From 3f6287764c7bf77fc6c79e683c1abb6e9756b1f4 Mon Sep 17 00:00:00 2001
From: David Newman <darthhexx@gmail.com>
Date: Tue, 25 Oct 2022 22:39:28 +1000
Subject: [PATCH] Revert the svc KV access for the AKS agentpool MSI (#2487)

---
 pkg/deploy/assets/rp-development-predeploy.json | 12 ------------
 pkg/deploy/assets/rp-production-predeploy.json  | 12 ------------
 pkg/deploy/generator/resources_rp.go            | 12 ------------
 3 files changed, 36 deletions(-)

diff --git a/pkg/deploy/assets/rp-development-predeploy.json b/pkg/deploy/assets/rp-development-predeploy.json
index 5fe5c86fc..d7d2dd859 100644
--- a/pkg/deploy/assets/rp-development-predeploy.json
+++ b/pkg/deploy/assets/rp-development-predeploy.json
@@ -290,18 +290,6 @@
                             ]
                         }
                     },
-                    {
-                        "tenantId": "[subscription().tenantId]",
-                        "objectId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', 'aro-aks-cluster-001'), '2020-12-01', 'Full').properties.identityProfile.kubeletidentity.objectId]",
-                        "permissions": {
-                            "secrets": [
-                                "get"
-                            ],
-                            "certificates": [
-                                "get"
-                            ]
-                        }
-                    },
                     {
                         "tenantId": "[subscription().tenantId]",
                         "objectId": "[parameters('adminObjectId')]",
diff --git a/pkg/deploy/assets/rp-production-predeploy.json b/pkg/deploy/assets/rp-production-predeploy.json
index 57fcf8031..8de413936 100644
--- a/pkg/deploy/assets/rp-production-predeploy.json
+++ b/pkg/deploy/assets/rp-production-predeploy.json
@@ -51,18 +51,6 @@
                         "list"
                     ]
                 }
-            },
-            {
-                "tenantId": "[subscription().tenantId]",
-                "objectId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', 'aro-aks-cluster-001'), '2020-12-01', 'Full').properties.identityProfile.kubeletidentity.objectId]",
-                "permissions": {
-                    "secrets": [
-                        "get"
-                    ],
-                    "certificates": [
-                        "get"
-                    ]
-                }
             }
         ]
     },
diff --git a/pkg/deploy/generator/resources_rp.go b/pkg/deploy/generator/resources_rp.go
index cee9748cf..399d8bf75 100644
--- a/pkg/deploy/generator/resources_rp.go
+++ b/pkg/deploy/generator/resources_rp.go
@@ -721,18 +721,6 @@ func (g *generator) rpServiceKeyvaultAccessPolicies() []mgmtkeyvault.AccessPolic
 				},
 			},
 		},
-		{
-			TenantID: &tenantUUIDHack,
-			ObjectID: to.StringPtr("[reference(resourceId('Microsoft.ContainerService/managedClusters', 'aro-aks-cluster-001'), '2020-12-01', 'Full').properties.identityProfile.kubeletidentity.objectId]"),
-			Permissions: &mgmtkeyvault.Permissions{
-				Secrets: &[]mgmtkeyvault.SecretPermissions{
-					mgmtkeyvault.SecretPermissionsGet,
-				},
-				Certificates: &[]mgmtkeyvault.CertificatePermissions{
-					mgmtkeyvault.Get,
-				},
-			},
-		},
 	}
 }