Issue #3: Remove adgroup creation since we have insufficient privileg…

…es with current service principal

terraform/modules/azure-kubernetes-cluster/accounts.tf

@@ -5,24 +5,24 @@ resource "azurerm_role_assignment" "admin" {
   principal_id         = each.value
 }
 
-resource "azurerm_role_assignment" "namespace-groups" {
-  for_each             = toset(var.ad_groups)
-  scope                = azurerm_kubernetes_cluster.k8s.id
-  role_definition_name = "Azure Kubernetes Service Cluster User Role"
-  principal_id         = azuread_group.groups[each.value].id
-}
+# resource "azurerm_role_assignment" "namespace-groups" {
+#   for_each             = toset(var.ad_groups)
+#   scope                = azurerm_kubernetes_cluster.k8s.id
+#   role_definition_name = "Azure Kubernetes Service Cluster User Role"
+#   principal_id         = azuread_group.groups[each.value].id
+# }
 
-data "azuread_client_config" "current" {}
+# data "azuread_client_config" "current" {}
 
-data "azuread_user" "users" {
-  for_each            = toset(var.ad_members)
-  user_principal_name = each.value
-}
+# data "azuread_user" "users" {
+#   for_each            = toset(var.ad_members)
+#   user_principal_name = each.value
+# }
 
-resource "azuread_group" "groups" {
-  display_name     = each.value
-  for_each         = toset(var.ad_groups)
-  owners           = [data.azuread_client_config.current.object_id]
-  security_enabled = true
-  members          = [for user in var.ad_members : data.azuread_user.users[user].object_id]
-}
+# resource "azuread_group" "groups" {
+#   display_name     = each.value
+#   for_each         = toset(var.ad_groups)
+#   owners           = [data.azuread_client_config.current.object_id]
+#   security_enabled = true
+#   members          = [for user in var.ad_members : data.azuread_user.users[user].object_id]
+# }

terraform/modules/azure-kubernetes-cluster/variables.tf

@@ -158,12 +158,12 @@ variable "aks_admin_group_object_ids" {
   type        = list(string)
 }
 
-variable "ad_groups" {
-  description = "ad groups to be used in aks rolebindings"
-  type        = list(string)
-}
-
-variable "ad_members" {
-  description = "ad members to be added to ad_groups"
-  type        = list(string)
-}
+# variable "ad_groups" {
+#   description = "ad groups to be used in aks rolebindings"
+#   type        = list(string)
+# }
+
+# variable "ad_members" {
+#   description = "ad members to be added to ad_groups"
+#   type        = list(string)
+# }

terraform/staging/variables.tf

@@ -143,12 +143,12 @@ variable "aks_admin_group_object_ids" {
   type        = list(string)
 }
 
-variable "ad_groups" {
-  description = "ad groups to be used in aks rolebindings"
-  type        = list(string)
-}
+# variable "ad_groups" {
+#   description = "ad groups to be used in aks rolebindings"
+#   type        = list(string)
+# }
 
-variable "ad_members" {
-  description = "ad members to be added to ad groups"
-  type        = list(string)
-}
+# variable "ad_members" {
+#   description = "ad members to be added to ad groups"
+#   type        = list(string)
+# }