From 8823b2f3939202ca3875e266330d7bfeacb5775d Mon Sep 17 00:00:00 2001 From: arnol377 Date: Wed, 14 Aug 2024 18:08:18 -0400 Subject: [PATCH 01/10] migrating linux pipeline to s3 source --- linux.tf | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/linux.tf b/linux.tf index 68c49c7..4091065 100644 --- a/linux.tf +++ b/linux.tf @@ -11,7 +11,6 @@ module "amazon_linux" { create_new_role = true create_vpc_endpoint = true ssh_user = "ec2-user" - playbook = "hello-world.yaml" terraform_version = "1.8.5" build_permissions_iam_doc = data.aws_iam_policy_document.s3_access build_environment_variables = [ @@ -27,8 +26,17 @@ module "amazon_linux" { name = aws_s3_bucket.assets_bucket.bucket key = "linux-image-pipeline.zip" } - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss + ansible_source_type = "S3" + ansible_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-ansible-playbooks.zip" + } + playbook = "hello-world.yaml" + goss_source_type = "S3" + goss_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-goss-testing.zip" + } goss_profile = "base-test" state = local.state_config vpc_config = local.vpc_config From 77037ba914cee9c1aa188d1fa7e149b81d191b55 Mon Sep 17 00:00:00 2001 From: arnol377 Date: Wed, 14 Aug 2024 18:09:53 -0400 Subject: [PATCH 02/10] terraform fmt --- linux.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux.tf b/linux.tf index 4091065..a248f92 100644 --- a/linux.tf +++ b/linux.tf @@ -31,7 +31,7 @@ module "amazon_linux" { name = aws_s3_bucket.assets_bucket.bucket key = "image-pipeline-ansible-playbooks.zip" } - playbook = "hello-world.yaml" + playbook = "hello-world.yaml" goss_source_type = "S3" goss_bucket = { name = aws_s3_bucket.assets_bucket.bucket From 0fe2abb1076efeed802817711dd2f6b663dec758 Mon Sep 17 00:00:00 2001 From: arnol377 Date: Thu, 22 Aug 2024 14:02:38 -0400 Subject: [PATCH 03/10] updating --- .github/workflows/terraform-apply.yml | 8 +-- .terraform.lock.hcl | 51 ++++++++++------ docker.tf | 83 +++++++++++++++++++++++++++ linux.tf | 12 ++-- locals.tf | 2 +- main.tf | 3 +- rhel.tf | 10 ++-- windows.tf | 18 +++--- 8 files changed, 147 insertions(+), 40 deletions(-) create mode 100644 docker.tf diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml index 8b2c3b1..e1289f6 100644 --- a/.github/workflows/terraform-apply.yml +++ b/.github/workflows/terraform-apply.yml @@ -54,8 +54,6 @@ jobs: id: validate run: terraform validate - - name: Terraform Apply - id: apply - run: terraform apply -auto-approve - continue-on-error: true - + - name: Terraform Auto Apply + uses: HappyPathway/terraform-apply@1.0.0 + diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 0ff7389..370d37e 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,25 +2,44 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.62.0" + version = "5.63.0" constraints = ">= 4.20.1" hashes = [ - "h1:8tevkFG+ea/sNZYiQ2GQ02hknPcWBukxkrpjRCodQC0=", - "zh:1f366cbcda72fb123015439a42ab19f96e10ce4edb404273f4e1b7e06da20b73", - "zh:25f098454a34b483279e0382b24b4f42e51c067222c6e797eda5d3ec33b9beb1", - "zh:4b59d48b527e3cefd73f196853bfc265b3e1e57b55c1c8a2d12ff6e3534b4f07", - "zh:7bb88c1ca95e2b3f0f1fe8636925133b9813fc5b137cc467ba6a233ddf4b360e", - "zh:8a93dece40e816c92647e762839d0370e9cad2aa21dc4ca95baee9385f116459", - "zh:8dfe82c55ab8f633c1e2a39c687e9ca8c892d1c2005bf5166ac396ce868ecd05", + "h1:mhVxzwfSZVxPJNZsr1fvKZe51+48BdM7pzWChVQ4v68=", + "zh:21f3a6870dd80b8312b6aac28784b29a7c2cf072175f0de943f09bddbf14cad6", + "zh:28feb0621baeaa9b6992a6209fd0d7ad1c665b1dd895123f2fd36d91d69d116f", + "zh:301d51b398c3e3488ea2b63defeb254436854c83046d9fc5ca129b13faaa4319", + "zh:343e89645a2b23363226e2e0571639637ac1ddf7fa8c562bf883b17c8ad30d7d", + "zh:56c89148fc105a1bf32ffcd574ec1e679144377ea26c9ae4211dd491a3def358", + "zh:5e3b88e3eb28b23819126d43b191a2bda28a09d7690aee7e577b3b6235c4824a", + "zh:64c21f3b38a8f0f0ef8b938df71cde76d77e010236bb6a0b46f66daa6cab6f99", + "zh:6869e5fafe6535954ac75ece63e9765d6b12d1752b54cf9639a01585f1a5583e", + "zh:90a6894868c585a5abf00e784723d74ea80aff3d0403b36028c4b08c5c4894d6", + "zh:92e9e4b7c183e518c1decd0fbc780e9f1941d05710c9c20329c78556a7f0adac", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a754952d69b4860480d5207390e3ab42350c964dbca9a5ac0c6912dd24b4c11d", - "zh:b2a4dbf4abee0e9ec18c5d323b99defdcd3c681f8c4306fb6e02cff7de038f85", - "zh:b57d84be258b571c04271015f03858ab215768b82e47c11ecd86e789d577030a", - "zh:be811b03289407c8d59e6b199bf16e6071165565ffe502148172d0886cf849c4", - "zh:d4144c7366c840eff1ac15ba13d96063f798f0983d24053a832362033624fe6f", - "zh:d88612856d453c4e10c49c76e4ef522b7d068b4f7c3e2e0b03dd74540986eecd", - "zh:e8bd231a5d0786cc4aab8471bb6dabd5a5df1c598afda077a9f27987ada57b67", - "zh:ffb40a66b4d000a8ee4c54227eeb998f887ad867419c3af7d3981587788de074", + "zh:bbc053d060d4f6e95ef60549a0e92487fbbd88807f8161507cc389edc7dde0f7", + "zh:cfd8e88029a2fdafdfa77688f966705ade9211d173cbb6aa1552839c9993c19a", + "zh:d291875c26a6a05b60e02f1481c296269080232fa0ae86cce5caa04a6df82ed6", + "zh:f42f0b81587de0c51859e37cd671c442d8eaf42558d83c6421b1e46549576f89", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.2" + hashes = [ + "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=", + "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", + "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", + "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", + "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", + "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", + "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", + "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", + "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", + "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", + "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", ] } diff --git a/docker.tf b/docker.tf new file mode 100644 index 0000000..951851c --- /dev/null +++ b/docker.tf @@ -0,0 +1,83 @@ +resource "aws_ecr_repository" "repo" { + name = "csvd-census-docker-repo" + image_tag_mutability = "MUTABLE" + + image_scanning_configuration { + scan_on_push = true + } +} + +locals { + image_config = [ + { + enabled = true + dest_path = null + name = "ubuntu/ubuntu" + source_image = "ubuntu/ubuntu" + source_registry = "public.ecr.aws" + source_tag = "edge" + tag = "edge" + }, + ] +} + +module "images" { + source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade" + + profile = "docker-image-pipeline" + application_name = "docker-image-pipeline" + image_config = local.image_config + tags = {} + + enable_lifecycle_policy = true + lifecycle_policy_all = true + force_delete = true +} + +module "docker" { + source = "HappyPathway/image-pipeline/aws" + project_name = "docker-image-pipeline" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + create_vpc_endpoint = false + ssh_user = "ec2-user" + terraform_version = "1.8.5" + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : + { + name = proxy_var, + value = lookup(local.proxy_env_vars, proxy_var), + type = "PLAINTEXT" + } + ] + packer_source_type = "S3" + packer_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "docker-image-pipeline.zip" + } + ansible_source_type = "S3" + ansible_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-ansible-playbooks.zip" + } + playbook = "hello-world.yaml" + goss_source_type = "S3" + goss_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-goss-testing.zip" + } + goss_profile = "base-test" + state = local.state_config + vpc_config = local.vpc_config + image = { + repo = aws_ecr_repository.repo.name + tag = "latest" + source_image = "public.ecr.aws/ubuntu/ubuntu:edge" + } +} + +output docker_repo { + value = aws_ecr_repository.repo +} diff --git a/linux.tf b/linux.tf index a248f92..33cc29c 100644 --- a/linux.tf +++ b/linux.tf @@ -37,11 +37,13 @@ module "amazon_linux" { name = aws_s3_bucket.assets_bucket.bucket key = "image-pipeline-goss-testing.zip" } - goss_profile = "base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-03fadeeea589a106b" - instance_type = "t2.micro" + goss_profile = "base-test" + state = local.state_config + vpc_config = local.vpc_config + ami = { + source_ami = "ami-03fadeeea589a106b" + instance_type = "t2.micro" + } } output "linux_iam_arn" { diff --git a/locals.tf b/locals.tf index 6c28027..2828814 100644 --- a/locals.tf +++ b/locals.tf @@ -33,4 +33,4 @@ locals { region = local.vpc_config.region dynamodb_table = "tf_remote_state" } -} \ No newline at end of file +} diff --git a/main.tf b/main.tf index d71cdfd..e77926c 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,8 @@ data "aws_iam_policy_document" "assets_bucket_policy_document" { principals { type = "AWS" identifiers = [ - module.amazon_linux.iam_arn + module.amazon_linux.iam_arn, + module.docker.iam_arn ] } diff --git a/rhel.tf b/rhel.tf index d7de2da..0b2e5bf 100644 --- a/rhel.tf +++ b/rhel.tf @@ -23,8 +23,10 @@ module "rhel" { goss_repo = data.aws_codecommit_repository.goss goss_profile = "rhel-base-test" # goss_profile = "base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-0e6191a82a929381a" # x86_64 compatible AMI - RHEL9 quick start image - instance_type = "t3.micro" # x86_64 compatible instance type + state = local.state_config + vpc_config = local.vpc_config + ami = { + source_ami = "ami-0e6191a82a929381a" # x86_64 compatible AMI - RHEL9 quick start image + instance_type = "t3.micro" # x86_64 compatible instance type + } } diff --git a/windows.tf b/windows.tf index 3448477..573cc8d 100644 --- a/windows.tf +++ b/windows.tf @@ -25,13 +25,15 @@ module "windows" { type = "PLAINTEXT" } ] - packer_repo = data.aws_codecommit_repository.windows - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "windows-base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI - instance_type = "t2.xlarge" # x86_64 compatible instance type + packer_repo = data.aws_codecommit_repository.windows + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "windows-base-test" + state = local.state_config + vpc_config = local.vpc_config + ami = { + source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI + instance_type = "t2.xlarge" # x86_64 compatible instance type + } } From 2bdee710ff2beef424aaf4f3487456426fd7d57a Mon Sep 17 00:00:00 2001 From: arnol377 Date: Thu, 22 Aug 2024 14:06:34 -0400 Subject: [PATCH 04/10] Autoformatting TF Code --- docker.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker.tf b/docker.tf index 951851c..dbaef3e 100644 --- a/docker.tf +++ b/docker.tf @@ -24,7 +24,7 @@ locals { module "images" { source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade" - profile = "docker-image-pipeline" + profile = "docker-image-pipeline" application_name = "docker-image-pipeline" image_config = local.image_config tags = {} @@ -78,6 +78,6 @@ module "docker" { } } -output docker_repo { +output "docker_repo" { value = aws_ecr_repository.repo } From 5deb755ca739ad2cd10f72267e82c070bb3a3b9e Mon Sep 17 00:00:00 2001 From: arnol377 Date: Tue, 27 Aug 2024 14:43:50 -0400 Subject: [PATCH 05/10] adding docker-loging --- docker-loging | 1 + 1 file changed, 1 insertion(+) create mode 100644 docker-loging diff --git a/docker-loging b/docker-loging new file mode 100644 index 0000000..46cb184 --- /dev/null +++ b/docker-loging @@ -0,0 +1 @@ +docker login -u AWS -p .dkr.ecr..amazonaws.com From 9f40323c6ea7dc58501000355e9412160625ce4e Mon Sep 17 00:00:00 2001 From: arnol377 Date: Tue, 27 Aug 2024 14:53:16 -0400 Subject: [PATCH 06/10] updating --- .terraform.lock.hcl | 34 +++++++++++------------ docker-loging | 1 - docker.tf | 68 +++++++++++++++++++++------------------------ 3 files changed, 49 insertions(+), 54 deletions(-) delete mode 100644 docker-loging diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 370d37e..d4cb985 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,25 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.63.0" - constraints = ">= 4.20.1" + version = "5.64.0" + constraints = ">= 3.0.0, >= 4.20.1" hashes = [ - "h1:mhVxzwfSZVxPJNZsr1fvKZe51+48BdM7pzWChVQ4v68=", - "zh:21f3a6870dd80b8312b6aac28784b29a7c2cf072175f0de943f09bddbf14cad6", - "zh:28feb0621baeaa9b6992a6209fd0d7ad1c665b1dd895123f2fd36d91d69d116f", - "zh:301d51b398c3e3488ea2b63defeb254436854c83046d9fc5ca129b13faaa4319", - "zh:343e89645a2b23363226e2e0571639637ac1ddf7fa8c562bf883b17c8ad30d7d", - "zh:56c89148fc105a1bf32ffcd574ec1e679144377ea26c9ae4211dd491a3def358", - "zh:5e3b88e3eb28b23819126d43b191a2bda28a09d7690aee7e577b3b6235c4824a", - "zh:64c21f3b38a8f0f0ef8b938df71cde76d77e010236bb6a0b46f66daa6cab6f99", - "zh:6869e5fafe6535954ac75ece63e9765d6b12d1752b54cf9639a01585f1a5583e", - "zh:90a6894868c585a5abf00e784723d74ea80aff3d0403b36028c4b08c5c4894d6", - "zh:92e9e4b7c183e518c1decd0fbc780e9f1941d05710c9c20329c78556a7f0adac", + "h1:Xasb457vfMG/1SGu6KSApCzAqUHMlsL028OQu3dZVv8=", + "zh:1d361f8062c68c9d5ac14b0aa8390709542129b8a9b258e61bbbabc706078b44", + "zh:39dcbf53e3896bdd77071384c8fad4a5862c222c73f3bcf356aca488101f22fd", + "zh:3fad63505f0c5b6f01cc9a6ef02b2226983b79424126a9caf6eb724f654299f4", + "zh:53a8b90d00829cc27e3171a13a8ff1404ee0ea018e73f31d3f916d246cc39613", + "zh:5734c25ef5a04b40f3c1ac5f817f11e42ee3328f74dbc141c0e64afbb0acc834", + "zh:66ea14dbd87f291ce4a877123363933d3ca4022f209f885807a6689c22c24e80", + "zh:68e79654ad0894a3d93134c3377748ace3058d5fad5ec09d1e9a8f8f9b8a47ea", + "zh:7b74259d0ceef0c49cea6bcd171df997b6bad141085bbadded15b440faeb0eee", + "zh:988ebfb5d115dc57070b5abf2e4200ad49cde535f27fd2ba5e34cf9ab336a57f", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:bbc053d060d4f6e95ef60549a0e92487fbbd88807f8161507cc389edc7dde0f7", - "zh:cfd8e88029a2fdafdfa77688f966705ade9211d173cbb6aa1552839c9993c19a", - "zh:d291875c26a6a05b60e02f1481c296269080232fa0ae86cce5caa04a6df82ed6", - "zh:f42f0b81587de0c51859e37cd671c442d8eaf42558d83c6421b1e46549576f89", + "zh:a0a2d4efe2835f0101a0a5024e044a3f28c00e10a8d87fce89c707ef6db75cea", + "zh:aecb3e4b9121771dee9cac7975bf5d0657b5f3e8b57788c455beaeb0f3c48d93", + "zh:d2d3393170b8ef761d3146f39f6788c4a3e876e6c5d4cedca4870c2680688ae6", + "zh:daba5a005c1baa4a5eefbfb86d43ccf880eb5b42e8136f0d932f55886d72bda0", + "zh:de16a6ff3baacdaf9609a0a89aa1913fc19cccaf5ee0fc1c49c5a075baa47c02", ] } diff --git a/docker-loging b/docker-loging deleted file mode 100644 index 46cb184..0000000 --- a/docker-loging +++ /dev/null @@ -1 +0,0 @@ -docker login -u AWS -p .dkr.ecr..amazonaws.com diff --git a/docker.tf b/docker.tf index 951851c..ba4dfd7 100644 --- a/docker.tf +++ b/docker.tf @@ -1,42 +1,36 @@ -resource "aws_ecr_repository" "repo" { - name = "csvd-census-docker-repo" - image_tag_mutability = "MUTABLE" - - image_scanning_configuration { - scan_on_push = true - } -} - locals { + # public.ecr.aws/ubuntu/nginx:1.18-20.04_beta + # public.ecr.aws/ubuntu/ubuntu:22.04_edge + # public.ecr.aws/ubuntu/ubuntu:24.10 + ubuntu_images = [ + "22.04_edge", "23.10", "24.10", "22.04_stable" + ] image_config = [ - { + for image in local.ubuntu_images : { enabled = true dest_path = null - name = "ubuntu/ubuntu" + name = "ubuntu" source_image = "ubuntu/ubuntu" source_registry = "public.ecr.aws" - source_tag = "edge" - tag = "edge" - }, + source_tag = image + tag = image + } ] } -module "images" { - source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade" - - profile = "docker-image-pipeline" +module "ecr-clone" { + source = "HappyPathway/ecr-clone/aws" application_name = "docker-image-pipeline" - image_config = local.image_config - tags = {} - - enable_lifecycle_policy = true - lifecycle_policy_all = true - force_delete = true + application_list = [ + "pipeline-test" + ] + image_config = local.image_config + tags = {} } module "docker" { source = "HappyPathway/image-pipeline/aws" - project_name = "docker-image-pipeline" + project_name = "pipeline-test" builder_image = "aws/codebuild/standard:7.0" create_new_repo = false create_new_role = true @@ -62,22 +56,24 @@ module "docker" { name = aws_s3_bucket.assets_bucket.bucket key = "image-pipeline-ansible-playbooks.zip" } - playbook = "hello-world.yaml" + playbook = "ubuntu-base.yaml" goss_source_type = "S3" goss_bucket = { name = aws_s3_bucket.assets_bucket.bucket key = "image-pipeline-goss-testing.zip" } - goss_profile = "base-test" - state = local.state_config - vpc_config = local.vpc_config + docker_test_enabled = true + goss_profile = "base-test" + state = local.state_config + vpc_config = local.vpc_config image = { - repo = aws_ecr_repository.repo.name - tag = "latest" - source_image = "public.ecr.aws/ubuntu/ubuntu:edge" + # source image metadata + source_image = "ubuntu" + source_tag = "24.10" + source_docker_repo = "docker-image-pipeline" + # destination image metadata + dest_image = "pipeline-test" + dest_tag = "latest" + dest_docker_repo = "docker-image-pipeline" } } - -output docker_repo { - value = aws_ecr_repository.repo -} From 5236daa25ba343abcb264055e8bf1018556dd78a Mon Sep 17 00:00:00 2001 From: arnol377 Date: Tue, 27 Aug 2024 15:51:34 -0400 Subject: [PATCH 07/10] updating docker config --- docker.tf | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docker.tf b/docker.tf index f8d5060..57d7a85 100644 --- a/docker.tf +++ b/docker.tf @@ -63,7 +63,7 @@ module "docker" { key = "image-pipeline-goss-testing.zip" } docker_test_enabled = true - goss_profile = "base-test" + goss_profile = "docker-base" state = local.state_config vpc_config = local.vpc_config image = { @@ -77,7 +77,3 @@ module "docker" { dest_docker_repo = "docker-image-pipeline" } } - -output "docker_repo" { - value = aws_ecr_repository.repo -} From 9335f7f0a75addd49e9a32a6fabe8e4340fe1167 Mon Sep 17 00:00:00 2001 From: arnol377 Date: Thu, 29 Aug 2024 12:08:55 -0400 Subject: [PATCH 08/10] updating --- docker.tf | 3 ++- linux.tf | 4 ++-- main.tf | 1 + rhel.tf | 18 +++++++++++++++--- 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/docker.tf b/docker.tf index 57d7a85..76101f8 100644 --- a/docker.tf +++ b/docker.tf @@ -47,6 +47,7 @@ module "docker" { } ] packer_source_type = "S3" + packer_config = "docker-base.pkr.hcl" packer_bucket = { name = aws_s3_bucket.assets_bucket.bucket key = "docker-image-pipeline.zip" @@ -57,13 +58,13 @@ module "docker" { key = "image-pipeline-ansible-playbooks.zip" } playbook = "ubuntu-base.yaml" + goss_profile = "docker-base" goss_source_type = "S3" goss_bucket = { name = aws_s3_bucket.assets_bucket.bucket key = "image-pipeline-goss-testing.zip" } docker_test_enabled = true - goss_profile = "docker-base" state = local.state_config vpc_config = local.vpc_config image = { diff --git a/linux.tf b/linux.tf index 33cc29c..3ac0db6 100644 --- a/linux.tf +++ b/linux.tf @@ -50,8 +50,8 @@ output "linux_iam_arn" { value = module.amazon_linux.iam_arn } -output "linux_parameters" { - value = keys(module.amazon_linux.parameters) +output "linux_managed_parameters" { + value = keys(module.amazon_linux.managed_parameters) sensitive = true } diff --git a/main.tf b/main.tf index e77926c..34bd02d 100644 --- a/main.tf +++ b/main.tf @@ -20,6 +20,7 @@ data "aws_iam_policy_document" "assets_bucket_policy_document" { type = "AWS" identifiers = [ module.amazon_linux.iam_arn, + module.rhel.iam_arn, module.docker.iam_arn ] } diff --git a/rhel.tf b/rhel.tf index 0b2e5bf..86a043b 100644 --- a/rhel.tf +++ b/rhel.tf @@ -18,9 +18,21 @@ module "rhel" { type = "PLAINTEXT" } ] - packer_repo = data.aws_codecommit_repository.linux - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss + packer_source_type = "S3" + packer_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "linux-image-pipeline.zip" + } + ansible_source_type = "S3" + ansible_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-ansible-playbooks.zip" + } + goss_source_type = "S3" + goss_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-goss-testing.zip" + } goss_profile = "rhel-base-test" # goss_profile = "base-test" state = local.state_config From fc341b68f91e4ecd71bccf54287e8061ae54b2ac Mon Sep 17 00:00:00 2001 From: arnol377 Date: Fri, 30 Aug 2024 12:16:22 -0400 Subject: [PATCH 09/10] Autoformatting TF Code --- docker.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docker.tf b/docker.tf index 76101f8..64ca39a 100644 --- a/docker.tf +++ b/docker.tf @@ -47,7 +47,7 @@ module "docker" { } ] packer_source_type = "S3" - packer_config = "docker-base.pkr.hcl" + packer_config = "docker-base.pkr.hcl" packer_bucket = { name = aws_s3_bucket.assets_bucket.bucket key = "docker-image-pipeline.zip" @@ -58,7 +58,7 @@ module "docker" { key = "image-pipeline-ansible-playbooks.zip" } playbook = "ubuntu-base.yaml" - goss_profile = "docker-base" + goss_profile = "docker-base" goss_source_type = "S3" goss_bucket = { name = aws_s3_bucket.assets_bucket.bucket @@ -73,8 +73,8 @@ module "docker" { source_tag = "24.10" source_docker_repo = "docker-image-pipeline" # destination image metadata - dest_image = "pipeline-test" - dest_tag = "latest" - dest_docker_repo = "docker-image-pipeline" + dest_image = "pipeline-test" + dest_tag = "latest" + dest_docker_repo = "docker-image-pipeline" } } From e465c10eac293433e6dbf88c2831abb157cdf7f6 Mon Sep 17 00:00:00 2001 From: arnol377 Date: Fri, 30 Aug 2024 12:19:28 -0400 Subject: [PATCH 10/10] adding build_user --- .terraform.lock.hcl | 34 +++++++++++++++++----------------- docker.tf | 10 +++++----- linux.tf | 1 + main.tf | 21 +++++++++++++++++++++ 4 files changed, 44 insertions(+), 22 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index d4cb985..d76d788 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,25 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.64.0" - constraints = ">= 3.0.0, >= 4.20.1" + version = "5.65.0" + constraints = ">= 4.20.1" hashes = [ - "h1:Xasb457vfMG/1SGu6KSApCzAqUHMlsL028OQu3dZVv8=", - "zh:1d361f8062c68c9d5ac14b0aa8390709542129b8a9b258e61bbbabc706078b44", - "zh:39dcbf53e3896bdd77071384c8fad4a5862c222c73f3bcf356aca488101f22fd", - "zh:3fad63505f0c5b6f01cc9a6ef02b2226983b79424126a9caf6eb724f654299f4", - "zh:53a8b90d00829cc27e3171a13a8ff1404ee0ea018e73f31d3f916d246cc39613", - "zh:5734c25ef5a04b40f3c1ac5f817f11e42ee3328f74dbc141c0e64afbb0acc834", - "zh:66ea14dbd87f291ce4a877123363933d3ca4022f209f885807a6689c22c24e80", - "zh:68e79654ad0894a3d93134c3377748ace3058d5fad5ec09d1e9a8f8f9b8a47ea", - "zh:7b74259d0ceef0c49cea6bcd171df997b6bad141085bbadded15b440faeb0eee", - "zh:988ebfb5d115dc57070b5abf2e4200ad49cde535f27fd2ba5e34cf9ab336a57f", + "h1:LTqvpg2APqTRPmQIkOAFwn7Q8rXTXazDXIBaYSfLIm4=", + "zh:036f8557c8c9b58656e1ec08ed5702e44bd338fda17dc4b2add40b234102e29a", + "zh:0ba0708ece98735540070899a916b7a90c5c887be31ffd693ee1359e40245978", + "zh:12d82a82ae0e3bc580f2be961078e89d129e12df7dd82a6ec610a2b945bba1a4", + "zh:1ed0ee17df8807aef64976e2a4276d2a3e1d54efeae2a86f596d12eccb94dc83", + "zh:36b7c61a83d24f612156b4648027ba8bd5727f0ed57183cbad0e6c93b7503aa2", + "zh:496d06a089b1bc8d60995e8dddfe1d87c605a208f377a60b17987e89381dafda", + "zh:4e9aba435994589befe4279927c71a461a52e6cd96b8f0437295c18c50f6baff", + "zh:71134031288a312db1804d4798b10f106a843c36aafd7b8fe8f4859156d7df93", + "zh:748d0dbdfbe8df4b516a09b23b3981c19cef9a255c1ca0187e84ab424e6bd845", + "zh:783541ff77f4e7c74c817e0e2989ebdb45dd6e2c9853a8cccbcf5f1976736a76", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a0a2d4efe2835f0101a0a5024e044a3f28c00e10a8d87fce89c707ef6db75cea", - "zh:aecb3e4b9121771dee9cac7975bf5d0657b5f3e8b57788c455beaeb0f3c48d93", - "zh:d2d3393170b8ef761d3146f39f6788c4a3e876e6c5d4cedca4870c2680688ae6", - "zh:daba5a005c1baa4a5eefbfb86d43ccf880eb5b42e8136f0d932f55886d72bda0", - "zh:de16a6ff3baacdaf9609a0a89aa1913fc19cccaf5ee0fc1c49c5a075baa47c02", + "zh:af3f080975d5ed79917b8238cc0ae3150da688bc89e12dcc3ee85134b29857d0", + "zh:ec542372c3ffbfc3df6966f77357f8af7319d4bd956ff8e9fde0bbd124352e34", + "zh:f3dc7b2b5b55173207c2fd35ed6bb8cc66b06af777e221060ca2f0c0afdecbb5", + "zh:f9631ecc21d6e5cf82ef6ef8d14c39e1dfb2a52cc8f0abb684311885ffdb79a1", ] } diff --git a/docker.tf b/docker.tf index 76101f8..64ca39a 100644 --- a/docker.tf +++ b/docker.tf @@ -47,7 +47,7 @@ module "docker" { } ] packer_source_type = "S3" - packer_config = "docker-base.pkr.hcl" + packer_config = "docker-base.pkr.hcl" packer_bucket = { name = aws_s3_bucket.assets_bucket.bucket key = "docker-image-pipeline.zip" @@ -58,7 +58,7 @@ module "docker" { key = "image-pipeline-ansible-playbooks.zip" } playbook = "ubuntu-base.yaml" - goss_profile = "docker-base" + goss_profile = "docker-base" goss_source_type = "S3" goss_bucket = { name = aws_s3_bucket.assets_bucket.bucket @@ -73,8 +73,8 @@ module "docker" { source_tag = "24.10" source_docker_repo = "docker-image-pipeline" # destination image metadata - dest_image = "pipeline-test" - dest_tag = "latest" - dest_docker_repo = "docker-image-pipeline" + dest_image = "pipeline-test" + dest_tag = "latest" + dest_docker_repo = "docker-image-pipeline" } } diff --git a/linux.tf b/linux.tf index 3ac0db6..85ee8a5 100644 --- a/linux.tf +++ b/linux.tf @@ -13,6 +13,7 @@ module "amazon_linux" { ssh_user = "ec2-user" terraform_version = "1.8.5" build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + build_user_iam_policy = data.aws_iam_policy_document.build_user_policy_document.json build_environment_variables = [ for proxy_var in keys(local.proxy_env_vars) : { diff --git a/main.tf b/main.tf index 34bd02d..3652db5 100644 --- a/main.tf +++ b/main.tf @@ -44,6 +44,27 @@ data "aws_iam_policy_document" "assets_bucket_policy_document" { } +data "aws_iam_policy_document" "build_user_policy_document" { + statement { + actions = [ + "s3:Get*", + "s3:List*", + "s3:ReplicateObject", + "s3:PutObject", + "s3:RestoreObject", + "s3:PutObjectVersionTagging", + "s3:PutObjectTagging", + "s3:PutObjectAcl" + ] + + resources = [ + aws_s3_bucket.assets_bucket.arn, + "${aws_s3_bucket.assets_bucket.arn}/*", + ] + } +} + + resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" { for_each = tomap({ state_bucket = aws_s3_bucket.state_bucket.bucket