search

ministryofjustice / operations-engineering

This repository is home to the Operations Engineering's tools and utilities for managing, monitoring, and optimising software development processes at the Ministry of Justice. • This repository is defined and managed in Terraform
https://user-guide.operations-engineering.service.justice.gov.uk/
MIT License
11 stars 5 forks source link

Add repo to oidc config trust relationship #4544

Closed levgorbunov1 closed 2 weeks ago

github-actions[bot] commented 2 weeks ago

iam plan

Acquiring state lock. This may take a few moments...
data.aws_iam_openid_connect_provider.github: Reading...
aws_iam_policy.github_dormant_user_policy: Refreshing state... [id=arn:aws:iam::880656497252:policy/DormantUserS3Access]
data.aws_iam_policy_document.r53_read_policy_document: Reading...
data.aws_iam_policy_document.r53_read_policy_document: Read complete after 0s [id=2046999383]
aws_iam_policy.r53_read_policy: Refreshing state... [id=arn:aws:iam::880656497252:policy/r53_read_policy]
data.aws_iam_openid_connect_provider.github: Read complete after 0s [id=arn:aws:iam::880656497252:oidc-provider/token.actions.githubusercontent.com]
data.aws_iam_policy_document.github_actions_assume_role_policy_document: Reading...
data.aws_iam_policy_document.github_actions_assume_role_policy_document: Read complete after 0s [id=4267758151]
aws_iam_role.r53_backup_role: Refreshing state... [id=operations-engineering-r53-backup-role]
aws_iam_role.github_dormant_user_role: Refreshing state... [id=github_dormant_user_role]
aws_iam_role_policy_attachment.r53_read_policy_attachment: Refreshing state... [id=operations-engineering-r53-backup-role-20240227095015143600000001]
github_actions_secret.role_arn: Refreshing state... [id=operations-engineering:AWS_DSD_R53_EXPORT_ROLE_ARN]
aws_iam_role_policy_attachment.role_policy_attachment: Refreshing state... [id=github_dormant_user_role-20240422144734306600000001]
github_actions_secret.aws_role_arn: Refreshing state... [id=operations-engineering:GH_DORMANT_USER_AWS_ROLE_ARN]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_iam_role.github_dormant_user_role will be updated in-place
  ~ resource "aws_iam_role" "github_dormant_user_role" {
      ~ assume_role_policy    = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Condition = {
                          ~ StringLike   = {
                              ~ "token.actions.githubusercontent.com:sub" = "repo:ministryofjustice/operations-engineering:*" -> [
                                  + "repo:ministryofjustice/operations-engineering:*",
                                  + "repo:ministryofjustice/operations-engineering-terraform-dns-poc:*",
                                ]
                            }
                            # (1 unchanged attribute hidden)
                        }
                        # (3 unchanged attributes hidden)
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        id                    = "github_dormant_user_role"
        name                  = "github_dormant_user_role"
        tags                  = {}
        # (8 unchanged attributes hidden)
    }

  # aws_iam_role.r53_backup_role will be updated in-place
  ~ resource "aws_iam_role" "r53_backup_role" {
      ~ assume_role_policy    = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Condition = {
                          ~ StringLike   = {
                              ~ "token.actions.githubusercontent.com:sub" = "repo:ministryofjustice/operations-engineering:*" -> [
                                  + "repo:ministryofjustice/operations-engineering:*",
                                  + "repo:ministryofjustice/operations-engineering-terraform-dns-poc:*",
                                ]
                            }
                            # (1 unchanged attribute hidden)
                        }
                        # (3 unchanged attributes hidden)
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        id                    = "operations-engineering-r53-backup-role"
        name                  = "operations-engineering-r53-backup-role"
        tags                  = {}
        # (8 unchanged attributes hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
github-actions[bot] commented 2 weeks ago

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ REPOSITORY gitleaks yes no 0.87s

See detailed report in MegaLinter reports _Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff_

_MegaLinter is graciously provided by OX Security_

github-actions[bot] commented 2 weeks ago

Your PR is applying here: https://github.com/ministryofjustice/operations-engineering/actions/workflows/cicd-terraform-dsd-iam.yml?query=event%3Apush+branch%3Amain