Skip to content

Commit

Permalink
feat(infra): using infra-libs repo
Browse files Browse the repository at this point in the history
  • Loading branch information
@lucianHymer
lucianHymer committed Jul 24, 2024
1 parent 5eab7ed commit 6aa9442
Show file tree
Hide file tree
Showing 4 changed files with 122 additions and 173 deletions.
54 changes: 30 additions & 24 deletions infra/aws/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,10 @@ import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as op from "@1password/op-js";

import {
getEnvironmentVars,
syncSecretsAndGetRefs,
sortByName,
} from "./secrets";
import { secretsManager } from "infra-libs";

const stack = pulumi.getStack();

export const SCROLL_SECRETS_ARN = op.read.parse(
`op://DevOps/passport-scroll-badge-service-${stack}-env/ci/SCROLL_SECRETS_ARN`
);
export const ROUTE53_DOMAIN = op.read.parse(
`op://DevOps/passport-scroll-badge-service-${stack}-env/ci/ROUTE53_DOMAIN`
);
Expand Down Expand Up @@ -43,6 +36,14 @@ const logsRetention = Object({
production: 30,
});

const scrollSecret = new aws.secretsmanager.Secret("scroll-secrets", {
name: `scroll-secrets`,
description: "Scroll Badge Service Secrets",
tags: {
...defaultTags,
},
});

const coreInfraStack = new pulumi.StackReference(`gitcoin/core-infra/${stack}`);
const snsAlertsTopicArn = coreInfraStack.getOutput("snsAlertsTopicArn");
const passportInfraStack = new pulumi.StackReference(
Expand All @@ -66,23 +67,28 @@ const passwordManagerParams = {
section: "service",
};

const scrollBadgeServiceSecretReferences = syncSecretsAndGetRefs({
...passwordManagerParams,
targetSecretArn: SCROLL_SECRETS_ARN,
});

const secrets = [
...scrollBadgeServiceSecretReferences,
const scrollBadgeServiceSecretReferences = secretsManager.syncSecretsAndGetRefs(
{
name: "SCROLL_BADGE_ATTESTATION_SIGNER_PRIVATE_KEY",
valueFrom: `${VC_SECRETS_ARN}:SCROLL_BADGE_ATTESTATION_SIGNER_PRIVATE_KEY::`,
},
].sort(sortByName);
...passwordManagerParams,
secretVersionName: "scroll-badge-service-secret-version",
targetSecret: scrollSecret,
}
);

const secrets = scrollBadgeServiceSecretReferences.apply((refs) =>
[
...refs,
{
name: "SCROLL_BADGE_ATTESTATION_SIGNER_PRIVATE_KEY",
valueFrom: `${VC_SECRETS_ARN}:SCROLL_BADGE_ATTESTATION_SIGNER_PRIVATE_KEY::`,
},
].sort(secretsManager.sortByName)
);

const environment = getEnvironmentVars(passwordManagerParams);
const environment = secretsManager.getEnvironmentVars(passwordManagerParams);

const serviceRole = new aws.iam.Role("scroll-badge-ecs-role", {
assumeRolePolicy: JSON.stringify({
assumeRolePolicy: pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [
{
Expand All @@ -98,13 +104,13 @@ const serviceRole = new aws.iam.Role("scroll-badge-ecs-role", {
inlinePolicies: [
{
name: "allow_iam_secrets_access",
policy: JSON.stringify({
policy: pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [
{
Action: ["secretsmanager:GetSecretValue"],
Effect: "Allow",
Resource: [SCROLL_SECRETS_ARN, VC_SECRETS_ARN],
Resource: [scrollSecret.arn, VC_SECRETS_ARN],
},
],
}),
Expand Down Expand Up @@ -239,7 +245,7 @@ const albListenerRule = new aws.lb.ListenerRule(`scroll-badge-service-https`, {
const service_data = DOCKER_SCROLL_SERVICE_IMAGE.apply((drk_image) => {
const taskDefinition = new aws.ecs.TaskDefinition(`scroll-badge-service-td`, {
family: `scroll-badge-service-td`,
containerDefinitions: JSON.stringify([
containerDefinitions: pulumi.jsonStringify([
{
name: "scroll-badge-service",
image: drk_image,
Expand Down
101 changes: 0 additions & 101 deletions infra/aws/secrets.ts
View file

This file was deleted.

Loading

0 comments on commit 6aa9442

Please sign in to comment.