analytics-platform-common-concourse-tasks's Introduction

Useful tasks

decrypt-gitcrypt.yaml DEPRECATED This functionality is provided by the git resource.
ec2-metadata.yaml Fetches AWS credentials from the EC2 instance metadata and saves it in a credentials.json file
extract-release-tarball.yaml Extracts a Github release asset tarball into a specified directory
get-iam-role.yaml Accesses the Control Panel API and fetches the IAM role name for an app associated with a specified Github repository URL
parse-deploy-file.yaml Parses the deploy.json file users must create in their app repositories and outputs configuration ready to be passed to Helm values command line arguments
webapp-docker-image.yaml Allows building and pushing a Docker image to a specified Docker repository, without having to specify the repository URL and credentials before build-time.

analytics-platform-common-concourse-tasks's People

Contributors

Watchers

analytics-platform-common-concourse-tasks's Issues

Default branch is not main

Hi there
The default branch for this repository is not set to main
See repository settings/settings/branches to rename the default branch to main and ensure the Branch protection rules is set to main as well
See the repository standards: https://github.com/ministryofjustice/github-repository-standards
See the report: https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/github_repositories
Please contact Operations Engineering on Slack #ask-operations-engineering, if you need any assistance

diff-iam-policy needs to account for concourse adding params to policies

concourse-task

Example:

airflow-xhibit-ap
airflow_xhibit_etl
Change in iam_policy.json
--- current.json
+++ new.json
@@ -230,20 +230,6 @@
         "arn:aws:s3:::test_bucket_read_only"
       ],
       "Sid": "list"
-    },
-    {
-      "Action": [
-        "ssm:GetParameter",
-        "ssm:GetParameters",
-        "ssm:GetParameterHistory"
-      ],
-      "Condition": {
-        "StringNotLike": {
-          "ssm:resourceTag/role": "airflow_xhibit_etl"
-        }
-      },
-      "Effect": "Deny",
-      "Resource": "arn:aws:ssm:*::parameter/*"
     }
   ],
   "Version": "2012-10-17"

Because parameter actions are added onto the IAM policy this task will always show a failure due to it being different from the iam policy in the repo.

Recommend Projects