From 0ff15f49d83814fde87905062c674ead48bde7e5 Mon Sep 17 00:00:00 2001
From: Simon Gottschlag <simon.gottschlag@xenit.se>
Date: Thu, 11 Mar 2021 14:33:37 +0100
Subject: [PATCH] Fix duplicate acr membership

---
 modules/azure/governance-regional/README.md   |  2 --
 .../azure/governance-regional/delegate-acr.tf | 21 -------------------
 .../azure/governance-regional/variables.tf    | 13 ------------
 3 files changed, 36 deletions(-)
 delete mode 100644 modules/azure/governance-regional/delegate-acr.tf

diff --git a/modules/azure/governance-regional/README.md b/modules/azure/governance-regional/README.md
index 6d1a613c7..e0399a46e 100644
--- a/modules/azure/governance-regional/README.md
+++ b/modules/azure/governance-regional/README.md
@@ -49,10 +49,8 @@ No Modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| aks\_group\_name\_prefix | Prefix for AKS Azure AD groups | `string` | `"aks"` | no |
 | azure\_ad\_group\_prefix | Prefix for Azure AD Groupss | `string` | `"az"` | no |
 | core\_name | The commonName for the core infra | `string` | n/a | yes |
-| delegate\_acr | Should Azure Container Registry delegation be configured? | `bool` | `true` | no |
 | environment | The environment name to use for the deploy | `string` | n/a | yes |
 | group\_name\_separator | Separator for group names | `string` | `"-"` | no |
 | location | The location for the subscription | `string` | n/a | yes |
diff --git a/modules/azure/governance-regional/delegate-acr.tf b/modules/azure/governance-regional/delegate-acr.tf
deleted file mode 100644
index 5d4b8847d..000000000
--- a/modules/azure/governance-regional/delegate-acr.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-data "azuread_group" "acr_push" {
-  for_each = {
-    for s in ["delegate_acr"] :
-    s => s
-    if var.delegate_acr
-  }
-
-  display_name = "${var.aks_group_name_prefix}${var.group_name_separator}${var.subscription_name}${var.group_name_separator}${var.environment}${var.group_name_separator}acrpush"
-}
-
-resource "azuread_group_member" "acr_spn" {
-  for_each = {
-    for rg in var.resource_group_configs :
-    rg.common_name => rg
-    if rg.delegate_aks == true && var.delegate_acr
-  }
-
-  group_object_id  = data.azuread_group.acr_push["delegate_acr"].id
-  member_object_id = data.azuread_service_principal.aad_sp[each.key].object_id
-}
-
diff --git a/modules/azure/governance-regional/variables.tf b/modules/azure/governance-regional/variables.tf
index 8a4f8fc83..577eaba56 100644
--- a/modules/azure/governance-regional/variables.tf
+++ b/modules/azure/governance-regional/variables.tf
@@ -67,21 +67,8 @@ variable "service_principal_name_prefix" {
   default     = "sp"
 }
 
-variable "aks_group_name_prefix" {
-  description = "Prefix for AKS Azure AD groups"
-  type        = string
-  default     = "aks"
-}
-
 variable "partner_id" {
   description = "Azure partner id to link service principal with"
   type        = string
   default     = ""
 }
-
-variable "delegate_acr" {
-  description = "Should Azure Container Registry delegation be configured?"
-  type        = bool
-  default     = true
-}
-