Remove some bootstrap script (#1424)

Co-authored-by: Automatic Update <radix@statoilsrm.onmicrosoft.com>

scripts/radix-zone/base-infrastructure/bootstrap.sh

@@ -193,56 +193,11 @@ if [[ $USER_PROMPT == true ]]; then
 fi
 
 
-#######################################################################################
-### App registration permissions
-###
-
-function update_app_registrations(){
-    update_app_registration_permissions="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../../update_app_registration_permissions.sh"
-    if [[ ! -f "$update_app_registration_permissions" ]]; then
-        echo "ERROR: The dependency LIB_SERVICE_PRINCIPAL_PATH=$update_app_registration_permissions is invalid, the file does not exist." >&2
-        exit 1
-    fi
-}
-
-#######################################################################################
-### Resource groups
-###
-
-# function create_resource_groups() {
-#     printf "Creating all resource groups..."
-#     az group create \
-#         --location "${AZ_RADIX_ZONE_LOCATION}" \
-#         --name "${AZ_RESOURCE_GROUP_CLUSTERS}" \
-#         --subscription "${AZ_SUBSCRIPTION_ID}" \
-#         --output none
-
-#     az group create \
-#         --location "${AZ_RADIX_ZONE_LOCATION}" \
-#         --name "${AZ_RESOURCE_GROUP_COMMON}" \
-#         --subscription "${AZ_SUBSCRIPTION_ID}" \
-#         --output none
-
-#     az group create \
-#         --location "${AZ_RADIX_ZONE_LOCATION}" \
-#         --name "${AZ_RESOURCE_GROUP_MONITORING}" \
-#         --subscription "${AZ_SUBSCRIPTION_ID}" \
-#         --output none
-# }
-
 #######################################################################################
 ### Common resources
 ###
 
 function create_common_resources() {
-    printf "Creating key vault: %s...\n" "${AZ_RESOURCE_KEYVAULT}"
-    az keyvault create \
-        --name "${AZ_RESOURCE_KEYVAULT}" \
-        --resource-group "${AZ_RESOURCE_GROUP_COMMON}" \
-        --subscription "${AZ_SUBSCRIPTION_ID}" \
-        --enable-purge-protection \
-        --output none
-    printf "...Done\n"
 
     printf "Set access policy for group \"Radix Platform Operators\" in key vault: %s...\n" "${AZ_RESOURCE_KEYVAULT}"
     az keyvault set-policy \
@@ -541,8 +496,6 @@ function update_app_registration() {
 ### MAIN
 ###
 
-update_app_registrations
-# create_resource_groups
 create_common_resources
 create_outbound_public_ip_prefix
 create_inbound_public_ip_prefix

terraform/subscriptions/modules/key-vault/main.tf

@@ -1,3 +1,8 @@
+data "azuread_group" "this" {
+  display_name     = "Radix Platform Operators"
+  security_enabled = true
+}
+
 resource "azurerm_key_vault" "this" {
   name                = var.vault_name
   location            = var.location
@@ -25,6 +30,23 @@ data "azurerm_subnet" "subnet" {
   virtual_network_name = var.virtual_network
   resource_group_name  = var.vnet_resource_group
 }
+
+resource "azurerm_key_vault_access_policy" "this" {
+  for_each = var.enable_rbac_authorization == false ? { "${var.vault_name}" : true } : {}
+  key_vault_id = azurerm_key_vault.this.id
+  tenant_id    = var.tenant_id
+  object_id    = data.azuread_group.this.object_id
+  certificate_permissions = [
+    "Get", "List", "Update", "Create", "Import", "Delete", "Recover", "Backup", "Restore", "ManageContacts", "ManageIssuers", "GetIssuers", "ListIssuers", "SetIssuers", "DeleteIssuers"
+  ]
+  key_permissions = [
+    "Get", "List", "Update", "Create", "Import", "Delete", "Recover", "Backup", "Restore"
+  ]
+  secret_permissions = [
+    "Get", "List", "Set", "Delete", "Recover", "Backup", "Restore"
+  ]
+}
+
 resource "azurerm_private_endpoint" "this" {
   name                = "pe-${var.vault_name}"
   location            = var.location