Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rebrand ESDIS hub for IEEE-GRSS webinar #3809

Merged
merged 8 commits into from
Mar 20, 2024
Merged

Rebrand ESDIS hub for IEEE-GRSS webinar #3809

merged 8 commits into from
Mar 20, 2024

Conversation

freitagb
Copy link
Contributor

No description provided.

@freitagb freitagb requested a review from a team as a code owner March 18, 2024 15:58
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 18, 2024
edited
Loading

Merging this PR will trigger the following deployment actions.

Support and Staging deployments

Cloud Provider Cluster Name Upgrade Support? Reason for Support Redeploy Upgrade Staging? Reason for Staging Redeploy
aws nasa-esdis No Yes Following helm chart values files were modified: common.values.yaml

Production deployments

Cloud Provider Cluster Name Hub Name Reason for Redeploy
aws nasa-esdis prod Following helm chart values files were modified: common.values.yaml

@sgibson91
Copy link
Member

Please note: If changing the URL, you will also need to update the Hub OAuth Callback URL here. A 2i2c engineer will also need to update the hub URLs in the GitHub OAuth application as well. Otherwise, logins will break.

@sgibson91
Copy link
Member

sgibson91 commented Mar 18, 2024
edited
Loading

Also the ingress URLs will need updating, otherwise our load balancer won't allow traffic to the new URL

https://github.com/freitagb/infrastructure/blob/eee5222f9921544a07ce9492625d3b7f10ceca63/config/clusters/nasa-esdis/prod.values.yaml#L6-L8

@sgibson91
Copy link
Member

Is it really necessary to change the URL? This is not a simple operation, and I'm assuming this is temporary since it is for a webinar so we will have to do the reverse afterwards.

@freitagb
Copy link
Contributor Author

we can skip the url change. Thanks @sgibson91

@sgibson91
Revert URL and display_name change back to ESDIS
2c0dafc 
- display_name only affects what engineers and the deployer runs on the command line, not user facing
- agreed in 2i2c-org#3809 (comment) to skip the URL change since this triggers other non-config related changes, such as updating OAuth apps
@sgibson91
Copy link
Member

Output of terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions
are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_iam_policy.extra_user_policy["prod"] will be created
  + resource "aws_iam_policy" "extra_user_policy" {
      + arn         = (known after apply)
      + description = "Extra permissions granted to users on hub prod on nasa-esdis"
      + id          = (known after apply)
      + name        = "nasa-esdis-prod-extra-user-policy"
      + name_prefix = (known after apply)
      + path        = "/"
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "s3:PutObject",
                          + "s3:GetObject",
                          + "s3:ListBucketMultipartUploads",
                          + "s3:AbortMultipartUpload",
                          + "s3:ListBucketVersions",
                          + "s3:CreateBucket",
                          + "s3:ListBucket",
                          + "s3:DeleteObject",
                          + "s3:GetBucketLocation",
                          + "s3:ListMultipartUploadParts",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:s3:::veda-data-store-staging",
                          + "arn:aws:s3:::veda-data-store-staging/*",
                          + "arn:aws:s3:::veda-nex-gddp-cmip6-public",
                          + "arn:aws:s3:::veda-nex-gddp-cmip6-public/*",
                          + "arn:aws:s3:::cmip6-staging",
                          + "arn:aws:s3:::cmip6-staging/*",
                          + "arn:aws:s3:::lp-prod-protected",
                          + "arn:aws:s3:::lp-prod-protected/*",
                          + "arn:aws:s3:::gesdisc-cumulus-prod-protected",
                          + "arn:aws:s3:::gesdisc-cumulus-prod-protected/*",
                          + "arn:aws:s3:::nsidc-cumulus-prod-protected",
                          + "arn:aws:s3:::nsidc-cumulus-prod-protected/*",
                          + "arn:aws:s3:::ornl-cumulus-prod-protected",
                          + "arn:aws:s3:::ornl-cumulus-prod-protected/*",
                          + "arn:aws:s3:::pangeo-forge-veda-output",
                          + "arn:aws:s3:::pangeo-forge-veda-output/*",
                          + "arn:aws:s3:::podaac-ops-cumulus-public",
                          + "arn:aws:s3:::podaac-ops-cumulus-public/*",
                          + "arn:aws:s3:::podaac-ops-cumulus-protected",
                          + "arn:aws:s3:::podaac-ops-cumulus-protected/*",
                          + "arn:aws:s3:::maap-ops-workspace",
                          + "arn:aws:s3:::maap-ops-workspace/*",
                          + "arn:aws:s3:::nasa-maap-data-store",
                          + "arn:aws:s3:::nasa-maap-data-store/*",
                          + "arn:aws::s3:::grss-veda-data-store",
                          + "arn:aws::s3:::grss-veda-data-store/*",
                          + "arn:aws:s3:::sentinel-cogs",
                          + "arn:aws:s3:::sentinel-cogs/*",
                        ]
                    },
                  + {
                      + Action   = "s3:ListAllMyBuckets"
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id   = (known after apply)
      + tags_all    = (known after apply)
    }

  # aws_iam_role_policy_attachment.extra_user_policy["prod"] will be created
  + resource "aws_iam_role_policy_attachment" "extra_user_policy" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "nasa-esdis-prod"
    }

Plan: 2 to add, 0 to change, 0 to destroy.

@sgibson91
Copy link
Member

sgibson91 commented Mar 20, 2024
edited
Loading

tf failed to apply

aws_iam_policy.extra_user_policy["prod"]: Creating...
╷
│ Error: creating IAM Policy (nasa-esdis-prod-extra-user-policy): MalformedPolicyDocument: The policy failed legacy parsing
│       status code: 400, request id: 23b87fbe-f573-41c8-858c-1291abb6b9e9
│ 
│   with aws_iam_policy.extra_user_policy["prod"],
│   on irsa.tf line 37, in resource "aws_iam_policy" "extra_user_policy":
│   37: resource "aws_iam_policy" "extra_user_policy" {

EDIT: This was fixed by removing some extra colons in fa9819a (#3809). Terraform has now applied successfully.

@sgibson91
Copy link
Member

Deployed to staging successfully

@sgibson91 sgibson91 merged commit 317c414 into 2i2c-org:master Mar 20, 2024
9 checks passed
@github-actions GitHub Actions
Copy link

🎉🎉🎉🎉

Monitor the deployment of the hubs here 👉 https://github.com/2i2c-org/infrastructure/actions/runs/8358297483

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgibson91 sgibson91 sgibson91 approved these changes

Assignees

@freitagb freitagb

Labels
None yet
Projects
No open projects
Sprint Board
Status: Done 🎉
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@freitagb @sgibson91