From 8cbe38e96897995ad852dc879bcade66be476e6a Mon Sep 17 00:00:00 2001
From: Mike Lockhart <sinewalker@gmail.com>
Date: Sun, 11 May 2025 00:18:57 +0000
Subject: [PATCH 1/4] use compatible names

---
 get/config.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/get/config.yml b/get/config.yml
index 1557532..8f42cbd 100644
--- a/get/config.yml
+++ b/get/config.yml
@@ -19,5 +19,5 @@ secrets:
 
 licenses:
 # Relative path to license files from $WORKSPACE directory
-  premium: "licenses/gitlab-premium"
-  ultimate: "licenses/gitlab-ultimate"
+  premium: "licenses/premium.gitlab-license"
+  ultimate: "licenses/ultimate.gitlab-license"
-- 
GitLab


From 4fca173b8b785aa5ad0e533ee1ea2e8ae4ecba1e Mon Sep 17 00:00:00 2001
From: Mike Lockhart <sinewalker@gmail.com>
Date: Sun, 11 May 2025 00:19:42 +0000
Subject: [PATCH 2/4] AWS configuration

---
 get/aws.env.j2         | 2 ++
 get/config.yml         | 5 +++++
 get/credentials.env.j2 | 3 +++
 3 files changed, 10 insertions(+)
 create mode 100644 get/aws.env.j2

diff --git a/get/aws.env.j2 b/get/aws.env.j2
new file mode 100644
index 0000000..b047db0
--- /dev/null
+++ b/get/aws.env.j2
@@ -0,0 +1,2 @@
+AWS_REGION={{ config.aws.region }}
+AWS_TF_STATE_BUCKET={{ config.aws.tf_state_bucket }}
diff --git a/get/config.yml b/get/config.yml
index 8f42cbd..a30ad6b 100644
--- a/get/config.yml
+++ b/get/config.yml
@@ -7,6 +7,7 @@ credentials:
   google_credentials_file: "mlockhart-56581c10-8bc0e30dd679.json"
   service_account_key_file: "service-account_rsa"
   service_account_user: "sa_104481838115385290889"
+  aws_access_key_file: "aws-mlockhart-d52dd2b6_accessKeys.csv"
 
 gcp:
   project: "mlockhart-56581c10"
@@ -14,6 +15,10 @@ gcp:
   zone: "us-west1-c"
   tf_state_bucket: "mjl-get-terraform-state"
 
+aws:
+  region: "us-west-2"
+  tf_state_bucket: "mjl-d52dd2b6-get-terraform-state"
+
 secrets:
   root_password: "defaultpasswordchangeme"
 
diff --git a/get/credentials.env.j2 b/get/credentials.env.j2
index ba4012d..f9f51a8 100644
--- a/get/credentials.env.j2
+++ b/get/credentials.env.j2
@@ -9,6 +9,9 @@ GCP_SA_SSH={{ ansible_env.WORKSPACE }}/keys/{{ config.credentials.service_accoun
 GCP_SA_SSH_PRIV={{ ansible_env.WORKSPACE }}/keys/{{ config.credentials.service_account_key_file }}
 GCP_SA_USER={{ config.credentials.service_account_user }}
 
+# AWS access key
+AWS_ACCESS_KEY_FILE={{ ansible_env.WORKSPACE }}/keys/{{ config.credentials.aws_access_key_file }}
+
 # GitLab license
 GET_LICENSE={{ ansible_env.WORKSPACE }}/{{ config.licenses.premium }}
 GET_ULTIMATE={{ ansible_env.WORKSPACE }}/{{ config.licenses.ultimate }}
-- 
GitLab


From 5f2e56165500119754ccdf948f66c5f59aa5ed0b Mon Sep 17 00:00:00 2001
From: Mike Lockhart <sinewalker@gmail.com>
Date: Sun, 11 May 2025 00:20:06 +0000
Subject: [PATCH 3/4] Extract key id and secret from CSV

---
 get/aws-auth.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100755 get/aws-auth.sh

diff --git a/get/aws-auth.sh b/get/aws-auth.sh
new file mode 100755
index 0000000..771b339
--- /dev/null
+++ b/get/aws-auth.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+# see https://gitlab.com/gitlab-org/gitlab-environment-toolkit/-/blob/main/docs/environment_prep.md#4-setup-ssh-authentication-ssh-os-login-for-gcp-service-account
+#  Scripted so that the dev container can recreate from the key files on restart.
+
+set -o allexport
+  for E in ~/.*.env; do
+    test -f "$E" && source "$E"
+  done
+set +o allexport
+
+# Note: this works, but you actually have to source this file to get the
+#       variables into the environment. $AWS_ACCESS_KEY_FILE must be
+#       defined and present, and contain the AWS access key/password as
+#       exported by AWS in CSV format. See config.yml
+export AWS_ACCESS_KEY_ID=$(awk -F, 'NR > 1 {print $1}' $AWS_ACCESS_KEY_FILE | tr -d ' \t\r')
+export AWS_SECRET_ACCESS_KEY=$(awk -F, 'NR > 1 {print $2}' $AWS_ACCESS_KEY_FILE | tr -d ' \t\r')
+export AWS_DEFAULT_REGION=$AWS_REGION
-- 
GitLab


From 5b772be5a459367fa95c339a2eee912fbd573c74 Mon Sep 17 00:00:00 2001
From: Mike Lockhart <sinewalker@gmail.com>
Date: Sun, 11 May 2025 00:20:26 +0000
Subject: [PATCH 4/4] Add AWS configuration

---
 get/setup.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/get/setup.yml b/get/setup.yml
index 07c2003..feb87fd 100644
--- a/get/setup.yml
+++ b/get/setup.yml
@@ -201,6 +201,7 @@
       loop:
         - { src: 'credentials.env.j2', dest: '.creds.env', mode: '0600' }
         - { src: 'gcp.env.j2', dest: '.gcp.env', mode: '0600' }
+        - { src: 'aws.env.j2', dest: '.aws.env', mode: '0600' }
         - { src: 'secrets.env.j2', dest: '.secrets.env', mode: '0600' }
         - { src: 'places.env.j2', dest: '.places.env', mode: '0660' }
       environment:
@@ -214,6 +215,7 @@
       loop:
         - { src: '.files/aliases.sh', dest: '.aliases' }
         - { src: '.files/functions.sh', dest: '.functions' }
+        - { src: 'get/aws-auth.sh', dest: '.aws-auth' }
         - { src: 'bin/bat', dest: 'bin/bat'}
         - { src: 'bin/gcp-environment.py', dest: 'bin/gcp-environment'}
 
@@ -223,6 +225,7 @@
         block: |
           source {{ user_home }}/.aliases
           source {{ user_home }}/.functions
+          source {{ user_home }}/.aws-auth
           set -o allexport
             for E in ~/.*.env; do
               test -f "$E" && source "$E"
-- 
GitLab