Merge pull request #3 from Orange-OpenSource/bugfix/cicd_assume_role_variabilisiation

Variabilise CICD account ID and role name to be used in get sts tocke…
This commit is contained in:
Olivier Saluden 2023-07-03 16:26:36 +02:00 committed by GitHub
commit b61d7bb9f3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 1 deletions

View file

@ -36,6 +36,10 @@ CICD_RUNNER_TAGS={{ CICD_RUNNER_TAGS | join(',') }}
{% if CICD_ROLE_NAME %} {% if CICD_ROLE_NAME %}
CICD_ROLE_NAME={{ CICD_ROLE_NAME }} CICD_ROLE_NAME={{ CICD_ROLE_NAME }}
{% endif %}
{% if CICD_ACCOUNT_ID %}
CICD_ACCOUNT_ID={{ CICD_ACCOUNT_ID }}
{% endif %} {% endif %}
######################################################################################################################## ########################################################################################################################
# Docker Compose image tags to use # Docker Compose image tags to use

View file

@ -66,7 +66,7 @@ stages:
script: | script: |
#!/usr/bin/env bash #!/usr/bin/env bash
echo "Getting temporary credentials associated to assume role" echo "Getting temporary credentials associated to assume role"
STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::903534291474:role/XXXXXX-CiCd-CrossAccountRole --role-session-name ${CI_COMMIT_SHA}) STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::{{ environ('CICD_ACCOUNT_ID') }}:role/{{ environ('CICD_ROLE_NAME') }} --role-session-name ${CI_COMMIT_SHA})
AWS_ACCESS_KEY_ID=$(echo $STS_CREDS | jq -r '.Credentials.AccessKeyId') AWS_ACCESS_KEY_ID=$(echo $STS_CREDS | jq -r '.Credentials.AccessKeyId')
AWS_SECRET_ACCESS_KEY=$(echo $STS_CREDS | jq -r '.Credentials.SecretAccessKey') AWS_SECRET_ACCESS_KEY=$(echo $STS_CREDS | jq -r '.Credentials.SecretAccessKey')
AWS_SESSION_TOKEN=$(echo $STS_CREDS | jq -r '.Credentials.SessionToken') AWS_SESSION_TOKEN=$(echo $STS_CREDS | jq -r '.Credentials.SessionToken')

View file

@ -58,6 +58,7 @@ GITLAB_JOBS:
delete_all: True delete_all: True
CICD_ROLE_NAME: XXXXXX-CiCd-CrossAccountRole CICD_ROLE_NAME: XXXXXX-CiCd-CrossAccountRole
CICD_ACCOUNT_ID: 123546789123
# Run Terraform apply only on main branch # Run Terraform apply only on main branch
TF_APPLY_ONLY_MAIN: True TF_APPLY_ONLY_MAIN: True