Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework to allow for specific access to only selected assessment environments #29

Merged
merged 4 commits into from
Oct 10, 2024
Merged

Rework to allow for specific access to only selected assessment environments #29

merged 4 commits into from
Oct 10, 2024

Conversation

jsf9k
Copy link
Member

@jsf9k jsf9k commented Oct 8, 2024
edited
Loading

🗣 Description

This pull request reworks the Terraform code to allow for some users having specific access to only selected assessment environments.

💭 Motivation and context

Some assessors need to be able to redeploy their own assessment environments, but they should not be allowed to touch others' assessment environments; therefore, these assessors should not have general access to the Terraform S3 backend bucket and DynamoDB lock table.

🧪 Testing

All automated tests pass.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
  • All new and existing tests pass.

@jsf9k
Add necessary policies to support user with and without general TF ba…
1bad00b 
…ckend access

Also create separate groups for the two cases.
@jsf9k
Update users variable to include information about which group user s…
8237dc3 
…hould be added to

The user will be given genreal TF backend access if and only if the
backend_access key in the corresponding map in var.users is true.
@jsf9k
Update outputs for recent changes
ea86a0a 
Also update the terraform-docs output in README.md in accordance with
recent changes.
@jsf9k jsf9k added breaking change This issue or pull request involves changes to existing functionality documentation This issue or pull request improves or adds to documentation improvement This issue or pull request will add or improve functionality, maintainability, or ease of use terraform Pull requests that update Terraform code hacktoberfest-accepted Pull request that should count toward Hacktoberfest participation labels Oct 8, 2024
@jsf9k jsf9k self-assigned this Oct 8, 2024
@jsf9k jsf9k marked this pull request as ready for review October 10, 2024 14:25
dav3r
dav3r approved these changes Oct 10, 2024
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 👍

@jsf9k jsf9k requested a review from a team October 10, 2024 15:48
@jsf9k jsf9k merged commit 371d552 into develop Oct 10, 2024
4 checks passed
@jsf9k jsf9k deleted the feature/rework-for-env-specific-access branch October 10, 2024 17:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dav3r dav3r dav3r approved these changes

@dv4harr10 dv4harr10 dv4harr10 approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

Assignees

@jsf9k jsf9k

Labels
breaking change This issue or pull request involves changes to existing functionality documentation This issue or pull request improves or adds to documentation hacktoberfest-accepted Pull request that should count toward Hacktoberfest participation improvement This issue or pull request will add or improve functionality, maintainability, or ease of use terraform Pull requests that update Terraform code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsf9k @dav3r @dv4harr10