From 1219d30359f1343bc93115d606b42bc22fdab167 Mon Sep 17 00:00:00 2001 From: alexeh Date: Tue, 5 Mar 2024 11:51:41 +0300 Subject: [PATCH] add eudr credentials k8s secret and eudr dataset api env var (cherry picked from commit 8d4f44ca889abdc2401c8fa56fd333b74e40d74a) --- infrastructure/kubernetes/main.tf | 1 + .../kubernetes/modules/aws/env/main.tf | 16 ++++++++++++---- .../kubernetes/modules/aws/env/variables.tf | 6 ++++++ .../kubernetes/modules/aws/secrets/main.tf | 2 ++ .../kubernetes/modules/aws/secrets/variable.tf | 6 ++++++ infrastructure/kubernetes/variables.tf | 18 ++++++++++++++++++ .../kubernetes/vars/terraform.tfvars | 2 ++ 7 files changed, 47 insertions(+), 4 deletions(-) diff --git a/infrastructure/kubernetes/main.tf b/infrastructure/kubernetes/main.tf index 828b0c9b1..85de0e034 100644 --- a/infrastructure/kubernetes/main.tf +++ b/infrastructure/kubernetes/main.tf @@ -76,6 +76,7 @@ module "aws_environment" { allowed_account_id = var.allowed_account_id gmaps_api_key = var.gmaps_api_key sendgrid_api_key = var.sendgrid_api_key + eudr_credentials = jsonencode(var.eudr_credentials) load_fresh_data = lookup(each.value, "load_fresh_data", false) data_import_arguments = lookup(each.value, "data_import_arguments", ["seed-data"]) image_tag = lookup(each.value, "image_tag", each.key) diff --git a/infrastructure/kubernetes/modules/aws/env/main.tf b/infrastructure/kubernetes/modules/aws/env/main.tf index 2a1fd1ed4..408903efd 100644 --- a/infrastructure/kubernetes/modules/aws/env/main.tf +++ b/infrastructure/kubernetes/modules/aws/env/main.tf @@ -29,13 +29,13 @@ locals { name = "REQUIRE_USER_ACCOUNT_ACTIVATION" value = "true" }, - { - name = "USE_NEW_METHODOLOGY" - value = "true" - }, { name = "FILE_SIZE_LIMIT" value = 31457280 + }, + { + name = "EUDR_DATASET" + value = "cartobq.eudr.mock_data_optimized" } ] : env.name => env.value } @@ -136,8 +136,14 @@ module "k8s_api" { name = "SENDGRID_API_KEY" secret_name = "api" secret_key = "SENDGRID_API_KEY" + }, + { + name = "EUDR_CREDENTIALS" + secret_name = "api" + secret_key = "EUDR_CREDENTIALS" } + ]) env_vars = local.api_env_vars @@ -260,6 +266,7 @@ module "k8s_data_import" { ] } + module "k8s_secrets" { source = "../secrets" tf_state_bucket = var.tf_state_bucket @@ -268,6 +275,7 @@ module "k8s_secrets" { namespace = var.environment gmaps_api_key = var.gmaps_api_key sendgrid_api_key = var.sendgrid_api_key + eudr_credentials = var.eudr_credentials depends_on = [ module.k8s_namespace diff --git a/infrastructure/kubernetes/modules/aws/env/variables.tf b/infrastructure/kubernetes/modules/aws/env/variables.tf index 74c9f5517..2b5f486cc 100644 --- a/infrastructure/kubernetes/modules/aws/env/variables.tf +++ b/infrastructure/kubernetes/modules/aws/env/variables.tf @@ -67,6 +67,12 @@ variable "sendgrid_api_key" { description = "The Sendgrid API key used for sending emails" } +variable "eudr_credentials" { + type = string + sensitive = true + description = "Service Account credentials to access EUDR Data" +} + variable "load_fresh_data" { type = bool default = false diff --git a/infrastructure/kubernetes/modules/aws/secrets/main.tf b/infrastructure/kubernetes/modules/aws/secrets/main.tf index 30b3b3217..5c03e584c 100644 --- a/infrastructure/kubernetes/modules/aws/secrets/main.tf +++ b/infrastructure/kubernetes/modules/aws/secrets/main.tf @@ -11,6 +11,7 @@ locals { jwt_password_reset_secret = random_password.jwt_password_reset_secret_generator.result gmaps_api_key = var.gmaps_api_key sendgrid_api_key = var.sendgrid_api_key + eudr_credentials = var.eudr_credentials } } @@ -52,6 +53,7 @@ resource "kubernetes_secret" "api_secret" { JWT_PASSWORD_RESET_SECRET = local.api_secret_json.jwt_password_reset_secret GMAPS_API_KEY = local.api_secret_json.gmaps_api_key SENDGRID_API_KEY = local.api_secret_json.sendgrid_api_key + EUDR_CREDENTIALS = local.api_secret_json.eudr_credentials } } diff --git a/infrastructure/kubernetes/modules/aws/secrets/variable.tf b/infrastructure/kubernetes/modules/aws/secrets/variable.tf index cf63b9f94..f9dba198a 100644 --- a/infrastructure/kubernetes/modules/aws/secrets/variable.tf +++ b/infrastructure/kubernetes/modules/aws/secrets/variable.tf @@ -29,3 +29,9 @@ variable "sendgrid_api_key" { sensitive = true description = "The SendGrid API key used for sending emails" } + +variable "eudr_credentials" { + type = string + sensitive = true + description = "Service Account credentials to access EUDR Data" +} diff --git a/infrastructure/kubernetes/variables.tf b/infrastructure/kubernetes/variables.tf index 67c2a4203..474394667 100644 --- a/infrastructure/kubernetes/variables.tf +++ b/infrastructure/kubernetes/variables.tf @@ -57,6 +57,24 @@ variable "sendgrid_api_key" { description = "The Sendgrid API key used for sending emails" } +variable "eudr_credentials" { + type = object({ + type = string + project_id = string + private_key = string + private_key_id = string + client_email = string + client_id = string + auth_uri = string + client_x509_cert_url = string + token_uri = string + auth_provider_x509_cert_url = string + universe_domain = string + }) + sensitive = true + description = "Service Account credentials to access EUDR Data" +} + variable "repo_name" { type = string description = "Name of the github repo where the project is hosted" diff --git a/infrastructure/kubernetes/vars/terraform.tfvars b/infrastructure/kubernetes/vars/terraform.tfvars index c174aab23..23e190155 100644 --- a/infrastructure/kubernetes/vars/terraform.tfvars +++ b/infrastructure/kubernetes/vars/terraform.tfvars @@ -25,4 +25,6 @@ gcp_project_id = "landgriffon" gmaps_api_key = "" mapbox_api_token = "" sendgrid_api_key = "" +eudr_credentials = {} +