Skip to content

Commit

Permalink
may whitespace aid not hinder comprehension
Browse files Browse the repository at this point in the history
  • Loading branch information
casperdcl committed Mar 17, 2022
1 parent b74a784 commit 802da6a
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 32 deletions.
3 changes: 0 additions & 3 deletions docs/guides/permissions/aws/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,9 @@ provider "aws" {
resource "aws_iam_user" "task" {
name = "task"
}

resource "aws_iam_access_key" "task" {
user = aws_iam_user.task.name
}

resource "aws_iam_user_policy" "task" {
name = aws_iam_user.task.name
user = aws_iam_user.task.name
Expand Down Expand Up @@ -77,7 +75,6 @@ data "aws_iam_policy_document" "task" {
output "aws_access_key_id" {
value = aws_iam_access_key.task.id
}

output "aws_secret_access_key" {
value = aws_iam_access_key.task.secret
sensitive = true
Expand Down
9 changes: 0 additions & 9 deletions docs/guides/permissions/az/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,30 +6,25 @@ terraform {
}

provider "azuread" {}

provider "azurerm" {
features {}
}

data "azuread_client_config" "current" {}

data "azurerm_subscription" "current" {}

resource "azuread_application" "task" {
display_name = "task"
owners = [data.azuread_client_config.current.object_id]
}

resource "azuread_application_password" "task" {
application_object_id = azuread_application.task.object_id
}

resource "azuread_service_principal" "task" {
application_id = azuread_application.task.application_id
app_role_assignment_required = false
owners = [data.azuread_client_config.current.object_id]
}

resource "azurerm_role_definition" "task" {
name = azuread_application.task.display_name
scope = data.azurerm_subscription.current.id
Expand Down Expand Up @@ -88,7 +83,6 @@ resource "azurerm_role_definition" "task" {
]
}
}

resource "azurerm_role_assignment" "task" {
name = azurerm_role_definition.task.name
principal_id = azuread_service_principal.task.object_id
Expand All @@ -99,15 +93,12 @@ resource "azurerm_role_assignment" "task" {
output "azure_subscription_id" {
value = basename(data.azurerm_subscription.current.id)
}

output "azure_tenant_id" {
value = data.azurerm_subscription.current.tenant_id
}

output "azure_client_id" {
value = azuread_application.task.application_id
}

output "azure_client_secret" {
value = azuread_application_password.task.value
sensitive = true
Expand Down
3 changes: 0 additions & 3 deletions docs/guides/permissions/gcp/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,14 @@ data "google_project" "current" {}
resource "google_service_account" "task" {
account_id = "task-service-account"
}

resource "google_service_account_key" "task" {
service_account_id = google_service_account.task.email
}

resource "google_project_iam_binding" "task" {
project = data.google_project.current.project_id
role = "projects/${data.google_project.current.project_id}/roles/${google_project_iam_custom_role.task.role_id}"
members = ["serviceAccount:${google_service_account.task.email}"]
}

resource "google_project_iam_custom_role" "task" {
role_id = replace("${google_service_account.task.account_id}-role", "-", "_")
title = replace("${google_service_account.task.account_id}-role", "-", "_")
Expand Down
23 changes: 6 additions & 17 deletions docs/guides/permissions/k8s/kubeconfig.sh
Original file line number Diff line number Diff line change
@@ -1,21 +1,9 @@
#!/bin/bash
set -euxo pipefail
SERVER="$(
kubectl config view --raw --flatten --output \
jsonpath='{.clusters[0].cluster.server}'
)"
AUTHORITY="$(
kubectl config view --raw --flatten --output \
jsonpath='{.clusters[0].cluster.certificate-authority-data}'
)"
SECRET="$(
kubectl get serviceaccount task --output \
jsonpath="{.secrets[0].name}"
)"
TOKEN="$(
kubectl get secret "$SECRET" --output \
jsonpath="{.data.token}" | base64 --decode
)"
SERVER="$(kubectl config view --raw --flatten --output jsonpath='{.clusters[0].cluster.server}')"
AUTHORITY="$(kubectl config view --raw --flatten --output jsonpath='{.clusters[0].cluster.certificate-authority-data}')"
SECRET="$(kubectl get serviceaccount task --output jsonpath="{.secrets[0].name}")"
TOKEN="$(kubectl get secret "$SECRET" --output jsonpath="{.data.token}" | base64 --decode)"
export KUBECONFIG="$(mktemp)"
{
kubectl config set-cluster cluster --server="https://$SERVER"
Expand All @@ -24,4 +12,5 @@ export KUBECONFIG="$(mktemp)"
kubectl config set-context cluster --cluster=cluster --user=task
kubectl config use-context cluster
} >/dev/null
cat "$KUBECONFIG" && rm "$KUBECONFIG"
cat "$KUBECONFIG"
rm "$KUBECONFIG"

0 comments on commit 802da6a

Please sign in to comment.