Linux pipeline s3 source

docker.tf

@@ -1,42 +1,36 @@
-resource "aws_ecr_repository" "repo" {
-  name                 = "csvd-census-docker-repo"
-  image_tag_mutability = "MUTABLE"
-
-  image_scanning_configuration {
-    scan_on_push = true
-  }
-}
-
 locals {
+  # public.ecr.aws/ubuntu/nginx:1.18-20.04_beta
+  # public.ecr.aws/ubuntu/ubuntu:22.04_edge
+  # public.ecr.aws/ubuntu/ubuntu:24.10
+  ubuntu_images = [
+    "22.04_edge", "23.10", "24.10", "22.04_stable"
+  ]
   image_config = [
-    {
+    for image in local.ubuntu_images : {
       enabled         = true
       dest_path       = null
-      name            = "ubuntu/ubuntu"
+      name            = "ubuntu"
       source_image    = "ubuntu/ubuntu"
       source_registry = "public.ecr.aws"
-      source_tag      = "edge"
-      tag             = "edge"
-    },
+      source_tag      = image
+      tag             = image
+    }
   ]
 }
 
-module "images" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade"
-
-  profile = "docker-image-pipeline"
+module "ecr-clone" {
+  source           = "HappyPathway/ecr-clone/aws"
   application_name = "docker-image-pipeline"
-  image_config     = local.image_config
-  tags             = {}
-
-  enable_lifecycle_policy = true
-  lifecycle_policy_all    = true
-  force_delete            = true
+  application_list = [
+    "pipeline-test"
+  ]
+  image_config = local.image_config
+  tags         = {}
 }
 
 module "docker" {
   source                    = "HappyPathway/image-pipeline/aws"
-  project_name              = "docker-image-pipeline"
+  project_name              = "pipeline-test"
   builder_image             = "aws/codebuild/standard:7.0"
   create_new_repo           = false
   create_new_role           = true
@@ -53,6 +47,7 @@ module "docker" {
     }
   ]
   packer_source_type = "S3"
+  packer_config      = "docker-base.pkr.hcl"
   packer_bucket = {
     name = aws_s3_bucket.assets_bucket.bucket
     key  = "docker-image-pipeline.zip"
@@ -62,22 +57,24 @@ module "docker" {
     name = aws_s3_bucket.assets_bucket.bucket
     key  = "image-pipeline-ansible-playbooks.zip"
   }
-  playbook         = "hello-world.yaml"
+  playbook         = "ubuntu-base.yaml"
+  goss_profile     = "docker-base"
   goss_source_type = "S3"
   goss_bucket = {
     name = aws_s3_bucket.assets_bucket.bucket
     key  = "image-pipeline-goss-testing.zip"
   }
-  goss_profile = "base-test"
-  state        = local.state_config
-  vpc_config   = local.vpc_config
+  docker_test_enabled = true
+  state               = local.state_config
+  vpc_config          = local.vpc_config
   image = {
-    repo         = aws_ecr_repository.repo.name
-    tag          = "latest"
-    source_image = "public.ecr.aws/ubuntu/ubuntu:edge"
+    # source image metadata 
+    source_image       = "ubuntu"
+    source_tag         = "24.10"
+    source_docker_repo = "docker-image-pipeline"
+    # destination image metadata
+    dest_image       = "pipeline-test"
+    dest_tag         = "latest"
+    dest_docker_repo = "docker-image-pipeline"
   }
 }
-
-output docker_repo {
-  value = aws_ecr_repository.repo
-}

linux.tf

@@ -13,6 +13,7 @@ module "amazon_linux" {
   ssh_user                  = "ec2-user"
   terraform_version         = "1.8.5"
   build_permissions_iam_doc = data.aws_iam_policy_document.s3_access
+  build_user_iam_policy     = data.aws_iam_policy_document.build_user_policy_document.json
   build_environment_variables = [
     for proxy_var in keys(local.proxy_env_vars) :
     {
@@ -50,8 +51,8 @@ output "linux_iam_arn" {
   value = module.amazon_linux.iam_arn
 }
 
-output "linux_parameters" {
-  value     = keys(module.amazon_linux.parameters)
+output "linux_managed_parameters" {
+  value     = keys(module.amazon_linux.managed_parameters)
   sensitive = true
 }
 

main.tf

@@ -20,6 +20,7 @@ data "aws_iam_policy_document" "assets_bucket_policy_document" {
       type = "AWS"
       identifiers = [
         module.amazon_linux.iam_arn,
+        module.rhel.iam_arn,
         module.docker.iam_arn
       ]
     }
@@ -43,6 +44,27 @@ data "aws_iam_policy_document" "assets_bucket_policy_document" {
 }
 
 
+data "aws_iam_policy_document" "build_user_policy_document" {
+  statement {
+    actions = [
+      "s3:Get*",
+      "s3:List*",
+      "s3:ReplicateObject",
+      "s3:PutObject",
+      "s3:RestoreObject",
+      "s3:PutObjectVersionTagging",
+      "s3:PutObjectTagging",
+      "s3:PutObjectAcl"
+    ]
+
+    resources = [
+      aws_s3_bucket.assets_bucket.arn,
+      "${aws_s3_bucket.assets_bucket.arn}/*",
+    ]
+  }
+}
+
+
 resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" {
   for_each = tomap({
     state_bucket  = aws_s3_bucket.state_bucket.bucket

rhel.tf

@@ -18,9 +18,21 @@ module "rhel" {
       type  = "PLAINTEXT"
     }
   ]
-  packer_repo  = data.aws_codecommit_repository.linux
-  ansible_repo = data.aws_codecommit_repository.ansible
-  goss_repo    = data.aws_codecommit_repository.goss
+  packer_source_type = "S3"
+  packer_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "linux-image-pipeline.zip"
+  }
+  ansible_source_type = "S3"
+  ansible_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "image-pipeline-ansible-playbooks.zip"
+  }
+  goss_source_type = "S3"
+  goss_bucket = {
+    name = aws_s3_bucket.assets_bucket.bucket
+    key  = "image-pipeline-goss-testing.zip"
+  }
   goss_profile = "rhel-base-test"
   # goss_profile  = "base-test"
   state      = local.state_config