From 4dc4f3401b01c17ba5c1ce39482180d7eed77a3d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 21 Apr 2025 23:43:13 -0400 Subject: [PATCH] use the right gatekeeper --- .github/platform-tg-infra.code-workspace | 4 +- .../eks-gatekeeper/terragrunt.hcl | 58 +++++++++---------- .../eks-keycloak/terragrunt.hcl | 1 + 3 files changed, 30 insertions(+), 33 deletions(-) diff --git a/.github/platform-tg-infra.code-workspace b/.github/platform-tg-infra.code-workspace index 8409f19..8864dc1 100644 --- a/.github/platform-tg-infra.code-workspace +++ b/.github/platform-tg-infra.code-workspace @@ -33,8 +33,8 @@ "path": "../../tfmod-esri-arcgis" }, { - "name": "tfmod-gogatekeeper", - "path": "../../tfmod-gogatekeeper" + "name": "tfmod-gatekeeper", + "path": "../../tfmod-gatekeeper" }, { "name": "tfmod-grafana", diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gatekeeper/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gatekeeper/terragrunt.hcl index a003842..791df0e 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gatekeeper/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gatekeeper/terragrunt.hcl @@ -16,7 +16,7 @@ exclude { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-gogatekeeper.git?ref=${include.root.inputs.release_version}" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-gatekeeper.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20s"] @@ -40,16 +40,15 @@ dependency "eks_dns" { } } -dependency "eks-grafana" { - config_path = "../eks-grafana" +dependency "eks_keycloak" { + config_path = "../eks-keycloak" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] mock_outputs = { - namespace = "telemetry" - internal_endpoint = { - hostname = "kubernetes-dashboard.telemetry.svc.cluster.local" - port_number = 80 - url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/" - } + user_auth_realm = "mock.keycloak.example.com/auth" + client_id = "mock-client-id" + client_secret = "mock-client-secret" + namespace = "keycloak" + user_secret = "user-sso" } } @@ -57,26 +56,26 @@ dependency "eks-k8s-dashboard" { config_path = "../eks-k8s-dashboard" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] mock_outputs = { - namespace = "telemetry" + namespace = "telemetry" internal_endpoint = { - hostname = "kubernetes-dashboard.telemetry.svc.cluster.local" + hostname = "kubernetes-dashboard.telemetry.svc.cluster.local" port_number = 80 - url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/" + url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/" } dashboard-user-token = "Iamanextremelylongstring" } } -dependency "eks_keycloak" { - config_path = "../eks-keycloak" +dependency "eks-grafana" { + config_path = "../eks-grafana" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] mock_outputs = { - client_id = "mock-client-id" - client_secret = "mock-client-secret" - namespace = "keycloak" - public_endpoint = "https://mock.mock.svc.cluster.local:80/" - user_auth_realm = "mock.keycloak.example.com/auth" - user_secret = "user-sso" + namespace = "telemetry" + internal_endpoint = { + hostname = "kubernetes-dashboard.telemetry.svc.cluster.local" + port_number = 80 + url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/" + } } } @@ -84,11 +83,11 @@ dependency "eks-kiali" { config_path = "../eks-kiali" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] mock_outputs = { - namespace = "istio-system" + namespace = "istio-system" internal_endpoint = { - hostname = "kiali.telemetry.svc.cluster.local" + hostname = "kiali.telemetry.svc.cluster.local" port_number = 80 - url = "http://kiali.telemetry.svc.cluster.local:80/" + url = "http://kiali.telemetry.svc.cluster.local:80/" } } } @@ -97,9 +96,9 @@ dependencies { paths = [ "../eks", "../eks-dns", - "../eks-grafana", - "../eks-k8s-dashboard", "../eks-keycloak", + "../eks-k8s-dashboard", + "../eks-grafana", "../eks-kiali", ] } @@ -118,13 +117,10 @@ inputs = { # Gatekeeper Standard Config client_id = dependency.eks_keycloak.outputs.client_id client_secret = dependency.eks_keycloak.outputs.client_secret - gogatekeeper_tag = include.root.inputs.gatekeeper_tag - gogatekeeper_chart_version = include.root.inputs.gatekeeper_chart_version - namespace = include.root.inputs.namespaces["gatekeeper"] - discovery_url = dependency.eks_keycloak.outputs.user_auth_realm - keycloak_public_url = dependency.eks_keycloak.outputs.public_endpoint + gatekeeper_tag = include.root.inputs.gatekeeper_tag + gatekeeper_chart_version = include.root.inputs.gatekeeper_chart_version + keycloak_fqdn = dependency.eks_keycloak.outputs.user_auth_realm keycloak_ns = dependency.eks_keycloak.outputs.namespace - service_name = include.root.inputs.gatekeeper_service_name user_secret = dependency.eks_keycloak.outputs.user_secret # Dashboard Gatekeeper Config diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl index c498000..5bd23c8 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl @@ -82,4 +82,5 @@ inputs = { keycloak_database = include.root.inputs.keycloak_database keycloak_user = include.root.inputs.keycloak_username keycloak_password = include.root.inputs.keycloak_password + }