Merge pull request #3 from Orange-OpenSource/bugfix/cicd_assume_role_variabilisiation

Variabilise CICD account ID and role name to be used in get sts tocke…
2023-07-03 16:26:36 +02:00 · 2023-07-03 16:26:36 +02:00 · b61d7bb9f3
commit b61d7bb9f3
parent f57fdb2f93 98df0dd8b3
3 changed files with 6 additions and 1 deletions
--- a/automation/jinja2/templates/.env.dist.j2
+++ b/automation/jinja2/templates/.env.dist.j2
@ -36,6 +36,10 @@ CICD_RUNNER_TAGS={{ CICD_RUNNER_TAGS | join(',') }}
 {% if CICD_ROLE_NAME %}
 CICD_ROLE_NAME={{ CICD_ROLE_NAME }}
 {% endif %}
 {% if CICD_ACCOUNT_ID %}
 CICD_ACCOUNT_ID={{ CICD_ACCOUNT_ID }}
 {% endif %}
 ########################################################################################################################
 # Docker Compose image tags to use
--- a/automation/jinja2/templates/.gitlab-ci.yml.j2
+++ b/automation/jinja2/templates/.gitlab-ci.yml.j2
@ -66,7 +66,7 @@ stages:
  script: |
    #!/usr/bin/env bash
    echo "Getting temporary credentials associated to assume role"
-    STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::903534291474:role/XXXXXX-CiCd-CrossAccountRole --role-session-name ${CI_COMMIT_SHA})
+    STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::{{ environ('CICD_ACCOUNT_ID') }}:role/{{ environ('CICD_ROLE_NAME') }} --role-session-name ${CI_COMMIT_SHA})
    AWS_ACCESS_KEY_ID=$(echo $STS_CREDS | jq -r '.Credentials.AccessKeyId')
    AWS_SECRET_ACCESS_KEY=$(echo $STS_CREDS | jq -r '.Credentials.SecretAccessKey')
    AWS_SESSION_TOKEN=$(echo $STS_CREDS | jq -r '.Credentials.SessionToken')
--- a/configure.yaml.dist
+++ b/configure.yaml.dist
@ -58,6 +58,7 @@ GITLAB_JOBS:
    delete_all: True
 CICD_ROLE_NAME: XXXXXX-CiCd-CrossAccountRole
 CICD_ACCOUNT_ID: 123546789123
 # Run Terraform apply only on main branch
 TF_APPLY_ONLY_MAIN: True