From 6e7cfda9aa73eaf50336c2ef79dbf796537416e0 Mon Sep 17 00:00:00 2001 From: Venkat Date: Wed, 9 Oct 2024 13:08:44 -0700 Subject: [PATCH] fix: more cleanup of old operators (waf/webacl) (#245) * fix: more cleanup of old operators (waf/webacl) * fix: cluster_environments variable * docs: automated update of terraform docs * chore: bump platform version * docs: automated update of terraform docs * chore: update platform version --------- Co-authored-by: github-actions[bot] --- README.md | 4 ++-- generate-helm-values.tf | 2 +- modules/tenant-readme/0.1.0/readme.tf | 2 +- variables.tf | 20 -------------------- 4 files changed, 4 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 8bdbf3fa..23435fc1 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ No requirements. | [captain\_repository\_files](#module\_captain\_repository\_files) | ./modules/github-captain-repository-files/0.1.0 | n/a | | [common\_s3](#module\_common\_s3) | ./modules/multy-s3-bucket/0.1.0 | n/a | | [dnssec\_key](#module\_dnssec\_key) | git::https://github.com/GlueOps/terraform-module-cloud-aws-dnssec-kms-key.git | v0.3.0 | -| [glueops\_platform\_helm\_values](#module\_glueops\_platform\_helm\_values) | git::https://github.com/GlueOps/platform-helm-chart-platform.git | v0.51.0 | +| [glueops\_platform\_helm\_values](#module\_glueops\_platform\_helm\_values) | git::https://github.com/GlueOps/platform-helm-chart-platform.git | v0.51.1 | | [loki\_s3](#module\_loki\_s3) | ./modules/multy-s3-bucket/0.1.0 | n/a | | [opsgenie\_teams](#module\_opsgenie\_teams) | ./modules/opsgenie/0.1.0 | n/a | | [tenant\_readmes](#module\_tenant\_readmes) | ./modules/tenant-readme/0.1.0 | n/a | @@ -110,7 +110,7 @@ No requirements. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [backup\_region](#input\_backup\_region) | The secondary S3 region to create S3 bucket in used for backups. This should be different than the primary region and will have the data from the primary region replicated to it. | `string` | n/a | yes | -| [cluster\_environments](#input\_cluster\_environments) | The cluster environments and their respective github app ids | 
list(object({
    environment_name                     = string
    host_network_enabled                 = bool
    github_oauth_app_client_id           = string
    github_oauth_app_client_secret       = string
    github_tenant_app_id                 = string
    github_tenant_app_installation_id    = string
    github_tenant_app_b64enc_private_key = string
    admin_github_org_name                = string
    tenant_github_org_name               = string
    vault_github_org_team_policy_mappings = list(object({
      oidc_groups = list(string)
      policy_name = string
    }))
    argocd_rbac_policies = string
    glueops_kubernetes_operators = object({
      waf = object({
        aws_access_key = string
        aws_secret     = string
      })
      web_acl = object({
        aws_access_key = string
        aws_secret     = string
      })
    })
  }))
| 
[
  {
    "admin_github_org_name": "GlueOps",
    "argocd_rbac_policies": "      g, GlueOps:argocd_super_admins, role:admin\n      g, glueops-rocks:developers, role:developers\n      p, role:developers, clusters, get, *, allow\n      p, role:developers, *, get, development, allow\n      p, role:developers, repositories, *, development/*, allow\n      p, role:developers, applications, *, development/*, allow\n      p, role:developers, exec, *, development/*, allow\n",
    "environment_name": "test",
    "github_oauth_app_client_id": "oauth-app-id",
    "github_oauth_app_client_secret": "oauth-app-secret",
    "github_tenant_app_b64enc_private_key": "tenant-github-app-b64enc-private-key",
    "github_tenant_app_id": "tenant-github-app-id",
    "github_tenant_app_installation_id": "tenant-github-app-installation-id",
    "glueops_kubernetes_operators": {
      "waf": {
        "aws_access_key": "aws-access-key-secret-id",
        "aws_secret": "aws-access-secret"
      },
      "web_acl": {
        "aws_access_key": "aws-access-key-secret-id",
        "aws_secret": "aws-access-secret"
      }
    },
    "host_network_enabled": true,
    "tenant_github_org_name": "glueops-rocks",
    "vault_github_org_team_policy_mappings": [
      {
        "oidc_groups": [
          "GlueOps:vault_super_admins"
        ],
        "policy_name": "editor"
      },
      {
        "oidc_groups": [
          "GlueOps:vault_super_admins",
          "testing-okta:developers"
        ],
        "policy_name": "reader"
      }
    ]
  }
]
| no | +| [cluster\_environments](#input\_cluster\_environments) | The cluster environments and their respective github app ids | 
list(object({
    environment_name                     = string
    host_network_enabled                 = bool
    github_oauth_app_client_id           = string
    github_oauth_app_client_secret       = string
    github_tenant_app_id                 = string
    github_tenant_app_installation_id    = string
    github_tenant_app_b64enc_private_key = string
    admin_github_org_name                = string
    tenant_github_org_name               = string
    vault_github_org_team_policy_mappings = list(object({
      oidc_groups = list(string)
      policy_name = string
    }))
    argocd_rbac_policies = string
  }))
| 
[
  {
    "admin_github_org_name": "GlueOps",
    "argocd_rbac_policies": "      g, GlueOps:argocd_super_admins, role:admin\n      g, glueops-rocks:developers, role:developers\n      p, role:developers, clusters, get, *, allow\n      p, role:developers, *, get, development, allow\n      p, role:developers, repositories, *, development/*, allow\n      p, role:developers, applications, *, development/*, allow\n      p, role:developers, exec, *, development/*, allow\n",
    "environment_name": "test",
    "github_oauth_app_client_id": "oauth-app-id",
    "github_oauth_app_client_secret": "oauth-app-secret",
    "github_tenant_app_b64enc_private_key": "tenant-github-app-b64enc-private-key",
    "github_tenant_app_id": "tenant-github-app-id",
    "github_tenant_app_installation_id": "tenant-github-app-installation-id",
    "host_network_enabled": true,
    "tenant_github_org_name": "glueops-rocks",
    "vault_github_org_team_policy_mappings": [
      {
        "oidc_groups": [
          "GlueOps:vault_super_admins"
        ],
        "policy_name": "editor"
      },
      {
        "oidc_groups": [
          "GlueOps:vault_super_admins",
          "testing-okta:developers"
        ],
        "policy_name": "reader"
      }
    ]
  }
]
| no | | [github\_owner](#input\_github\_owner) | The GitHub Owner where the tenant repo will be deployed. | `string` | n/a | yes | | [management\_tenant\_dns\_aws\_account\_id](#input\_management\_tenant\_dns\_aws\_account\_id) | The company AWS account id for the management-tenant-dns account | `string` | n/a | yes | | [management\_tenant\_dns\_zoneid](#input\_management\_tenant\_dns\_zoneid) | The Route53 ZoneID that all the delegation is coming from. | `string` | n/a | yes | diff --git a/generate-helm-values.tf b/generate-helm-values.tf index a4626cbe..96ad80d5 100644 --- a/generate-helm-values.tf +++ b/generate-helm-values.tf @@ -42,7 +42,7 @@ locals { module "glueops_platform_helm_values" { for_each = local.environment_map - source = "git::https://github.com/GlueOps/platform-helm-chart-platform.git?ref=v0.51.0" + source = "git::https://github.com/GlueOps/platform-helm-chart-platform.git?ref=v0.51.1" captain_repo_b64encoded_private_deploy_key = base64encode(module.captain_repository[each.value.environment_name].private_deploy_key) captain_repo_ssh_clone_url = module.captain_repository[each.value.environment_name].ssh_clone_url this_is_development = var.this_is_development diff --git a/modules/tenant-readme/0.1.0/readme.tf b/modules/tenant-readme/0.1.0/readme.tf index b8da69f1..ba283777 100644 --- a/modules/tenant-readme/0.1.0/readme.tf +++ b/modules/tenant-readme/0.1.0/readme.tf @@ -42,7 +42,7 @@ locals { codespace_version = "v0.49.0" argocd_crd_version = var.argocd_app_version argocd_helm_chart_version = "7.5.2" - glueops_platform_version = "v0.51.0" # this also needs to be updated in the module.glueops_platform_helm_values // generate-helm-values.tf + glueops_platform_version = "v0.51.1" # this also needs to be updated in the module.glueops_platform_helm_values // generate-helm-values.tf tools_version = "v0.11.1" } diff --git a/variables.tf b/variables.tf index ee5a0361..5cd480ad 100644 --- a/variables.tf +++ b/variables.tf @@ -54,16 +54,6 @@ variable "cluster_environments" { policy_name = string })) argocd_rbac_policies = string - glueops_kubernetes_operators = object({ - waf = object({ - aws_access_key = string - aws_secret = string - }) - web_acl = object({ - aws_access_key = string - aws_secret = string - }) - }) })) default = [ { @@ -76,16 +66,6 @@ variable "cluster_environments" { github_tenant_app_b64enc_private_key = "tenant-github-app-b64enc-private-key" admin_github_org_name = "GlueOps" tenant_github_org_name = "glueops-rocks" - glueops_kubernetes_operators = { - waf = { - aws_access_key = "aws-access-key-secret-id" - aws_secret = "aws-access-secret" - }, - web_acl = { - aws_access_key = "aws-access-key-secret-id" - aws_secret = "aws-access-secret" - } - } vault_github_org_team_policy_mappings = [ { oidc_groups = ["GlueOps:vault_super_admins"]