diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7675bcca..510eb2a2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,8 +33,8 @@ jobs: # directory of this repository. - uses: google-github-actions/auth@v1 with: - workload_identity_provider: "projects/841223787188/locations/global/workloadIdentityPools/default/providers/github-oidc" - service_account: "github-actions@whisper-tests.iam.gserviceaccount.com" + workload_identity_provider: "projects/221642914929/locations/global/workloadIdentityPools/default/providers/github-oidc" + service_account: "github-actions@murmur-tests.iam.gserviceaccount.com" token_format: "access_token" access_token_lifetime: "300s" diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 08f9f85c..a7a5e8f0 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -9,7 +9,7 @@ builds: - windows - darwin main: ./ - binary: whisper + binary: murmur archives: - replacements: darwin: Darwin @@ -22,21 +22,21 @@ archives: format: zip dockers: - image_templates: - - ghcr.io/busser/whisper:{{ .Tag }} - - ghcr.io/busser/whisper:v{{ .Major }}.{{ .Minor }} - - ghcr.io/busser/whisper:v{{ .Major }} - - ghcr.io/busser/whisper:latest + - ghcr.io/busser/murmur:{{ .Tag }} + - ghcr.io/busser/murmur:v{{ .Major }}.{{ .Minor }} + - ghcr.io/busser/murmur:v{{ .Major }} + - ghcr.io/busser/murmur:latest checksum: - name_template: 'checksums.txt' + name_template: "checksums.txt" snapshot: - name_template: '{{ .Tag }}-next' + name_template: "{{ .Tag }}-next" changelog: sort: asc filters: exclude: - - '^chore:' + - "^chore:" - '^chore\(deps\):' - - '^docs:' + - "^docs:" - '^fix\(deps\):' - - '^refactor:' - - '^test:' + - "^refactor:" + - "^test:" diff --git a/Dockerfile b/Dockerfile index a1963c6f..abcb146c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ FROM scratch -LABEL org.opencontainers.image.source=https://github.com/busser/whisper +LABEL org.opencontainers.image.source=https://github.com/busser/murmur # The binary is built beforehand. -COPY whisper / +COPY murmur / -ENTRYPOINT ["/whisper"] +ENTRYPOINT ["/murmur"] diff --git a/Makefile b/Makefile index 260b2bf9..6e025993 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ VERSION:=$(shell cat VERSION) # Image URL to use all building/pushing image targets -IMG ?= ghcr.io/busser/whisper:$(VERSION) +IMG ?= ghcr.io/busser/murmur:$(VERSION) # Setting SHELL to bash allows bash commands to be executed by recipes. # Options are set to exit when a recipe line exits non-zero or a piped command fails. @@ -47,8 +47,8 @@ test-e2e: ## Run all tests, including end-to-end tests. ##@ Build .PHONY: build -build: fmt vet ## Build whisper binary. - go build -o bin/whisper +build: fmt vet ## Build murmur binary. + go build -o bin/murmur ##@ Release diff --git a/README.md b/README.md index dbc31ecb..07f3bd8a 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,14 @@ -# 🤫 Whisper +# 🤫 Murmur [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) -[![Go Report Card](https://goreportcard.com/badge/github.com/busser/whisper)](https://goreportcard.com/report/github.com/busser/whisper) -![tests-passing](https://github.com/busser/whisper/actions/workflows/ci.yml/badge.svg) +[![Go Report Card](https://goreportcard.com/badge/github.com/busser/murmur)](https://goreportcard.com/report/github.com/busser/murmur) +![tests-passing](https://github.com/busser/murmur/actions/workflows/ci.yml/badge.svg) -Plug-and-play entrypoint to inject secrets directly into your application's -environment variables. +Plug-and-play entrypoint to pass secrets as environment variables to a process. - [How it works](#how-it-works) -- [Using whisper locally](#using-whisper-locally) -- [Including whisper in a Docker image](#including-whisper-in-a-docker-image) +- [Using murmur locally](#using-murmur-locally) +- [Including murmur in a Docker image](#including-murmur-in-a-docker-image) - [Secret providers](#secret-providers) - [Scaleway Secret Manager](#scaleway-secret-manager) - [Azure Key Vault](#azure-key-vault) @@ -24,7 +23,7 @@ environment variables. ## How it works -Whisper must run as your application's entrypoint. This means that instead of +Murmur must run as your application's entrypoint. This means that instead of running this command to start your application: ```bash @@ -34,10 +33,10 @@ running this command to start your application: Run this instead: ```bash -whisper exec -- /bin/run-my-app +murmur run -- /bin/run-my-app ``` -Whisper reads its environment variables, replaces references to secrets with +Murmur reads its environment variables, replaces references to secrets with the secrets' values, and passes the resulting variables to your application. Variables that are not references to secrets are passed as is. See [Secret providers](#secret-providers) below for more details. @@ -45,19 +44,19 @@ Variables that are not references to secrets are passed as is. See Environment variable values can also contain filters that transform the secret's value. See [Filters](#filters) below for more details. -## Using whisper locally +## Using murmur locally -Download the `whisper` binary for your OS and architecture on the -[project's releases page](https://github.com/busser/whisper/releases) and put +Download the `murmur` binary for your OS and architecture on the +[project's releases page](https://github.com/busser/murmur/releases) and put the binary in your PATH. -## Including whisper in a Docker image +## Including murmur in a Docker image -For convenience, the whisper binary is also released as a Docker image. In your +For convenience, the murmur binary is also released as a Docker image. In your application's Dockerfile, simply add the following line: ```dockerfile -COPY --from=ghcr.io/busser/whisper:latest /whisper /bin/whisper +COPY --from=ghcr.io/busser/murmur:latest /murmur /bin/murmur ``` And then change your image's entrypoint: @@ -66,18 +65,18 @@ And then change your image's entrypoint: # from this: ENTRYPOINT ["/bin/run-my-app"] # to this: -ENTRYPOINT ["/bin/whisper", "exec", "--", "/bin/run-my-app"] +ENTRYPOINT ["/bin/murmur", "run", "--", "/bin/run-my-app"] ``` See [examples/dockerfile](./examples/dockerfile) for actual code. ## Secret providers -Whisper supports fetching secrets from the following providers. +Murmur supports fetching secrets from the following providers. ### Scaleway Secret Manager -Whisper will fetch secrets from Scaleway Secret Manager for all environment +Murmur will fetch secrets from Scaleway Secret Manager for all environment variables that start with `scwsm:`. What follows the prefix should reference a secret. @@ -96,14 +95,14 @@ Here are some examples: `fr-par` region named `secret-sauce`. The string that comes before `#` could be a name or an ID. If the string is a -UUID, then whisper assumes it is an ID. Otherwise, it assumes it is a name. +UUID, then murmur assumes it is an ID. Otherwise, it assumes it is a name. -Whisper uses the environment's default credentials to authenticate to Scaleway. -You can configure whisper the same way you can [configure the `scw` CLI](https://github.com/scaleway/scaleway-cli/blob/master/docs/commands/config.md). +Murmur uses the environment's default credentials to authenticate to Scaleway. +You can configure murmur the same way you can [configure the `scw` CLI](https://github.com/scaleway/scaleway-cli/blob/master/docs/commands/config.md). ### Azure Key Vault -Whisper will fetch secrets from Azure Key Vault for all environment variables +Murmur will fetch secrets from Azure Key Vault for all environment variables that start with `azkv:`. What follows the prefix should reference a secret. Here are some examples: @@ -114,13 +113,13 @@ Here are some examples: references a specific version of the `secret-sauce` secret in the `example` Key Vault. -Whisper uses the environment's default credentials to authenticate to Azure. You +Murmur uses the environment's default credentials to authenticate to Azure. You can set these credentials with the [environment variables listed here](https://github.com/Azure/azure-sdk-for-go/wiki/Set-up-Your-Environment-for-Authentication#configure-defaultazurecredential), or with workload identity. ### AWS Secrets Manager -Whisper will fetch secrets from AWS Secrets Manager for all environment +Murmur will fetch secrets from AWS Secrets Manager for all environment variables that start with `awssm:`. What follows the prefix should reference a secret. @@ -139,14 +138,14 @@ Here are some examples: references a specific staging label of the secret with the specified ARN. The string that comes after `#` could be a version ID or a version label. If the -string is a UUID, then whisper assumes it is a version ID. Otherwise, it assumes +string is a UUID, then murmur assumes it is a version ID. Otherwise, it assumes it is a version label. -Whisper uses the environment's default credentials to authenticate to AWS. +Murmur uses the environment's default credentials to authenticate to AWS. ### Google Secret Manager -Whisper will fetch secrets from Google Cloud Platform's Secret Manager for all +Murmur will fetch secrets from Google Cloud Platform's Secret Manager for all environment variables that start with `gcpsm:`. What follows the prefix should reference a secret. @@ -157,11 +156,11 @@ Here are some examples: - `gcpsm:example/secret-sauce#123` references a specific version of the - `secret-sauce` secret in the `example` project. -Whisper uses the environment's default credentials to authenticate to Google +Murmur uses the environment's default credentials to authenticate to Google Cloud. You can set these with the `gcloud` CLI, with environment variables, with Google Cloud's environment service accounts, or with workload identity. -An alternative to whisper, specific to Google Cloud, is [berglas](https://github.com/GoogleCloudPlatform/berglas). +An alternative to murmur, specific to Google Cloud, is [berglas](https://github.com/GoogleCloudPlatform/berglas). ### Hashicorp Vault @@ -173,16 +172,16 @@ in the mean time. ### Passthrough The `passthrough:` prefix is special: it does not fetch secrets from anywhere. -Whisper uses the secret's reference as its value. In effect, this simply removes +Murmur uses the secret's reference as its value. In effect, this simply removes the `passthrough:` prefix from any environment variables. ## Filters -Whisper supports transforming secrets with the following filters. +Murmur supports transforming secrets with the following filters. ### JSONPath -Whisper embeds the [Kubernetes JSONPath](https://kubernetes.io/docs/reference/kubectl/jsonpath/) +Murmur embeds the [Kubernetes JSONPath](https://kubernetes.io/docs/reference/kubectl/jsonpath/) library. You can use it to extract specific fields from a JSON-encoded secret. For example, if you have a secret with a value of `{"sauce": "szechuan"}`, the `jsonpath` filter can extract the `sauce` field's value: @@ -198,20 +197,20 @@ awssm:secret-sauce|jsonpath:{.sauce} Your application may use flags, like this: ```bash -whisper exec /bin/run-my-app --port=3000 +murmur run /bin/run-my-app --port=3000 ``` -Whisper then picks up the `--port` flag and returns an error: +Murmur then picks up the `--port` flag and returns an error: ```plaintext Error: unknown flag: --port ``` -Whisper ignores any flags that come after a special `--` argument. So simply run +Murmur ignores any flags that come after a special `--` argument. So simply run this command instead: ```bash -whisper exec -- /bin/run-my-app --port=3000 +murmur run -- /bin/run-my-app --port=3000 ``` Any flags after the `--` argument will still be passed to your application. diff --git a/examples/dockerfile/Dockerfile b/examples/dockerfile/Dockerfile index c0b97c4c..a75330ed 100644 --- a/examples/dockerfile/Dockerfile +++ b/examples/dockerfile/Dockerfile @@ -1,5 +1,5 @@ FROM alpine -COPY --from=ghcr.io/busser/whisper:latest /whisper /bin/whisper +COPY --from=ghcr.io/busser/murmur:latest /murmur /bin/murmur -ENTRYPOINT ["/bin/whisper", "exec", "--", "sh", "-c", "echo The secret sauce is $SECRET_SAUCE."] +ENTRYPOINT ["/bin/murmur", "run", "--", "sh", "-c", "echo The secret sauce is $SECRET_SAUCE."] diff --git a/examples/dockerfile/README.md b/examples/dockerfile/README.md index 6e801c24..acbd62e0 100644 --- a/examples/dockerfile/README.md +++ b/examples/dockerfile/README.md @@ -1,12 +1,12 @@ # Example: Dockerfile -This directory contains an example of using whisper inside a Dockerfile. +This directory contains an example of using murmur inside a Dockerfile. To run the example: ```bash -docker build -t whisper-example . +docker build -t murmur-example . docker run \ -e SECRET_SAUCE=passthrough:szechuan \ - whisper-example + murmur-example ``` diff --git a/go.mod b/go.mod index 4cba801a..891de2a0 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/busser/whisper +module github.com/busser/murmur go 1.20 diff --git a/internal/cmd/murmur.go b/internal/cmd/murmur.go new file mode 100644 index 00000000..c9f05037 --- /dev/null +++ b/internal/cmd/murmur.go @@ -0,0 +1,27 @@ +package cmd + +import ( + "os" + + "github.com/spf13/cobra" +) + +func Execute() { + if err := rootCmd().Execute(); err != nil { + os.Exit(1) + } +} + +func rootCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "murmur", + Short: "Murmur passes secrets as environment variables to a process", + Long: `A plug-and-play shim that fetches secrets from a secure + location and passes them to your application as environment variables.`, + SilenceUsage: true, + } + + cmd.AddCommand(runCmd()) + + return cmd +} diff --git a/internal/cmd/murmur_run.go b/internal/cmd/murmur_run.go new file mode 100644 index 00000000..cb5c6df8 --- /dev/null +++ b/internal/cmd/murmur_run.go @@ -0,0 +1,36 @@ +package cmd + +import ( + "os" + + "github.com/busser/murmur/internal/murmur" + "github.com/spf13/cobra" +) + +func runCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "run", + Short: "Run a command with secrets injected", + Long: `Run any command with updated environment variables. Any variables containing +a reference to an externally-stored secret will be overwritten with the secret's +value. + +Examples: + + # Azure Key Vault + export SECRET_SAUCE="azkv:example.vault.azure.net/secret-sauce" + murmur run -- sh -c 'echo The secret sauce is $SECRET_SAUCE.'`, + + Args: cobra.MinimumNArgs(1), + RunE: func(cmd *cobra.Command, args []string) error { + exitCode, err := murmur.Run(args[0], args[1:]...) + if err != nil { + return err + } + os.Exit(exitCode) + return nil + }, + } + + return cmd +} diff --git a/internal/cmd/whisper.go b/internal/cmd/whisper.go deleted file mode 100644 index f341a6a5..00000000 --- a/internal/cmd/whisper.go +++ /dev/null @@ -1,27 +0,0 @@ -package cmd - -import ( - "os" - - "github.com/spf13/cobra" -) - -func Execute() { - if err := rootCmd().Execute(); err != nil { - os.Exit(1) - } -} - -func rootCmd() *cobra.Command { - cmd := &cobra.Command{ - Use: "whisper", - Short: "Whisper injects secrets into your application", - Long: `A plug-and-play entrypoint that fetches secrets from a secure - location and adds them to your application's environment variables.`, - SilenceUsage: true, - } - - cmd.AddCommand(execCmd()) - - return cmd -} diff --git a/internal/cmd/whisper_exec.go b/internal/cmd/whisper_exec.go deleted file mode 100644 index a719708e..00000000 --- a/internal/cmd/whisper_exec.go +++ /dev/null @@ -1,37 +0,0 @@ -package cmd - -import ( - "os" - - "github.com/busser/whisper/internal/whisper" - "github.com/spf13/cobra" -) - -func execCmd() *cobra.Command { - cmd := &cobra.Command{ - Use: "exec", - Short: "Execute a command with secrets injected", - Long: `Execute any command with updated environment variables. Any variables containing -a reference to an externally-stored secret will be overwritten with the secret's -value. - -Examples: - - # Azure Key Vault - export WHISPER_AZURE_KEY_VAULT_URL="https://example.vault.azure.net/" - export SECRET_SAUCE="azkv:secret-sauce" - whisper exec -- sh -c 'echo The secret sauce is $SECRET_SAUCE.'`, - - Args: cobra.MinimumNArgs(1), - RunE: func(cmd *cobra.Command, args []string) error { - exitCode, err := whisper.Exec(args[0], args[1:]...) - if err != nil { - return err - } - os.Exit(exitCode) - return nil - }, - } - - return cmd -} diff --git a/internal/environ/example_test.go b/internal/environ/example_test.go index a2612ebf..a03fa8be 100644 --- a/internal/environ/example_test.go +++ b/internal/environ/example_test.go @@ -4,7 +4,7 @@ import ( "fmt" "os" - "github.com/busser/whisper/internal/environ" + "github.com/busser/murmur/internal/environ" ) func Example() { diff --git a/internal/whisper/exec.go b/internal/murmur/exec.go similarity index 73% rename from internal/whisper/exec.go rename to internal/murmur/exec.go index e13bd624..7b96c2ae 100644 --- a/internal/whisper/exec.go +++ b/internal/murmur/exec.go @@ -1,4 +1,4 @@ -package whisper +package murmur import ( "errors" @@ -8,16 +8,16 @@ import ( "os/exec" "sort" - "github.com/busser/whisper/internal/environ" + "github.com/busser/murmur/internal/environ" ) // Modified during testing to catch command output. var ( - execOut io.Writer = os.Stdout - execErr io.Writer = os.Stderr + runOut io.Writer = os.Stdout + runErr io.Writer = os.Stderr ) -func Exec(name string, args ...string) (exitCode int, err error) { +func Run(name string, args ...string) (exitCode int, err error) { originalVars := environ.ToMap(os.Environ()) newVars, err := ResolveAll(originalVars) @@ -34,14 +34,14 @@ func Exec(name string, args ...string) (exitCode int, err error) { sort.Strings(overloaded) for _, name := range overloaded { - log.Printf("[whisper] overloading %s", name) + log.Printf("[murmur] overloading %s", name) } subCmd := exec.Command(name, args...) subCmd.Env = environ.ToSlice(newVars) subCmd.Stdin = os.Stdin - subCmd.Stdout = execOut - subCmd.Stderr = execErr + subCmd.Stdout = runOut + subCmd.Stderr = runErr if err := subCmd.Run(); err != nil { exitErr := new(exec.ExitError) diff --git a/internal/whisper/exec_test.go b/internal/murmur/exec_test.go similarity index 84% rename from internal/whisper/exec_test.go rename to internal/murmur/exec_test.go index 2147b00a..a4220493 100644 --- a/internal/whisper/exec_test.go +++ b/internal/murmur/exec_test.go @@ -1,14 +1,14 @@ -package whisper +package murmur import ( "bytes" "os" "testing" - "github.com/busser/whisper/internal/environ" + "github.com/busser/murmur/internal/environ" ) -func TestExec(t *testing.T) { +func TestRun(t *testing.T) { tt := []struct { name string command []string @@ -56,13 +56,13 @@ func TestExec(t *testing.T) { for _, tc := range tt { t.Run(tc.name, func(t *testing.T) { - // Capture Exec()'s output for the duration of the test. + // Capture Run()'s output for the duration of the test. var output bytes.Buffer - execOut = &output - execErr = &output + runOut = &output + runErr = &output defer func() { - execOut = os.Stdout - execErr = os.Stderr + runOut = os.Stdout + runErr = os.Stderr }() // Clear all environment variables for the duration of the test. @@ -80,9 +80,9 @@ func TestExec(t *testing.T) { os.Setenv(k, v) } - exitCode, err := Exec(tc.command[0], tc.command[1:]...) + exitCode, err := Run(tc.command[0], tc.command[1:]...) if err != nil { - t.Errorf("Exec() returned an error: %v", err) + t.Errorf("Run() returned an error: %v", err) } if exitCode != tc.wantExitCode { diff --git a/internal/whisper/filter.go b/internal/murmur/filter.go similarity index 75% rename from internal/whisper/filter.go rename to internal/murmur/filter.go index ed649ae8..f6a60884 100644 --- a/internal/whisper/filter.go +++ b/internal/murmur/filter.go @@ -1,6 +1,6 @@ -package whisper +package murmur -import "github.com/busser/whisper/internal/whisper/filters/jsonpath" +import "github.com/busser/murmur/internal/murmur/filters/jsonpath" // A Filter transforms a value obtained from a secret store into another value // based on the given rule. diff --git a/internal/whisper/filters/jsonpath/filter.go b/internal/murmur/filters/jsonpath/filter.go similarity index 100% rename from internal/whisper/filters/jsonpath/filter.go rename to internal/murmur/filters/jsonpath/filter.go diff --git a/internal/whisper/filters/jsonpath/filter_test.go b/internal/murmur/filters/jsonpath/filter_test.go similarity index 100% rename from internal/whisper/filters/jsonpath/filter_test.go rename to internal/murmur/filters/jsonpath/filter_test.go diff --git a/internal/whisper/provider.go b/internal/murmur/provider.go similarity index 76% rename from internal/whisper/provider.go rename to internal/murmur/provider.go index 72915e58..b7ecb67f 100644 --- a/internal/whisper/provider.go +++ b/internal/murmur/provider.go @@ -1,13 +1,13 @@ -package whisper +package murmur import ( "context" - "github.com/busser/whisper/internal/whisper/providers/awssm" - "github.com/busser/whisper/internal/whisper/providers/azkv" - "github.com/busser/whisper/internal/whisper/providers/gcpsm" - "github.com/busser/whisper/internal/whisper/providers/passthrough" - "github.com/busser/whisper/internal/whisper/providers/scwsm" + "github.com/busser/murmur/internal/murmur/providers/awssm" + "github.com/busser/murmur/internal/murmur/providers/azkv" + "github.com/busser/murmur/internal/murmur/providers/gcpsm" + "github.com/busser/murmur/internal/murmur/providers/passthrough" + "github.com/busser/murmur/internal/murmur/providers/scwsm" ) // A Provider fetches values from a secret store. @@ -26,7 +26,7 @@ type Provider interface { type ProviderFactory func() (Provider, error) // ProviderFactories contains a ProviderFactory for each prefix known to -// whisper. +// murmur. var ProviderFactories = map[string]ProviderFactory{ // Passthrough "passthrough": func() (Provider, error) { return passthrough.New() }, diff --git a/internal/whisper/providers/awssm/client.go b/internal/murmur/providers/awssm/client.go similarity index 100% rename from internal/whisper/providers/awssm/client.go rename to internal/murmur/providers/awssm/client.go diff --git a/internal/whisper/providers/awssm/client_test.go b/internal/murmur/providers/awssm/client_test.go similarity index 82% rename from internal/whisper/providers/awssm/client_test.go rename to internal/murmur/providers/awssm/client_test.go index 4bfb2083..6e3259a7 100644 --- a/internal/whisper/providers/awssm/client_test.go +++ b/internal/murmur/providers/awssm/client_test.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/busser/whisper/internal/whisper/providers/awssm" + "github.com/busser/murmur/internal/murmur/providers/awssm" ) func Example() { diff --git a/internal/whisper/providers/awssm/e2e_test.go b/internal/murmur/providers/awssm/e2e_test.go similarity index 97% rename from internal/whisper/providers/awssm/e2e_test.go rename to internal/murmur/providers/awssm/e2e_test.go index 3b947f20..efc64ace 100644 --- a/internal/whisper/providers/awssm/e2e_test.go +++ b/internal/murmur/providers/awssm/e2e_test.go @@ -8,7 +8,7 @@ import ( "golang.org/x/net/context" - "github.com/busser/whisper/internal/whisper/providers/awssm" + "github.com/busser/murmur/internal/murmur/providers/awssm" ) func TestClient(t *testing.T) { diff --git a/internal/whisper/providers/azkv/client.go b/internal/murmur/providers/azkv/client.go similarity index 100% rename from internal/whisper/providers/azkv/client.go rename to internal/murmur/providers/azkv/client.go diff --git a/internal/whisper/providers/azkv/client_test.go b/internal/murmur/providers/azkv/client_test.go similarity index 83% rename from internal/whisper/providers/azkv/client_test.go rename to internal/murmur/providers/azkv/client_test.go index c92167a9..88f4809d 100644 --- a/internal/whisper/providers/azkv/client_test.go +++ b/internal/murmur/providers/azkv/client_test.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/busser/whisper/internal/whisper/providers/azkv" + "github.com/busser/murmur/internal/murmur/providers/azkv" ) func Example() { diff --git a/internal/whisper/providers/azkv/e2e_test.go b/internal/murmur/providers/azkv/e2e_test.go similarity index 73% rename from internal/whisper/providers/azkv/e2e_test.go rename to internal/murmur/providers/azkv/e2e_test.go index c6eab49c..850c1b67 100644 --- a/internal/whisper/providers/azkv/e2e_test.go +++ b/internal/murmur/providers/azkv/e2e_test.go @@ -6,7 +6,7 @@ import ( "testing" "time" - "github.com/busser/whisper/internal/whisper/providers/azkv" + "github.com/busser/murmur/internal/murmur/providers/azkv" "golang.org/x/net/context" ) @@ -27,44 +27,44 @@ func TestClient(t *testing.T) { }{ // References to the "alpha" vault. { - ref: "whisper-alpha.vault.azure.net/secret-sauce", + ref: "murmur-alpha.vault.azure.net/secret-sauce", wantVal: "szechuan", wantErr: false, }, { - ref: "whisper-alpha.vault.azure.net/secret-sauce#0c2fd54cde7e494faad53882524d358f", + ref: "murmur-alpha.vault.azure.net/secret-sauce#788ffd5cd2224f67b98e12f6fc0cd720", wantVal: "szechuan", wantErr: false, }, { - ref: "whisper-alpha.vault.azure.net/secret-sauce#73f5e5ff35a44cdab53b7a34c18da367", + ref: "murmur-alpha.vault.azure.net/secret-sauce#02fc2105c6b34f8385a2ee8531e4900f", wantVal: "ketchup", wantErr: false, }, { - ref: "whisper-alpha.vault.azure.net/does-not-exist", + ref: "murmur-alpha.vault.azure.net/does-not-exist", wantVal: "", wantErr: true, }, // References to the "bravo" vault. { - ref: "whisper-bravo.vault.azure.net/secret-sauce", + ref: "murmur-bravo.vault.azure.net/secret-sauce", wantVal: "szechuan", wantErr: false, }, { - ref: "whisper-bravo.vault.azure.net/secret-sauce#b5f5287b95b24491a7ec5bb6a19ff341", + ref: "murmur-bravo.vault.azure.net/secret-sauce#48b0d307869b4cf9a0141a062ecdc648", wantVal: "szechuan", wantErr: false, }, { - ref: "whisper-bravo.vault.azure.net/secret-sauce#03bb1bf7a5b44bb28508a6de043faf3c", + ref: "murmur-bravo.vault.azure.net/secret-sauce#e34b3d09f61f4ed1a1812b88834bcb3e", wantVal: "ketchup", wantErr: false, }, { - ref: "whisper-bravo.vault.azure.net/does-not-exist", + ref: "murmur-bravo.vault.azure.net/does-not-exist", wantVal: "", wantErr: true, }, diff --git a/internal/whisper/providers/gcpsm/client.go b/internal/murmur/providers/gcpsm/client.go similarity index 100% rename from internal/whisper/providers/gcpsm/client.go rename to internal/murmur/providers/gcpsm/client.go diff --git a/internal/whisper/providers/gcpsm/client_test.go b/internal/murmur/providers/gcpsm/client_test.go similarity index 83% rename from internal/whisper/providers/gcpsm/client_test.go rename to internal/murmur/providers/gcpsm/client_test.go index 9abd41bd..47096447 100644 --- a/internal/whisper/providers/gcpsm/client_test.go +++ b/internal/murmur/providers/gcpsm/client_test.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/busser/whisper/internal/whisper/providers/gcpsm" + "github.com/busser/murmur/internal/murmur/providers/gcpsm" ) func Example() { diff --git a/internal/whisper/providers/gcpsm/e2e_test.go b/internal/murmur/providers/gcpsm/e2e_test.go similarity index 86% rename from internal/whisper/providers/gcpsm/e2e_test.go rename to internal/murmur/providers/gcpsm/e2e_test.go index 344d493a..6b50a361 100644 --- a/internal/whisper/providers/gcpsm/e2e_test.go +++ b/internal/murmur/providers/gcpsm/e2e_test.go @@ -6,7 +6,7 @@ import ( "testing" "time" - "github.com/busser/whisper/internal/whisper/providers/gcpsm" + "github.com/busser/murmur/internal/murmur/providers/gcpsm" "golang.org/x/net/context" ) @@ -26,22 +26,22 @@ func TestClient(t *testing.T) { wantErr bool }{ { - ref: "whisper-tests/secret-sauce", + ref: "murmur-tests/secret-sauce", wantVal: "szechuan", wantErr: false, }, { - ref: "whisper-tests/secret-sauce#4", + ref: "murmur-tests/secret-sauce#2", wantVal: "szechuan", wantErr: false, }, { - ref: "whisper-tests/secret-sauce#3", + ref: "murmur-tests/secret-sauce#1", wantVal: "ketchup", wantErr: false, }, { - ref: "whisper-tests/does-not-exist", + ref: "murmur-tests/does-not-exist", wantVal: "", wantErr: true, }, diff --git a/internal/whisper/providers/jsonmock/client.go b/internal/murmur/providers/jsonmock/client.go similarity index 100% rename from internal/whisper/providers/jsonmock/client.go rename to internal/murmur/providers/jsonmock/client.go diff --git a/internal/whisper/providers/mock/client.go b/internal/murmur/providers/mock/client.go similarity index 100% rename from internal/whisper/providers/mock/client.go rename to internal/murmur/providers/mock/client.go diff --git a/internal/whisper/providers/passthrough/client.go b/internal/murmur/providers/passthrough/client.go similarity index 100% rename from internal/whisper/providers/passthrough/client.go rename to internal/murmur/providers/passthrough/client.go diff --git a/internal/whisper/providers/passthrough/client_test.go b/internal/murmur/providers/passthrough/client_test.go similarity index 100% rename from internal/whisper/providers/passthrough/client_test.go rename to internal/murmur/providers/passthrough/client_test.go diff --git a/internal/whisper/providers/scwsm/client.go b/internal/murmur/providers/scwsm/client.go similarity index 100% rename from internal/whisper/providers/scwsm/client.go rename to internal/murmur/providers/scwsm/client.go diff --git a/internal/whisper/providers/scwsm/client_test.go b/internal/murmur/providers/scwsm/client_test.go similarity index 82% rename from internal/whisper/providers/scwsm/client_test.go rename to internal/murmur/providers/scwsm/client_test.go index a9ee019f..89b61ed0 100644 --- a/internal/whisper/providers/scwsm/client_test.go +++ b/internal/murmur/providers/scwsm/client_test.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/busser/whisper/internal/whisper/providers/scwsm" + "github.com/busser/murmur/internal/murmur/providers/scwsm" ) func Example() { diff --git a/internal/whisper/providers/scwsm/e2e_test.go b/internal/murmur/providers/scwsm/e2e_test.go similarity index 97% rename from internal/whisper/providers/scwsm/e2e_test.go rename to internal/murmur/providers/scwsm/e2e_test.go index 2e921ac5..ab462108 100644 --- a/internal/whisper/providers/scwsm/e2e_test.go +++ b/internal/murmur/providers/scwsm/e2e_test.go @@ -6,7 +6,7 @@ import ( "testing" "time" - "github.com/busser/whisper/internal/whisper/providers/scwsm" + "github.com/busser/murmur/internal/murmur/providers/scwsm" "golang.org/x/net/context" ) diff --git a/internal/whisper/query.go b/internal/murmur/query.go similarity index 99% rename from internal/whisper/query.go rename to internal/murmur/query.go index 55077063..51b0be76 100644 --- a/internal/whisper/query.go +++ b/internal/murmur/query.go @@ -1,4 +1,4 @@ -package whisper +package murmur import ( "errors" diff --git a/internal/whisper/query_test.go b/internal/murmur/query_test.go similarity index 99% rename from internal/whisper/query_test.go rename to internal/murmur/query_test.go index edd98c7b..f07ea663 100644 --- a/internal/whisper/query_test.go +++ b/internal/murmur/query_test.go @@ -1,4 +1,4 @@ -package whisper +package murmur import ( "reflect" diff --git a/internal/whisper/resolve.go b/internal/murmur/resolve.go similarity index 97% rename from internal/whisper/resolve.go rename to internal/murmur/resolve.go index ccfe0672..d453c27e 100644 --- a/internal/whisper/resolve.go +++ b/internal/murmur/resolve.go @@ -1,4 +1,4 @@ -package whisper +package murmur import ( "context" @@ -13,7 +13,7 @@ type variable struct { name string // The environment variable's original value. rawValue string - // The environment variable's query value, if it is a valid whisper query. + // The environment variable's query value, if it is a valid murmur query. query *query // The resolved value of the secret referenced in the query. resolvedValue string @@ -92,7 +92,7 @@ func parseVariables(rawVars <-chan variable, parsed, done chan<- variable) { for v := range rawVars { q, err := parseQuery(v.rawValue) if err != nil { - // The variable's value is not a whisper query, so we should leave + // The variable's value is not a murmur query, so we should leave // it as is. v.finalValue = v.rawValue done <- v diff --git a/internal/whisper/resolve_e2e_test.go b/internal/murmur/resolve_e2e_test.go similarity index 90% rename from internal/whisper/resolve_e2e_test.go rename to internal/murmur/resolve_e2e_test.go index 4160515a..1c9f6de9 100644 --- a/internal/whisper/resolve_e2e_test.go +++ b/internal/murmur/resolve_e2e_test.go @@ -1,6 +1,6 @@ //go:build e2e -package whisper +package murmur import ( "strings" @@ -19,9 +19,9 @@ func TestResolveAllEndToEnd(t *testing.T) { envVars := map[string]string{ "NOT_A_SECRET": "My app listens on port 3000", - "FROM_AZURE": "azkv:whisper-alpha.vault.azure.net/secret-sauce", + "FROM_AZURE": "azkv:murmur-alpha.vault.azure.net/secret-sauce", "FROM_AWS": "awssm:secret-sauce", - "FROM_GCP": "gcpsm:whisper-tests/secret-sauce", + "FROM_GCP": "gcpsm:murmur-tests/secret-sauce", "FROM_SCALEWAY": "scwsm:secret-sauce", "FROM_PASSTHROUGH": "passthrough:szechuan", "JSON_SECRET": `passthrough:{"sauce": "szechuan"}|jsonpath:{ .sauce }`, @@ -53,7 +53,7 @@ func TestResolveAllEndToEndWithError(t *testing.T) { envVars := map[string]string{ "NOT_A_SECRET": "My app listens on port 3000", "OK_SECRET": "awssm:secret-sauce", - "BROKEN_SECRET": "azkv:whisper-alpha.vault.azure.net/does-not-exist", + "BROKEN_SECRET": "azkv:murmur-alpha.vault.azure.net/does-not-exist", "BUGGY_SECRET": "gcpsm:invalid-ref", "NOT_JSON": "passthrough:not-json|jsonpath:{}", "LOOKS_LIKE_A_SECRET": "baz:FAIL", diff --git a/internal/whisper/resolve_test.go b/internal/murmur/resolve_test.go similarity index 95% rename from internal/whisper/resolve_test.go rename to internal/murmur/resolve_test.go index 8c2b6a3b..4ca716b0 100644 --- a/internal/whisper/resolve_test.go +++ b/internal/murmur/resolve_test.go @@ -1,12 +1,12 @@ -package whisper +package murmur import ( "strings" "testing" - "github.com/busser/whisper/internal/slices" - "github.com/busser/whisper/internal/whisper/providers/jsonmock" - "github.com/busser/whisper/internal/whisper/providers/mock" + "github.com/busser/murmur/internal/murmur/providers/jsonmock" + "github.com/busser/murmur/internal/murmur/providers/mock" + "github.com/busser/murmur/internal/slices" "github.com/google/go-cmp/cmp" ) @@ -128,7 +128,7 @@ func TestResolveAll(t *testing.T) { factories[prefix] = func() (Provider, error) { return provider, nil } } - // Replace whisper's clients with mocks for the duration of the test. + // Replace murmur's clients with mocks for the duration of the test. originalProviderFactories := ProviderFactories defer func() { ProviderFactories = originalProviderFactories }() ProviderFactories = factories @@ -193,7 +193,7 @@ func TestResolveAllWithError(t *testing.T) { factories[prefix] = func() (Provider, error) { return provider, nil } } - // Replace whisper's clients with mocks for the duration of the test. + // Replace murmur's clients with mocks for the duration of the test. originalProviderFactories := ProviderFactories defer func() { ProviderFactories = originalProviderFactories }() ProviderFactories = factories diff --git a/main.go b/main.go index e7a7a05a..949cc246 100644 --- a/main.go +++ b/main.go @@ -1,7 +1,7 @@ package main import ( - "github.com/busser/whisper/internal/cmd" + "github.com/busser/murmur/internal/cmd" ) func main() { diff --git a/terraform/README.md b/terraform/README.md index 8b50a076..ec444b02 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -1,7 +1,7 @@ # Cloud Infrastucture This directory contains all Terraform code required to provision the cloud -resources used to test whisper functionality. +resources used to test murmur functionality. - [Requirements](#requirements) - [Usage](#usage) diff --git a/terraform/layers/aws-secrets-manager/_settings.tf b/terraform/layers/aws-secrets-manager/_settings.tf index 25dd6ad2..2cf4eb13 100644 --- a/terraform/layers/aws-secrets-manager/_settings.tf +++ b/terraform/layers/aws-secrets-manager/_settings.tf @@ -16,7 +16,7 @@ terraform { # For more information on state backends: https://www.terraform.io/docs/language/settings/backends/index.html # For more information on the "s3" backend: https://www.terraform.io/docs/language/settings/backends/s3.html backend "s3" { - bucket = "b4r-whisper-tfstate" + bucket = "busser-murmur-tfstate" key = "aws-secrets-manager" region = "fr-par" endpoint = "https://s3.fr-par.scw.cloud" diff --git a/terraform/layers/aws-secrets-manager/github_actions.tf b/terraform/layers/aws-secrets-manager/github_actions.tf index 5b13f3c5..0a63a886 100644 --- a/terraform/layers/aws-secrets-manager/github_actions.tf +++ b/terraform/layers/aws-secrets-manager/github_actions.tf @@ -26,7 +26,7 @@ resource "aws_iam_role" "github_actions" { Condition = { StringLike = { "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com", - "token.actions.githubusercontent.com:sub" = "repo:busser/whisper:*" + "token.actions.githubusercontent.com:sub" = "repo:busser/murmur:*" } } } diff --git a/terraform/layers/azure-keyvault/_settings.tf b/terraform/layers/azure-keyvault/_settings.tf index 3c9d2560..54f10043 100644 --- a/terraform/layers/azure-keyvault/_settings.tf +++ b/terraform/layers/azure-keyvault/_settings.tf @@ -16,7 +16,7 @@ terraform { # For more information on state backends: https://www.terraform.io/docs/language/settings/backends/index.html # For more information on the "s3" backend: https://www.terraform.io/docs/language/settings/backends/s3.html backend "s3" { - bucket = "b4r-whisper-tfstate" + bucket = "busser-murmur-tfstate" key = "azurerm-keyvault" region = "fr-par" endpoint = "https://s3.fr-par.scw.cloud" diff --git a/terraform/layers/azure-keyvault/github_actions.tf b/terraform/layers/azure-keyvault/github_actions.tf index d4275da7..be2b574a 100644 --- a/terraform/layers/azure-keyvault/github_actions.tf +++ b/terraform/layers/azure-keyvault/github_actions.tf @@ -1,11 +1,11 @@ -// The repository's continuous integration pipelines run whisper's end-to-end +// The repository's continuous integration pipelines run murmur's end-to-end // tests. These tests require credentials that can read secrets from our Key // Vaults. // The pipelines authenticate to Azure with a service principal. resource "azuread_application" "github_actions" { - display_name = "whisper-github-actions" + display_name = "murmur-github-actions" owners = [data.azuread_client_config.current.object_id] } @@ -21,26 +21,26 @@ resource "azuread_service_principal_password" "github_actions" { // The necessary credentials are stored in this repository's Github Actions // secrets. Pipelines use these secrets to set environment variables used by -// whisper. +// murmur. -data "github_repository" "whisper" { - name = "whisper" +data "github_repository" "murmur" { + name = "murmur" } resource "github_actions_secret" "tenant_id" { - repository = data.github_repository.whisper.name + repository = data.github_repository.murmur.name secret_name = "AZURE_TENANT_ID" plaintext_value = data.azuread_client_config.current.tenant_id } resource "github_actions_secret" "client_id" { - repository = data.github_repository.whisper.name + repository = data.github_repository.murmur.name secret_name = "AZURE_CLIENT_ID" plaintext_value = azuread_service_principal.github_actions.application_id } resource "github_actions_secret" "client_secret" { - repository = data.github_repository.whisper.name + repository = data.github_repository.murmur.name secret_name = "AZURE_CLIENT_SECRET" plaintext_value = azuread_service_principal_password.github_actions.value } diff --git a/terraform/layers/azure-keyvault/keyvault_secrets.tf b/terraform/layers/azure-keyvault/keyvault_secrets.tf index dcc1a3eb..bd70f0d7 100644 --- a/terraform/layers/azure-keyvault/keyvault_secrets.tf +++ b/terraform/layers/azure-keyvault/keyvault_secrets.tf @@ -1,18 +1,18 @@ -resource "azurerm_resource_group" "whisper" { - name = "whisper" +resource "azurerm_resource_group" "murmur" { + name = "murmur" location = "West Europe" } -// We have multiple Key Vaults because whisper supports fetching secrets from +// We have multiple Key Vaults because murmur supports fetching secrets from // multiple Key Vaults at once. -resource "azurerm_key_vault" "whisper" { +resource "azurerm_key_vault" "murmur" { for_each = toset(["alpha", "bravo"]) - name = "whisper-${each.key}" + name = "murmur-${each.key}" tenant_id = data.azurerm_client_config.current.tenant_id - location = azurerm_resource_group.whisper.location - resource_group_name = azurerm_resource_group.whisper.name + location = azurerm_resource_group.murmur.location + resource_group_name = azurerm_resource_group.murmur.name soft_delete_retention_days = 7 enable_rbac_authorization = true @@ -20,15 +20,15 @@ resource "azurerm_key_vault" "whisper" { sku_name = "standard" } -// This secret has multiple versions because whisper supports fetching any -// version of a secret. The secret's version IDs are hard-coded in whisper's +// This secret has multiple versions because murmur supports fetching any +// version of a secret. The secret's version IDs are hard-coded in murmur's // end-to-end tests. resource "azurerm_key_vault_secret" "example" { - for_each = azurerm_key_vault.whisper + for_each = azurerm_key_vault.murmur name = "secret-sauce" value = "szechuan" // Was previously applied with value "ketchup". - key_vault_id = azurerm_key_vault.whisper[each.key].id + key_vault_id = azurerm_key_vault.murmur[each.key].id depends_on = [ azurerm_role_assignment.keyvault_admin, @@ -36,21 +36,21 @@ resource "azurerm_key_vault_secret" "example" { } // Infrastructure is managed by @busser. To date, he is the only person with -// write access to cloud resources used by whisper. +// write access to cloud resources used by murmur. resource "azurerm_role_assignment" "keyvault_admin" { - for_each = azurerm_key_vault.whisper + for_each = azurerm_key_vault.murmur - scope = azurerm_key_vault.whisper[each.key].id + scope = azurerm_key_vault.murmur[each.key].id principal_id = data.azurerm_client_config.current.object_id role_definition_name = "Key Vault Administrator" } // The repository's continuous integrations pipelines read secrets from our Key -// Vaults when running whisper's end-to-end tests. +// Vaults when running murmur's end-to-end tests. resource "azurerm_role_assignment" "github_actions" { - for_each = azurerm_key_vault.whisper + for_each = azurerm_key_vault.murmur - scope = azurerm_key_vault.whisper[each.key].id + scope = azurerm_key_vault.murmur[each.key].id principal_id = azuread_service_principal.github_actions.object_id role_definition_name = "Key Vault Secrets User" } diff --git a/terraform/layers/bootstrap/state-bucket.tf b/terraform/layers/bootstrap/state-bucket.tf index 8335c472..f4030bc1 100644 --- a/terraform/layers/bootstrap/state-bucket.tf +++ b/terraform/layers/bootstrap/state-bucket.tf @@ -1,7 +1,7 @@ # Other Terraform layers' state is stored in this bucket. Each layer should use # a different sub-path. resource "scaleway_object_bucket" "terraform_state" { - name = "b4r-whisper-tfstate" + name = "busser-murmur-tfstate" versioning { enabled = true } diff --git a/terraform/layers/bootstrap/terraform.tfstate b/terraform/layers/bootstrap/terraform.tfstate index db9391d3..ac3bb4ec 100644 --- a/terraform/layers/bootstrap/terraform.tfstate +++ b/terraform/layers/bootstrap/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, - "terraform_version": "1.2.6", - "serial": 5, + "terraform_version": "1.4.6", + "serial": 11, "lineage": "891a092d-d945-9809-28a0-4f40f90dbd55", "outputs": {}, "resources": [ @@ -16,11 +16,12 @@ "attributes": { "acl": "private", "cors_rule": [], - "endpoint": "https://b4r-whisper-tfstate.s3.fr-par.scw.cloud", + "endpoint": "https://busser-murmur-tfstate.s3.fr-par.scw.cloud", "force_destroy": false, - "id": "fr-par/b4r-whisper-tfstate", + "id": "fr-par/busser-murmur-tfstate", "lifecycle_rule": [], - "name": "b4r-whisper-tfstate", + "name": "busser-murmur-tfstate", + "object_lock_enabled": false, "region": "fr-par", "tags": {}, "timeouts": null, @@ -35,5 +36,6 @@ } ] } - ] + ], + "check_results": null } diff --git a/terraform/layers/gcp-secret-manager/_providers.tf b/terraform/layers/gcp-secret-manager/_providers.tf index b8459131..269c7cde 100644 --- a/terraform/layers/gcp-secret-manager/_providers.tf +++ b/terraform/layers/gcp-secret-manager/_providers.tf @@ -5,7 +5,7 @@ # The "google" provider enables us to provision cloud resources on Google Cloud # Platform. provider "google" { - project = "whisper-tests" + project = "murmur-tests" region = "europe-west9" } @@ -13,7 +13,7 @@ provider "google" { # that are still in beta. The use of beta features should generally be kept to a # minimum, but Google's betas are overall very stable. provider "google-beta" { - project = "whisper-tests" + project = "murmur-tests" region = "europe-west9" } diff --git a/terraform/layers/gcp-secret-manager/_settings.tf b/terraform/layers/gcp-secret-manager/_settings.tf index 8214259e..d08299a1 100644 --- a/terraform/layers/gcp-secret-manager/_settings.tf +++ b/terraform/layers/gcp-secret-manager/_settings.tf @@ -16,7 +16,7 @@ terraform { # For more information on state backends: https://www.terraform.io/docs/language/settings/backends/index.html # For more information on the "s3" backend: https://www.terraform.io/docs/language/settings/backends/s3.html backend "s3" { - bucket = "b4r-whisper-tfstate" + bucket = "busser-murmur-tfstate" key = "gcp-secret-manager" region = "fr-par" endpoint = "https://s3.fr-par.scw.cloud" diff --git a/terraform/layers/gcp-secret-manager/github_actions.tf b/terraform/layers/gcp-secret-manager/github_actions.tf index f3defd94..13e4dbed 100644 --- a/terraform/layers/gcp-secret-manager/github_actions.tf +++ b/terraform/layers/gcp-secret-manager/github_actions.tf @@ -11,7 +11,7 @@ resource "google_secret_manager_secret_iam_member" "github_actions_access_secret member = "serviceAccount:${google_service_account.github_actions.email}" } -# We use workload identity to enable keyless authentication from whisper's +# We use workload identity to enable keyless authentication from murmur's # Github Actions workflows. resource "google_iam_workload_identity_pool" "default" { provider = google-beta @@ -38,11 +38,11 @@ resource "google_iam_workload_identity_pool_provider" "github_oidc" { } } -# Whisper's Github Actions workflows use a dedicated Google service account +# Murmur's Github Actions workflows use a dedicated Google service account # to interact with the Google API and access secret versions. resource "google_service_account_iam_member" "github_actions_workload_identity" { service_account_id = google_service_account.github_actions.id role = "roles/iam.workloadIdentityUser" - member = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.default.name}/attribute.repository/busser/whisper" + member = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.default.name}/attribute.repository/busser/murmur" } diff --git a/terraform/layers/scw-secret-manager/_settings.tf b/terraform/layers/scw-secret-manager/_settings.tf index 9e2c537b..d075b2b3 100644 --- a/terraform/layers/scw-secret-manager/_settings.tf +++ b/terraform/layers/scw-secret-manager/_settings.tf @@ -16,7 +16,7 @@ terraform { # For more information on state backends: https://www.terraform.io/docs/language/settings/backends/index.html # For more information on the "s3" backend: https://www.terraform.io/docs/language/settings/backends/s3.html backend "s3" { - bucket = "b4r-whisper-tfstate" + bucket = "busser-murmur-tfstate" key = "scw-secret-manager" region = "fr-par" endpoint = "https://s3.fr-par.scw.cloud" diff --git a/terraform/layers/scw-secret-manager/github_actions.tf b/terraform/layers/scw-secret-manager/github_actions.tf index f64475b7..95f348fb 100644 --- a/terraform/layers/scw-secret-manager/github_actions.tf +++ b/terraform/layers/scw-secret-manager/github_actions.tf @@ -3,13 +3,13 @@ data "scaleway_account_project" "current" { } resource "scaleway_iam_application" "github_actions" { - name = "whisper-github-actions" - description = "Github Actions (busser/whisper)" + name = "murmur-github-actions" + description = "Github Actions (busser/murmur)" } resource "scaleway_iam_api_key" "github_actions" { application_id = scaleway_iam_application.github_actions.id - description = "Used by Github Actions (busser/whisper)" + description = "Used by Github Actions (busser/murmur)" } resource "scaleway_iam_group" "secrets_readers" { @@ -41,20 +41,20 @@ resource "scaleway_iam_policy" "secrets_readers" { // The necessary credentials are stored in this repository's Github Actions // secrets. Pipelines use these secrets to set environment variables used by -// whisper. +// murmur. -data "github_repository" "whisper" { - name = "whisper" +data "github_repository" "murmur" { + name = "murmur" } resource "github_actions_secret" "access_key" { - repository = data.github_repository.whisper.name + repository = data.github_repository.murmur.name secret_name = "SCW_ACCESS_KEY" plaintext_value = scaleway_iam_api_key.github_actions.access_key } resource "github_actions_secret" "secret_key" { - repository = data.github_repository.whisper.name + repository = data.github_repository.murmur.name secret_name = "SCW_SECRET_KEY" plaintext_value = scaleway_iam_api_key.github_actions.secret_key }