From cb80d2805b1cb2914994fc288f076bd8859eb724 Mon Sep 17 00:00:00 2001
From: florianow <64468897+florianow@users.noreply.github.com>
Date: Thu, 6 Jun 2024 10:39:49 +0200
Subject: [PATCH] chore: remove avaitrix becasue not finished

---
 kit/azure/aviatrix/README.md                  |  64 ---------
 kit/azure/aviatrix/aviatrix.spn.tf            | 127 ------------------
 kit/azure/aviatrix/documentation.tf           |   6 -
 kit/azure/aviatrix/outputs.tf                 |  16 ---
 .../template/platform-module/terragrunt.hcl   |  40 ------
 kit/azure/aviatrix/variables.tf               |  23 ----
 kit/azure/aviatrix/versions.tf                |  15 ---
 7 files changed, 291 deletions(-)
 delete mode 100644 kit/azure/aviatrix/README.md
 delete mode 100644 kit/azure/aviatrix/aviatrix.spn.tf
 delete mode 100644 kit/azure/aviatrix/documentation.tf
 delete mode 100644 kit/azure/aviatrix/outputs.tf
 delete mode 100644 kit/azure/aviatrix/template/platform-module/terragrunt.hcl
 delete mode 100644 kit/azure/aviatrix/variables.tf
 delete mode 100644 kit/azure/aviatrix/versions.tf

diff --git a/kit/azure/aviatrix/README.md b/kit/azure/aviatrix/README.md
deleted file mode 100644
index 6defe786..00000000
--- a/kit/azure/aviatrix/README.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-name: Azure Aviatrix
-summary: |
-  Set
-compliance:
-  - control: cfmm/cost-management/monthly-cloud-tenant-billing-report
-    statement: |
-      Enables
-  - control: cfmm/cost-management/billing-alerts
-    statement: |
-      Sets
----
-
-# Azure Aviatrix
-
-Aviatrix
-
-<!-- BEGIN_TF_DOCS -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | ~> 2.46.0 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.81.0 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [azuread_app_role_assignment.aviatrix_deploy-approle](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/app_role_assignment) | resource |
-| [azuread_app_role_assignment.aviatrix_deploy-directory](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/app_role_assignment) | resource |
-| [azuread_application.aviatrix_deploy](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application) | resource |
-| [azuread_application_password.aviatrix_deploy](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application_password) | resource |
-| [azuread_service_principal.aviatrix_deploy](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal) | resource |
-| [azurerm_role_assignment.aviatrix_deploy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
-| [azurerm_role_definition.aviatrix_deploy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition) | resource |
-| [time_rotating.key_rotation](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/rotating) | resource |
-| [azuread_application_published_app_ids.well_known](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/application_published_app_ids) | data source |
-| [azuread_service_principal.msgraph](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_allowed_user_group_id"></a> [allowed\_user\_group\_id](#input\_allowed\_user\_group\_id) | id of the authorized id which can do changes | `list(string)` | n/a | yes |
-| <a name="input_location"></a> [location](#input\_location) | The Azure location used for creating policy assignments establishing this landing zone's guardrails. | `string` | n/a | yes |
-| <a name="input_parent_management_group"></a> [parent\_management\_group](#input\_parent\_management\_group) | id of the tenant management group | `string` | n/a | yes |
-| <a name="input_service_principal_name"></a> [service\_principal\_name](#input\_service\_principal\_name) | id of the tenant management group | `string` | `"avaitrix_deploy_spn"` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_aviatrix_service_principal"></a> [aviatrix\_service\_principal](#output\_aviatrix\_service\_principal) | n/a |
-| <a name="output_client_id"></a> [client\_id](#output\_client\_id) | n/a |
-| <a name="output_client_principal_id"></a> [client\_principal\_id](#output\_client\_principal\_id) | n/a |
-| <a name="output_client_secret"></a> [client\_secret](#output\_client\_secret) | n/a |
-| <a name="output_documentation_md"></a> [documentation\_md](#output\_documentation\_md) | n/a |
-<!-- END_TF_DOCS -->
diff --git a/kit/azure/aviatrix/aviatrix.spn.tf b/kit/azure/aviatrix/aviatrix.spn.tf
deleted file mode 100644
index edb25394..00000000
--- a/kit/azure/aviatrix/aviatrix.spn.tf
+++ /dev/null
@@ -1,127 +0,0 @@
-resource "azurerm_role_definition" "aviatrix_deploy" {
-  name        = var.service_principal_name
-  scope       = var.parent_management_group
-  description = "Permissions required to deploy the avaitrix"
-
-  permissions {
-    actions = [
-      #https://docs.aviatrix.com/documentation/latest/accounts-and-users/custom-role-azure.html?expand=true
-      "Microsoft.MarketplaceOrdering/offerTypes/publishers/offers/plans/agreements/*",
-      "Microsoft.Compute/*/read",
-      "Microsoft.Compute/availabilitySets/*",
-      "Microsoft.Compute/virtualMachines/*",
-      "Microsoft.Network/*/read",
-      "Microsoft.Network/publicIPAddresses/*",
-      "Microsoft.Network/networkInterfaces/*",
-      "Microsoft.Network/networkSecurityGroups/*",
-      "Microsoft.Network/loadBalancers/*",
-      "Microsoft.Network/routeTables/*",
-      "Microsoft.Network/virtualNetworks/*",
-      "Microsoft.Storage/storageAccounts/*",
-      "Microsoft.Resources/*/read",
-      "Microsoft.Resourcehealth/healthevent/*",
-      "Microsoft.Resources/deployments/*",
-      "Microsoft.Resources/tags/*",
-      "Microsoft.Resources/marketplace/purchase/action",
-      "Microsoft.Resources/subscriptions/resourceGroups/*"
-    ]
-  }
-
-  assignable_scopes = [
-    var.parent_management_group
-  ]
-}
-
-data "azuread_application_published_app_ids" "well_known" {}
-
-data "azuread_service_principal" "msgraph" {
-  client_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph
-}
-
-resource "azuread_application" "aviatrix_deploy" {
-  display_name = var.service_principal_name
-
-  web {
-    implicit_grant {
-      access_token_issuance_enabled = false
-    }
-  }
-  required_resource_access {
-    resource_app_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph
-
-    resource_access {
-      id   = data.azuread_service_principal.msgraph.app_role_ids["Directory.Read.All"]
-      type = "Role"
-    }
-    resource_access {
-      id   = data.azuread_service_principal.msgraph.app_role_ids["Group.ReadWrite.All"]
-      type = "Role"
-    }
-    resource_access {
-      id   = data.azuread_service_principal.msgraph.app_role_ids["AppRoleAssignment.ReadWrite.All"]
-      type = "Role"
-    }
-
-    resource_access {
-      id   = data.azuread_service_principal.msgraph.app_role_ids["Application.ReadWrite.All"]
-      type = "Role"
-    }
-  }
-
-  # NOTE: currently it is not possible to automate the "Grant admin consent button"
-  # https://github.com/terraform-providers/terraform-provider-azuread/issues/33
-  # As a result we have to ignore this value in terraform for now
-  # In addition please keep in mind you have to grant admin consent manually
-  lifecycle {
-    ignore_changes = [
-      app_role
-    ]
-  }
-}
-
-resource "azuread_service_principal" "aviatrix_deploy" {
-  client_id = azuread_application.aviatrix_deploy.client_id
-  # The following tags are needed to create an Enterprise Application
-  # See https://github.com/hashicorp/terraform-provider-azuread/issues/7#issuecomment-529597534
-  tags = [
-    "WindowsAzureActiveDirectoryIntegratedApp",
-  ]
-}
-
-resource "azurerm_role_assignment" "aviatrix_deploy" {
-  scope              = var.parent_management_group
-  role_definition_id = azurerm_role_definition.aviatrix_deploy.role_definition_resource_id
-  principal_id       = azuread_service_principal.aviatrix_deploy.id
-}
-
-resource "azuread_app_role_assignment" "aviatrix_deploy-directory" {
-  app_role_id         = data.azuread_service_principal.msgraph.app_role_ids["Directory.Read.All"]
-  principal_object_id = azuread_service_principal.aviatrix_deploy.object_id
-  resource_object_id  = data.azuread_service_principal.msgraph.object_id
-}
-# This azuread_app_role_assignment is necessary if you want to manage groups through Terraform.
-# Productive use in a cloud foundation should probably manage groups not via Terraform but
-# via existing IAM processes, but this is a good lean start.
-# resource "azuread_app_role_assignment" "aviatrix_deploy-group" {
-#   app_role_id         = data.azuread_service_principal.msgraph.app_role_ids["Group.ReadWrite.All"]
-#   principal_object_id = azuread_service_principal.aviatrix_deploy.object_id
-#   resource_object_id  = data.azuread_service_principal.msgraph.object_id
-# }
-
-resource "azuread_app_role_assignment" "aviatrix_deploy-approle" {
-  app_role_id         = data.azuread_service_principal.msgraph.app_role_ids["AppRoleAssignment.ReadWrite.All"]
-  principal_object_id = azuread_service_principal.aviatrix_deploy.object_id
-  resource_object_id  = data.azuread_service_principal.msgraph.object_id
-}
-
-# note this requires the terraform to be run regularly
-resource "time_rotating" "key_rotation" {
-  rotation_days = 365
-}
-
-resource "azuread_application_password" "aviatrix_deploy" {
-  application_id = azuread_application.aviatrix_deploy.id
-  rotate_when_changed = {
-    rotation = time_rotating.key_rotation.id
-  }
-}
diff --git a/kit/azure/aviatrix/documentation.tf b/kit/azure/aviatrix/documentation.tf
deleted file mode 100644
index a50f3e64..00000000
--- a/kit/azure/aviatrix/documentation.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-output "documentation_md" {
-  value = <<EOF
-# Aviatrix
-
-EOF
-}
diff --git a/kit/azure/aviatrix/outputs.tf b/kit/azure/aviatrix/outputs.tf
deleted file mode 100644
index b31c4a73..00000000
--- a/kit/azure/aviatrix/outputs.tf
+++ /dev/null
@@ -1,16 +0,0 @@
-output "client_id" {
-  value = azuread_service_principal.aviatrix_deploy.client_id
-}
-
-output "client_secret" {
-  value     = azuread_application_password.aviatrix_deploy.value
-  sensitive = true
-}
-
-output "client_principal_id" {
-  value = azuread_service_principal.aviatrix_deploy.id
-}
-
-output "aviatrix_service_principal" {
-  value = azuread_application.aviatrix_deploy.display_name
-}
diff --git a/kit/azure/aviatrix/template/platform-module/terragrunt.hcl b/kit/azure/aviatrix/template/platform-module/terragrunt.hcl
deleted file mode 100644
index b5565baf..00000000
--- a/kit/azure/aviatrix/template/platform-module/terragrunt.hcl
+++ /dev/null
@@ -1,40 +0,0 @@
-include "platform" {
-  path   = find_in_parent_folders("platform.hcl")
-  expose = true
-}
-
-terraform {
-  source = "${get_repo_root()}//kit/azure/aviatrix"
-}
-
-dependency "bootstrap" {
-  config_path = "../bootstrap"
-}
-
-dependency "organization-hierarchy" {
-  config_path = "../organization-hierarchy"
-}
-
-generate "provider" {
-  path      = "provider.tf"
-  if_exists = "overwrite"
-  contents  = <<EOF
-provider "azurerm" {
-  features {}
-  skip_provider_registration = true
-  tenant_id       = "${include.platform.locals.platform.azure.aadTenantId}"
-  subscription_id = "${include.platform.locals.platform.azure.subscriptionId}"
-}
-
-provider "azuread" {
-  tenant_id       = "${include.platform.locals.platform.azure.aadTenantId}"
-}
-EOF
-}
-
-inputs = {
-  # todo: set input variables
-  parent_management_group = "${dependency.organization-hierarchy.outputs.landingzones_id}"
-  allowed_user_group_id   = ["${dependency.bootstrap.outputs.platform_engineers_azuread_group_id}"]
-  location                = "${try(include.platform.locals.tfstateconfig.location, "could not read location from stateconfig. configure it explicitly")}"
-}
diff --git a/kit/azure/aviatrix/variables.tf b/kit/azure/aviatrix/variables.tf
deleted file mode 100644
index f64d10ca..00000000
--- a/kit/azure/aviatrix/variables.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-variable "parent_management_group" {
-  type        = string
-  nullable    = false
-  description = "id of the tenant management group"
-}
-
-variable "service_principal_name" {
-  type        = string
-  nullable    = false
-  default     = "avaitrix_deploy_spn"
-  description = "id of the tenant management group"
-}
-
-variable "allowed_user_group_id" {
-  type        = list(string)
-  nullable    = false
-  description = "id of the authorized id which can do changes"
-}
-
-variable "location" {
-  type        = string
-  description = "The Azure location used for creating policy assignments establishing this landing zone's guardrails."
-}
diff --git a/kit/azure/aviatrix/versions.tf b/kit/azure/aviatrix/versions.tf
deleted file mode 100644
index 4da6ddd1..00000000
--- a/kit/azure/aviatrix/versions.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-terraform {
-  required_version = ">= 1.0"
-
-  required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "~> 3.81.0"
-    }
-
-    azuread = {
-      source  = "hashicorp/azuread"
-      version = "~> 2.46.0"
-    }
-  }
-}