Skip to content

Commit

Permalink
Merge branch 'main' into add-workload2-role
Browse files Browse the repository at this point in the history
Signed-off-by: Jorge Turrado Ferrero <[email protected]>
  • Loading branch information
JorTurFer authored Dec 30, 2023
2 parents 80710f2 + 9c0175a commit ef4a10a
Show file tree
Hide file tree
Showing 5 changed files with 15 additions and 11 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,13 @@ jobs:
aws-region: eu-west-2

- name: Log into GCP using OIDC
uses: google-github-actions/auth@v1
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
uses: hashicorp/setup-terraform@v3.0.0

- name: Terraform Init
run: |
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/pr-validation.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,13 +48,13 @@ jobs:
aws-region: eu-west-2

- name: Log into GCP using OIDC
uses: google-github-actions/auth@v1
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
uses: hashicorp/setup-terraform@v3.0.0

- name: Setup TFLint
uses: terraform-linters/setup-tflint@v4
Expand Down Expand Up @@ -97,7 +97,7 @@ jobs:
working-directory: terraform

- name: Create the plan summary
uses: actions/github-script@v6
uses: actions/github-script@v7
if: always()
id: summary
env:
Expand Down
4 changes: 2 additions & 2 deletions terraform/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ module "azuread_applications" {
module "azure_aks_pr" {
source = "./modules/azure/aks"
resource_group_name = var.azure_resource_group_name
kubernetes_version = "1.27"
kubernetes_version = "1.28"
cluster_name = local.pr_cluster_name
unique_project_name = var.unique_project_name

Expand All @@ -103,7 +103,7 @@ module "azure_aks_pr" {
module "azure_aks_nightly" {
source = "./modules/azure/aks"
resource_group_name = var.azure_resource_group_name
kubernetes_version = "1.27"
kubernetes_version = "1.28"
cluster_name = local.main_cluster_name
unique_project_name = var.unique_project_name

Expand Down
9 changes: 6 additions & 3 deletions terraform/modules/aws/iam/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,9 @@ resource "aws_iam_policy" "policy" {
"dynamodb:ListGlobalTables",
"cloudwatch:ListMetricStreams",
"dynamodb:DescribeReservedCapacity",
"secretsmanager:CreateSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:DeleteSecret",
"kinesis:UpdateShardCount"
],
"Resource": "*"
Expand All @@ -156,9 +159,9 @@ resource "aws_iam_policy" "policy" {
},
{
"Effect": "Deny",
"Action": "sqs:*",
"Action": "sqs:GetQueueAttributes",
"Resource": [
"arn:aws:sqs:*:589761922677:asume-role-*"
"arn:aws:sqs:*:589761922677:assume-role-*"
]
},
{
Expand Down Expand Up @@ -260,7 +263,7 @@ resource "aws_iam_policy" "workload2_role_policy" {
{
"Effect": "Allow",
"Action": "sqs:*",
"Resource": "arn:aws:sqs:*:589761922677:asume-role-workload2-queue-*"
"Resource": "arn:aws:sqs:*:589761922677:assume-role-workload2-queue-*"
}
]
}
Expand Down
3 changes: 2 additions & 1 deletion terraform/modules/azure/data-explorer/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ resource "azurerm_kusto_cluster" "cluster" {
name = local.kusto_cluster_name
location = data.azurerm_resource_group.rg.location
resource_group_name = data.azurerm_resource_group.rg.name
auto_stop_enabled = false
engine = "V3"

sku {
Expand Down Expand Up @@ -47,4 +48,4 @@ resource "azurerm_kusto_cluster_principal_assignment" "role" {
principal_id = var.admin_principal_ids[count.index]
principal_type = "App"
role = "AllDatabasesAdmin"
}
}

0 comments on commit ef4a10a

Please sign in to comment.