Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding GCloud federated authentication for teaching-qualifications #911

Closed
wants to merge 1 commit into from
Closed

Adding GCloud federated authentication for teaching-qualifications #911

wants to merge 1 commit into from

Conversation

shaheislamdfe
Copy link
Contributor

@shaheislamdfe shaheislamdfe commented Dec 4, 2024
edited
Loading

Context

This change is to implement the dfe analytics module which will connect the service worker deployment using workload identity federation.

Changes proposed in this pull request

Adding the dfe_analytics module to the Terraform repo. Adding id-token write permissions to the repo aswell as adding a secret config maps to fetch the google credentials from the dfe analytics module, with dfe analytics enabled in the review environment.

Guidance to review

Developer to validate via the Google Cloud BigQuery workspace project that they can run BigQuery against the service app.

https://github.com/DFE-Digital/access-your-teaching-qualifications/actions/runs/12164162777/job/33925228943

Link to Trello card

https://trello.com/c/Nxs3UM9M/2143-aytq-migrate-to-gcp-wif

Checklist

  • Attach to Trello card
  • Rebased main
  • Cleaned commit history
  • Tested by running locally

@shaheislamdfe shaheislamdfe force-pushed the 2143-aytq-migrate-to-gcp-wif branch 7 times, most recently from caa968b to 2f92a92 Compare December 4, 2024 14:01
@shaheislamdfe shaheislamdfe marked this pull request as ready for review December 4, 2024 14:04
@shaheislamdfe shaheislamdfe requested a review from a team as a code owner December 4, 2024 14:04
@shaheislamdfe shaheislamdfe requested review from RMcVelia and removed request for a team December 4, 2024 14:04
@shaheislamdfe shaheislamdfe force-pushed the 2143-aytq-migrate-to-gcp-wif branch from 2f92a92 to 8d9ed67 Compare December 4, 2024 14:13
@shaheislamdfe shaheislamdfe force-pushed the 2143-aytq-migrate-to-gcp-wif branch from 8d9ed67 to 537fb2e Compare December 4, 2024 14:15
@shaheislamdfe shaheislamdfe force-pushed the 2143-aytq-migrate-to-gcp-wif branch from 537fb2e to 7f9a5a3 Compare December 4, 2024 14:22
@vipin-dfe vipin-dfe force-pushed the 2143-aytq-migrate-to-gcp-wif branch from a469e60 to 2daa906 Compare December 4, 2024 16:32
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 4, 2024
edited
Loading

The review apps Access Your Teaching Qualifications & Check A Teacher's Record have been deleted.
The following domains are not available anymore:

@shaheislamdfe shaheislamdfe force-pushed the 2143-aytq-migrate-to-gcp-wif branch from 924a078 to 1669cb0 Compare December 4, 2024 20:12
@shaheislamdfe shaheislamdfe force-pushed the 2143-aytq-migrate-to-gcp-wif branch 2 times, most recently from dc60543 to ec6c292 Compare December 4, 2024 20:21
@shaheislamdfe shaheislamdfe force-pushed the 2143-aytq-migrate-to-gcp-wif branch from ec6c292 to 2fab66c Compare December 4, 2024 20:35
RMcVelia
RMcVelia reviewed Dec 5, 2024
View reviewed changes
terraform/application/application.tf Outdated
@@ -70,4 +70,5 @@ module "worker_application" {
replicas = var.worker_replicas
docker_image = var.docker_image
enable_logit = true
enable_gcp_wif = true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be
enable_gcp_wif = var.enable_dfe_analytics_federated_auth
otherwise it enables on all environments

RMcVelia
RMcVelia reviewed Dec 5, 2024
View reviewed changes
.github/actions/deploy-environment/action.yml
with:
project_id: teaching-qualifications
workload_identity_provider: projects/708780292301/locations/global/workloadIdentityPools/access-your-teaching-qualificati/providers/access-your-teaching-qualificati

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

delete-review-app.yml will also need updating with gcp login and permissions

@shaheislamdfe shaheislamdfe force-pushed the 2143-aytq-migrate-to-gcp-wif branch from 2fab66c to 286e3b1 Compare December 6, 2024 14:39
@shaheislamdfe shaheislamdfe force-pushed the 2143-aytq-migrate-to-gcp-wif branch from 286e3b1 to 5840406 Compare December 6, 2024 14:42
@shaheislamdfe shaheislamdfe deleted the 2143-aytq-migrate-to-gcp-wif branch December 6, 2024 15:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RMcVelia RMcVelia RMcVelia left review comments

Assignees
No one assigned
Labels
deploy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shaheislamdfe @RMcVelia @vipin-dfe