From a739459a52c991fd9fe69d6ae55e161f8c511eed Mon Sep 17 00:00:00 2001 From: David Rogers Date: Wed, 2 Dec 2020 22:19:07 -0800 Subject: [PATCH 1/2] [1/2] Allow Gitlab to deploy DataBrowser/DataPortal to `prod` (HumanCellAtlas/data-browser#1393) --- terraform/gitlab/gitlab.tf.json.template.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/terraform/gitlab/gitlab.tf.json.template.py b/terraform/gitlab/gitlab.tf.json.template.py index 29e9065bb1..a893ad38b8 100644 --- a/terraform/gitlab/gitlab.tf.json.template.py +++ b/terraform/gitlab/gitlab.tf.json.template.py @@ -529,10 +529,10 @@ def remove_inconsequential_statements(statements: List[JSON]) -> List[JSON]: "s3:PutObjectAcl" ], "resources": [ - "arn:aws:s3:::dev.singlecell.gi.ucsc.edu/*", - "arn:aws:s3:::dev.explore.singlecell.gi.ucsc.edu/*", - "arn:aws:s3:::dev.explore.singlecell.gi.ucsc.edu", - "arn:aws:s3:::dev.singlecell.gi.ucsc.edu" + "arn:aws:s3:::org-humancellatlas-data-portal-dcp2-prod/*", + "arn:aws:s3:::org-humancellatlas-data-browser-dcp2-prod/*", + "arn:aws:s3:::org-humancellatlas-data-browser-dcp2-prod", + "arn:aws:s3:::org-humancellatlas-data-portal-dcp2-prod" ] }, { @@ -540,10 +540,10 @@ def remove_inconsequential_statements(statements: List[JSON]) -> List[JSON]: "cloudfront:CreateInvalidation" ], "resources": [ - "arn:aws:cloudfront::122796619775:distribution/E3562WJBOLN8W8" + "arn:aws:cloudfront::122796619775:distribution/E1LYQC3LZXO7M3" ] } - ] if config.domain_name == 'dev.singlecell.gi.ucsc.edu' else [ + ] if config.domain_name == 'dcp2.data.humancellatlas.org' or config.domain_name == 'data.humancellatlas.org' else [ ] ) ] From b0bedd673e88401da077d3519ec604f649d074f5 Mon Sep 17 00:00:00 2001 From: Hannes Schmidt Date: Thu, 3 Dec 2020 18:00:42 -0800 Subject: [PATCH 2/2] [2/2] Allow Gitlab to deploy DataBrowser/DataPortal to `prod` (HumanCellAtlas/data-browser#1393) --- terraform/gitlab/gitlab.tf.json.template.py | 26 ++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/terraform/gitlab/gitlab.tf.json.template.py b/terraform/gitlab/gitlab.tf.json.template.py index a893ad38b8..21520ca7b7 100644 --- a/terraform/gitlab/gitlab.tf.json.template.py +++ b/terraform/gitlab/gitlab.tf.json.template.py @@ -520,6 +520,30 @@ def remove_inconsequential_statements(statements: List[JSON]) -> List[JSON]: *( # Permissions required to deploy Data Browser and Portal [ + { + "actions": [ + "s3:PutObject", + "s3:GetObject", + "s3:ListBucket", + "s3:DeleteObject", + "s3:PutObjectAcl" + ], + "resources": [ + "arn:aws:s3:::dev.singlecell.gi.ucsc.edu/*", + "arn:aws:s3:::dev.explore.singlecell.gi.ucsc.edu/*", + "arn:aws:s3:::dev.explore.singlecell.gi.ucsc.edu", + "arn:aws:s3:::dev.singlecell.gi.ucsc.edu" + ] + }, + { + "actions": [ + "cloudfront:CreateInvalidation" + ], + "resources": [ + "arn:aws:cloudfront::122796619775:distribution/E3562WJBOLN8W8" + ] + } + ] if config.domain_name == 'dev.singlecell.gi.ucsc.edu' else [ { "actions": [ "s3:PutObject", @@ -543,7 +567,7 @@ def remove_inconsequential_statements(statements: List[JSON]) -> List[JSON]: "arn:aws:cloudfront::122796619775:distribution/E1LYQC3LZXO7M3" ] } - ] if config.domain_name == 'dcp2.data.humancellatlas.org' or config.domain_name == 'data.humancellatlas.org' else [ + ] if config.domain_name == 'azul.data.humancellatlas.org' else [ ] ) ]