Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read-only service accounts for automation and CI/CD #1899

Merged
merged 67 commits into from Dec 27, 2023
Merged

Read-only service accounts for automation and CI/CD #1899

merged 67 commits into from Dec 27, 2023

Conversation

ludoo
Copy link
Collaborator

@ludoo ludoo commented Dec 3, 2023
edited

WIP, design document in this PR has the rationale and explanation of changes.

This PR also

  • adds a custom roles factory to the organization and project modules
  • refactors the factory variables in organization, folder and project modules so they use our latest standard
  • moves FAST stage 0 custom roles to YAML files passed to the organization module's factory
  • removes the (now stale) custom_role_names variable from FAST stage 0
  • refactors the FAST CI/CD workflows

Test errors will be expected until this has been completed.

@ludoo
Copy link
Collaborator Author

ludoo commented Dec 19, 2023

This is now ready, barring some IAM tweaks for the stage 2 and 3 CI/CD read-only service accounts, which I will test today. It can be reviewed, additional roles will be added before merging but won't change the PR structure.

@ludoo ludoo marked this pull request as ready for review December 19, 2023 07:37
@ludoo ludoo requested a review from juliocc December 19, 2023 07:37
@ludoo ludoo enabled auto-merge (squash) December 25, 2023 06:58
@ludoo
Copy link
Collaborator Author

ludoo commented Dec 25, 2023
edited

This is now ready for review. The second set of service accounts is still missing from multitenant stages, but I will add it once the approach has been validated. CI/CD tested with actual repositories for stages 0, 1, and 2 networking.

@ludoo ludoo changed the title (WIP) Read-only service accounts for automation and CI/CD Read-only service accounts for automation and CI/CD Dec 25, 2023
juliocc
juliocc approved these changes Dec 27, 2023
View reviewed changes
Copy link
Collaborator

@juliocc juliocc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 🧑‍🎄

Left a couple of small comments

fast/assets/templates/workflow-github.yaml Show resolved Hide resolved
fast/assets/templates/workflow-gitlab.yaml Outdated Show resolved Hide resolved
fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-gitlab.yaml Outdated Show resolved Hide resolved
fast/stages-multitenant/1-resman-tenant/templates/workflow-gitlab.yaml Outdated Show resolved Hide resolved
fast/stages/0-bootstrap/templates/workflow-gitlab.yaml Outdated Show resolved Hide resolved
fast/stages/1-resman/templates/workflow-gitlab.yaml Outdated Show resolved Hide resolved
@ludoo ludoo merged commit 9d6e614 into master Dec 27, 2023
13 checks passed
@ludoo ludoo deleted the ludo/fast-cicd-permissions branch December 27, 2023 11:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliocc juliocc juliocc approved these changes

Assignees
No one assigned
Labels
on:documentation on:FAST
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ludoo @juliocc @wiktorn