Skip to content

Commit

Permalink
Update cluster config to remove user-sa key, no longer required
Browse files Browse the repository at this point in the history
  • Loading branch information
sgibson91 committed Dec 6, 2024
1 parent 4f400a2 commit 49de060
Show file tree
Hide file tree
Showing 19 changed files with 438 additions and 515 deletions.
28 changes: 9 additions & 19 deletions terraform/aws/projects/2i2c-aws-us.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ cluster_name = "2i2c-aws-us"
cluster_nodes_location = "us-west-2a"

enable_aws_ce_grafana_backend_iam = true
disable_cluster_wide_filestore = false

user_buckets = {
"scratch-staging" : {
Expand Down Expand Up @@ -31,34 +32,23 @@ user_buckets = {
},
}


hub_cloud_permissions = {
"staging" : {
"user-sa" : {
bucket_admin_access : ["scratch-staging"],
},
bucket_admin_access : ["scratch-staging"],
},
"dask-staging" : {
"user-sa" : {
bucket_admin_access : ["scratch-dask-staging"],
},
bucket_admin_access : ["scratch-dask-staging"],
},
"showcase" : {
"user-sa" : {
bucket_admin_access : [
"scratch-showcase",
"persistent-showcase",
],
},
bucket_admin_access : [
"scratch-showcase",
"persistent-showcase",
],
},
"ncar-cisl" : {
"user-sa" : {
bucket_admin_access : ["scratch-ncar-cisl"],
},
bucket_admin_access : ["scratch-ncar-cisl"],
},
"itcoocean" : {
"user-sa" : {
bucket_admin_access : ["scratch-itcoocean"],
},
bucket_admin_access : ["scratch-itcoocean"],
},
}
14 changes: 4 additions & 10 deletions terraform/aws/projects/catalystproject-africa.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ cluster_name = "catalystproject-africa"
cluster_nodes_location = "af-south-1a"

enable_aws_ce_grafana_backend_iam = true
disable_cluster_wide_filestore = false

user_buckets = {
"scratch-staging" : {
Expand All @@ -19,21 +20,14 @@ user_buckets = {
},
}


hub_cloud_permissions = {
"staging" : {
"user-sa" : {
bucket_admin_access : ["scratch-staging"],
},
bucket_admin_access : ["scratch-staging"],
},
"prod" : {
"user-sa" : {
bucket_admin_access : ["scratch"],
},
bucket_admin_access : ["scratch"],
},
"bhki" : {
"user-sa" : {
bucket_admin_access : ["persistent-bhki"],
},
bucket_admin_access : ["persistent-bhki"],
},
}
12 changes: 4 additions & 8 deletions terraform/aws/projects/earthscope.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ cluster_name = "earthscope"
cluster_nodes_location = "us-east-2a"

default_tags = {
"2i2c.org/cluster-name" : "{var_cluster_name}",
"2i2c.org/cluster-name" : "earthscope",
"ManagedBy" : "2i2c",
# Requested by the community in https://2i2c.freshdesk.com/a/tickets/1460
"earthscope:application:name" : "geolab",
Expand All @@ -15,6 +15,7 @@ default_budget_alert = {
}

enable_aws_ce_grafana_backend_iam = true
disable_cluster_wide_filestore = false

user_buckets = {
"scratch-staging" : {
Expand All @@ -27,16 +28,11 @@ user_buckets = {
},
}


hub_cloud_permissions = {
"staging" : {
"user-sa" : {
bucket_admin_access : ["scratch-staging"],
},
bucket_admin_access : ["scratch-staging"],
},
"prod" : {
"user-sa" : {
bucket_admin_access : ["scratch"],
},
bucket_admin_access : ["scratch"],
},
}
10 changes: 3 additions & 7 deletions terraform/aws/projects/gridsst.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ cluster_name = "gridsst"
cluster_nodes_location = "us-west-2a"

enable_aws_ce_grafana_backend_iam = true
disable_cluster_wide_filestore = false

user_buckets = {
"scratch-staging" : {
Expand All @@ -15,16 +16,11 @@ user_buckets = {
},
}


hub_cloud_permissions = {
"staging" : {
"user-sa" : {
bucket_admin_access : ["scratch-staging"],
},
bucket_admin_access : ["scratch-staging"],
},
"prod" : {
"user-sa" : {
bucket_admin_access : ["scratch"],
},
bucket_admin_access : ["scratch"],
},
}
10 changes: 3 additions & 7 deletions terraform/aws/projects/jupyter-health.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ cluster_name = "jupyter-health"
cluster_nodes_location = "us-east-2a"

enable_aws_ce_grafana_backend_iam = true
disable_cluster_wide_filestore = false

user_buckets = {
"scratch-staging" : {
Expand All @@ -15,16 +16,11 @@ user_buckets = {
},
}


hub_cloud_permissions = {
"staging" : {
"user-sa" : {
bucket_admin_access : ["scratch-staging"],
},
bucket_admin_access : ["scratch-staging"],
},
"prod" : {
"user-sa" : {
bucket_admin_access : ["scratch"],
},
bucket_admin_access : ["scratch"],
},
}
66 changes: 31 additions & 35 deletions terraform/aws/projects/jupyter-meets-the-earth.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ default_budget_alert = {
}

enable_aws_ce_grafana_backend_iam = true
disable_cluster_wide_filestore = false

user_buckets = {
"scratch-staging" : {
Expand All @@ -22,44 +23,39 @@ user_buckets = {
},
}


hub_cloud_permissions = {
"staging" : {
"user-sa" : {
bucket_admin_access : ["scratch-staging"],
# FIXME: Previously, users were granted full S3 permissions.
# Keep it the same for now
extra_iam_policy : <<-EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": ["arn:aws:s3:::*"]
}
]
}
EOT
},
bucket_admin_access : ["scratch-staging"],
# FIXME: Previously, users were granted full S3 permissions.
# Keep it the same for now
extra_iam_policy : <<-EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": ["arn:aws:s3:::*"]
}
]
}
EOT
},
"prod" : {
"user-sa" : {
bucket_admin_access : ["scratch"],
# FIXME: Previously, users were granted full S3 permissions.
# Keep it the same for now
extra_iam_policy : <<-EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": ["arn:aws:s3:::*"]
}
]
}
EOT
},
bucket_admin_access : ["scratch"],
# FIXME: Previously, users were granted full S3 permissions.
# Keep it the same for now
extra_iam_policy : <<-EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": ["arn:aws:s3:::*"]
}
]
}
EOT
},
}
9 changes: 3 additions & 6 deletions terraform/aws/projects/kitware.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ cluster_name = "kitware"
cluster_nodes_location = "us-west-2a"

enable_aws_ce_grafana_backend_iam = true
disable_cluster_wide_filestore = false

user_buckets = {
"scratch-staging" : {
Expand All @@ -17,13 +18,9 @@ user_buckets = {

hub_cloud_permissions = {
"staging" : {
"user-sa" : {
bucket_admin_access : ["scratch-staging"],
},
bucket_admin_access : ["scratch-staging"],
},
"prod" : {
"user-sa" : {
bucket_admin_access : ["scratch"],
},
bucket_admin_access : ["scratch"],
},
}
9 changes: 2 additions & 7 deletions terraform/aws/projects/maap.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,9 @@ user_buckets = {

hub_cloud_permissions = {
"staging" : {
"user-sa" : {
bucket_admin_access : ["scratch-staging"],
},
bucket_admin_access : ["scratch-staging"],
},

"prod" : {
"user-sa" : {
bucket_admin_access : ["scratch-prod"],
},
bucket_admin_access : ["scratch-prod"],
},
}
Loading

0 comments on commit 49de060

Please sign in to comment.