Skip to content

Commit

Permalink
[#184537961] Moved personal static ips to paas-trusted-people
Browse files Browse the repository at this point in the history
  • Loading branch information
@malcgds
malcgds committed Apr 11, 2023
1 parent c7a9619 commit 52d9bb9
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 1 deletion.
40 changes: 40 additions & 0 deletions concourse/pipelines/create-cloudfoundry.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1257,6 +1257,43 @@ jobs:
- get: vpc-tfstate
- get: concourse-tfstate
- get: cf-tfstate
- get: paas-trusted-people

- task: extract-personal-static-cdrs
config:
platform: linux
image_resource: *alpine-image-resource
inputs:
- name: paas-trusted-people
outputs:
- name: static-cdrs-tfvars
run:
path: sh
args:
- -e
- -c
- |
cd paas-trusted-people
if grep static_ip users.yml > /dev/null
then
apk add yq
yq '[.users[].static_ip | select(.)] | unique | .[]' users.yml > static_ips.txt
while read -r ip; do
if [ -z "$CIDRS" ]
then
CIDRS="\"${ip}/32\""
else
CIDRS="${CIDRS}, \"${ip}/32\""
fi
done < static_ips.txt
echo "personal_static_cdrs = [${CIDRS}]" > ../static-cdrs-tfvars/personal_static_cdrs.tfvars
else
touch ../static-cdrs-tfvars/personal_static_cdrs.tfvars
fi
- task: extract-terraform-variables
tags: [colocated-with-web]
Expand All @@ -1267,6 +1304,7 @@ jobs:
- name: paas-cf
- name: vpc-tfstate
- name: concourse-tfstate
- name: paas-trusted-people
outputs:
- name: terraform-variables
run:
Expand Down Expand Up @@ -1305,6 +1343,7 @@ jobs:
- name: terraform-variables
- name: paas-cf
- name: cf-tfstate
- name: static-cdrs-tfvars
outputs:
- name: updated-tfstate
params:
Expand All @@ -1330,6 +1369,7 @@ jobs:
terraform apply \
-auto-approve=true \
-var-file="../../../static-cdrs-tfvars/personal_static_cdrs.tfvars" \
-var-file="../../../paas-cf/terraform/((aws_account)).tfvars" \
-var-file="../../../paas-cf/terraform/cloudfoundry/((aws_account)).tfvars" \
-var-file="../../../paas-cf/terraform/((aws_region)).tfvars" \
Expand Down
3 changes: 2 additions & 1 deletion terraform/cloudfoundry/prometheus.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ resource "aws_security_group" "prometheus-lb" {

cidr_blocks = concat(
compact(var.admin_cidrs),
["${var.concourse_elastic_ip}/32"]
["${var.concourse_elastic_ip}/32"],
var.personal_static_cdrs,
)
}

Expand Down
2 changes: 2 additions & 0 deletions terraform/cloudfoundry/security-groups.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ resource "aws_security_group" "cf_api_elb" {
compact(var.api_access_cidrs),
["${var.concourse_elastic_ip}/32"],
formatlist("%s/32", aws_eip.cf.*.public_ip),
var.personal_static_cdrs,
)
}

Expand Down Expand Up @@ -101,6 +102,7 @@ resource "aws_security_group" "sshproxy" {
compact(var.admin_cidrs),
compact(var.api_access_cidrs),
["${var.concourse_elastic_ip}/32"],
var.personal_static_cdrs,
)
}

Expand Down
5 changes: 5 additions & 0 deletions terraform/globals.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,3 +143,8 @@ variable "zones" {
description = "AWS availability zones"
type = map(string)
}

variable "personal_static_cdrs" {
description = "personal static_cdrs populated with values from paas-trusted-people"
default = []
}

0 comments on commit 52d9bb9

Please sign in to comment.