search

gigascience / gigadb-website

Source code for running GigaDB
http://gigadb.org
GNU General Public License v3.0
9 stars 15 forks source link

Make sure only the correct user can update the terraform state #2046

Open kencho51 opened 1 month ago

kencho51 commented 1 month ago

User story

As a developer I want to make sure the correct AWS resources is used by terraform when provisioning a new envirionment So that we don't have incorrect resources (IAM users) used in the wrong environment

Acceptance Criteria

Given I am provisioning a new infrastructure for Upstream project When initialise terraform for an environment Then the correct resources should be save in the terraform states

Additional infos

Is your feature request related to a problem? Please describe.

gigadb-upstream-alt-$user was found in the upstream terraform state file, which should be prohibited.

Describe the solution you'd like A clear and concise description of what you want to happen.

Perform checking/validation tf_init.sh step, could be in this block:

terraform init \
          -backend-config="address=https://gitlab.com/api/v4/projects/$encoded_gitlab_project/terraform/state/${target_environment}_infra" \
          -backend-config="lock_address=https://gitlab.com/api/v4/projects/$encoded_gitlab_project/terraform/state/${target_environment}_infra/lock" \
          -backend-config="unlock_address=https://gitlab.com/api/v4/projects/$encoded_gitlab_project/terraform/state/${target_environment}_infra/lock" \
          -backend-config="username=$GITLAB_USERNAME" \
          -backend-config="password=$GITLAB_PRIVATE_TOKEN" \
          -backend-config="lock_method=POST" \
          -backend-config="unlock_method=DELETE" \
          -backend-config="retry_wait_min=5"