feat: add OONI Dev User for GH actions #17
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds a new IAM user: ooni_dev_user which shall be used as the github user to run terraform apply. This IAM user has been given minimal ReadOnly permissions to resources which allow it to successfully run `terraform plan`
DecFox
changed the title
hellais
reviewed
Mar 13, 2024
hellais
reviewed
Mar 13, 2024
hellais
reviewed
Mar 13, 2024
hellais
reviewed
Mar 13, 2024
hellais
reviewed
Mar 13, 2024
hellais
reviewed
Mar 13, 2024
hellais
reviewed
Mar 13, 2024
hellais
reviewed
Mar 13, 2024
hellais
reviewed
Mar 13, 2024
hellais
requested changes
Mar 13, 2024
Terraform Run Output 🤖Format and Style 🖌
|
| Pusher | @hellais |
| Action | pull_request |
| Environment | dev |
| Workflow | .github/workflows/check_terraform.yml |
| Last updated | Wed, 13 Mar 2024 21:07:03 GMT |
|
Thanks for the feedback! I have made the required changes. |
hellais
reviewed
Mar 13, 2024
hellais
reviewed
Mar 13, 2024
Ansible Run Output 🤖Ansible Playbook Recap 🔍Ansible playbook output 📖
|
| Pusher | @hellais |
| Action | pull_request |
| Working Directory | |
| Workflow | .github/workflows/check_ansible.yml |
| Last updated | Wed, 13 Mar 2024 21:08:10 GMT |
hellais
added a commit
that referenced
this pull request
Mar 14, 2024
This PR is to refactor the various resource groups into modules to make it easier to develop the test environment. See: #6 Also includes changes implemented by @DecFox feat: add OONI Dev User for GH actions (#17) This adds a new IAM user: ooni_dev_user which shall be used as the github user to run terraform apply. This IAM user has been given minimal ReadOnly permissions to resources which allow it to successfully run `terraform plan` --------- Co-authored-by: DecFox <[email protected]>
hellais
added a commit
that referenced
this pull request
Mar 14, 2024
… Github User (#13) Refactor the various resource groups into modules to make it easier to develop the test environment. See: #6 Convert to terraform the CodeBuild and CodePipeline projects that were previously created through the web UI (fixes: #12) and add support for an nginx based API gateway (fixes: #7) Also includes changes implemented by @DecFox feat: add OONI Dev User for GH actions (#17) This adds a new IAM user: ooni_dev_user which shall be used as the github user to run terraform apply. This IAM user has been given minimal ReadOnly permissions to resources which allow it to successfully run `terraform plan` Regarding CodeBuild and CodePipeline terraform conversion we made use the of the terraformer tool running it like this: ``` terraformer import aws --resources=ec2,codebuild,codepipeline,iam --regions=eu-central-1 ``` The output of this tool cannot be used as-is, but instead required a bit of massaging to adapt it to the conventions used in the ooni terraform scripts and hook it up to the existing variables, however it was very helpful to bootstrap the config. For the nginx API gateway, the actual configuration is still missing, but the general idea is that we will have a Elastic Load Balancer rule to forward requests to the nginx reverse proxy running in EC2 or the dataapi running on ECS. Note: As part of this work I also did some refactoring of the names of some of the resources and items inside of the terraform config. In doing so this triggered a destruction and re-creation of all relevant resources, which is I guess a nice lesson learned (I actually saw it from the plan, but was curious to see what would happen). In the future if we would like to do this kind of refactoring we should be sure to make use of the `moved` syntax in terraform like this: https://developer.hashicorp.com/terraform/language/modules/develop/refactoring#moved-block-syntax or manually move the state by running `terraform mv`. --------- Co-authored-by: DecFox <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a new IAM user: ooni_dev_user which shall be used as the github user to run terraform apply. This IAM user has been given minimal ReadOnly permissions to resources which allow it to successfully run
terraform planCloses: #16