Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APC: APUI Role added as LF Admin #7546

Merged
merged 1 commit into from
Aug 19, 2024
Merged

APC: APUI Role added as LF Admin #7546

merged 1 commit into from
Aug 19, 2024

Conversation

julialawrence
Copy link
Contributor

Tracking Issue: ministryofjustice/analytical-platform#4271

Adds the new AP UI service role as Lake Formation admin

@julialawrence julialawrence requested review from a team as code owners August 19, 2024 11:49
@julialawrence julialawrence changed the title APUI Role added as LF Admin APC: APUI Role added as LF Admin Aug 19, 2024
@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Aug 19, 2024
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

Running Trivy in terraform/environments/analytical-platform-compute
2024-08-19T11:51:27Z INFO [db] Need to update DB
2024-08-19T11:51:27Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-19T11:51:29Z INFO [vuln] Vulnerability scanning is enabled
2024-08-19T11:51:29Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-19T11:51:29Z INFO Need to update the built-in policies
2024-08-19T11:51:29Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-19T11:51:29Z INFO [secret] Secret scanning is enabled
2024-08-19T11:51:29Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-19T11:51:29Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-19T11:51:38Z INFO Number of language-specific files num=0
2024-08-19T11:51:38Z INFO Detected config files num=28
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Checkov in terraform/environments/analytical-platform-compute
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-08-19 11:51:41,259 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.41.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,260 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.1.2 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,260 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:6.8.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,260 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/route53/aws//modules/zones:3.1.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,260 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.4.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,260 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.3.1 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,260 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:5.41.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,261 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-github-oidc-role:5.41.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,261 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.41.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,261 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/s3-bucket/aws:4.1.2 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,261 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:5.1.2 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,261 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:20.20.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,261 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws//modules/karpenter:20.20.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,261 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:5.9.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,261 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:5.9.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,262 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,262 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks-pod-identity/aws:1.3.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:41,262 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-08-19 11:51:42,151 [MainThread  ] [WARNI]  Fail to load yaml content, while constructing a mapping
  in "<unicode string>", line 8, column 9:
      role: {{ .Values.nodeRole }}
            ^
found unhashable key
  in "<unicode string>", line 8, column 10:
      role: {{ .Values.nodeRole }}
             ^
2024-08-19 11:51:42,172 [MainThread  ] [WARNI]  Fail to load yaml content, while constructing a mapping
  in "<unicode string>", line 8, column 9:
      role: {{ .Values.nodeRole }}
            ^
found unhashable key
  in "<unicode string>", line 8, column 10:
      role: {{ .Values.nodeRole }}
             ^
terraform scan results:

Passed checks: 91, Failed checks: 0, Skipped checks: 111


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running tflint in terraform/environments/analytical-platform-compute
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Trivy in terraform/environments/analytical-platform-compute
2024-08-19T11:51:27Z	INFO	[db] Need to update DB
2024-08-19T11:51:27Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-19T11:51:29Z	INFO	[vuln] Vulnerability scanning is enabled
2024-08-19T11:51:29Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-08-19T11:51:29Z	INFO	Need to update the built-in policies
2024-08-19T11:51:29Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-19T11:51:29Z	INFO	[secret] Secret scanning is enabled
2024-08-19T11:51:29Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-19T11:51:29Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-19T11:51:38Z	INFO	Number of language-specific files	num=0
2024-08-19T11:51:38Z	INFO	Detected config files	num=28
trivy_exitcode=0

@julialawrence julialawrence temporarily deployed to analytical-platform-compute-test August 19, 2024 11:51 — with GitHub Actions Inactive
@julialawrence julialawrence temporarily deployed to analytical-platform-compute-development August 19, 2024 11:52 — with GitHub Actions Inactive
@julialawrence julialawrence merged commit 1fc339e into main Aug 19, 2024
14 checks passed
@julialawrence julialawrence deleted the fix/make-ui-role-datalake-admin branch August 19, 2024 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bagg3rs bagg3rs bagg3rs approved these changes

@jacobwoffenden jacobwoffenden jacobwoffenden approved these changes

Assignees
No one assigned
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@julialawrence @jacobwoffenden @bagg3rs