Skip to content

feat: adds org-level compliance setup #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 41 commits into from
Jan 12, 2023
Merged

feat: adds org-level compliance setup #128

merged 41 commits into from
Jan 12, 2023

Conversation

@sameer-in
Copy link
Contributor

@sameer-in sameer-in commented Dec 2, 2022
edited
Loading

  • Adding new example for GCP Org using workload identity
  • we only deploy the artifacts in current project
  • all other projects uses current project as workload identity

@sameer-in sameer-in requested a review from a team as a code owner December 2, 2022 23:21
wideawakening
wideawakening reviewed Dec 12, 2022
View reviewed changes
@wideawakening
Copy link
Contributor

wideawakening commented Dec 12, 2022
edited
Loading

some notes after a quick review

  • since this is a public repo internal jira tickets does not give context so adding a quick description would help :)
    from my context, this example aims to replace current organizational approach for organizational setup, creating a single workload identity on the org-level, instead of the current projet-level.
  • let's try to tidy up submodules
  • let's try to merge both cloudbench submodules into a single one, unless there's a reason not to do so
  • currently existing /task submodule should be used, instead of duplicated, as there is no change with the current one
  • current trust_relationship should be refactored, but quick looking at the changes think it's ok to split them into trust_relations_single_project and trust_relationship_organizational
  • let's replace current /examples/organization since this approach is more optimized, don't see a reason to maintain previous.

@wideawakening wideawakening marked this pull request as draft December 12, 2022 09:06
@sameer-in sameer-in marked this pull request as ready for review December 12, 2022 16:59
wideawakening
wideawakening reviewed Jan 9, 2023
View reviewed changes
@sameer-in sameer-in changed the title SSPROD-18717 added new example for workload identity gcp org Adding new example for GCP Org using workload identity Jan 12, 2023
@sameer-in
Copy link
Contributor Author

sameer-in commented Jan 12, 2023
edited
Loading

@wideawakening Created a separate example in the repo org-workload-identity-provider

  • We have the provider changes released
  • It has a different cloud-bench-workload-identity module.
  • Keeping the task module in new example as its easy to delete old org example in future.
  • module trust-relationship is refactored now

@wideawakening wideawakening changed the title Adding new example for GCP Org using workload identity feat: adds org-level compliance setup Jan 12, 2023
@wideawakening
Copy link
Contributor

wideawakening commented Jan 12, 2023

ahhh finally! so many non-deterministic problems with the linting/validation.... 🥳

@sameer-in i changed the following topics we agreed while peering

  • modified the organizational diagrams to reflect that it does not only deploy a role, but a workload identity pool + role + sa
  • renamed the new example to organization-org_compliance to reflect its the same as the organization one plus the optimization for compliance
  • also modified the snipped in the example since it was pointing the old one
  • added the deprecated message on the organizational
  • tried to add a new test for this one, to be covered by GH actions, but since we cannot re-spawn it over and over (due to the softdelete) y removed that check. i left the test itself for local testin

@wideawakening wideawakening merged commit 1b30bde into master Jan 12, 2023
@wideawakening wideawakening deleted the SSPROD-18717-add-wif-gcp branch January 12, 2023 11:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tembleking tembleking tembleking approved these changes

@hayk99 hayk99 Awaiting requested review from hayk99

+1 more reviewer

@wideawakening wideawakening wideawakening approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sameer-in @wideawakening @tembleking