Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AB#2578 Implement Azure IAM in terraform #562

Merged
merged 8 commits into from
Nov 16, 2022
Merged

AB#2578 Implement Azure IAM in terraform #562

merged 8 commits into from
Nov 16, 2022

Conversation

msanft
Copy link
Contributor

@msanft msanft commented Nov 16, 2022
edited
Loading

Proposed change(s)

  • Implement a terraform configuration which creates the necessary azure resources to run constellation, allowing to "skip" the IAM shell script.

Checklist

@netlify
Copy link

netlify bot commented Nov 16, 2022
edited
Loading

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit 210a6a8
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/63750c1219c1530008fad334

@malt3 malt3 self-assigned this Nov 16, 2022
malt3
malt3 suggested changes Nov 16, 2022
View reviewed changes
hack/terraform/azure/iam/readme.md Outdated
@@ -0,0 +1,37 @@
# IAM instance for Azure
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

very subjective nit: I would change the filename to README.md for consistency.

hack/terraform/azure/iam/readme.md Outdated
```sh
mkdir constellation_azure_iam
cd constellation_azure_iam
curl --remote-name-all https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/terraform/azure/iam/{main,output,variables}.tf
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should include the lockfile .terraform.lock.hcl. The azure terraform iam readme also misses this step.

hack/terraform/azure/iam/main.tf Outdated Show resolved Hide resolved
hack/terraform/azure/iam/readme.md Outdated Show resolved Hide resolved
hack/terraform/azure/iam/main.tf Outdated Show resolved Hide resolved
msanft and others added 5 commits November 16, 2022 17:06
@msanft @malt3
Using service principal for role assignment in cluster resource group
307c73e 
Co-authored-by: Malte Poll <mp@edgeless.systems>
@msanft @malt3
Rephrased header for Azure
f698f63 
Co-authored-by: Malte Poll <mp@edgeless.systems>
@msanft @malt3
Registry -> Registration typo
d1b9536 
Co-authored-by: Malte Poll <mp@edgeless.systems>
@msanft
Download lockfile
96f869a
@msanft
File name casing
210a6a8
malt3
malt3 approved these changes Nov 16, 2022
View reviewed changes
Copy link
Contributor

@malt3 malt3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@msanft msanft merged commit dfe7f85 into main Nov 16, 2022
@msanft msanft deleted the feat/TerraformAzureIAM branch November 16, 2022 19:19
leongross pushed a commit that referenced this pull request Nov 17, 2022
@msanft @malt3 @leongross
AB#2578 Implement Azure IAM in terraform (#562)
1cc60cc 
* AB#2578 Azure IAM init

* AB#2578 Fixed application owner privileges, added docs

* Add all supported providers to TF lockfile

* Using service principal for role assignment in cluster resource group

Co-authored-by: Malte Poll <mp@edgeless.systems>

* Rephrased header for Azure

Co-authored-by: Malte Poll <mp@edgeless.systems>

* Registry -> Registration typo

Co-authored-by: Malte Poll <mp@edgeless.systems>

* Download lockfile

* File name casing

Co-authored-by: Malte Poll <mp@edgeless.systems>
@m1ghtym0 m1ghtym0 mentioned this pull request Jan 17, 2023
Closed
8 tasks
david-crypto pushed a commit that referenced this pull request Oct 3, 2024
@msanft
os-image: use tmpfs for state disk (#562)
e365d96
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@malt3 malt3 malt3 approved these changes

Assignees

@malt3 malt3

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@msanft @malt3