chore: rename File Share service principal writers (jenkins-infra#754)

This PR renames existing resources to more descriptive/correct names to avoid mistakes and oversights.
jayfranco999 · Jun 26, 2024 · fff811f · fff811f
1 parent d37c0aa
commit fff811f
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 58 deletions.
diff --git a/infra.ci.jenkins.io.tf b/infra.ci.jenkins.io.tf
@@ -69,93 +69,105 @@ resource "azurerm_role_assignment" "infra_ci_jenkins_io_privatek8s_subnet_privat
 }
 
 # Required to allow azcopy sync of contributors.jenkins.io File Share
-module "infra_ci_jenkins_io_fileshare_serviceprincipal_writer" {
+moved {
+  from = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer
+  to   = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer
+}
+module "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer" {
   source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer"
 
   service_fqdn                   = "infra-ci-jenkins-io-fileshare_serviceprincipal_writer"
   active_directory_owners        = [data.azuread_service_principal.terraform_production.id]
   active_directory_url           = "https://github.com/jenkins-infra/azure"
-  service_principal_end_date     = local.end_dates.infra_ci_jenkins_io.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.end_date
+  service_principal_end_date     = local.end_dates.infra_ci_jenkins_io.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.end_date
   file_share_resource_manager_id = azurerm_storage_share.contributors_jenkins_io.resource_manager_id
   storage_account_id             = azurerm_storage_account.contributors_jenkins_io.id
   default_tags                   = local.default_tags
 }
-output "infra_ci_jenkins_io_fileshare_serviceprincipal_writer_id" {
-  value = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id
+output "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer_id" {
+  value = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id
 }
-output "infra_ci_jenkins_io_fileshare_serviceprincipal_writer_password" {
+output "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer_password" {
   sensitive = true
-  value     = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password
+  value     = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password
 }
-output "infra_ci_jenkins_io_fileshare_serviceprincipal_writer_application_client_id" {
-  value = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id
+output "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer_application_client_id" {
+  value = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id
 }
-output "infra_ci_jenkins_io_fileshare_serviceprincipal_writer_sp_id" {
-  value = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id
+output "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer_sp_id" {
+  value = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id
 }
-output "infra_ci_jenkins_io_fileshare_serviceprincipal_writer_sp_password" {
+output "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer_sp_password" {
   sensitive = true
-  value     = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password
+  value     = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password
 }
 
 # Required to allow azcopy sync of docs.jenkins.io File Share
-module "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer" {
+moved {
+  from = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer
+  to   = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer
+}
+module "infraci_docsjenkinsio_fileshare_serviceprincipal_writer" {
   source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer"
 
   service_fqdn                   = "infra-ci-jenkins-io-fileshare_serviceprincipal_writer"
   active_directory_owners        = [data.azuread_service_principal.terraform_production.id]
   active_directory_url           = "https://github.com/jenkins-infra/azure"
-  service_principal_end_date     = local.end_dates.infra_ci_jenkins_io.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.end_date
+  service_principal_end_date     = local.end_dates.infra_ci_jenkins_io.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.end_date
   file_share_resource_manager_id = azurerm_storage_share.docs_jenkins_io.resource_manager_id
   storage_account_id             = azurerm_storage_account.docs_jenkins_io.id
   default_tags                   = local.default_tags
 }
-output "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer_id" {
-  value = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id
+output "infraci_docsjenkinsio_fileshare_serviceprincipal_writer_id" {
+  value = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id
 }
-output "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer_password" {
+output "infraci_docsjenkinsio_fileshare_serviceprincipal_writer_password" {
   sensitive = true
-  value     = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password
+  value     = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password
 }
-output "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer_application_client_id" {
-  value = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id
+output "infraci_docsjenkinsio_fileshare_serviceprincipal_writer_application_client_id" {
+  value = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id
 }
-output "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer_sp_id" {
-  value = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id
+output "infraci_docsjenkinsio_fileshare_serviceprincipal_writer_sp_id" {
+  value = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id
 }
-output "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer_sp_password" {
+output "infraci_docsjenkinsio_fileshare_serviceprincipal_writer_sp_password" {
   sensitive = true
-  value     = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password
+  value     = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password
 }
 
 # Required to allow azcopy sync of stats.jenkins.io File Share
-module "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer" {
+moved {
+  from = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer
+  to   = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer
+}
+module "infraci_statsjenkinsio_fileshare_serviceprincipal_writer" {
   source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer"
 
   service_fqdn                   = "infra-ci-jenkins-io-fileshare_serviceprincipal_writer"
   active_directory_owners        = [data.azuread_service_principal.terraform_production.id]
   active_directory_url           = "https://github.com/jenkins-infra/azure"
-  service_principal_end_date     = local.end_dates.infra_ci_jenkins_io.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.end_date
+  service_principal_end_date     = local.end_dates.infra_ci_jenkins_io.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.end_date
   file_share_resource_manager_id = azurerm_storage_share.stats_jenkins_io.resource_manager_id
   storage_account_id             = azurerm_storage_account.stats_jenkins_io.id
   default_tags                   = local.default_tags
 }
-output "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer_id" {
-  value = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id
+output "infraci_statsjenkinsio_fileshare_serviceprincipal_writer_id" {
+  value = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id
 }
-output "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer_password" {
+output "infraci_statsjenkinsio_fileshare_serviceprincipal_writer_password" {
   sensitive = true
-  value     = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password
+  value     = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password
 }
-output "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer_application_client_id" {
-  value = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id
+output "infraci_statsjenkinsio_fileshare_serviceprincipal_writer_application_client_id" {
+  value = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id
 }
-output "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer_sp_id" {
-  value = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id
+output "infraci_statsjenkinsio_fileshare_serviceprincipal_writer_sp_id" {
+  value = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id
 }
-output "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer_sp_password" {
+output "infraci_statsjenkinsio_fileshare_serviceprincipal_writer_sp_password" {
   sensitive = true
-  value     = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password
+  value     = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password
 }
 
 locals {

diff --git a/trusted.ci.jenkins.io.tf b/trusted.ci.jenkins.io.tf
@@ -73,42 +73,51 @@ module "trusted_ci_jenkins_io_azurevm_agents" {
   }
 }
 
-# Required to allow azcopy sync of updates.jenkins.io File Share with the permanent agent
-module "trusted_ci_jenkins_io_fileshare_serviceprincipal_writer" {
+# Required to allow azcopy sync of updates.jenkins.io File Share (content) with the permanent agent
+moved {
+  from = module.trusted_ci_jenkins_io_fileshare_serviceprincipal_writer
+  to   = module.trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer
+}
+module "trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer" {
   source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer"
 
   service_fqdn                   = "${module.trusted_ci_jenkins_io.service_fqdn}-fileshare_serviceprincipal_writer"
   active_directory_owners        = [data.azuread_service_principal.terraform_production.id]
   active_directory_url           = "https://github.com/jenkins-infra/azure"
-  service_principal_end_date     = local.end_dates.trusted_ci_jenkins_io.trusted_ci_jenkins_io_fileshare_serviceprincipal_writer.end_date
+  service_principal_end_date     = local.end_dates.trusted_ci_jenkins_io.trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer.end_date
   file_share_resource_manager_id = azurerm_storage_share.updates_jenkins_io.resource_manager_id
   storage_account_id             = azurerm_storage_account.updates_jenkins_io.id
   default_tags                   = local.default_tags
 }
-module "trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer" {
+output "trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer_client_id" {
+  value = module.trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id
+}
+output "trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer_client_secret" {
+  sensitive = true
+  value     = module.trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password
+}
+# Required to allow azcopy sync of updates.jenkins.io File Share (redirections) with the permanent agent
+moved {
+  from = module.trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer
+  to   = module.trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer
+}
+module "trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer" {
   source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer"
 
   service_fqdn                   = "${module.trusted_ci_jenkins_io.service_fqdn}-fileshare_serviceprincipal_writer-httpd"
   active_directory_owners        = [data.azuread_service_principal.terraform_production.id]
   active_directory_url           = "https://github.com/jenkins-infra/azure"
-  service_principal_end_date     = local.end_dates.trusted_ci_jenkins_io.trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer.end_date
+  service_principal_end_date     = local.end_dates.trusted_ci_jenkins_io.trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer.end_date
   file_share_resource_manager_id = azurerm_storage_share.updates_jenkins_io_httpd.resource_manager_id
   storage_account_id             = azurerm_storage_account.updates_jenkins_io.id
   default_tags                   = local.default_tags
 }
-output "trusted_ci_jenkins_io_uc_content_fileshare_client_id" {
-  value = module.trusted_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id
-}
-output "trusted_ci_jenkins_io_uc_content_fileshare_client_secret" {
-  sensitive = true
-  value     = module.trusted_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password
-}
-output "trusted_ci_jenkins_io_uc_redirections_fileshare_client_id" {
-  value = module.trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id
+output "trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer_client_id" {
+  value = module.trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id
 }
-output "trusted_ci_jenkins_io_uc_redirections_fileshare_client_secret" {
+output "trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer_client_secret" {
   sensitive = true
-  value     = module.trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password
+  value     = module.trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password
 }
 
 # Required to allow azcopy sync of jenkins.io File Share
@@ -138,7 +147,7 @@ module "trustedci_javadocjenkinsio_fileshare_serviceprincipal_writer" {
   service_fqdn                   = "trustedci-javadocjenkinsio-fileshare_serviceprincipal_writer"
   active_directory_owners        = [data.azuread_service_principal.terraform_production.id]
   active_directory_url           = "https://github.com/jenkins-infra/azure"
-  service_principal_end_date     = "2024-07-28T00:00:00Z"
+  service_principal_end_date     = local.end_dates.trusted_ci_jenkins_io.trustedci_javadocjenkinsio_fileshare_serviceprincipal_writer.end_date
   file_share_resource_manager_id = azurerm_storage_share.javadoc_jenkins_io.resource_manager_id
   storage_account_id             = azurerm_storage_account.javadoc_jenkins_io.id
   default_tags                   = local.default_tags

diff --git a/updatecli/values.yaml b/updatecli/values.yaml
@@ -8,28 +8,28 @@ github:
 # Also used by terraform in locals.tf
 end_dates:
   infra_ci_jenkins_io:
-    infra_ci_jenkins_io_fileshare_serviceprincipal_writer:
+    infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer:
       end_date: 2024-09-22T00:00:00Z
       service: "contributors.jenkins.io"
       secret: "CONTRIBUTORS_SERVICE_PRINCIPAL_WRITER_CLIENT_SECRET"
-    infraci_docs_jenkins_io_fileshare_serviceprincipal_writer:
+    infraci_docsjenkinsio_fileshare_serviceprincipal_writer:
       end_date: "2024-08-07T23:00:00Z"
       service: "docs.jenkins.io"
       secret: "DOCS_SERVICE_PRINCIPAL_WRITER_CLIENT_SECRET"
     infraci_pluginsjenkinsio_fileshare_serviceprincipal_writer:
       end_date: "2024-07-27T00:00:00Z"
       service: "plugins.jenkins.io"
       secret: "INFRACI_PLUGINSJENKINSIO_FILESHARE_SERVICE_PRINCIPAL_WRITER_PASSWORD"
-    infraci_stats_jenkins_io_fileshare_serviceprincipal_writer:
+    infraci_statsjenkinsio_fileshare_serviceprincipal_writer:
       end_date: "2024-09-19T23:00:00Z"
       service: "stats.jenkins.io"
       secret: "STATS_SERVICE_PRINCIPAL_WRITER_CLIENT_SECRET"
   trusted_ci_jenkins_io:
-    trusted_ci_jenkins_io_fileshare_serviceprincipal_writer:
+    trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer:
       end_date: 2024-09-22T00:00:00Z
       service: "updates.jenkins.io"
       secret: "TODO: to be identified, related to updates.jenkins.io"
-    trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer:
+    trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer:
       end_date: 2024-09-22T00:00:00Z
       service: "updates.jenkins.io (httpd)"
       secret: "TODO: to be identified, related to updates.jenkins.io (httpd)"