Skip to content

Commit

Permalink
2.190.0
Browse files Browse the repository at this point in the history
  • Loading branch information
root committed Oct 24, 2024
1 parent c721de5 commit ca83ee7
Show file tree
Hide file tree
Showing 7 changed files with 40 additions and 12 deletions.
10 changes: 6 additions & 4 deletions aws_v2/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,11 @@ module "networking" {
}

module "iam" {
source = "./modules/iam"
region = var.region
tags = var.tags
s3_bucket_id = module.deploy.s3_bucket_id
source = "./modules/iam"
region = var.region
tags = var.tags
s3_bucket_id = module.deploy.s3_bucket_id
minimum_role_deployment = var.minimum_role_deployment
}

module "deploy" {
Expand All @@ -55,4 +56,5 @@ module "deploy" {
deploy_nfs = var.deploy_nfs
local_workers = var.local_workers
use_secrets_manager = var.use_secrets_manager
minimum_role_deployment = var.minimum_role_deployment
}
7 changes: 4 additions & 3 deletions aws_v2/modules/deploy/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
data "aws_iam_role" "role" {
name = var.role_name
count = var.minimum_role_deployment ? 0 : 1
name = var.role_name
}

data "aws_iam_role" "instance_role" {
Expand Down Expand Up @@ -137,7 +138,7 @@ resource "aws_instance" "main" {
user_data = join("\n", concat([
"#!/bin/bash -x",
"s3bucket=${aws_s3_bucket.bucket.id}",
"aws_role=${data.aws_iam_role.role.arn}",
var.minimum_role_deployment ? "" : "aws_role=${data.aws_iam_role.role[0].arn}",
"aws_rds_db=${""}",
"aws_elastic_endpoint=${""}",
"aws_elastic_id=${""}",
Expand All @@ -164,7 +165,7 @@ resource "aws_instance" "main" {
"echo PROXY_url = $feature_flag_http_proxy >> /home/admin/processor/first_run.cfg",
"echo PROXY_cert_url = $proxy_cert_url >> /home/admin/processor/first_run.cfg",
"echo PROXY_whitelist = $proxy_whitelist >> /home/admin/processor/first_run.cfg",
"echo minimum_role_deployment = true >> /home/admin/processor/first_run.cfg",
"echo minimum_role_deployment = ${var.minimum_role_deployment} >> /home/admin/processor/first_run.cfg",
],
[
for k, v in var.tags :
Expand Down
4 changes: 4 additions & 0 deletions aws_v2/modules/deploy/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,3 +86,7 @@ variable "local_workers" {
variable "use_secrets_manager" {
type = bool
}

variable "minimum_role_deployment" {
type = bool
}
14 changes: 12 additions & 2 deletions aws_v2/modules/iam/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ data "aws_caller_identity" "current" {}
data "aws_region" "current" {}

resource "aws_iam_role" "role" {
count = var.minimum_role_deployment ? 0 : 1
name_prefix = "myCadoResponseRole"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Expand Down Expand Up @@ -124,6 +125,14 @@ resource "aws_iam_role_policy" "instance_policy" {
],
"Resource": "*"
},
{
"Sid": "RequiredForWorkersAndUpdatesIAM",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::*:role/*CadoResponse*"
},
{
"Sid": "RequiredForNativeUpdates",
"Effect": "Allow",
Expand Down Expand Up @@ -207,8 +216,9 @@ JSON
}

resource "aws_iam_role_policy" "policy" {
count = var.minimum_role_deployment ? 0 : 1
name_prefix = "myCadoResponseRolePolicy"
role = aws_iam_role.role.id
role = aws_iam_role.role[0].id
policy = <<JSON
{
"Statement": [
Expand Down Expand Up @@ -555,7 +565,7 @@ JSON
}

output "role_name" {
value = aws_iam_role.role.name
value = var.minimum_role_deployment ? "not-deployed" : aws_iam_role.role[0].name
}

output "instance_role_name" {
Expand Down
4 changes: 4 additions & 0 deletions aws_v2/modules/iam/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,7 @@ variable "tags" {
variable "s3_bucket_id" {
type = string
}

variable "minimum_role_deployment" {
type = bool
}
6 changes: 6 additions & 0 deletions aws_v2/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,3 +145,9 @@ variable "use_secrets_manager" {
default = true
description = "Use AWS Secrets Manager for storing secrets"
}

variable "minimum_role_deployment" {
type = bool
default = false
description = "Deploy without an IAM role for acquisitions."
}
7 changes: 4 additions & 3 deletions gcp/modules/iam/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ locals {
"compute.subnetworks.use",
"compute.networks.get",
"compute.networks.list",
"compute.instances.setTags",

// Adjusting Settings
"compute.machineTypes.get",
Expand Down Expand Up @@ -95,10 +96,10 @@ locals {
# Generate the full list of permissions
permissions = concat(
local.base_permissions,
local.secretmanager_permissions,
local.upgrade_permissions,
local.workers_permissions,
var.deploy_acquisition_permissions ? local.acquisition_permissions : [],
var.use_secrets_manager ? local.secretmanager_permissions : [],
var.enable_platform_updates ? local.upgrade_permissions : [],
!var.local_workers ? local.workers_permissions : []
)
}

Expand Down

0 comments on commit ca83ee7

Please sign in to comment.