diff --git a/get/aws-auth.sh b/get/aws-auth.sh new file mode 100755 index 0000000000000000000000000000000000000000..771b3396de7246977462c98df3fda356bab6a408 --- /dev/null +++ b/get/aws-auth.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash +# see https://gitlab.com/gitlab-org/gitlab-environment-toolkit/-/blob/main/docs/environment_prep.md#4-setup-ssh-authentication-ssh-os-login-for-gcp-service-account +# Scripted so that the dev container can recreate from the key files on restart. + +set -o allexport + for E in ~/.*.env; do + test -f "$E" && source "$E" + done +set +o allexport + +# Note: this works, but you actually have to source this file to get the +# variables into the environment. $AWS_ACCESS_KEY_FILE must be +# defined and present, and contain the AWS access key/password as +# exported by AWS in CSV format. See config.yml +export AWS_ACCESS_KEY_ID=$(awk -F, 'NR > 1 {print $1}' $AWS_ACCESS_KEY_FILE | tr -d ' \t\r') +export AWS_SECRET_ACCESS_KEY=$(awk -F, 'NR > 1 {print $2}' $AWS_ACCESS_KEY_FILE | tr -d ' \t\r') +export AWS_DEFAULT_REGION=$AWS_REGION diff --git a/get/aws.env.j2 b/get/aws.env.j2 new file mode 100644 index 0000000000000000000000000000000000000000..b047db0d619815a73c5c580eda71ebfc3d0603af --- /dev/null +++ b/get/aws.env.j2 @@ -0,0 +1,2 @@ +AWS_REGION={{ config.aws.region }} +AWS_TF_STATE_BUCKET={{ config.aws.tf_state_bucket }} diff --git a/get/config.yml b/get/config.yml index 1557532e6d76e439f6f4756ed5f66ebebe3cbec6..a30ad6bfeb3a553083a95d901d7f85e4551ab3f1 100644 --- a/get/config.yml +++ b/get/config.yml @@ -7,6 +7,7 @@ credentials: google_credentials_file: "mlockhart-56581c10-8bc0e30dd679.json" service_account_key_file: "service-account_rsa" service_account_user: "sa_104481838115385290889" + aws_access_key_file: "aws-mlockhart-d52dd2b6_accessKeys.csv" gcp: project: "mlockhart-56581c10" @@ -14,10 +15,14 @@ gcp: zone: "us-west1-c" tf_state_bucket: "mjl-get-terraform-state" +aws: + region: "us-west-2" + tf_state_bucket: "mjl-d52dd2b6-get-terraform-state" + secrets: root_password: "defaultpasswordchangeme" licenses: # Relative path to license files from $WORKSPACE directory - premium: "licenses/gitlab-premium" - ultimate: "licenses/gitlab-ultimate" + premium: "licenses/premium.gitlab-license" + ultimate: "licenses/ultimate.gitlab-license" diff --git a/get/credentials.env.j2 b/get/credentials.env.j2 index ba4012d08c1a13c87c806179d2d6ddc4f1fb538b..f9f51a86b798385dea2ae0c7d5c0cea48ed050b3 100644 --- a/get/credentials.env.j2 +++ b/get/credentials.env.j2 @@ -9,6 +9,9 @@ GCP_SA_SSH={{ ansible_env.WORKSPACE }}/keys/{{ config.credentials.service_accoun GCP_SA_SSH_PRIV={{ ansible_env.WORKSPACE }}/keys/{{ config.credentials.service_account_key_file }} GCP_SA_USER={{ config.credentials.service_account_user }} +# AWS access key +AWS_ACCESS_KEY_FILE={{ ansible_env.WORKSPACE }}/keys/{{ config.credentials.aws_access_key_file }} + # GitLab license GET_LICENSE={{ ansible_env.WORKSPACE }}/{{ config.licenses.premium }} GET_ULTIMATE={{ ansible_env.WORKSPACE }}/{{ config.licenses.ultimate }} diff --git a/get/setup.yml b/get/setup.yml index 07c20035474bc18dbc407cdc41a297e33fb8148b..feb87fd7c66b75d086fc5d26efbd75d2b6d66325 100644 --- a/get/setup.yml +++ b/get/setup.yml @@ -201,6 +201,7 @@ loop: - { src: 'credentials.env.j2', dest: '.creds.env', mode: '0600' } - { src: 'gcp.env.j2', dest: '.gcp.env', mode: '0600' } + - { src: 'aws.env.j2', dest: '.aws.env', mode: '0600' } - { src: 'secrets.env.j2', dest: '.secrets.env', mode: '0600' } - { src: 'places.env.j2', dest: '.places.env', mode: '0660' } environment: @@ -214,6 +215,7 @@ loop: - { src: '.files/aliases.sh', dest: '.aliases' } - { src: '.files/functions.sh', dest: '.functions' } + - { src: 'get/aws-auth.sh', dest: '.aws-auth' } - { src: 'bin/bat', dest: 'bin/bat'} - { src: 'bin/gcp-environment.py', dest: 'bin/gcp-environment'} @@ -223,6 +225,7 @@ block: | source {{ user_home }}/.aliases source {{ user_home }}/.functions + source {{ user_home }}/.aws-auth set -o allexport for E in ~/.*.env; do test -f "$E" && source "$E"