search

cds-snc / forms-terraform

Infrastructure as Code for the GC Forms environment
MIT License
16 stars 7 forks source link

feat: create Forms API OIDC role for releases #830

Closed patheard closed 2 months ago

patheard commented 2 months ago

Summary

Add a new OIDC role that will be used by the cds-snc/forms-api repository to authenticate and push Production API Docker images when a new GitHub release is published.

github-actions[bot] commented 2 months ago

⚠ Terrform update available

Terraform: 1.9.5 (using 1.9.2)
Terragrunt: 0.67.6 (using 0.63.2)
github-actions[bot] commented 2 months ago

Staging: oidc_roles

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 1 to add, 0 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|-----------------------------------------------------------------------| | add | `module.github_workflow_roles.aws_iam_role.this["forms-api-release"]` |
Show plan ```terraform Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # module.github_workflow_roles.aws_iam_role.this["forms-api-release"] will be created + resource "aws_iam_role" "this" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringLike = { + "token.actions.githubusercontent.com:sub" = "repo:cds-snc/forms-api:ref:refs/tags/v*" } } + Effect = "Allow" + Principal = { + Federated = "arn:aws:iam::687401027353:oidc-provider/token.actions.githubusercontent.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 3600 + name = "forms-api-release" + name_prefix = (known after apply) + path = "/" + tags = { + "CostCentre" = "forms-platform-staging" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "forms-platform-staging" + "Terraform" = "true" } + unique_id = (known after apply) + inline_policy (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.platform_forms_client_pr_review_env[0]"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```