Skip to content
This repository was archived by the owner on Jun 4, 2024. It is now read-only.

Add role assumption to terraform artifact download#678

Merged
wadells merged 1 commit into
masterfrom
walt/terraform-staging-role
Oct 17, 2022
Merged

Add role assumption to terraform artifact download#678
wadells merged 1 commit into
masterfrom
walt/terraform-staging-role

Conversation

@wadells
Copy link
Copy Markdown
Contributor

@wadells wadells commented Oct 17, 2022
edited
Loading

Fixes the permission error seen here:

https://drone.platform.teleport.sh/gravitational/teleport-plugins/1868/3/2

time="2022-10-14T21:07:08Z" level=info msg="Listing objects in ****** with key prefix teleport-plugins/tag/terraform-provider-teleport-v10.3.2/"
time="2022-10-14T21:07:08Z" level=fatal msg="Failed fetching artifacts" error="operation error S3: ListObjectsV2, https response error StatusCode: 403, RequestID: VE62QS78B41ERBNP, HostID: iwCkDSDNR4SpPwwHPquBXb3btnXg/4RQhFSG0pcdsuYDFDrEjgTngjC7vR7GFzuiBdEyn8Chpbg=, api error AccessDenied: Access Denied"
exit status 1

This failure is a result of detaching the policy from the default teleport plugins user here:

https://github.com/gravitational/cloud-terraform/commit/6e105428e0d23eb6e5e7b372c6f68c5f71ed8654#diff-5668f4e36fe9314e05892ec59fe217ec6d517a6d82a621dcd358ab0a3e538574

I missed this work in #671, because Trent plumbed AWS roles through the terraform promotion logic for uploading artifacts, but not downloading artifacts.

Contributes to https://github.com/gravitational/SecOps/issues/213

Testing

Tag: https://drone.platform.teleport.sh/gravitational/teleport-plugins/1881
Promote: https://drone.platform.teleport.sh/gravitational/teleport-plugins/1882

@wadells wadells force-pushed the walt/terraform-staging-role branch 2 times, most recently from 0ca16a6 to 9df4dcb Compare October 17, 2022 19:05
@wadells
Add role assumption to terraform artifact download
67ddd8b 
Fixes the permission error seen here:

  ListObjectsV2, https response error StatusCode: 403
  api error AccessDenied: Access Denied

https://drone.platform.teleport.sh/gravitational/teleport-plugins/1868/3/2
@wadells wadells force-pushed the walt/terraform-staging-role branch from 9df4dcb to 67ddd8b Compare October 17, 2022 19:07
@wadells wadells changed the title Add role assumption to artifact download Add role assumption to terraform artifact download Oct 17, 2022
@wadells wadells marked this pull request as ready for review October 17, 2022 19:12
@wadells wadells requested review from adaadb6 and reedloden October 17, 2022 19:29
@wadells wadells merged commit 8a7ae87 into master Oct 17, 2022
@wadells wadells deleted the walt/terraform-staging-role branch October 17, 2022 19:43
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@klizhentas klizhentas Awaiting requested review from klizhentas klizhentas is a code owner

@russjones russjones Awaiting requested review from russjones russjones is a code owner

@Joerger Joerger Awaiting requested review from Joerger Joerger is a code owner

@tcsc tcsc Awaiting requested review from tcsc tcsc is a code owner

@zmb3 zmb3 Awaiting requested review from zmb3 zmb3 is a code owner

@adaadb6 adaadb6 Awaiting requested review from adaadb6

2 more reviewers

@r0mant r0mant r0mant approved these changes

@reedloden reedloden reedloden approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wadells @r0mant @reedloden