From e396af826e7607888084799435590118dcc7fa1f Mon Sep 17 00:00:00 2001 From: arnol377 Date: Thu, 5 Sep 2024 15:19:07 -0400 Subject: [PATCH] updating --- image-pipeline.tf | 52 ++++++++++++++++-------------- main.tf | 4 +-- sandbox.tf | 2 +- variables.tf | 2 +- workflows/goss-testing.yaml | 2 +- workflows/s3_upload.yaml.tpl | 2 +- workflows/terraform-apply.yaml.tpl | 2 +- workflows/terraform-plan.yaml.tpl | 2 +- 8 files changed, 35 insertions(+), 33 deletions(-) diff --git a/image-pipeline.tf b/image-pipeline.tf index 704a128..8cb3ae0 100644 --- a/image-pipeline.tf +++ b/image-pipeline.tf @@ -25,22 +25,19 @@ module "image_pipeline_repos" { force_name = true create_codeowners = false enforce_prs = true - collaborators = merge(local.collaborators, { garri325 = "admin" }) + collaborators = local.collaborators pull_request_bypassers = local.pull_request_bypassers - vars = [ - { - name = "AWS_ACCESS_KEY_ID", - value = module.aws_session_configuration.iam_credentials.iam_access_key_id - }, + secrets = [ + for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] : { - name = "AWS_DEFAULT_REGION", - value = data.aws_region.current.name + name = replace(secret, "GITHUB", "GH") + value = lookup(module.env_var, secret).value } ] - secrets = [ + vars = [ { - name = "AWS_SECRET_ACCESS_KEY" - value = module.aws_session_configuration.iam_credentials.iam_secret_access_key + name = "AWS_ACCESS_KEY_ID" + value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value } ] managed_extra_files = [ @@ -90,24 +87,17 @@ module "aws_image_pipeline" { enforce_prs = true collaborators = local.collaborators pull_request_bypassers = local.pull_request_bypassers - vars = [ - { - name = "terraform_version" - value = "1.9.1" - }, - { - name = "AWS_ACCESS_KEY_ID", - value = module.aws_session_configuration.iam_credentials.iam_access_key_id - }, + secrets = [ + for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] : { - name = "AWS_DEFAULT_REGION", - value = data.aws_region.current.name + name = replace(secret, "GITHUB", "GH") + value = lookup(module.env_var, secret).value } ] - secrets = [ + vars = [ { - name = "AWS_SECRET_ACCESS_KEY" - value = module.aws_session_configuration.iam_credentials.iam_secret_access_key + name = "AWS_ACCESS_KEY_ID" + value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value } ] managed_extra_files = [ @@ -157,6 +147,18 @@ module "terraform_aws_image_pipeline" { { name = "terraform_version" value = "1.9.1" + }, + { + name = "AWS_ACCESS_KEY_ID" + value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value + } + + ] + secrets = [ + for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] : + { + name = replace(secret, "GITHUB", "GH") + value = lookup(module.env_var, secret).value } ] managed_extra_files = [ diff --git a/main.tf b/main.tf index e651048..e945d20 100644 --- a/main.tf +++ b/main.tf @@ -47,7 +47,7 @@ module "automation-repos" { collaborators = local.collaborators pull_request_bypassers = local.pull_request_bypassers } - + # centralized-actions module "centralized-actions" { source = "HappyPathway/repo/github" @@ -65,7 +65,7 @@ module "centralized-actions" { pull_request_bypassers = local.pull_request_bypassers github_is_private = false } - + # terraform-github-repo module "terraform-github-repo" { source = "git@github.e.it.census.gov:CSVD/terraform-github-repo" diff --git a/sandbox.tf b/sandbox.tf index 99ff22e..439a539 100644 --- a/sandbox.tf +++ b/sandbox.tf @@ -18,7 +18,7 @@ module "sandbox" { github_is_private = false create_codeowners = false enforce_prs = false - collaborators = {"arnol377": "admin"} + collaborators = { "arnol377" : "admin" } managed_extra_files = [ { path = ".github/workflows/terraform-plan.yaml" diff --git a/variables.tf b/variables.tf index e8a112b..0f1b652 100644 --- a/variables.tf +++ b/variables.tf @@ -1,3 +1,3 @@ -variable image_pipeline_workflows { +variable "image_pipeline_workflows" { type = map(string) } diff --git a/workflows/goss-testing.yaml b/workflows/goss-testing.yaml index ad78527..5fa7ca6 100644 --- a/workflows/goss-testing.yaml +++ b/workflows/goss-testing.yaml @@ -16,7 +16,7 @@ jobs: env: AWS_SECRET_ACCESS_KEY: "$${{ secrets.AWS_SECRET_ACCESS_KEY }}" AWS_ACCESS_KEY_ID: "$${{ vars.AWS_ACCESS_KEY_ID }}" - AWS_DEFAULT_REGION: "$${{ vars.AWS_DEFAULT_REGION }}" + AWS_SESSION_TOKEN: "$${{ secrets.AWS_SESSION_TOKEN }}" # Steps represent a sequence of tasks that will be executed as part of the job diff --git a/workflows/s3_upload.yaml.tpl b/workflows/s3_upload.yaml.tpl index 08628ce..531c9b6 100644 --- a/workflows/s3_upload.yaml.tpl +++ b/workflows/s3_upload.yaml.tpl @@ -16,7 +16,7 @@ jobs: env: AWS_SECRET_ACCESS_KEY: "$${{ secrets.AWS_SECRET_ACCESS_KEY }}" AWS_ACCESS_KEY_ID: "$${{ vars.AWS_ACCESS_KEY_ID }}" - AWS_DEFAULT_REGION: "$${{ vars.AWS_DEFAULT_REGION }}" + AWS_SESSION_TOKEN: "$${{ secrets.AWS_SESSION_TOKEN }}" # Steps represent a sequence of tasks that will be executed as part of the job diff --git a/workflows/terraform-apply.yaml.tpl b/workflows/terraform-apply.yaml.tpl index 3f2614a..c112c78 100644 --- a/workflows/terraform-apply.yaml.tpl +++ b/workflows/terraform-apply.yaml.tpl @@ -18,7 +18,7 @@ jobs: env: AWS_SECRET_ACCESS_KEY: "$${{ secrets.AWS_SECRET_ACCESS_KEY }}" AWS_ACCESS_KEY_ID: "$${{ vars.AWS_ACCESS_KEY_ID }}" - AWS_DEFAULT_REGION: "$${{ vars.AWS_DEFAULT_REGION + AWS_SESSION_TOKEN: "$${{ secrets.AWS_SESSION_TOKEN }}" # Steps represent a sequence of tasks that will be executed as part of the job diff --git a/workflows/terraform-plan.yaml.tpl b/workflows/terraform-plan.yaml.tpl index 08cc97f..f4a20cb 100644 --- a/workflows/terraform-plan.yaml.tpl +++ b/workflows/terraform-plan.yaml.tpl @@ -17,7 +17,7 @@ jobs: env: AWS_SECRET_ACCESS_KEY: "$${{ secrets.AWS_SECRET_ACCESS_KEY }}" AWS_ACCESS_KEY_ID: "$${{ vars.AWS_ACCESS_KEY_ID }}" - AWS_DEFAULT_REGION: "$${{ vars.AWS_DEFAULT_REGION }}" + AWS_SESSION_TOKEN: "$${{ secrets.AWS_SESSION_TOKEN }}" # Steps represent a sequence of tasks that will be executed as part of the job