From fff811fac01579dffcb7b07d20acb40a2f6d6b2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Le=20Meur?= <91831478+lemeurherve@users.noreply.github.com> Date: Wed, 26 Jun 2024 12:01:48 +0200 Subject: [PATCH] chore: rename File Share service principal writers (#754) This PR renames existing resources to more descriptive/correct names to avoid mistakes and oversights. --- infra.ci.jenkins.io.tf | 84 +++++++++++++++++++++++----------------- trusted.ci.jenkins.io.tf | 43 ++++++++++++-------- updatecli/values.yaml | 10 ++--- 3 files changed, 79 insertions(+), 58 deletions(-) diff --git a/infra.ci.jenkins.io.tf b/infra.ci.jenkins.io.tf index dc37e569..d8a7e20c 100644 --- a/infra.ci.jenkins.io.tf +++ b/infra.ci.jenkins.io.tf @@ -69,93 +69,105 @@ resource "azurerm_role_assignment" "infra_ci_jenkins_io_privatek8s_subnet_privat } # Required to allow azcopy sync of contributors.jenkins.io File Share -module "infra_ci_jenkins_io_fileshare_serviceprincipal_writer" { +moved { + from = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer + to = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer +} +module "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "infra-ci-jenkins-io-fileshare_serviceprincipal_writer" active_directory_owners = [data.azuread_service_principal.terraform_production.id] active_directory_url = "https://github.com/jenkins-infra/azure" - service_principal_end_date = local.end_dates.infra_ci_jenkins_io.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.end_date + service_principal_end_date = local.end_dates.infra_ci_jenkins_io.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.end_date file_share_resource_manager_id = azurerm_storage_share.contributors_jenkins_io.resource_manager_id storage_account_id = azurerm_storage_account.contributors_jenkins_io.id default_tags = local.default_tags } -output "infra_ci_jenkins_io_fileshare_serviceprincipal_writer_id" { - value = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id +output "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer_id" { + value = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id } -output "infra_ci_jenkins_io_fileshare_serviceprincipal_writer_password" { +output "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer_password" { sensitive = true - value = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password + value = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password } -output "infra_ci_jenkins_io_fileshare_serviceprincipal_writer_application_client_id" { - value = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id +output "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer_application_client_id" { + value = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id } -output "infra_ci_jenkins_io_fileshare_serviceprincipal_writer_sp_id" { - value = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id +output "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer_sp_id" { + value = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id } -output "infra_ci_jenkins_io_fileshare_serviceprincipal_writer_sp_password" { +output "infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer_sp_password" { sensitive = true - value = module.infra_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password + value = module.infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password } # Required to allow azcopy sync of docs.jenkins.io File Share -module "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer" { +moved { + from = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer + to = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer +} +module "infraci_docsjenkinsio_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "infra-ci-jenkins-io-fileshare_serviceprincipal_writer" active_directory_owners = [data.azuread_service_principal.terraform_production.id] active_directory_url = "https://github.com/jenkins-infra/azure" - service_principal_end_date = local.end_dates.infra_ci_jenkins_io.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.end_date + service_principal_end_date = local.end_dates.infra_ci_jenkins_io.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.end_date file_share_resource_manager_id = azurerm_storage_share.docs_jenkins_io.resource_manager_id storage_account_id = azurerm_storage_account.docs_jenkins_io.id default_tags = local.default_tags } -output "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer_id" { - value = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id +output "infraci_docsjenkinsio_fileshare_serviceprincipal_writer_id" { + value = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id } -output "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer_password" { +output "infraci_docsjenkinsio_fileshare_serviceprincipal_writer_password" { sensitive = true - value = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password + value = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password } -output "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer_application_client_id" { - value = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id +output "infraci_docsjenkinsio_fileshare_serviceprincipal_writer_application_client_id" { + value = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id } -output "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer_sp_id" { - value = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id +output "infraci_docsjenkinsio_fileshare_serviceprincipal_writer_sp_id" { + value = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id } -output "infraci_docs_jenkins_io_fileshare_serviceprincipal_writer_sp_password" { +output "infraci_docsjenkinsio_fileshare_serviceprincipal_writer_sp_password" { sensitive = true - value = module.infraci_docs_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password + value = module.infraci_docsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password } # Required to allow azcopy sync of stats.jenkins.io File Share -module "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer" { +moved { + from = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer + to = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer +} +module "infraci_statsjenkinsio_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "infra-ci-jenkins-io-fileshare_serviceprincipal_writer" active_directory_owners = [data.azuread_service_principal.terraform_production.id] active_directory_url = "https://github.com/jenkins-infra/azure" - service_principal_end_date = local.end_dates.infra_ci_jenkins_io.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.end_date + service_principal_end_date = local.end_dates.infra_ci_jenkins_io.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.end_date file_share_resource_manager_id = azurerm_storage_share.stats_jenkins_io.resource_manager_id storage_account_id = azurerm_storage_account.stats_jenkins_io.id default_tags = local.default_tags } -output "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer_id" { - value = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id +output "infraci_statsjenkinsio_fileshare_serviceprincipal_writer_id" { + value = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_id } -output "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer_password" { +output "infraci_statsjenkinsio_fileshare_serviceprincipal_writer_password" { sensitive = true - value = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password + value = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password } -output "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer_application_client_id" { - value = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id +output "infraci_statsjenkinsio_fileshare_serviceprincipal_writer_application_client_id" { + value = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id } -output "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer_sp_id" { - value = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id +output "infraci_statsjenkinsio_fileshare_serviceprincipal_writer_sp_id" { + value = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_id } -output "infraci_stats_jenkins_io_fileshare_serviceprincipal_writer_sp_password" { +output "infraci_statsjenkinsio_fileshare_serviceprincipal_writer_sp_password" { sensitive = true - value = module.infraci_stats_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password + value = module.infraci_statsjenkinsio_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_sp_password } locals { diff --git a/trusted.ci.jenkins.io.tf b/trusted.ci.jenkins.io.tf index a04deed1..af5aa40c 100644 --- a/trusted.ci.jenkins.io.tf +++ b/trusted.ci.jenkins.io.tf @@ -73,42 +73,51 @@ module "trusted_ci_jenkins_io_azurevm_agents" { } } -# Required to allow azcopy sync of updates.jenkins.io File Share with the permanent agent -module "trusted_ci_jenkins_io_fileshare_serviceprincipal_writer" { +# Required to allow azcopy sync of updates.jenkins.io File Share (content) with the permanent agent +moved { + from = module.trusted_ci_jenkins_io_fileshare_serviceprincipal_writer + to = module.trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer +} +module "trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "${module.trusted_ci_jenkins_io.service_fqdn}-fileshare_serviceprincipal_writer" active_directory_owners = [data.azuread_service_principal.terraform_production.id] active_directory_url = "https://github.com/jenkins-infra/azure" - service_principal_end_date = local.end_dates.trusted_ci_jenkins_io.trusted_ci_jenkins_io_fileshare_serviceprincipal_writer.end_date + service_principal_end_date = local.end_dates.trusted_ci_jenkins_io.trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer.end_date file_share_resource_manager_id = azurerm_storage_share.updates_jenkins_io.resource_manager_id storage_account_id = azurerm_storage_account.updates_jenkins_io.id default_tags = local.default_tags } -module "trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer" { +output "trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer_client_id" { + value = module.trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id +} +output "trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer_client_secret" { + sensitive = true + value = module.trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password +} +# Required to allow azcopy sync of updates.jenkins.io File Share (redirections) with the permanent agent +moved { + from = module.trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer + to = module.trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer +} +module "trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer" { source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer" service_fqdn = "${module.trusted_ci_jenkins_io.service_fqdn}-fileshare_serviceprincipal_writer-httpd" active_directory_owners = [data.azuread_service_principal.terraform_production.id] active_directory_url = "https://github.com/jenkins-infra/azure" - service_principal_end_date = local.end_dates.trusted_ci_jenkins_io.trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer.end_date + service_principal_end_date = local.end_dates.trusted_ci_jenkins_io.trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer.end_date file_share_resource_manager_id = azurerm_storage_share.updates_jenkins_io_httpd.resource_manager_id storage_account_id = azurerm_storage_account.updates_jenkins_io.id default_tags = local.default_tags } -output "trusted_ci_jenkins_io_uc_content_fileshare_client_id" { - value = module.trusted_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id -} -output "trusted_ci_jenkins_io_uc_content_fileshare_client_secret" { - sensitive = true - value = module.trusted_ci_jenkins_io_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password -} -output "trusted_ci_jenkins_io_uc_redirections_fileshare_client_id" { - value = module.trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id +output "trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer_client_id" { + value = module.trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id } -output "trusted_ci_jenkins_io_uc_redirections_fileshare_client_secret" { +output "trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer_client_secret" { sensitive = true - value = module.trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password + value = module.trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_password } # Required to allow azcopy sync of jenkins.io File Share @@ -138,7 +147,7 @@ module "trustedci_javadocjenkinsio_fileshare_serviceprincipal_writer" { service_fqdn = "trustedci-javadocjenkinsio-fileshare_serviceprincipal_writer" active_directory_owners = [data.azuread_service_principal.terraform_production.id] active_directory_url = "https://github.com/jenkins-infra/azure" - service_principal_end_date = "2024-07-28T00:00:00Z" + service_principal_end_date = local.end_dates.trusted_ci_jenkins_io.trustedci_javadocjenkinsio_fileshare_serviceprincipal_writer.end_date file_share_resource_manager_id = azurerm_storage_share.javadoc_jenkins_io.resource_manager_id storage_account_id = azurerm_storage_account.javadoc_jenkins_io.id default_tags = local.default_tags diff --git a/updatecli/values.yaml b/updatecli/values.yaml index 8bff1a21..24110be8 100644 --- a/updatecli/values.yaml +++ b/updatecli/values.yaml @@ -8,11 +8,11 @@ github: # Also used by terraform in locals.tf end_dates: infra_ci_jenkins_io: - infra_ci_jenkins_io_fileshare_serviceprincipal_writer: + infraci_contributorsjenkinsio_fileshare_serviceprincipal_writer: end_date: 2024-09-22T00:00:00Z service: "contributors.jenkins.io" secret: "CONTRIBUTORS_SERVICE_PRINCIPAL_WRITER_CLIENT_SECRET" - infraci_docs_jenkins_io_fileshare_serviceprincipal_writer: + infraci_docsjenkinsio_fileshare_serviceprincipal_writer: end_date: "2024-08-07T23:00:00Z" service: "docs.jenkins.io" secret: "DOCS_SERVICE_PRINCIPAL_WRITER_CLIENT_SECRET" @@ -20,16 +20,16 @@ end_dates: end_date: "2024-07-27T00:00:00Z" service: "plugins.jenkins.io" secret: "INFRACI_PLUGINSJENKINSIO_FILESHARE_SERVICE_PRINCIPAL_WRITER_PASSWORD" - infraci_stats_jenkins_io_fileshare_serviceprincipal_writer: + infraci_statsjenkinsio_fileshare_serviceprincipal_writer: end_date: "2024-09-19T23:00:00Z" service: "stats.jenkins.io" secret: "STATS_SERVICE_PRINCIPAL_WRITER_CLIENT_SECRET" trusted_ci_jenkins_io: - trusted_ci_jenkins_io_fileshare_serviceprincipal_writer: + trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer: end_date: 2024-09-22T00:00:00Z service: "updates.jenkins.io" secret: "TODO: to be identified, related to updates.jenkins.io" - trustedci_updates_jenkins_io_httpd_fileshare_serviceprincipal_writer: + trustedci_updatesjenkinsio_redirections_fileshare_serviceprincipal_writer: end_date: 2024-09-22T00:00:00Z service: "updates.jenkins.io (httpd)" secret: "TODO: to be identified, related to updates.jenkins.io (httpd)"