Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ssh-oidc config #364

Merged
merged 3 commits into from
Sep 10, 2024
Merged

Add ssh-oidc config #364

merged 3 commits into from
Sep 10, 2024

Conversation

sebastian-luna-valero
Copy link
Member

Summary

Enable access via ssh-oidc to members of the cloud.egi.eu VO with the auditor role.


Related issue :

@sebastian-luna-valero sebastian-luna-valero requested a review from a team as a code owner September 10, 2024 09:09
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan
terraform
Acquiring state lock. This may take a few moments...
openstack_blockstorage_volume_v3.image-cache: Refreshing state... [id=3a70b748-457f-42ec-abd6-01872ae51204]
openstack_compute_instance_v2.image-sync: Refreshing state... [id=e85de5ab-2fed-4e00-8a20-7410ab3e6a58]
openstack_compute_volume_attach_v2.attached: Refreshing state... [id=e85de5ab-2fed-4e00-8a20-7410ab3e6a58/3a70b748-457f-42ec-abd6-01872ae51204]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_instance_v2.image-sync must be replaced
-/+ resource "openstack_compute_instance_v2" "image-sync" {
      ~ access_ip_v4        = "192.168.1.70" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2024-09-09 15:19:22 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "svc1.m" -> (known after apply)
      ~ id                  = "e85de5ab-2fed-4e00-8a20-7410ab3e6a58" -> (known after apply)
      ~ image_name          = "ubuntu-22.04-amd64-raw" -> (known after apply)
        name                = "image-sync"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-09 15:19:36 +0000 UTC" -> (known after apply)
      ~ user_data           = "a5526511c49d2eb3ad45c71b5697f10be109f1c5" -> "09aaea2127e6f7a6bc73284fc313d1a78dd2bb59" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.1.70" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          ~ mac            = "fa:16:3e:cb:0d:24" -> (known after apply)
          ~ name           = "cloud_egi_net" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

  # openstack_compute_volume_attach_v2.attached must be replaced
-/+ resource "openstack_compute_volume_attach_v2" "attached" {
      ~ device      = "/dev/sdb" -> (known after apply)
      ~ id          = "e85de5ab-2fed-4e00-8a20-7410ab3e6a58/3a70b748-457f-42ec-abd6-01872ae51204" -> (known after apply)
      ~ instance_id = "e85de5ab-2fed-4e00-8a20-7410ab3e6a58" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Changes to Outputs:
  ~ instance-id = "e85de5ab-2fed-4e00-8a20-7410ab3e6a58" -> (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 10, in provider "openstack":
  10: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan
terraform
Acquiring state lock. This may take a few moments...
openstack_compute_instance_v2.cloud-info: Refreshing state... [id=4c7df728-e5a7-43aa-aeab-12d6c1a4f020]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_instance_v2.cloud-info must be replaced
-/+ resource "openstack_compute_instance_v2" "cloud-info" {
      ~ access_ip_v4        = "192.168.1.33" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2024-09-09 15:19:54 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "svc1.m" -> (known after apply)
      ~ id                  = "4c7df728-e5a7-43aa-aeab-12d6c1a4f020" -> (known after apply)
      ~ image_name          = "ubuntu-22.04-amd64-raw" -> (known after apply)
        name                = "cloud-info"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-09 15:20:21 +0000 UTC" -> (known after apply)
      ~ user_data           = "de79d6961648939a630909876971b508675bf4fd" -> "2334b73724ace56aa545bfb107bc204c05ecba29" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.1.33" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          ~ mac            = "fa:16:3e:9d:ca:7c" -> (known after apply)
          ~ name           = "cloud_egi_net" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Changes to Outputs:
  ~ instance-id = "4c7df728-e5a7-43aa-aeab-12d6c1a4f020" -> (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 10, in provider "openstack":
  10: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan
terraform
Acquiring state lock. This may take a few moments...
openstack_blockstorage_volume_v3.image-cache: Refreshing state... [id=3a70b748-457f-42ec-abd6-01872ae51204]
openstack_compute_instance_v2.image-sync: Refreshing state... [id=e85de5ab-2fed-4e00-8a20-7410ab3e6a58]
openstack_compute_volume_attach_v2.attached: Refreshing state... [id=e85de5ab-2fed-4e00-8a20-7410ab3e6a58/3a70b748-457f-42ec-abd6-01872ae51204]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_instance_v2.image-sync must be replaced
-/+ resource "openstack_compute_instance_v2" "image-sync" {
      ~ access_ip_v4        = "192.168.1.70" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2024-09-09 15:19:22 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "svc1.m" -> (known after apply)
      ~ id                  = "e85de5ab-2fed-4e00-8a20-7410ab3e6a58" -> (known after apply)
      ~ image_name          = "ubuntu-22.04-amd64-raw" -> (known after apply)
        name                = "image-sync"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-09 15:19:36 +0000 UTC" -> (known after apply)
      ~ user_data           = "a5526511c49d2eb3ad45c71b5697f10be109f1c5" -> "92618b2f2d20e8ef3c5b16eb8cbc866a960bf3d8" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.1.70" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          ~ mac            = "fa:16:3e:cb:0d:24" -> (known after apply)
          ~ name           = "cloud_egi_net" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

  # openstack_compute_volume_attach_v2.attached must be replaced
-/+ resource "openstack_compute_volume_attach_v2" "attached" {
      ~ device      = "/dev/sdb" -> (known after apply)
      ~ id          = "e85de5ab-2fed-4e00-8a20-7410ab3e6a58/3a70b748-457f-42ec-abd6-01872ae51204" -> (known after apply)
      ~ instance_id = "e85de5ab-2fed-4e00-8a20-7410ab3e6a58" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Changes to Outputs:
  ~ instance-id = "e85de5ab-2fed-4e00-8a20-7410ab3e6a58" -> (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 10, in provider "openstack":
  10: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @sebastian-luna-valero, Action: pull_request

Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan
terraform
Acquiring state lock. This may take a few moments...
openstack_compute_instance_v2.cloud-info: Refreshing state... [id=4c7df728-e5a7-43aa-aeab-12d6c1a4f020]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_instance_v2.cloud-info must be replaced
-/+ resource "openstack_compute_instance_v2" "cloud-info" {
      ~ access_ip_v4        = "192.168.1.33" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2024-09-09 15:19:54 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "svc1.m" -> (known after apply)
      ~ id                  = "4c7df728-e5a7-43aa-aeab-12d6c1a4f020" -> (known after apply)
      ~ image_name          = "ubuntu-22.04-amd64-raw" -> (known after apply)
        name                = "cloud-info"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-09 15:20:21 +0000 UTC" -> (known after apply)
      ~ user_data           = "de79d6961648939a630909876971b508675bf4fd" -> "1af10f8b12ab34ec5932cbd2ab160dbdc551ca16" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.1.33" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          ~ mac            = "fa:16:3e:9d:ca:7c" -> (known after apply)
          ~ name           = "cloud_egi_net" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Changes to Outputs:
  ~ instance-id = "4c7df728-e5a7-43aa-aeab-12d6c1a4f020" -> (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 10, in provider "openstack":
  10: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

Copy link
Contributor

@enolfc enolfc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@enolfc enolfc merged commit 4a3368f into main Sep 10, 2024
35 checks passed
@enolfc enolfc deleted the ssh-oidc branch September 10, 2024 09:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants