From 733dda3d436fc32b486e06448293b75e092b070f Mon Sep 17 00:00:00 2001 From: Aidan Hilt Date: Thu, 22 Feb 2024 16:05:03 -0500 Subject: [PATCH] Fixing references --- .secrets.baseline | 4 ++-- gen3/bin/kube-setup-argo.sh | 18 ++++++------------ 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 851deb846..7c2e3b14d 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-02-22T20:57:50Z", + "generated_at": "2024-02-22T21:04:59Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -342,7 +342,7 @@ "hashed_secret": "40304f287a52d99fdbe086ad19dbdbf9cc1b3897", "is_secret": false, "is_verified": false, - "line_number": 213, + "line_number": 207, "type": "Secret Keyword" } ], diff --git a/gen3/bin/kube-setup-argo.sh b/gen3/bin/kube-setup-argo.sh index 0f4478f42..c89b6d3f8 100644 --- a/gen3/bin/kube-setup-argo.sh +++ b/gen3/bin/kube-setup-argo.sh @@ -48,13 +48,13 @@ function setup_argo_buckets { roleName="gen3-argo-${environment//_/-}-role" bucketPolicy="argo-bucket-policy-${nameSpace}" internalBucketPolicy="argo-internal-bucket-policy-${nameSpace}" - if [[ ! -z $(g3k_config_lookup '."s3-bucket"' $(g3k_manifest_init)/$(g3k_hostname)/manifests/argo/argo.json) || ! -z $(g3k_config_lookup '.argo."s3-bucket"') ]]; then - if [[ ! -z $(g3k_config_lookup '."s3-bucket"' $(g3k_manifest_init)/$(g3k_hostname)/manifests/argo/argo.json) ]]; then + if [[ ! -z $(g3k_config_lookup '."downloadable-s3-bucket"' $(g3k_manifest_init)/$(g3k_hostname)/manifests/argo/argo.json) || ! -z $(g3k_config_lookup '.argo."downloadable-s3-bucket"') ]]; then + if [[ ! -z $(g3k_config_lookup '."downloadable-s3-bucket"' $(g3k_manifest_init)/$(g3k_hostname)/manifests/argo/argo.json) ]]; then gen3_log_info "Using S3 bucket found in manifest: ${bucketName}" - bucketName=$(g3k_config_lookup '."s3-bucket"' $(g3k_manifest_init)/$(g3k_hostname)/manifests/argo/argo.json) + bucketName=$(g3k_config_lookup '."downloadable-s3-bucket"' $(g3k_manifest_init)/$(g3k_hostname)/manifests/argo/argo.json) else gen3_log_info "Using S3 bucket found in manifest: ${bucketName}" - bucketName=$(g3k_config_lookup '.argo."s3-bucket"') + bucketName=$(g3k_config_lookup '.argo."downloadable-s3-bucket"') fi fi if [[ ! -z $(g3k_config_lookup '."internal-s3-bucket"' $(g3k_manifest_init)/$(g3k_hostname)/manifests/argo/argo.json) || ! -z $(g3k_config_lookup '.argo."internal-s3-bucket"') ]]; then @@ -133,8 +133,6 @@ EOF ] } EOF - # TODO remove this - echo "Past the buckets policies" # Create argo SA within the current namespace gen3_log_info "Creating argo SA in the current namespace" g3kubectl create sa argo -n $nameSpace | true @@ -163,8 +161,7 @@ EOF roleArn=$(aws iam get-role --role-name "${roleName}" --query 'Role.Arn' --output text) g3kubectl annotate serviceaccount default eks.amazonaws.com/role-arn=${roleArn} -n $argo_namespace fi - # TODO remove this - echo "Past the IAM role creation" + # Grant admin access within the current namespace to the argo SA in the current namespace g3kubectl create rolebinding argo-admin --clusterrole=admin --serviceaccount=$nameSpace:argo -n $nameSpace || true aws iam put-role-policy --role-name ${roleName} --policy-name ${bucketPolicy} --policy-document file://$policyFile || true @@ -180,8 +177,7 @@ EOF gen3_log_info "Creating bucket lifecycle policy" aws s3api put-bucket-lifecycle --bucket ${bucketName} --lifecycle-configuration file://$bucketLifecyclePolicyFile - # TODO remove this - echo "Past the service account creation" + # Always update the policy, in case manifest buckets change aws iam put-role-policy --role-name ${roleName} --policy-name ${bucketPolicy} --policy-document file://$policyFile if [[ ! -z $internalBucketPolicyFile ]]; then @@ -205,8 +201,6 @@ EOF indexdFencePassword=$(cat $(gen3_secrets_folder)/creds.json | jq -r .indexd.user_db.$indexd_admin_user) g3kubectl create secret generic "indexd-creds" --from-literal=user=$indexd_admin_user --from-literal=password=$indexdFencePassword -n $argo_namespace fi - # TODO remove this - echo "End of function... what now?" } function setup_argo_db() {