From 1a56f83fb3aa234aa70877d385528e66e6e67e53 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Boll <jboll@redhat.com>
Date: Mon, 2 Sep 2024 10:30:18 +0200
Subject: [PATCH] WIP use cluster service key vault

---
 dev-infrastructure/Makefile                                  | 4 ++--
 dev-infrastructure/configurations/mvp-first-party.bicepparam | 2 +-
 dev-infrastructure/modules/first-party-identity.bicep        | 1 +
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/dev-infrastructure/Makefile b/dev-infrastructure/Makefile
index 55708e445..e09461cbd 100644
--- a/dev-infrastructure/Makefile
+++ b/dev-infrastructure/Makefile
@@ -69,11 +69,11 @@ cleanup-orphaned-rolebindings:
 first-party-identity: # hardcoded name, since there should be only one in the global RG
 	az deployment group create \
 		--name "aro-hcp-dev-first-party" \
-		--resource-group $(GLOBAL_RESOURCEGROUP) \
+		--resource-group $(RESOURCEGROUP) \
 		--template-file templates/first-party-identity.bicep $(PROMPT_TO_CONFIRM) \
 		--parameters configurations/mvp-first-party.bicepparam
 	APPLICATION_NAME=aro-hcp-dev-first-party \
-	KEY_VAULT_NAME=aro-hcp-dev-global-kv \
+	KEY_VAULT_NAME=service-kv-aro-hcp-dev \
 	CERTIFICATE_NAME=firstPartyMock \
 	ROLE_DEFINITION_NAME=dev-first-party-mock \
 	SUBSCRIPTION_ID=$(shell az account show --query id --output tsv) \
diff --git a/dev-infrastructure/configurations/mvp-first-party.bicepparam b/dev-infrastructure/configurations/mvp-first-party.bicepparam
index 0b5c326e5..aff8eb497 100644
--- a/dev-infrastructure/configurations/mvp-first-party.bicepparam
+++ b/dev-infrastructure/configurations/mvp-first-party.bicepparam
@@ -1,4 +1,4 @@
 using '../templates/first-party-identity.bicep'
 
 param kvCertOfficerManagedIdentityName = 'aro-hcp-dev-first-party'
-param globalKeyVaultName = 'aro-hcp-dev-global-kv'
+param globalKeyVaultName = 'service-kv-aro-hcp-dev'
diff --git a/dev-infrastructure/modules/first-party-identity.bicep b/dev-infrastructure/modules/first-party-identity.bicep
index 503635fe5..b9e6d3205 100644
--- a/dev-infrastructure/modules/first-party-identity.bicep
+++ b/dev-infrastructure/modules/first-party-identity.bicep
@@ -86,6 +86,7 @@ resource customRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
     assignableScopes: [
       subscription().id
       subscriptionResourceId('Microsoft.Resources/resourceGroups/', 'global')
+      subscriptionResourceId('Microsoft.Resources/resourceGroups/', 'aro-hcp-dev-westus3-sc')
     ]
   }
 }