Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for Nucleus Terraform is complaining about missing local IAM policy files if executed multiple times after terraform destroy #134

Merged
merged 6 commits into from
Nov 26, 2024
Merged

Fix for Nucleus Terraform is complaining about missing local IAM policy files if executed multiple times after terraform destroy #134

merged 6 commits into from
Nov 26, 2024

Conversation

ramesh-maddegoda
Copy link
Contributor

🗒️ Summary

At the moment Nucleus Terraform scripts generates IAM policy files locally before creating the IAM roles. This works well if we only use terraform apply any number of time and then used terraform destroy only once. Executing terraform destroy deletes these locally generated policy files and any subsequent terraform destroy commands complain about missing policy files. There is a workaround for this by using git to restore the deleted placeholder IAM policy files (or manually copy and paste placeholder IAM policy files from template files). But this work around adds manual and confusing steps for someone who does a deployment.

This pull request introduces fully Terraform based IAM policies instead of JSON based IAM policy files, to avoid locally generated IAM policy files.

♻️ Related Issues

#133

nutjob4life
nutjob4life approved these changes Nov 26, 2024
View reviewed changes
Copy link
Member

@nutjob4life nutjob4life left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to init this with Localstack but got Error: Incompatible provider version so this review is based on a visual inspection only—and is largely limited to the parts I mainly understand (secrets detection, Terraform basics) which look fine 👍

tloubrieu-jpl
tloubrieu-jpl approved these changes Nov 26, 2024
View reviewed changes
Copy link
Member

@tloubrieu-jpl tloubrieu-jpl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed in breakout. Good to go.

@ramesh-maddegoda ramesh-maddegoda merged commit 125785c into main Nov 26, 2024
1 check failed
@ramesh-maddegoda ramesh-maddegoda deleted the minimize-local-generated-files branch November 26, 2024 22:51
@ramesh-maddegoda ramesh-maddegoda mentioned this pull request Dec 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nutjob4life nutjob4life nutjob4life approved these changes

@tloubrieu-jpl tloubrieu-jpl tloubrieu-jpl approved these changes

@sjoshi-jpl sjoshi-jpl Awaiting requested review from sjoshi-jpl sjoshi-jpl is a code owner

@jordanpadams jordanpadams Awaiting requested review from jordanpadams jordanpadams is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ramesh-maddegoda @nutjob4life @tloubrieu-jpl