Jobs no longer need their own managed identity because the image sour…

…ce is fixed
tinglesoftware · Sep 14, 2023 · 6a1f15e · 6a1f15e
1 parent aacbed0
commit 6a1f15e
Show file tree

Hide file tree

Showing 6 changed files with 1 addition and 37 deletions.
diff --git a/server/Tingle.Dependabot/Workflow/UpdateRunner.cs b/server/Tingle.Dependabot/Workflow/UpdateRunner.cs
@@ -74,18 +74,8 @@ public async Task CreateAsync(Repository repository, RepositoryUpdate update, Up
         {
             RestartPolicy = ContainerGroupRestartPolicy.Never, // should run to completion without restarts
             DiagnosticsLogAnalytics = new ContainerGroupLogAnalytics(options.LogAnalyticsWorkspaceId, options.LogAnalyticsWorkspaceKey),
-            Identity = new Azure.ResourceManager.Models.ManagedServiceIdentity(Azure.ResourceManager.Models.ManagedServiceIdentityType.UserAssigned)
-            {
-                UserAssignedIdentities = { [new(options.ManagedIdentityId!)] = new() { /*ttk bug*/} },
-            },
         };
 
-        // add credentials for pulling image(s) from azure container registry
-        if (TryGetAzureContainerRegistry(image, out var registry))
-        {
-            data.ImageRegistryCredentials.Add(new ContainerGroupImageRegistryCredential(registry) { Identity = options.ManagedIdentityId, });
-        }
-
         // add volumes
         data.Volumes.Add(new ContainerVolume(volumeName)
         {

diff --git a/server/Tingle.Dependabot/Workflow/WorkflowConfigureOptions.cs b/server/Tingle.Dependabot/Workflow/WorkflowConfigureOptions.cs
@@ -58,11 +58,6 @@ public ValidateOptionsResult Validate(string? name, WorkflowOptions options)
             return ValidateOptionsResult.Fail($"'{nameof(options.UpdaterContainerImageTemplate)}' cannot be null or whitespace");
         }
 
-        if (string.IsNullOrWhiteSpace(options.ManagedIdentityId))
-        {
-            return ValidateOptionsResult.Fail($"'{nameof(options.ManagedIdentityId)}' cannot be null or whitespace");
-        }
-
         if (string.IsNullOrWhiteSpace(options.WorkingDirectory))
         {
             return ValidateOptionsResult.Fail($"'{nameof(options.WorkingDirectory)}' cannot be null or whitespace");

diff --git a/server/Tingle.Dependabot/Workflow/WorkflowOptions.cs b/server/Tingle.Dependabot/Workflow/WorkflowOptions.cs
@@ -31,10 +31,6 @@ public class WorkflowOptions
     /// <example>AAAAAAAAAAA=</example>
     public string? LogAnalyticsWorkspaceKey { get; set; }
 
-    /// <summary>Resource identifier for the managed identity used to pull container images.</summary>
-    /// <example>/subscriptions/00000000-0000-1111-0001-000000000000/resourceGroups/DEPENDABOT/providers/Microsoft.ManagedIdentity/userAssignedIdentities/dependabot</example>
-    public string? ManagedIdentityId { get; set; }
-
     /// <summary>
     /// Template representing the docker container image  to use.
     /// Keeping this value fixed in code is important so that the code that depends on it always works.

diff --git a/server/Tingle.Dependabot/appsettings.json b/server/Tingle.Dependabot/appsettings.json
@@ -63,7 +63,6 @@
     "ResourceGroupId": "/subscriptions/00000000-0000-1111-0001-000000000000/resourceGroups/DEPENDABOT",
     "LogAnalyticsWorkspaceId": "00000000-0000-1111-0001-000000000000",
     "LogAnalyticsWorkspaceKey": "AAAAAAAAAAA=",
-    "ManagedIdentityId": "/subscriptions/00000000-0000-1111-0001-000000000000/resourceGroups/DEPENDABOT/providers/Microsoft.ManagedIdentity/userAssignedIdentities/dependabot",
     "UpdaterContainerImageTemplate": "ghcr.io/tinglesoftware/dependabot-updater-{{ecosystem}}:1.20.0-ci.37",
     "ProjectUrl": "https://dev.azure.com/fabrikam/DefaultCollection",
     "ProjectToken": "<my-pat-here>",

diff --git a/server/main.bicep b/server/main.bicep
@@ -87,15 +87,11 @@ var queueScaleRules = [for qn in queueNames: {
   }
 }]
 
-/* Managed Identities */
+/* Managed Identity */
 resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
   name: name
   location: location
 }
-resource managedIdentityJobs 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
-  name: '${name}-jobs'
-  location: location
-}
 
 /* Service Bus namespace */
 resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2021-11-01' = {
@@ -308,7 +304,6 @@ resource app 'Microsoft.App/containerApps@2023-05-01' = {
               value: logAnalyticsWorkspace.properties.customerId
             }
             { name: 'Workflow__LogAnalyticsWorkspaceKey', secretRef: 'log-analytics-workspace-key' }
-            { name: 'Workflow__ManagedIdentityId', value: managedIdentityJobs.id }
             { name: 'Workflow__UpdaterContainerImageTemplate', value: 'ghcr.io/tinglesoftware/dependabot-updater-{{ecosystem}}:${imageTag}' }
             { name: 'Workflow__FailOnException', value: failOnException ? 'true' : 'false' }
             { name: 'Workflow__AutoComplete', value: autoComplete ? 'true' : 'false' }

diff --git a/server/main.json b/server/main.json
@@ -200,12 +200,6 @@
       "name": "[parameters('name')]",
       "location": "[parameters('location')]"
     },
-    {
-      "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
-      "apiVersion": "2023-01-31",
-      "name": "[format('{0}-jobs', parameters('name'))]",
-      "location": "[parameters('location')]"
-    },
     {
       "type": "Microsoft.ServiceBus/namespaces",
       "apiVersion": "2021-11-01",
@@ -479,10 +473,6 @@
                   "name": "Workflow__LogAnalyticsWorkspaceKey",
                   "secretRef": "log-analytics-workspace-key"
                 },
-                {
-                  "name": "Workflow__ManagedIdentityId",
-                  "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-jobs', parameters('name')))]"
-                },
                 {
                   "name": "Workflow__UpdaterContainerImageTemplate",
                   "value": "[format('ghcr.io/tinglesoftware/dependabot-updater-{{{{ecosystem}}}}:{0}', parameters('imageTag'))]"
@@ -598,7 +588,6 @@
         "[resourceId('Microsoft.Insights/components', parameters('name'))]",
         "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]",
         "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]",
-        "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}-jobs', parameters('name')))]",
         "[resourceId('Microsoft.ServiceBus/namespaces', format('{0}-{1}', parameters('name'), variables('collisionSuffix')))]",
         "[resourceId('Microsoft.Sql/servers', format('{0}-{1}', parameters('name'), variables('collisionSuffix')))]",
         "[resourceId('Microsoft.Sql/servers/databases', format('{0}-{1}', parameters('name'), variables('collisionSuffix')), parameters('name'))]",