From 3ea79ff7e9a825870c2c8d3638f464fc649892c5 Mon Sep 17 00:00:00 2001 From: Anthony Roy <81255001+antroy-madetech@users.noreply.github.com> Date: Wed, 13 Nov 2024 15:29:18 +0000 Subject: [PATCH] fix: DBTP-1534 - Assume role policy for the S3 migration were too strict so relaxing them (#279) Co-authored-by: Will Gibson <8738245+WillGibson@users.noreply.github.com> --- .github/pull_request_template.md | 17 +++++++++++++++++ environment-pipelines/iam.tf | 2 +- terraform_tests.sh | 21 +++++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 .github/pull_request_template.md create mode 100755 terraform_tests.sh diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..6d6d2acb7 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,17 @@ +Addresses [DBTP-](https://uktrade.atlassian.net/browse/DBTP-) + +Please add any relevant context for you pull request here, or delete this if none needed. + +--- +## Checklist: + +### Title: +- [ ] Scope included as per [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/) +- [ ] Ticket reference included (unless it's a quick out of ticket thing) +### Description: +- [ ] Link to ticket included (unless it's a quick out of ticket thing) +- [ ] Includes tests (or an explanation for why it doesn't) +- [ ] Includes any applicable changes to the documentation in this code base +- [ ] Includes link(s) to any applicable changes to the documentation in the [DBT Platform Documentation](https://platform.readme.trade.gov.uk/) (can be to a pull request) +### Tasks: +- [ ] [Trigger the pull request regression tests for this branch](https://github.com/uktrade/platform-tools?tab=readme-ov-file#regression-tests) and confirm that they are passing diff --git a/environment-pipelines/iam.tf b/environment-pipelines/iam.tf index d6b8094f0..1409a9862 100644 --- a/environment-pipelines/iam.tf +++ b/environment-pipelines/iam.tf @@ -875,7 +875,7 @@ data "aws_iam_policy_document" "iam" { actions = [ "iam:UpdateAssumeRolePolicy" ] - resources = [for environment in local.environment_config : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.application}-${environment.name}-shared-S3MigrationRole"] + resources = [for environment in local.environment_config : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/*-S3MigrationRole"] } statement { diff --git a/terraform_tests.sh b/terraform_tests.sh new file mode 100755 index 000000000..68b9824d7 --- /dev/null +++ b/terraform_tests.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +unit_test_files=$(find . -name "*tftest.hcl" | grep -v e2e-tests | sort) +modules="" +IFS=$'\n' +for file in $unit_test_files +do + # Lose leading ./ and select the part before the tests directory + module=$(echo "${file#./}" | awk -F "/tests/" '{print $1}') + # In case we separate the test files, only include each module once + if [[ "\"${modules}\"" != *"\"${module}\""* ]]; then + message="Running tests for module ${module}" + underline=$(echo "${message}" | sed "s/./=/g") + echo -en "\n\033[1;36m${message}\033[0m" + echo -e "\n\033[1;36m${underline}\033[0m" + pushd "${module}" + terraform init + terraform test + popd + fi +done