feat: add ooniclickhouse_url to secrets_manager

ooni · May 18, 2024 · 3a56409 · 3a56409
1 parent b03bdf2
commit 3a56409
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/.github/workflows/check_terraform.yml b/.github/workflows/check_terraform.yml
@@ -94,6 +94,7 @@ jobs:
           script: |
             const terraformPlanOutput = `${{ steps.plan.outputs.terraform_plan }}`;
             const terraformApplyOutput = `${{ steps.apply.outputs.terraform_apply }}`;
+            const terraformValidateOutput = `${{ steps.validate.outputs.terraform_validate }}`;
 
             const terraformPlanPlanLine = terraformPlanOutput.split('\n').find(line => line.startsWith('Plan:'));
             const terraformApplyPlanLine = terraformApplyOutput.split('\n').find(line => line.startsWith('Plan:'));
@@ -107,7 +108,7 @@ jobs:
             <details><summary>Validation Output</summary>
 
             \`\`\`\n
-            ${{ steps.validate.outputs.terraform_validate }}
+            ${terraformValidateOutput}
             \`\`\`
 
             </details>

diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf
@@ -68,6 +68,7 @@ module "adm_iam_roles" {
 
   authorized_accounts = [
     "arn:aws:iam::${local.ooni_dev_org_id}:user/mehul",
+    "arn:aws:iam::${local.ooni_main_org_id}:user/mehul",
     "arn:aws:iam::${local.ooni_dev_org_id}:user/art",
     "arn:aws:iam::${local.ooni_main_org_id}:user/art"
   ]
@@ -217,6 +218,17 @@ resource "aws_secretsmanager_secret_version" "oonipg_url" {
   )
 }
 
+resource "aws_secretsmanager_secret" "ooniclickhouse_url" {
+  name = "oonidevops/ooni-tier0-clickhouse/clickhouse_url"
+  tags = local.tags
+}
+
+// TODO(decfox): replace with working ooniclickhouse_url
+resource "aws_secretsmanager_secret_version" "oonipg_url" {
+  secret_id = aws_secretsmanager_secret.ooniclickhouse_url.id
+  secret_string = ""
+}
+
 resource "random_id" "artifact_id" {
   byte_length = 4
 }