search

cds-snc / dns

DNS Configuration for domains managed by CDS
18 stars 15 forks source link

Making the SSO role secret for enhanced security #402

Closed sylviamclaughlin closed 1 month ago

sylviamclaughlin commented 1 month ago

Summary | Résumé

The terraform apply fails since it does not like wildcards. Upon further research, it seems you can't have wildcards in the principal so I put it in a secret variable.

Screenshot 2024-07-16 at 2 35 49 PM

github-actions[bot] commented 1 month ago

DNS

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------| | update | `aws_iam_role.notify_prod_dns_manager` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_iam_role.notify_prod_dns_manager will be updated in-place ~ resource "aws_iam_role" "notify_prod_dns_manager" { # Warning: this attribute value will be marked as sensitive and will not # display in UI output after applying this change. The value is unchanged. ~ assume_role_policy = (sensitive value) id = "notify_prod_dns_manager" name = "notify_prod_dns_manager" tags = {} # (11 unchanged attributes hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.Route53TerraformDeploy"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.notify_prod_dns_manager_policy"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.notify_prod_dns_manager"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_user.dns-github-deployer"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.alpha-canada-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.cds-snc-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.notification-canada-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.platform-canada-ca-public"] 27 tests, 19 passed, 8 warnings, 0 failures, 0 exceptions ```