Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Allow array of Org IDs #97

Merged
merged 3 commits into from
Nov 20, 2024
Merged

feat: Allow array of Org IDs #97

merged 3 commits into from
Nov 20, 2024

Conversation

mitch-hamm
Copy link
Contributor

@mitch-hamm mitch-hamm commented Nov 13, 2024
edited
Loading

Set org id as a list to allow multiple orgs in the same AWS account

Result of tf plan on an existing apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.sn_managed_cloud.aws_iam_role.bootstrap_role[0] will be updated in-place
  ~ resource "aws_iam_role" "bootstrap_role" {
      ~ assume_role_policy    = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Condition = {
                          + "ForAllValues:StringEquals" = {
                              + "sts:ExternalId" = [
                                  + "o-nd3gv",
                                  + "o-z7cmp",
                                ]
                            }
                          - StringEquals                = {
                              - "sts:ExternalId" = "o-nd3gv"
                            }
                        }
                        # (4 unchanged attributes hidden)
                    },
                  ~ {
                      ~ Condition = {
                          + "ForAllValues:StringEquals" = {
                              + "sts:ExternalId" = [
                                  + "o-nd3gv",
                                  + "o-z7cmp",
                                ]
                            }
                          - StringEquals                = {
                              - "sts:ExternalId" = "o-nd3gv"
                            }
                        }
                        # (4 unchanged attributes hidden)
                    },
                    {
                        Action    = "sts:AssumeRoleWithWebIdentity"
                        Condition = {
                            StringEquals = {
                                "accounts.google.com:aud" = "108050666045451143798"
                            }
                        }
                        Effect    = "Allow"
                        Principal = {
                            Federated = "accounts.google.com"
                        }
                        Sid       = "AllowStreamNativeControlPlaneAccess"
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        id                    = "StreamNativeCloudBootstrapRole"
        name                  = "StreamNativeCloudBootstrapRole"
        tags                  = {
            "SNVersion" = "3.14.1"
            "Vendor"    = "StreamNative"
        }
        # (10 unchanged attributes hidden)
    }

  # module.sn_managed_cloud.aws_iam_role.management_role will be updated in-place
  ~ resource "aws_iam_role" "management_role" {
      ~ assume_role_policy    = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Condition = {
                          + "ForAllValues:StringEquals" = {
                              + "sts:ExternalId" = [
                                  + "o-nd3gv",
                                  + "o-z7cmp",
                                ]
                            }
                          - StringEquals                = {
                              - "sts:ExternalId" = "o-nd3gv"
                            }
                        }
                        # (4 unchanged attributes hidden)
                    },
                    {
                        Action    = "sts:AssumeRoleWithWebIdentity"
                        Condition = {
                            StringEquals = {
                                "accounts.google.com:aud" = "108050666045451143798"
                            }
                        }
                        Effect    = "Allow"
                        Principal = {
                            Federated = "accounts.google.com"
                        }
                        Sid       = "AllowStreamNativeControlPlaneAccess"
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        id                    = "StreamNativeCloudManagementRole"
        name                  = "StreamNativeCloudManagementRole"
        tags                  = {
            "SNVersion" = "3.14.1"
            "Vendor"    = "StreamNative"
        }
        # (10 unchanged attributes hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

Apply results

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.sn_managed_cloud.aws_iam_role.bootstrap_role[0] will be updated in-place
  ~ resource "aws_iam_role" "bootstrap_role" {
      ~ assume_role_policy    = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Condition = {
                          + "ForAllValues:StringEquals" = {
                              + "sts:ExternalId" = [
                                  + "o-nd3gv",
                                  + "o-z7cmp",
                                ]
                            }
                          - StringEquals                = {
                              - "sts:ExternalId" = "o-nd3gv"
                            }
                        }
                        # (4 unchanged attributes hidden)
                    },
                  ~ {
                      ~ Condition = {
                          + "ForAllValues:StringEquals" = {
                              + "sts:ExternalId" = [
                                  + "o-nd3gv",
                                  + "o-z7cmp",
                                ]
                            }
                          - StringEquals                = {
                              - "sts:ExternalId" = "o-nd3gv"
                            }
                        }
                        # (4 unchanged attributes hidden)
                    },
                    {
                        Action    = "sts:AssumeRoleWithWebIdentity"
                        Condition = {
                            StringEquals = {
                                "accounts.google.com:aud" = "108050666045451143798"
                            }
                        }
                        Effect    = "Allow"
                        Principal = {
                            Federated = "accounts.google.com"
                        }
                        Sid       = "AllowStreamNativeControlPlaneAccess"
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        id                    = "StreamNativeCloudBootstrapRole"
        name                  = "StreamNativeCloudBootstrapRole"
        tags                  = {
            "SNVersion" = "3.14.1"
            "Vendor"    = "StreamNative"
        }
        # (10 unchanged attributes hidden)
    }

  # module.sn_managed_cloud.aws_iam_role.management_role will be updated in-place
  ~ resource "aws_iam_role" "management_role" {
      ~ assume_role_policy    = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Condition = {
                          + "ForAllValues:StringEquals" = {
                              + "sts:ExternalId" = [
                                  + "o-nd3gv",
                                  + "o-z7cmp",
                                ]
                            }
                          - StringEquals                = {
                              - "sts:ExternalId" = "o-nd3gv"
                            }
                        }
                        # (4 unchanged attributes hidden)
                    },
                    {
                        Action    = "sts:AssumeRoleWithWebIdentity"
                        Condition = {
                            StringEquals = {
                                "accounts.google.com:aud" = "108050666045451143798"
                            }
                        }
                        Effect    = "Allow"
                        Principal = {
                            Federated = "accounts.google.com"
                        }
                        Sid       = "AllowStreamNativeControlPlaneAccess"
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        id                    = "StreamNativeCloudManagementRole"
        name                  = "StreamNativeCloudManagementRole"
        tags                  = {
            "SNVersion" = "3.14.1"
            "Vendor"    = "StreamNative"
        }
        # (10 unchanged attributes hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.sn_managed_cloud.aws_iam_role.bootstrap_role[0]: Modifying... [id=StreamNativeCloudBootstrapRole]
module.sn_managed_cloud.aws_iam_role.management_role: Modifying... [id=StreamNativeCloudManagementRole]
module.sn_managed_cloud.aws_iam_role.bootstrap_role[0]: Modifications complete after 0s [id=StreamNativeCloudBootstrapRole]
module.sn_managed_cloud.aws_iam_role.management_role: Modifications complete after 1s [id=StreamNativeCloudManagementRole]

Apply complete! Resources: 0 added, 2 changed, 0 destroyed.

@mitch-hamm mitch-hamm requested a review from a team as a code owner November 13, 2024 17:59
@mitch-hamm
Copy link
Contributor Author

2 Different Orgs 2 Clusters
Screenshot 2024-11-14 at 3 20 01 PM

@mitch-hamm mitch-hamm changed the title WIP: Allow array of Org IDs feat: Allow array of Org IDs Nov 14, 2024
@mitch-hamm
Copy link
Contributor Author

Org 1
Screenshot 2024-11-14 at 3 25 14 PM

Org 2
Screenshot 2024-11-14 at 3 25 32 PM

@mitch-hamm
Copy link
Contributor Author

Current limit is 62 Orgs

maxsxu
maxsxu previously approved these changes Nov 20, 2024
View reviewed changes
Copy link
Member

@maxsxu maxsxu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remember run terraform-docs to update the README

@mitch-hamm
Copy link
Contributor Author

Please remember run terraform-docs to update the README

Updated Readme

@mitch-hamm mitch-hamm merged commit 3990b48 into main Nov 20, 2024
4 checks passed
@mitch-hamm mitch-hamm deleted the mh/74 branch November 20, 2024 17:53
@streamnativebot streamnativebot mentioned this pull request Nov 20, 2024
Merged
mitch-hamm pushed a commit that referenced this pull request Nov 20, 2024
@streamnativebot
chore(main): release 3.16.0 (#96)
087074c 
🤖 I have created a release *beep* *boop*
---


##
[3.16.0](v3.15.0...v3.16.0)
(2024-11-20)


### Features

* Allow array of Org IDs
([#97](#97))
([3990b48](3990b48))
* Split AWS Policies
([#98](#98))
([9c404c0](9c404c0))


### Bug Fixes

* update source path for new version
([#95](#95))
([db248d5](db248d5))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
@maxsxu maxsxu mentioned this pull request Nov 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ciiiii ciiiii ciiiii left review comments

@dpappa dpappa dpappa approved these changes

@maxsxu maxsxu maxsxu left review comments

Assignees

@mitch-hamm mitch-hamm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mitch-hamm @dpappa @maxsxu @ciiiii