Skip to content

Commit

Permalink
DDLS-54b Cloud9 make users settable without pr (#1473)
Browse files Browse the repository at this point in the history 
* DDLS-54 add secret part 1

* DDLS-54b keep cloud9 users in a secret
  • Loading branch information
@jamesrwarren
jamesrwarren authored Nov 28, 2023
1 parent 2075c6f commit 761ede0
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 20 deletions.
12 changes: 10 additions & 2 deletions terraform/account/cloud9.tf
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,23 @@
locals {
cloud9_users_from_secret = jsondecode(data.aws_secretsmanager_secret_version.cloud9_users.secret_string)["user_names"]
cloud9_owner_from_secret = jsondecode(data.aws_secretsmanager_secret_version.cloud9_users.secret_string)["owner"]
cloud9_users_for_each = {
for user, user in local.cloud9_users_from_secret : user => user
}
}

resource "aws_cloud9_environment_ec2" "shared" {
instance_type = "t2.micro"
name = "team-cloud9-env"
automatic_stop_time_minutes = 20
description = "Shared Cloud9 instance to be used by all devs"
subnet_id = aws_subnet.public[0].id
owner_arn = "arn:aws:iam::${var.accounts[terraform.workspace].account_id}:assumed-role/operator/tom.gulliver"
owner_arn = "arn:aws:iam::${var.accounts[terraform.workspace].account_id}:assumed-role/operator/${nonsensitive(local.cloud9_owner_from_secret)}"
tags = local.default_tags
}

resource "aws_cloud9_environment_membership" "shared" {
for_each = toset(local.cloud9_users)
for_each = nonsensitive(local.cloud9_users_for_each)

environment_id = aws_cloud9_environment_ec2.shared.id
permissions = "read-write"
Expand Down
20 changes: 10 additions & 10 deletions terraform/account/secrets.tf
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,3 @@
resource "aws_secretsmanager_secret" "slack_webhook_url" {
name = "slack-webhook-url"
description = "URL of webhook for Slack Integration"
tags = local.default_tags
}

data "aws_secretsmanager_secret_version" "slack_webhook_url" {
secret_id = aws_secretsmanager_secret.slack_webhook_url.id
}

module "environment_secrets" {
for_each = local.account.environments

Expand Down Expand Up @@ -50,3 +40,13 @@ resource "aws_secretsmanager_secret" "cloud9_users" {
data "aws_secretsmanager_secret_version" "cloud9_users" {
secret_id = aws_secretsmanager_secret.cloud9_users.id
}

resource "aws_secretsmanager_secret" "slack_webhook_url" {
name = "slack-webhook-url"
description = "URL of webhook for Slack Integration"
tags = local.default_tags
}

data "aws_secretsmanager_secret_version" "slack_webhook_url" {
secret_id = aws_secretsmanager_secret.slack_webhook_url.id
}
8 changes: 0 additions & 8 deletions terraform/account/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,4 @@ locals {
}

s3_bucket = local.account.name == "production" ? "${local.account.name}02" : local.account.name

cloud9_users = [
"alex.saunders",
"gugandeep.chani",
"jack.goodby",
"mia.gordon",
"chris.rafferty"
]
}

0 comments on commit 761ede0

Please sign in to comment.