azuread_group.flyte_data](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group) | resource |
-| [azuread_group.flyte_metadata](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group) | resource |
-| [azuread_group.flyte_sas](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group) | resource |
 | [azurerm_federated_identity_credential.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/federated_identity_credential) | resource |
 | [azurerm_role_assignment.flyte_data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
-| [azurerm_role_assignment.flyte_metadata](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.flyte_metadata_controlplane](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.flyte_metadata_dataplane](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.flyte_sas](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_definition.flyte_data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition) | resource |
 | [azurerm_role_definition.flyte_metadata](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition) | resource |

diff --git a/modules/flyte/groups.tf b/modules/flyte/groups.tf
diff --git a/modules/flyte/roles.tf b/modules/flyte/roles.tf
@@ -37,20 +37,26 @@ resource "azurerm_role_definition" "flyte_sas" {
   }
 }
 
-resource "azurerm_role_assignment" "flyte_metadata" {
+resource "azurerm_role_assignment" "flyte_metadata_controlplane" {
   scope              = azurerm_storage_container.flyte_metadata.resource_manager_id
   role_definition_id = azurerm_role_definition.flyte_metadata.role_definition_resource_id
-  principal_id       = azuread_group.flyte_metadata.object_id
+  principal_id       = azurerm_user_assigned_identity.flyte_controlplane.principal_id
+}
+
+resource "azurerm_role_assignment" "flyte_metadata_dataplane" {
+  scope              = azurerm_storage_container.flyte_metadata.resource_manager_id
+  role_definition_id = azurerm_role_definition.flyte_metadata.role_definition_resource_id
+  principal_id       = azurerm_user_assigned_identity.flyte_dataplane.principal_id
 }
 
 resource "azurerm_role_assignment" "flyte_data" {
   scope              = azurerm_storage_container.flyte_data.resource_manager_id
   role_definition_id = azurerm_role_definition.flyte_data.role_definition_resource_id
-  principal_id       = azuread_group.flyte_data.object_id
+  principal_id       = azurerm_user_assigned_identity.flyte_dataplane.principal_id
 }
 
 resource "azurerm_role_assignment" "flyte_sas" {
   scope              = azurerm_storage_account.flyte.id
   role_definition_id = azurerm_role_definition.flyte_sas.role_definition_resource_id
-  principal_id       = azuread_group.flyte_sas.object_id
+  principal_id       = azurerm_user_assigned_identity.flyte_dataplane.principal_id
 }
diff --git a/modules/flyte/tests/README.md b/modules/flyte/tests/README.md
@@ -6,7 +6,6 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
-| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | ~> 2.0 |
 | <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.45 |
 
 ## Providers

diff --git a/modules/flyte/tests/versions.tf b/modules/flyte/tests/versions.tf
@@ -2,11 +2,6 @@ terraform {
   required_version = ">= 1.3.0"
 
   required_providers {
-    azuread = {
-      source  = "hashicorp/azuread"
-      version = "~> 2.0"
-    }
-
     azurerm = {
       source  = "hashicorp/azurerm"
       version = "~> 3.45"

diff --git a/modules/flyte/versions.tf b/modules/flyte/versions.tf
@@ -2,11 +2,6 @@ terraform {
   required_version = ">= 1.3.0"
 
   required_providers {
-    azuread = {
-      source  = "hashicorp/azuread"
-      version = "~> 2.0"
-    }
-
     azurerm = {
       source  = "hashicorp/azurerm"
       version = "~> 3.45"