Skip to content

Commit

Permalink
adds dynamo permissions and updates tf apply matrix logic
Browse files Browse the repository at this point in the history
  • Loading branch information
@ball-slalom
ball-slalom committed Mar 4, 2024
1 parent 1317637 commit 909845e
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 30 deletions.
71 changes: 41 additions & 30 deletions .github/workflows/__tf_apply_matrix.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,44 +39,55 @@ jobs:
# Check if the 'artifacts' directory exists
if [ -d "artifacts" ]; then
cd artifacts
# Initialize the matrix string
MATRIX="{\"include\":["
FILES_FOUND=false
cd artifacts
# Initialize the matrix string
MATRIX="{\"include\":["
FILES_FOUND=false
# Remove any spaces from input string
STACKS_TO_IGNORE="${INPUT_STACKS_TO_IGNORE// /}"
# Remove any spaces from input string
STACKS_TO_IGNORE="${INPUT_STACKS_TO_IGNORE// /}"
# Read stacks to ignore into an array
IFS=',' read -ra IGNORED_STACKS_ARRAY <<< "${STACKS_TO_IGNORE}"
# Read stacks to ignore into an array
IFS=',' read -ra IGNORED_STACKS_ARRAY <<< "${STACKS_TO_IGNORE}"
# Run through list of files ending with '.tfplan'.
for FILE in *.tfplan; do
# Check if the globbing found any files by checking if the file exists.
if [ -f "$FILE" ]; then
# Extract the stack name from the file name.
STACK_NAME=$(basename "$FILE" .tfplan | sed 's/.*-\(.*\)$/\1/')
# Run through list of files ending with '.tfplan'.
for FILE in *.tfplan; do
# Check if the globbing found any files by checking if the file exists.
if [ -f "$FILE" ]; then
# Extract the stack name from the file name.
STACK_NAME=$(basename "$FILE" .tfplan | sed 's/.*-\(.*\)$/\1/')
# If the stack should not be ignored, add it to the matrix.
if [[ ! " ${IGNORED_STACKS_ARRAY[@]} " =~ " ${STACK_NAME} " ]]; then
FILES_FOUND=true
MATRIX="${MATRIX}{\"STACK_NAME\":\"${STACK_NAME}\"},"
# Assume the stack should not be ignored initially
IGNORE_STACK=false
# Check if the stack should not be ignored
for IGNORED_STACK in "${IGNORED_STACKS_ARRAY[@]}"; do
if [ "$STACK_NAME" = "$IGNORED_STACK" ]; then
IGNORE_STACK=true
break
fi
fi
done
done
# Check if any files were found and processed.
if [ "$FILES_FOUND" = true ]; then
# Remove the trailing comma from the last entry.
MATRIX="${MATRIX%,}]}"
else
# Ensure MATRIX is assigned the special skip value if no files are found.
MATRIX="skip"
# If the stack should not be ignored, add it to the matrix.
if [ "$IGNORE_STACK" = false ]; then
FILES_FOUND=true
MATRIX="${MATRIX}{\"STACK_NAME\":\"${STACK_NAME}\"},"
fi
fi
else
# If 'artifacts' directory doesn't exist, format MATRIX with special skip value.
echo "No artifacts directory."
done
# Check if any files were found and processed.
if [ "$FILES_FOUND" = true ]; then
# Remove the trailing comma from the last entry.
MATRIX="${MATRIX%,}]}"
else
# Ensure MATRIX is assigned the special skip value if no files are found.
MATRIX="skip"
fi
else
# If 'artifacts' directory doesn't exist, format MATRIX with special skip value.
echo "No artifacts directory."
MATRIX="skip"
fi
echo "MATRIX=$MATRIX"
Expand Down
3 changes: 3 additions & 0 deletions infra/tf/stacks/oidc/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,8 @@ data "aws_iam_policy_document" "permissions_write" {
"apigateway:PATCH",
"apigateway:POST",
"apigateway:PUT",
"dynamodb:CreateTable",
"dynamodb:UpdateTable",
"ec2:AllocateAddress",
"ec2:AssociateNatGatewayAddress",
"ec2:AssociateRouteTable",
Expand Down Expand Up @@ -179,6 +181,7 @@ data "aws_iam_policy_document" "permissions_write" {
sid = "NonprodOnlyWritePermissions"
effect = "Allow"
actions = [
"dynamodb:DeleteTable",
"ec2:DeleteNatGateway",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
Expand Down

0 comments on commit 909845e

Please sign in to comment.