Merge branch 'service_accounts'

.github/workflows/terraform_apply.yaml

@@ -17,7 +17,7 @@ jobs:
     env:
       AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
       AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}"
-      AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}"
+      AWS_DEFAULT_REGION: "${{ vars.AWS_DEFAULT_REGION }}"
       GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}"
 
 

.github/workflows/terraform_plan.yaml

@@ -16,7 +16,7 @@ jobs:
     env:
       AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
       AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}"
-      AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}"
+      AWS_DEFAULT_REGION: "${{ vars.AWS_SESSION_TOKEN }}"
       GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}"
 
 

image-pipeline.tf

@@ -8,6 +8,9 @@ locals {
   ]
 }
 
+locals {
+  s3_upload = "${path.module}/workflows/s3_upload.yaml.tpl"
+}
 
 module "image_pipeline_repos" {
   for_each = toset(local.pipeline_repos)
@@ -22,13 +25,13 @@ module "image_pipeline_repos" {
   force_name             = true
   create_codeowners      = false
   enforce_prs            = true
-  collaborators          = merge(local.collaborators, { garri325 = "admin" })
+  collaborators          = local.collaborators
   pull_request_bypassers = local.pull_request_bypassers
   managed_extra_files = [
     {
       path = ".github/workflows/s3_upload.yaml"
       content = templatefile(
-        "${path.module}/workflows/s3_upload.yaml.tpl",
+        lookup(var.image_pipeline_workflows, each.value, local.s3_upload),
         {
           repo_name   = each.value,
           bucket_name = "image-pipeline-assets"
@@ -71,12 +74,6 @@ module "aws_image_pipeline" {
   enforce_prs            = true
   collaborators          = local.collaborators
   pull_request_bypassers = local.pull_request_bypassers
-  vars = [
-    {
-      name  = "terraform_version"
-      value = "1.9.1"
-    }
-  ]
   managed_extra_files = [
     {
       path = ".github/workflows/terraform-plan.yaml"
@@ -124,7 +121,7 @@ module "terraform_aws_image_pipeline" {
     {
       name  = "terraform_version"
       value = "1.9.1"
-    }
+    },
   ]
   managed_extra_files = [
     {

main.tf

@@ -47,7 +47,7 @@ module "automation-repos" {
   collaborators          = local.collaborators
   pull_request_bypassers = local.pull_request_bypassers
 }
-  
+
 # centralized-actions
 module "centralized-actions" {
   source = "HappyPathway/repo/github"
@@ -65,7 +65,7 @@ module "centralized-actions" {
   pull_request_bypassers = local.pull_request_bypassers
   github_is_private      = false
 }
-  
+
 # terraform-github-repo
 module "terraform-github-repo" {
   source = "git@github.e.it.census.gov:CSVD/terraform-github-repo"

sandbox.tf

@@ -18,7 +18,7 @@ module "sandbox" {
   github_is_private = false
   create_codeowners = false
   enforce_prs       = false
-  collaborators     = {"arnol377": "admin"}
+  collaborators     = { "arnol377" : "admin" }
   managed_extra_files = [
     {
       path = ".github/workflows/terraform-plan.yaml"
@@ -45,17 +45,4 @@ module "sandbox" {
       )
     }
   ]
-  secrets = [
-    for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] :
-    {
-      name  = replace(secret, "GITHUB", "GH")
-      value = lookup(module.env_var, secret).value
-    }
-  ]
-  vars = [
-    {
-      name  = "AWS_ACCESS_KEY_ID"
-      value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value
-    }
-  ]
 }

variables.tf

@@ -0,0 +1,3 @@
+variable "image_pipeline_workflows" {
+  type = map(string)
+}