Skip to content

Commit

Permalink
[COST-4807] mount aws credentials as volume (#5022)
Browse files Browse the repository at this point in the history
  • Loading branch information
maskarb authored Apr 16, 2024
1 parent ef5bcdb commit 1a73ffa
Show file tree
Hide file tree
Showing 34 changed files with 585 additions and 597 deletions.
19 changes: 11 additions & 8 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,6 @@ DEVELOPMENT=True
# DJANGO_LOG_LEVEL=DEBUG

PROMETHEUS_MULTIPROC_DIR='/tmp'
AWS_ACCESS_KEY_ID=AWS_ACCESS_KEY
AWS_SECRET_ACCESS_KEY=AWS_SECRET_KEY
AWS_RESOURCE_NAME=YOUR_COST_MANAGEMENT_AWS_ARN
CURRENCY_URL=https://open.er-api.com/v6/latest/USD
UNLEASH_TOKEN='*:*.dbffffc83b1f92eeaf133a7eb878d4c58231acc159b5e1478ce53cfc'
POLLING_TIMER=60 # Set how often you can trigger downloads per provider
Expand All @@ -39,16 +36,22 @@ S3_ACCESS_KEY=kokuminioaccess
S3_SECRET=kokuminiosecret
SKIP_MINIO_DATA_DELETION=False

#### OCI CREDS
# AWS
AWS_SHARED_CREDENTIALS_FILE=/etc/credentials/aws
AWS_RESOURCE_NAME=YOUR_COST_MANAGEMENT_AWS_ARN

# GCP
GOOGLE_APPLICATION_CREDENTIALS=/etc/credentials/gcp
GCP_DATASET='dataset_example'
GCP_TABLE_ID='table_id_example'
GCP_PROJECT_ID='project_id_example'

# OCI
OCI_CLI_USER=ocid1.user.id
OCI_CLI_FINGERPRINT=00000000000000000
OCI_CLI_TENANCY=ocid1.tenancy.id
OCI_CLI_KEY_FILE=/path/to/credentials

GOOGLE_APPLICATION_CREDENTIALS=/path/to/gcp/credentials
GCP_DATASET='dataset_example'
GCP_TABLE_ID='table_id_example'
GCP_PROJECT_ID='project_id_example'
API_PATH_PREFIX='/api/cost-management'
KOKU_API_HOSTNAME=localhost
KOKU_PORT=8000
Expand Down
12 changes: 7 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,16 @@ This project is developed using the Django web framework. Many
configuration settings can be read in from a `.env` file. To configure,
do the following:

1. Copy [`.env.example`](.env.example) into a `.env`
1. Copy [`.env.example`](.env.example) into a `.env` and update the following in your `.env`:

2. Obtain AWS values and update the following in your `.env`:

AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY
AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_KEY
AWS_RESOURCE_NAME=YOUR_COST_MANAGEMENT_AWS_ARN

2. Copy [`dev/credentials/aws.example`](dev/credentials/aws.example) into `dev/credentials/aws`, obtain AWS credentials, then update the credentials file:

[default]
aws_access_key_id=YOUR_AWS_ACCESS_KEY_ID
aws_secret_access_key=YOUR_AWS_SECRET_ACCESS_KEY

3. (macOS only) Install libraries for building wheels on ARM:

brew install openssl librdkafka postgresql@13
Expand Down
6 changes: 2 additions & 4 deletions ci/functions.sh
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,7 @@ function run_smoke_tests_stage() {
oc get secret/koku-gcp -o json -n ephemeral-base | jq -r '.data' > gcp-creds.json
oc get secret/koku-oci -o json -n ephemeral-base | jq -r '.data' > oci-creds.json

AWS_ACCESS_KEY_ID_EPH=$(jq -r '."aws-access-key-id"' < aws-creds.json | base64 -d)
AWS_SECRET_ACCESS_KEY_EPH=$(jq -r '."aws-secret-access-key"' < aws-creds.json | base64 -d)
AWS_CREDENTIALS_EPH=$(jq -r '."aws-credentials"' < aws-creds.json)
GCP_CREDENTIALS_EPH=$(jq -r '."gcp-credentials"' < gcp-creds.json)
OCI_CREDENTIALS_EPH=$(jq -r '."oci-credentials"' < oci-creds.json)
OCI_CLI_USER_EPH=$(jq -r '."oci-cli-user"' < oci-creds.json | base64 -d)
Expand All @@ -116,8 +115,7 @@ function run_smoke_tests_stage() {
${COMPONENTS_RESOURCES_ARG} \
--optional-deps-method hybrid \
--set-parameter rbac/MIN_REPLICAS=1 \
--set-parameter koku/AWS_ACCESS_KEY_ID_EPH=${AWS_ACCESS_KEY_ID_EPH} \
--set-parameter koku/AWS_SECRET_ACCESS_KEY_EPH=${AWS_SECRET_ACCESS_KEY_EPH} \
--set-parameter koku/AWS_CREDENTIALS_EPH=${AWS_CREDENTIALS_EPH} \
--set-parameter koku/GCP_CREDENTIALS_EPH=${GCP_CREDENTIALS_EPH} \
--set-parameter koku/OCI_CREDENTIALS_EPH=${OCI_CREDENTIALS_EPH} \
--set-parameter koku/OCI_CLI_USER_EPH=${OCI_CLI_USER_EPH} \
Expand Down
Loading

0 comments on commit 1a73ffa

Please sign in to comment.