Remove some complexity

mitodl · Nov 21, 2024 · 1440691 · 1440691
1 parent 31f781f
commit 1440691
Showing 1 changed file with 1 addition and 15 deletions.
diff --git a/src/ol_infrastructure/substructure/vault/secrets/__main__.py b/src/ol_infrastructure/substructure/vault/secrets/__main__.py
@@ -70,6 +70,7 @@
         oidc_discovery_url=f"{keycloak_config.get("url")}/realms/ol-platform-engineering",
         oidc_client_id=keycloak_config.get("client_id"),
         oidc_client_secret=keycloak_config.get("client_secret"),
+        default_role="local-developer",
         opts=ResourceOptions(delete_before_replace=True),
     )
 
@@ -96,24 +97,9 @@
         ],
         bound_audiences=[f"{keycloak_config.get('client_id')}"],
         user_claim="sub",
-        oidc_scopes=["email profile"],
-        groups_claim="groups",
-        bound_claims_type="string",
-        bound_claims={"groups": "vault-admin"},
         role_type="oidc",
     )
 
-    # Configure external group
-    local_dev_group = vault.identity.Group(
-        "local-dev-group",
-        name="external",
-        type="external",
-        policies=[local_developer_policy.name],
-        metadata={
-            "responsibility": "1",
-        },
-    )
-
 vault.kv.SecretV2(
     f"grafana-vault-secrets-{stack_info.env_suffix}",
     name="grafana",