Skip to content

Commit

Permalink
fix go tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@leiicamundi
leiicamundi committed Oct 18, 2024
1 parent 6112fdf commit 252a912
Show file tree
Hide file tree
Showing 6 changed files with 69 additions and 62 deletions.
56 changes: 36 additions & 20 deletions examples/camunda-8.6-irsa/db.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,11 @@ module "postgresql" {
instance_class = "db.t3.medium"

# IAM IRSA
iam_roles_with_policies = <<EOF
[
iam_roles_with_policies = [
{
"role_name": ${local.camunda_keycloak_role_name},
"trust_policy": {
role_name = "${local.camunda_keycloak_role_name}"
trust_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
Expand All @@ -64,8 +64,11 @@ module "postgresql" {
}
}
]
},
"access_policy": {
}
EOF

access_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
Expand All @@ -78,11 +81,14 @@ module "postgresql" {
]
}
]
},
}
EOF
},

{
"role_name": ${local.camunda_identity_role_name},
"trust_policy": {
role_name = "${local.camunda_identity_role_name}"
trust_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
Expand All @@ -100,8 +106,11 @@ module "postgresql" {
}
}
]
},
"access_policy": {
}
EOF

access_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
Expand All @@ -112,11 +121,15 @@ module "postgresql" {
"Resource": "arn:aws:rds-db:${local.eks_cluster_region}:${module.eks_cluster.aws_caller_identity_account_id}:dbuser:${local.aurora_cluster_name}/${local.camunda_identity_db_username}"
}
]
},
}
EOF

},

{
"role_name": ${local.camunda_webmodeler_role_name},
"trust_policy": {
role_name = "${local.camunda_webmodeler_role_name}"
trust_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
Expand All @@ -134,8 +147,11 @@ module "postgresql" {
}
}
]
},
"access_policy": {
}
EOF

access_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
Expand All @@ -146,11 +162,11 @@ module "postgresql" {
"Resource": "arn:aws:rds-db:${local.eks_cluster_region}:${module.eks_cluster.aws_caller_identity_account_id}:dbuser:${local.aurora_cluster_name}/${local.camunda_webmodeler_db_username}"
}
]
},
},
]
}
EOF

EOF
}
]

depends_on = [module.eks_cluster]
}
Expand Down
22 changes: 12 additions & 10 deletions examples/camunda-8.6-irsa/opensearch.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,11 @@ module "opensearch_domain" {
advanced_security_master_user_password = local.opensearch_master_password

# IAM IRSA
iam_roles_with_policies = <<EOF
[
iam_roles_with_policies = [
{
"role_name": "${local.opensearch_iam_role_name}",
"trust_policy": {
role_name = "${local.opensearch_iam_role_name}"
trust_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
Expand All @@ -60,8 +60,11 @@ module "opensearch_domain" {
}
}
]
},
"access_policy": {
}
EOF

access_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
Expand Down Expand Up @@ -91,11 +94,10 @@ module "opensearch_domain" {
"Resource": "arn:aws:es:${local.eks_cluster_region}:${module.eks_cluster.aws_caller_identity_account_id}:domain/${local.opensearch_domain_name}/*"
}
]
},
},
]
}
EOF
}
]


# rely on fine grained access control for this part
Expand Down
15 changes: 5 additions & 10 deletions modules/aurora/role.tf
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,14 @@
// Convert the list to a map by using the role_name as the key
locals {
roles_map = { for role in var.iam_roles_with_policies : role.role_name => role }
}

// IAM Role for Aurora
// IAM Role
resource "aws_iam_role" "roles" {
for_each = local.roles_map
for_each = { for idx, role in var.iam_roles_with_policies : role.role_name => role }

name = each.key
assume_role_policy = each.value.trust_policy
}

// IAM Policy for Aurora Access
// IAM Policy for Access
resource "aws_iam_policy" "access_policies" {
for_each = local.roles_map
for_each = { for idx, role in var.iam_roles_with_policies : role.role_name => role }

name = "${each.key}-access-policy"
description = "Access policy for ${each.key}"
Expand All @@ -23,7 +18,7 @@ resource "aws_iam_policy" "access_policies" {

// Attach the policy to the role
resource "aws_iam_role_policy_attachment" "attach_policies" {
for_each = local.roles_map
for_each = { for idx, role in var.iam_roles_with_policies : role.role_name => role }

role = aws_iam_role.roles[each.key].name
policy_arn = aws_iam_policy.access_policies[each.key].arn
Expand Down
17 changes: 6 additions & 11 deletions modules/opensearch/role.tf
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,14 @@
// Convert the list to a map by using the role_name as the key
locals {
roles_map = { for role in var.iam_roles_with_policies : role.role_name => role }
}

// IAM Role for OpenSearch
// IAM Role
resource "aws_iam_role" "roles" {
for_each = local.roles_map
for_each = { for idx, role in var.iam_roles_with_policies : role.role_name => role }

name = each.key
assume_role_policy = each.value.trust_policy
}

// IAM Policy for OpenSearch
// IAM Policy for Access
resource "aws_iam_policy" "access_policies" {
for_each = local.roles_map
for_each = { for idx, role in var.iam_roles_with_policies : role.role_name => role }

name = "${each.key}-access-policy"
description = "Access policy for ${each.key}"
Expand All @@ -23,8 +18,8 @@ resource "aws_iam_policy" "access_policies" {

// Attach the policy to the role
resource "aws_iam_role_policy_attachment" "attach_policies" {
for_each = local.roles_map
for_each = { for idx, role in var.iam_roles_with_policies : role.role_name => role }

role = aws_iam_role.roles[each.key].name
policy_arn = aws_iam_policy.access_policies[each.key].arn
}
}
10 changes: 5 additions & 5 deletions test/src/custom_eks_opensearch_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,11 +208,11 @@ func (suite *CustomEKSOpenSearchTestSuite) TestCustomEKSAndOpenSearch() {
]
}`, accountId, oidcProviderID, oidcProviderID, openSearchNamespace, openSearchServiceAccount)

iamRolesWithPolicies := fmt.Sprintf(`[
"role_name": %s,
"trust_policy": %s,
"access_policy": %s
]`, openSearchRole, iamRoleTrustPolicy, openSearchAccessPolicy)
iamRolesWithPolicies = map[string]interface{}{
"role_name": openSearchRole,
"trust_policy": iamRoleTrustPolicy,
"access_policy": openSearchAccessPolicy,
}

varsConfigOpenSearch := map[string]interface{}{
"domain_name": opensearchDomainName,
Expand Down
11 changes: 5 additions & 6 deletions test/src/custom_eks_rds_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,12 +212,11 @@ func (suite *CustomEKSRDSTestSuite) TestCustomEKSAndRDS() {
]
}`, accountId, oidcProviderID, oidcProviderID, auroraNamespace, auroraServiceAccount)

iamRolesWithPolicies := fmt.Sprintf(`[
"role_name": %s,
"trust_policy": %s,
"access_policy": %s
]`, auroraRole, iamRoleTrustPolicy, openSearchAccessPolicy)

iamRolesWithPolicies = map[string]interface{}{
"role_name": auroraRole,
"trust_policy": iamRoleTrustPolicy,
"access_policy": auroraAccessPolicy,
}

varsConfigAurora := map[string]interface{}{
"username": auroraUsername,
Expand Down

0 comments on commit 252a912

Please sign in to comment.