From 4486393da3bde8494cf9aca63a166795d3088dd4 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Thu, 29 Aug 2024 13:38:08 +0800 Subject: [PATCH 1/4] update op.env with new 1Password item name for Cloudflare token --- op.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/op.env b/op.env index 7333f3d..913f666 100644 --- a/op.env +++ b/op.env @@ -1,4 +1,4 @@ -CLOUDFLARE_API_TOKEN="op://Apps Dev/Cloudflare Tokens/tokens/iidp.net" +CLOUDFLARE_API_TOKEN="op://Apps Dev/Cloudflare DNS read for iidp/credential" TF_VAR_cloudflare_domain=iidp.net AWS_ACCESS_KEY_ID="op://Apps Dev/Terraform Enterprise - AWS IdP Account/username" AWS_SECRET_ACCESS_KEY="op://Apps Dev/Terraform Enterprise - AWS IdP Account/password" From c39672664360756a590beb7682f5b5ed24e134d5 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Thu, 29 Aug 2024 13:38:47 +0800 Subject: [PATCH 2/4] use output from ecs-app module instead of aws_db_instance data source --- main.tf | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/main.tf b/main.tf index 37d58fd..3405aea 100644 --- a/main.tf +++ b/main.tf @@ -20,7 +20,7 @@ locals { module "app" { source = "silinternational/ecs-app/aws" - version = "0.8.0" + version = "0.9.0" app_env = local.app_env app_name = var.app_name @@ -209,7 +209,7 @@ module "aws_backup" { app_name = "${var.app_name}-${var.aws_region}" app_env = var.app_env source_arns = [ - data.aws_db_instance.this.db_instance_arn, + module.app.database_arn, aws_dynamodb_table.logger.arn ] backup_schedule = "cron(${var.aws_backup_cron_schedule})" @@ -217,7 +217,3 @@ module "aws_backup" { sns_topic_name = "${local.app_name_and_env}-backup-vault-events" sns_email_subscription = var.backup_sns_email } - -data "aws_db_instance" "this" { - db_instance_identifier = "${var.app_name}-${var.app_env}" -} From b63edaa8e471c9c7a807e7664e06bf368a869f37 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:36:25 +0800 Subject: [PATCH 3/4] remove variables that were removed in ssp-base version 10 --- main.tf | 2 -- task-def-hub.json | 12 ------------ terraform.tfvars.example | 2 -- vars.tf | 12 ------------ 4 files changed, 28 deletions(-) diff --git a/main.tf b/main.tf index 3405aea..db0c8c9 100644 --- a/main.tf +++ b/main.tf @@ -116,8 +116,6 @@ locals { dynamo_secret_access_key = aws_iam_access_key.user_login_logger.secret enable_debug = var.enable_debug help_center_url = var.help_center_url - idp_display_name = var.idp_display_name - idp_name = var.idp_name memory = var.memory mysql_host = module.app.database_host mysql_database = local.mysql_database diff --git a/task-def-hub.json b/task-def-hub.json index a457cbd..351b459 100644 --- a/task-def-hub.json +++ b/task-def-hub.json @@ -41,10 +41,6 @@ "name": "BASE_URL_PATH", "value": "https://${subdomain}.${cloudflare_domain}/" }, - { - "name": "ENABLE_HUB_AUTHPROCS", - "value": "true" - }, { "name": "DYNAMO_ACCESS_KEY_ID", "value": "${dynamo_access_key_id}" @@ -61,14 +57,6 @@ "name": "HUB_MODE", "value": "true" }, - { - "name": "IDP_DISPLAY_NAME", - "value": "${idp_display_name}" - }, - { - "name": "IDP_NAME", - "value": "${idp_name}" - }, { "name": "MYSQL_HOST", "value": "${mysql_host}" diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 0b218d5..ea37c28 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -2,6 +2,4 @@ analytics_id = "G-" aws_access_key = "" aws_secret_key = "" cloudflare_domain = "example.com" -idp_display_name = "IdP Hub" -idp_name = "hub" subdomain = "hub" diff --git a/vars.tf b/vars.tf index 733975e..80ab701 100644 --- a/vars.tf +++ b/vars.tf @@ -100,18 +100,6 @@ variable "enable_debug" { default = "false" } -variable "idp_display_name" { - description = "The name of the hub as presented to the end user." - type = string - default = "IdP dev hub" -} - -variable "idp_name" { - description = "Required by ssp-base, but not actually used." - type = string - default = "hub" -} - variable "help_center_url" { description = "The URL for the \"Help\" link at the top of the IDP selection page" type = string From 255dadc28cc2172281919b19f055a5517a8a563d Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:37:03 +0800 Subject: [PATCH 4/4] various updates to GitHub workflow --- .github/workflows/terraform.yml | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index a3b4ad0..c6fb94b 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -7,37 +7,31 @@ name: 'Terraform' on: push: - pull_request: - -permissions: - contents: read + branches: ["**"] jobs: terraform: name: 'Terraform' - runs-on: ubuntu-22.04 - - # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest - defaults: - run: - shell: bash + runs-on: ubuntu-latest steps: # Checkout the repository to the GitHub Actions runner - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Install the latest version of Terraform CLI - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "<1.6.0" # only use open source version of Terraform # Checks that all Terraform configuration files adhere to a canonical format - name: Terraform Format - run: terraform fmt -check -diff + run: terraform fmt -check -diff -recursive # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init - run: terraform init -cloud=false + run: terraform init -backend=false # Validate the files, referring only to the configuration and not accessing any remote services - name: Terraform Validate