From dcfc9f32369d0aab44af47719ba4eadcde18e1c5 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 5 Sep 2024 09:21:35 -0400 Subject: [PATCH] final touches on create dev env I hope --- .../terragrunt_create_dev_environment.yml | 134 ++++++++++-------- .../.terraform.lock.hcl | 44 ------ aws/dev_only_kubernetes_fix/iamfix.tf | 7 +- 3 files changed, 82 insertions(+), 103 deletions(-) delete mode 100644 aws/dev_only_kubernetes_fix/.terraform.lock.hcl diff --git a/.github/workflows/terragrunt_create_dev_environment.yml b/.github/workflows/terragrunt_create_dev_environment.yml index 65cb25a45..59c2d53ba 100644 --- a/.github/workflows/terragrunt_create_dev_environment.yml +++ b/.github/workflows/terragrunt_create_dev_environment.yml @@ -294,34 +294,34 @@ jobs: cd env/dev/rds terragrunt apply --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve - terragrunt-apply-lambda-api: - if: | - always() && - !contains(needs.*.result, 'failure') && - !contains(needs.*.result, 'cancelled') - runs-on: ubuntu-latest - needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr,terragrunt-apply-rds] - - steps: - - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + # terragrunt-apply-lambda-api: + # if: | + # always() && + # !contains(needs.*.result, 'failure') && + # !contains(needs.*.result, 'cancelled') + # runs-on: ubuntu-latest + # needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr,terragrunt-apply-rds] + + # steps: + # - name: Checkout + # uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - - name: setup-terraform - uses: ./.github/actions/setup-terraform - with: - role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply - role_session_name: NotifyTerraformApply - - - name: Install 1Pass CLI - run: | - curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb - sudo dpkg -i 1pass.deb - - - name: terragrunt apply lambda-api - run: | - op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars - cd env/dev/lambda-api - terragrunt apply --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve + # - name: setup-terraform + # uses: ./.github/actions/setup-terraform + # with: + # role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply + # role_session_name: NotifyTerraformApply + + # - name: Install 1Pass CLI + # run: | + # curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + # sudo dpkg -i 1pass.deb + + # - name: terragrunt apply lambda-api + # run: | + # op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars + # cd env/dev/lambda-api + # terragrunt apply --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve terragrunt-apply-lambda-admin-pr: if: | @@ -450,34 +450,34 @@ jobs: cd env/dev/database-tools terragrunt apply --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve - terragrunt-apply-quicksight: - if: | - always() && - !contains(needs.*.result, 'failure') && - !contains(needs.*.result, 'cancelled') - runs-on: ubuntu-latest - needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds] - - steps: - - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + # terragrunt-apply-quicksight: + # if: | + # always() && + # !contains(needs.*.result, 'failure') && + # !contains(needs.*.result, 'cancelled') + # runs-on: ubuntu-latest + # needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds] + + # steps: + # - name: Checkout + # uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - - name: setup-terraform - uses: ./.github/actions/setup-terraform - with: - role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply - role_session_name: NotifyTerraformApply - - - name: Install 1Pass CLI - run: | - curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb - sudo dpkg -i 1pass.deb - - - name: terragrunt apply quicksight - run: | - op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars - cd env/dev/quicksight - terragrunt apply --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve + # - name: setup-terraform + # uses: ./.github/actions/setup-terraform + # with: + # role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply + # role_session_name: NotifyTerraformApply + + # - name: Install 1Pass CLI + # run: | + # curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + # sudo dpkg -i 1pass.deb + + # - name: terragrunt apply quicksight + # run: | + # op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars + # cd env/dev/quicksight + # terragrunt apply --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve terragrunt-apply-lambda-google-cidr: if: | @@ -753,12 +753,13 @@ jobs: run: | op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars cd env/dev/dev_only_kubernetes_fix + export TF_VAR_role_name = $(aws iam list-roles | jq -r '.Roles[] | select(.RoleName|match("AWSReservedSSO_AWSAdministratorAccess_*")) | .RoleName') terragrunt apply --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve - name: Apply Manifests + continue-on-error: true run: | - kubectl describe -n kube-system configmap/aws-auth - git clone https://github.com/cds-snc/notification-manifests.git -b aws-auth-fix /var/tmp/notification-manifests + git clone https://github.com/cds-snc/notification-manifests.git /var/tmp/notification-manifests cd /var/tmp/notification-manifests cd /var/tmp/notification-manifests/helmfile source getContext.sh @@ -783,6 +784,23 @@ jobs: sed "s/targetGroupARN.*/targetGroupARN: $API_TARGET_GROUP_ARN/" api-target-group.yaml | sponge api-target-group.yaml sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN/" document-download-api-target-group.yaml | sponge document-download-api-target-group.yaml sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENTATION_TARGET_GROUP_ARN/" documentation-target-group.yaml | sponge documentation-target-group.yaml - kubectl apply -k . 2>&1 - sleep 10 + kubectl apply -k . 2>&1 | true + + - name: Apply Manifests Take 2 + continue-on-error: true + run: | + git clone https://github.com/cds-snc/notification-manifests.git /var/tmp/notification-manifests + cd /var/tmp/notification-manifests/helmfile + source getContext.sh + make decrypt-dev + cd env/dev + export ADMIN_TARGET_GROUP_ARN=$(echo $ADMIN_TARGET_GROUP_ARN | sed 's/\//\\\//g') + export API_TARGET_GROUP_ARN=$(echo $API_TARGET_GROUP_ARN | sed 's/\//\\\//g') + export DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN=$(echo $DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN | sed 's/\//\\\//g') + export DOCUMENTATION_TARGET_GROUP_ARN=$(echo $DOCUMENTATION_TARGET_GROUP_ARN | sed 's/\//\\\//g') + sed "s/targetGroupARN.*/targetGroupARN: $ADMIN_TARGET_GROUP_ARN/" admin-target-group.yaml | sponge admin-target-group.yaml + sed "s/targetGroupARN.*/targetGroupARN: $API_TARGET_GROUP_ARN/" api-target-group.yaml | sponge api-target-group.yaml + sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN/" document-download-api-target-group.yaml | sponge document-download-api-target-group.yaml + sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENTATION_TARGET_GROUP_ARN/" documentation-target-group.yaml | sponge documentation-target-group.yaml + sleep 30 kubectl apply -k . diff --git a/aws/dev_only_kubernetes_fix/.terraform.lock.hcl b/aws/dev_only_kubernetes_fix/.terraform.lock.hcl deleted file mode 100644 index 9c814162e..000000000 --- a/aws/dev_only_kubernetes_fix/.terraform.lock.hcl +++ /dev/null @@ -1,44 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.65.0" - hashes = [ - "h1:N+jcGqwi8OM9t62qEfJvwrzs+XANdPfYWWqz4RkPwDQ=", - "zh:036f8557c8c9b58656e1ec08ed5702e44bd338fda17dc4b2add40b234102e29a", - "zh:0ba0708ece98735540070899a916b7a90c5c887be31ffd693ee1359e40245978", - "zh:12d82a82ae0e3bc580f2be961078e89d129e12df7dd82a6ec610a2b945bba1a4", - "zh:1ed0ee17df8807aef64976e2a4276d2a3e1d54efeae2a86f596d12eccb94dc83", - "zh:36b7c61a83d24f612156b4648027ba8bd5727f0ed57183cbad0e6c93b7503aa2", - "zh:496d06a089b1bc8d60995e8dddfe1d87c605a208f377a60b17987e89381dafda", - "zh:4e9aba435994589befe4279927c71a461a52e6cd96b8f0437295c18c50f6baff", - "zh:71134031288a312db1804d4798b10f106a843c36aafd7b8fe8f4859156d7df93", - "zh:748d0dbdfbe8df4b516a09b23b3981c19cef9a255c1ca0187e84ab424e6bd845", - "zh:783541ff77f4e7c74c817e0e2989ebdb45dd6e2c9853a8cccbcf5f1976736a76", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:af3f080975d5ed79917b8238cc0ae3150da688bc89e12dcc3ee85134b29857d0", - "zh:ec542372c3ffbfc3df6966f77357f8af7319d4bd956ff8e9fde0bbd124352e34", - "zh:f3dc7b2b5b55173207c2fd35ed6bb8cc66b06af777e221060ca2f0c0afdecbb5", - "zh:f9631ecc21d6e5cf82ef6ef8d14c39e1dfb2a52cc8f0abb684311885ffdb79a1", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.32.0" - constraints = ">= 2.20.0" - hashes = [ - "h1:Cj3RHyw3wE3AkNlCtSNrZfjFNkShvaZR0K/K3pJlYJU=", - "zh:0e715d7fb13a8ad569a5fdc937b488590633f6942e986196fdb17cd7b8f7720e", - "zh:495fc23acfe508ed981e60af9a3758218b0967993065e10a297fdbc210874974", - "zh:4b930a8619910ef528bc90dae739cb4236b9b76ce41367281e3bc3cf586101c7", - "zh:5344405fde7b1febf0734052052268ee24e7220818155702907d9ece1c0697c7", - "zh:92ee11e8c23bbac3536df7b124456407f35c6c2468bc0dbab15c3fc9f414bd0e", - "zh:a45488fe8d5bb59c49380f398da5d109a4ac02ebc10824567dabb87f6102fda8", - "zh:a4a0b57cf719a4c91f642436882b7bea24d659c08a5b6f4214ce4fe6a0204caa", - "zh:b7a27a6d11ba956a2d7b0f7389a46ec857ebe46ae3aeee537250e66cac15bf03", - "zh:bf94ce389028b686bfa70a90f536e81bb776c5c20ab70138bbe5c3d0a04c4253", - "zh:d965b2608da0212e26a65a0b3f33c5baae46cbe839196be15d93f70061516908", - "zh:f441fc793d03057a17af8bdca8b26d54916645bc5c148f54e22a54ed39089e83", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/aws/dev_only_kubernetes_fix/iamfix.tf b/aws/dev_only_kubernetes_fix/iamfix.tf index 4949564bc..b793efa3d 100644 --- a/aws/dev_only_kubernetes_fix/iamfix.tf +++ b/aws/dev_only_kubernetes_fix/iamfix.tf @@ -18,7 +18,7 @@ module "eks" { groups = ["system:nodes", "system:bootstrappers"] }, { - rolearn = "arn:aws:iam::${var.account_id}:role/AWSReservedSSO_AWSAdministratorAccess_e6e62a284c3c35fc" + rolearn = "arn:aws:iam::${var.account_id}:role/${var.role_name}" username = "AWSAdministratorAccess:{{SessionName}}" groups = ["system:masters"] }, @@ -28,3 +28,8 @@ module "eks" { var.account_id ] } + +variable "role_name" { + type = string + description = "The name of the role to create" +} \ No newline at end of file