From 9469d1ff1b99ba64b89a94d373aa3ad508ec607f Mon Sep 17 00:00:00 2001
From: tomdds <tom.chandler-ctr@friends.dds.mil>
Date: Mon, 25 Nov 2019 14:40:10 -0500
Subject: [PATCH] Introduce TEMPLATE_ID variable for FlexVolume

FlexVolume requires you specify the tenant id of the key vault instance, so this will need to be templated in for future enviroments
---
 deploy/README.md       | 1 +
 deploy/azure/azure.yml | 2 +-
 script/k8s_config      | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/deploy/README.md b/deploy/README.md
index be66290d..731d07d7 100644
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -14,6 +14,7 @@ The production configuration (azure.atat.code.mil, currently) is reflected in th
 - AUTH_DOMAIN: The host domain for the authentication endpoint for the environment.
 - KV_MI_ID: the fully qualified id (path) of the managed identity for the key vault (instructions on retrieving this are down in section on [Setting up FlexVol](#configuring-the-identity)). Example: /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/RESOURCE_GROUP_NAME/providers/Microsoft.ManagedIdentity/userAssignedIdentities/MANAGED_IDENTITY_NAME
 - KV_MI_CLIENT_ID: The client id of the managed identity for the key vault. This is a GUID.
+- TENANT_ID: The id of the active directory tenant in which the cluster and it's associated users exist. This is a GUID.
 
 We use envsubst to substitute values for these variables. There is a wrapper script (script/k8s_config) that will output the compiled configuration, using a combination of kustomize and envsubst.
 
diff --git a/deploy/azure/azure.yml b/deploy/azure/azure.yml
index 0f0033c5..ddbbfe18 100644
--- a/deploy/azure/azure.yml
+++ b/deploy/azure/azure.yml
@@ -149,7 +149,7 @@ spec:
               keyvaultobjectnames: "dhparam4096"
               keyvaultobjectaliases: "dhparam.pem"
               keyvaultobjecttypes: secret
-              tenantid: "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3"
+              tenantid: $TENANT_ID
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
diff --git a/script/k8s_config b/script/k8s_config
index ee3c9878..b489c942 100755
--- a/script/k8s_config
+++ b/script/k8s_config
@@ -13,6 +13,7 @@ SETTINGS=(
   AUTH_DOMAIN
   KV_MI_ID
   KV_MI_CLIENT_ID
+  TENANT_ID
 )
 
 # Loop all expected settings. Track ones that are missing and build