Skip to content

Commit

Permalink
chore: Remove Thomas and add Gary
Browse files Browse the repository at this point in the history 
GTC-1921
  • Loading branch information
@gtempus
gtempus committed Jul 15, 2022
1 parent e9a74d3 commit 7c0be8e
Show file tree
Hide file tree
Showing 7 changed files with 41 additions and 47 deletions.
12 changes: 6 additions & 6 deletions .github/workflows/terraform_build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ jobs:
RDS_PASSWORD_RO: ${{ secrets.rds_password_ro_production }}
GCS_GFW_GEE_EXPORT_KEY: ${{ secrets.gcs_gfw_gee_export_key }}
PLANET_API_KEY: ${{secrets.planet_api_key }}
TMASCHLER_IP: ${{ secrets.tmaschler_ip }}
JTERRY_IP: ${{ secrets.jterry_ip }}
DMANNARINO_IP: ${{ secrets.dmannarino_ip }}
SNEGUSSE_IP: ${{ secrets.snegusse_ip }}
GTEMPUS_IP: ${{ secrets.gtempus_ip }}
OFFICE_3SC_IP: ${{ secrets.office_3sc_ip }}
VPN_3SC_IP: ${{ secrets.vpn_3sc_ip }}
run: |
Expand All @@ -38,10 +38,10 @@ jobs:
-var "rds_password_ro=${RDS_PASSWORD_RO}" \
-var "gfw-gee-export_key=${GCS_GFW_GEE_EXPORT_KEY}" \
-var "planet_api_key=${PLANET_API_KEY}" \
-var "tmaschler_ip=${TMASCHLER_IP}" \
-var "jterry_ip=${JTERRY_IP}" \
-var "dmannarino_ip=${DMANNARINO_IP}" \
-var "snegusse_ip=${SNEGUSSE_IP}" \
-var "gtempus_ip=${GTEMPUS_IP}" \
-var "office_3sc_ip=${OFFICE_3SC_IP}" \
-var "vpn_3sc_ip=${VPN_3SC_IP}"
./scripts/infra apply
Expand All @@ -58,10 +58,10 @@ jobs:
RDS_PASSWORD_RO: ${{ secrets.rds_password_ro_staging }}
GCS_GFW_GEE_EXPORT_KEY: ${{ secrets.gcs_gfw_gee_export_key }}
PLANET_API_KEY: ${{secrets.planet_api_key }}
TMASCHLER_IP: ${{ secrets.tmaschler_ip }}
JTERRY_IP: ${{ secrets.jterry_ip }}
DMANNARINO_IP: ${{ secrets.dmannarino_ip }}
SNEGUSSE_IP: ${{ secrets.snegusse_ip }}
GTEMPUS_IP: ${{ secrets.gtempus_ip }}
OFFICE_3SC_IP: ${{ secrets.office_3sc_ip }}
VPN_3SC_IP: ${{ secrets.vpn_3sc_ip }}
run: |
Expand All @@ -71,10 +71,10 @@ jobs:
-var "rds_password_ro=${RDS_PASSWORD_RO}" \
-var "gfw-gee-export_key=${GCS_GFW_GEE_EXPORT_KEY}" \
-var "planet_api_key=${PLANET_API_KEY}" \
-var "tmaschler_ip=${TMASCHLER_IP}" \
-var "jterry_ip=${JTERRY_IP}" \
-var "dmannarino_ip=${DMANNARINO_IP}" \
-var "snegusse_ip=${SNEGUSSE_IP}" \
-var "gtempus_ip=${GTEMPUS_IP}" \
-var "office_3sc_ip=${OFFICE_3SC_IP}" \
-var "vpn_3sc_ip=${VPN_3SC_IP}"
Expand All @@ -92,10 +92,10 @@ jobs:
RDS_PASSWORD_RO: ${{ secrets.rds_password_ro_dev }}
GCS_GFW_GEE_EXPORT_KEY: ${{ secrets.gcs_gfw_gee_export_key }}
PLANET_API_KEY: ${{secrets.planet_api_key }}
TMASCHLER_IP: ${{ secrets.tmaschler_ip }}
JTERRY_IP: ${{ secrets.jterry_ip }}
DMANNARINO_IP: ${{ secrets.dmannarino_ip }}
SNEGUSSE_IP: ${{ secrets.snegusse_ip }}
GTEMPUS_IP: ${{ secrets.gtempus_ip }}
OFFICE_3SC_IP: ${{ secrets.office_3sc_ip }}
VPN_3SC_IP: ${{ secrets.vpn_3sc_ip }}
run: |
Expand All @@ -105,10 +105,10 @@ jobs:
-var "rds_password_ro=${RDS_PASSWORD_RO}" \
-var "gfw-gee-export_key=${GCS_GFW_GEE_EXPORT_KEY}" \
-var "planet_api_key=${PLANET_API_KEY}" \
-var "tmaschler_ip=${TMASCHLER_IP}" \
-var "jterry_ip=${JTERRY_IP}" \
-var "dmannarino_ip=${DMANNARINO_IP}" \
-var "snegusse_ip=${SNEGUSSE_IP}" \
-var "gtempus_ip=${GTEMPUS_IP}" \
-var "office_3sc_ip=${OFFICE_3SC_IP}" \
-var "vpn_3sc_ip=${VPN_3SC_IP}"
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/terraform_plan.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,10 @@ jobs:
RDS_PASSWORD_RO: ${{ secrets.rds_password_ro_production }}
GCS_GFW_GEE_EXPORT_KEY: ${{ secrets.gcs_gfw_gee_export_key }}
PLANET_API_KEY: ${{secrets.planet_api_key }}
TMASCHLER_IP: ${{ secrets.tmaschler_ip }}
JTERRY_IP: ${{ secrets.jterry_ip }}
DMANNARINO_IP: ${{ secrets.dmannarino_ip }}
SNEGUSSE_IP: ${{ secrets.snegusse_ip }}
GTEMPUS_IP: ${{ secrets.gtempus_ip }}
OFFICE_3SC_IP: ${{ secrets.office_3sc_ip }}
VPN_3SC_IP: ${{ secrets.vpn_3sc_ip }}
run: |
Expand All @@ -34,10 +34,10 @@ jobs:
-var "rds_password_ro=${RDS_PASSWORD_RO}" \
-var "gfw-gee-export_key=${GCS_GFW_GEE_EXPORT_KEY}" \
-var "planet_api_key=${PLANET_API_KEY}" \
-var "tmaschler_ip=${TMASCHLER_IP}" \
-var "jterry_ip=${JTERRY_IP}" \
-var "dmannarino_ip=${DMANNARINO_IP}" \
-var "snegusse_ip=${SNEGUSSE_IP}" \
-var "gtempus_ip=${GTEMPUS_IP}" \
-var "office_3sc_ip=${OFFICE_3SC_IP}" \
-var "vpn_3sc_ip=${VPN_3SC_IP}"
Expand All @@ -54,10 +54,10 @@ jobs:
RDS_PASSWORD_RO: ${{ secrets.rds_password_ro_staging }}
GCS_GFW_GEE_EXPORT_KEY: ${{ secrets.gcs_gfw_gee_export_key }}
PLANET_API_KEY: ${{secrets.planet_api_key }}
TMASCHLER_IP: ${{ secrets.tmaschler_ip }}
JTERRY_IP: ${{ secrets.jterry_ip }}
DMANNARINO_IP: ${{ secrets.dmannarino_ip }}
SNEGUSSE_IP: ${{ secrets.snegusse_ip }}
GTEMPUS_IP: ${{ secrets.gtempus_ip }}
OFFICE_3SC_IP: ${{ secrets.office_3sc_ip }}
VPN_3SC_IP: ${{ secrets.vpn_3sc_ip }}
run: |
Expand All @@ -67,10 +67,10 @@ jobs:
-var "rds_password_ro=${RDS_PASSWORD_RO}" \
-var "gfw-gee-export_key=${GCS_GFW_GEE_EXPORT_KEY}" \
-var "planet_api_key=${PLANET_API_KEY}" \
-var "tmaschler_ip=${TMASCHLER_IP}" \
-var "jterry_ip=${JTERRY_IP}" \
-var "dmannarino_ip=${DMANNARINO_IP}" \
-var "snegusse_ip=${SNEGUSSE_IP}" \
-var "gtempus_ip=${GTEMPUS_IP}" \
-var "office_3sc_ip=${OFFICE_3SC_IP}" \
-var "vpn_3sc_ip=${VPN_3SC_IP}"
Expand All @@ -87,10 +87,10 @@ jobs:
RDS_PASSWORD_RO: ${{ secrets.rds_password_ro_dev }}
GCS_GFW_GEE_EXPORT_KEY: ${{ secrets.gcs_gfw_gee_export_key }}
PLANET_API_KEY: ${{secrets.planet_api_key }}
TMASCHLER_IP: ${{ secrets.tmaschler_ip }}
JTERRY_IP: ${{ secrets.jterry_ip }}
DMANNARINO_IP: ${{ secrets.dmannarino_ip }}
SNEGUSSE_IP: ${{ secrets.snegusse_ip }}
GTEMPUS_IP: ${{ secrets.gtempus_ip }}
OFFICE_3SC_IP: ${{ secrets.office_3sc_ip }}
VPN_3SC_IP: ${{ secrets.vpn_3sc_ip }}
run: |
Expand All @@ -100,10 +100,10 @@ jobs:
-var "rds_password_ro=${RDS_PASSWORD_RO}" \
-var "gfw-gee-export_key=${GCS_GFW_GEE_EXPORT_KEY}" \
-var "planet_api_key=${PLANET_API_KEY}" \
-var "tmaschler_ip=${TMASCHLER_IP}" \
-var "jterry_ip=${JTERRY_IP}" \
-var "dmannarino_ip=${DMANNARINO_IP}" \
-var "snegusse_ip=${SNEGUSSE_IP}" \
-var "gtempus_ip=${GTEMPUS_IP}" \
-var "office_3sc_ip=${OFFICE_3SC_IP}" \
-var "vpn_3sc_ip=${VPN_3SC_IP}"
43 changes: 21 additions & 22 deletions terraform.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,27 +15,27 @@

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| application | Name of the current application | `string` | `"gfw-aws-core-infrastructure"` | no |
| aws\_region | A valid AWS region to configure the underlying AWS SDK. | `string` | `"us-east-1"` | no |
| dev\_account\_number | Account number of production account | `string` | `"563860007740"` | no |
| dmannarino\_ip | Daniel's home IP address | `string` | n/a | yes |
| dynamo\_db\_lock\_table\_name | Name of the lock table in Dynamo DB | `string` | `"aws-locks"` | no |
| environment | An environment namespace for the infrastructure. | `string` | n/a | yes |
| gfw-gee-export\_key | GCS key for service account | `string` | n/a | yes |
| gfw\_api\_token | Access token for the GFW/RW API. | `string` | n/a | yes |
| jterry\_ip | Justin's home IP address | `string` | n/a | yes |
| log\_retention\_period | Time in days to keep log files | `number` | n/a | yes |
| production\_account\_number | Account number of production account | `string` | `"401951483516"` | no |
| project | A project namespace for the infrastructure. | `string` | `"Global Forest Watch"` | no |
| rds\_backup\_retention\_period | Time in days to keep RDS backup files | `number` | n/a | yes |
| rds\_instance\_class | RDS Aurora instance type for write node | `string` | n/a | yes |
| rds\_password | Superuser password for RDS Aurora database | `string` | n/a | yes |
| rds\_password\_ro | Read Only user password for RDS Aurora database | `string` | n/a | yes |
| slack\_data\_updates\_hook | Hook for Slack data-updates channel | `string` | n/a | yes |
| staging\_account\_number | Account number of production account | `string` | `"274931322839"` | no |
| tmaschler\_ip | Thomas' home IP address | `string` | n/a | yes |
| Name | Description | Type | Default | Required |
|--------------------------------|---------------------------------------------------------|------|---------|:--------:|
| application | Name of the current application | `string` | `"gfw-aws-core-infrastructure"` | no |
| aws\_region | A valid AWS region to configure the underlying AWS SDK. | `string` | `"us-east-1"` | no |
| dev\_account\_number | Account number of production account | `string` | `"563860007740"` | no |
| dmannarino\_ip | Daniel's home IP address | `string` | n/a | yes |
| dynamo\_db\_lock\_table\_name | Name of the lock table in Dynamo DB | `string` | `"aws-locks"` | no |
| environment | An environment namespace for the infrastructure. | `string` | n/a | yes |
| gfw-gee-export\_key | GCS key for service account | `string` | n/a | yes |
| gfw\_api\_token | Access token for the GFW/RW API. | `string` | n/a | yes |
| jterry\_ip | Justin's home IP address | `string` | n/a | yes |
| log\_retention\_period | Time in days to keep log files | `number` | n/a | yes |
| production\_account\_number | Account number of production account | `string` | `"401951483516"` | no |
| project | A project namespace for the infrastructure. | `string` | `"Global Forest Watch"` | no |
| rds\_backup\_retention\_period | Time in days to keep RDS backup files | `number` | n/a | yes |
| rds\_instance\_class | RDS Aurora instance type for write node | `string` | n/a | yes |
| rds\_password | Superuser password for RDS Aurora database | `string` | n/a | yes |
| rds\_password\_ro | Read Only user password for RDS Aurora database | `string` | n/a | yes |
| slack\_data\_updates\_hook | Hook for Slack data-updates channel | `string` | n/a | yes |
| staging\_account\_number | Account number of production account | `string` | `"274931322839"` | no |
| gtempus\_ip | Gary's home IP address | `string` | n/a | yes |

## Outputs

Expand All @@ -53,7 +53,6 @@
| environment | Environment of current state. |
| iam\_policy\_s3\_write\_data-lake\_arn | n/a |
| iam\_policy\_s3\_write\_pipelines\_arn | n/a |
| key\_pair\_tmaschler\_gfw | n/a |
| nat\_gateway\_ips | n/a |
| pipelines\_bucket | n/a |
| postgresql\_security\_group\_id | Security group ID to access postgresql database |
Expand Down
4 changes: 2 additions & 2 deletions terraform/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,8 +139,8 @@ module "pipeline-test-bucket" {
module "firewall" {
source = "./modules/firewall"
project = var.project_prefix
ssh_cidr_blocks = ["54.173.196.8/32", "216.70.220.184/32", "${var.tmaschler_ip}/32", "${var.jterry_ip}/32", "${var.dmannarino_ip}/32", "${var.snegusse_ip}/32", "86.143.108.56/32", "92.234.149.30/32", "212.35.238.28/32", "90.206.63.59/32"]
description = ["3SC Office VPN", "Office", "Thomas", "Justin", "Daniel", "Solomon", "Dockerised", "Dockerised2", "Owen", "Edward"]
ssh_cidr_blocks = ["54.173.196.8/32", "216.70.220.184/32", "${var.jterry_ip}/32", "${var.dmannarino_ip}/32", "${var.snegusse_ip}/32", "${var.gtempus_ip}/32", "86.143.108.56/32", "92.234.149.30/32", "212.35.238.28/32", "90.206.63.59/32"]
description = ["3SC Office VPN", "Office", "Justin", "Daniel", "Solomon", "Gary", "Dockerised", "Dockerised2", "Owen", "Edward"]
tags = merge({ Job = "Firewall" }, local.tags)
vpc_cidre_block = module.vpc.cidr_block
vpc_id = module.vpc.id
Expand Down
4 changes: 0 additions & 4 deletions terraform/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,10 +51,6 @@ output "key_pairs" {
value = aws_key_pair.all
}

output "key_pair_tmaschler_gfw" {
value = aws_key_pair.all["tmaschler_gfw"].key_name
}

output "key_pair_jterry_gfw" {
value = aws_key_pair.all["jterry_gfw"].key_name
}
Expand Down
4 changes: 2 additions & 2 deletions terraform/standalone.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,10 @@ resource "aws_acm_certificate" "globalforestwatch_new" {
# Note: Adding new keys will destroy the Bastion host and recreate it with new user data
resource "aws_key_pair" "all" {
for_each = {
tmaschler_gfw = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCGI+i2fgsYXajjgKPPv3prXdEuFEQXrgtM6mVCK6nZeziuSW/3F0Y1JTCPp/SOw0p5I6ila0f1pzofeCeH+0MSwQ4q+tg66a6ZkgV16LWo0VYptBTIbDTUdp/O0KjxCviQLcZByvDd0AJAX81Cu7ChmZen0dq6U3lp9XWCQ/Lt3z2D8avikHvvtc9DZr6AmUD+fGEMBjKJI2KG7OizLJTLB2tvNJ5teEGNRVNI7ZiSgVg98Z0OeOODIM2QuVvU6xb6iCdGKdLRiNGf4Eq4Z71eiph+noaItziABWkiGha4EFbIWf4lKlH45mQn6BYhVtwtLnx6qsVA+PaErJuticnd tmaschler_gfw",
jterry_gfw = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCOGcXvYQel176C7gXPPsz8/tOotAJ8yfj4I2e1Uw0KMLgMao/9Yl9DZg9obBO7nG1DiDW9YUt2hpQkB2PpzP5N9yMriL4WXEhLroCWKj/vljRIDZjS3ZG+pPLs2Li9eFLDc0WGb9D+dxVG7Emwg8O/mTVbaAdklC4D1cwKQx7V7kU19K4jTTCA7aqagtI7X6FNh0fJGfVz0aQ01ECZmUNCkVZy+LYhk2wxSDuXV9DIha0akPXZCWqOtICPln+tquM9befLevCcuDpwVOkh1wrAP7EkRQtL8x8lIadenQpHgXoeoNGGp7x10Dywlw2u6Hm4b0mGITu4P1JTf0O2mmDd jterry_gfw",
dmannarino_gfw = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCLq0/1vhgRfispsHZHrX2H8Mz/HgtTSOiVlMmaUZE0xYPmTBf0cjpHggEN/vwM7FtAkoqozzkdA9PmlBXYye/7orNBGgOR/kXp2ssmyw80inrrCNgd5u6xKWwsydMXJZgvUHWu8PclM3xDNIkFr44ZwpUUJ4xoOzQNOoDjjL6te9rM6ZDXknQLYNf9gm6Isy584TP/kgtUGeS3megv0b+IE187AdLxllPRWCKp8rIWPBFFbP4TBiqWi5WJSJh+r8Z6DjfU/OTPPFgdiuaXjlHr/eGgKDx6merneLmt+rjb/dOxNbQErRzaCY0mZT9umod1vTZJS/4hV31ieXWr+ntF dmannarino_gfw",
snegusse_gfw = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHwKzgoKejAQHhT9Uw8WcXoq8e8YkJ9N4L/fCRkNqarvZfn6uo+u4iq5W0UEVOnjBgANCrCtkmV/z6xlZ6P+ncrqJbimYSfNxE5KAkSvfsCKOfxcKI3y3uoM+SSSC61A4IK4/RgckYcR71KZeQ21/2WyPTnqyJSweseDvyp26fAoGcFjErUJdfU/bYC5PkQ6rg3F2yfVufCvRIRVUf5ZM4tFDgGAosut3sB7xjiplz2vEZAmA9l6f3IcKFEFHAHuje+FFy9lLtG/i3PZD3WICrcAboprw42tnPHXqgP++UTYZHknw5DFfZPtcXV+OON97ObdmgRuWLCDbHFpuuvpOjZ8EiBAHL7gNTcrmx38rsHtWD/yIFBuXFkpHKfGPHrXNBYEaQwKnCBhs5GKuFNNkCPx1M1gOlIAuTDowOcvEjULIeCNdrOVVjVVxkcls00/G6bTmmZIZIOz3v3SqtJBp/0id9P8xPVwMeqkVhH7RvGoSPoYgg2FUkvr/vM5owlb0= [email protected]"
snegusse_gfw = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHwKzgoKejAQHhT9Uw8WcXoq8e8YkJ9N4L/fCRkNqarvZfn6uo+u4iq5W0UEVOnjBgANCrCtkmV/z6xlZ6P+ncrqJbimYSfNxE5KAkSvfsCKOfxcKI3y3uoM+SSSC61A4IK4/RgckYcR71KZeQ21/2WyPTnqyJSweseDvyp26fAoGcFjErUJdfU/bYC5PkQ6rg3F2yfVufCvRIRVUf5ZM4tFDgGAosut3sB7xjiplz2vEZAmA9l6f3IcKFEFHAHuje+FFy9lLtG/i3PZD3WICrcAboprw42tnPHXqgP++UTYZHknw5DFfZPtcXV+OON97ObdmgRuWLCDbHFpuuvpOjZ8EiBAHL7gNTcrmx38rsHtWD/yIFBuXFkpHKfGPHrXNBYEaQwKnCBhs5GKuFNNkCPx1M1gOlIAuTDowOcvEjULIeCNdrOVVjVVxkcls00/G6bTmmZIZIOz3v3SqtJBp/0id9P8xPVwMeqkVhH7RvGoSPoYgg2FUkvr/vM5owlb0= [email protected]",
gtempus_gfw = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEdC0wsDmfQ2OFazxOqOSMn4hULT91irwpqLHpXac4r2xwZD+w+IvdFUouaQKEyI01Gki8uWlLXjfj0HSBrL+PKIwS4KsXkvgnqi/TTh2pJuOUIowV7IyO36ZtTP9wTIBteaG7HtNPTk/KUkdlNg1NA9Ds720OhLkf0Y4x2EUxln7bTaruCPTEP1YrAlmDsjHR3saw+xYKaElZk0SO6FTqd96GLpZ1kNJx/85nV0vV19NoL7MU84XhaVp5D8fNrxw4G6tm5orrUCWdfOA6mCgcYWS2bY/Ukq/zTTFb26irwGUJDAoCSiFQ8ljUlhSW1qoLhITPAjtSszUiTpIPmAst gtempus_gfw"

// TODO: Same keys are also define in the FW Core Infrastructure State. Due to circular dependencies, and TF version conflicts I could not import those keys into this state
// we only need the keys here to add them to the bastion host. An alternative would be to create a separate bastion host for 3SC in their repo
Expand Down
9 changes: 4 additions & 5 deletions terraform/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,10 +121,6 @@ variable "gfw-gee-export_key" {
type = string
description = "GCS key for service account"
}
variable "tmaschler_ip" {
type = string
description = "Thomas' home IP address"
}
variable "jterry_ip" {
type = string
description = "Justin's home IP address"
Expand All @@ -137,7 +133,10 @@ variable "snegusse_ip" {
type = string
description = "Solomon's home IP address"
}

variable "gtempus_ip" {
type = string
description = "Gary's home IP address"
}
variable "office_3sc_ip" {
type = string
}
Expand Down

0 comments on commit 7c0be8e

Please sign in to comment.