Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add yellow-fever to supported pathogen repos #33

Merged
merged 1 commit into from
Nov 26, 2024
Merged

Add yellow-fever to supported pathogen repos #33

merged 1 commit into from
Nov 26, 2024

Conversation

genehack
Copy link
Contributor

Description of proposed changes

As part of nextstrain/yellow-fever#2, add yellow-fever to the pathogen repo list.

Related issue(s)

nextstrain/yellow-fever#2

Checklist

  • Checks pass

@genehack
Copy link
Contributor Author

Terraform wants to make these changes:

Terraform will perform the following actions:

  # aws_iam_policy.NextstrainPathogen["yellow-fever"] will be created
  + resource "aws_iam_policy" "NextstrainPathogen" {
      + arn         = (known after apply)
      + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen"
      + id          = (known after apply)
      + name        = "NextstrainPathogen@yellow-fever"
      + name_prefix = (known after apply)
      + path        = "/"
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = [
                          + "s3:ListBucket",
                          + "s3:ListBucketVersions",
                          + "s3:GetBucketLocation",
                          + "s3:GetBucketVersioning",
                        ]
                      + Condition = {
                          + StringLike = {
                              + "s3:prefix" = [
                                  + "yellow-fever.json",
                                  + "yellow-fever_*.json",
                                  + "files/workflows/yellow-fever/*",
                                  + "files/datasets/yellow-fever/*",
                                ]
                            }
                        }
                      + Effect    = "Allow"
                      + Resource  = [
                          + "arn:aws:s3:::nextstrain-data",
                          + "arn:aws:s3:::nextstrain-staging",
                        ]
                      + Sid       = "List"
                    },
                  + {
                      + Action    = [
                          + "s3:ListBucket",
                          + "s3:ListBucketVersions",
                          + "s3:GetBucketLocation",
                          + "s3:GetBucketVersioning",
                        ]
                      + Condition = {
                          + StringLike = {
                              + "s3:prefix" = [
                                  + "trial_*_yellow-fever.json",
                                  + "trial_*_yellow-fever_*.json",
                                ]
                            }
                        }
                      + Effect    = "Allow"
                      + Resource  = [
                          + "arn:aws:s3:::nextstrain-staging",
                        ]
                      + Sid       = "ListStagingTrials"
                    },
                  + {
                      + Action    = [
                          + "s3:ListBucket",
                          + "s3:ListBucketVersions",
                          + "s3:GetBucketLocation",
                          + "s3:GetBucketVersioning",
                        ]
                      + Condition = {
                          + StringLike = {
                              + "s3:prefix" = [
                                  + "files/workflows/yellow-fever/*",
                                  + "files/datasets/yellow-fever/*",
                                ]
                            }
                        }
                      + Effect    = "Allow"
                      + Resource  = [
                          + "arn:aws:s3:::nextstrain-data-private",
                        ]
                      + Sid       = "ListPrivate"
                    },
                  + {
                      + Action   = [
                          + "s3:GetObject",
                          + "s3:GetObjectTagging",
                          + "s3:GetObjectVersion",
                          + "s3:GetObjectVersionTagging",
                          + "s3:PutObject",
                          + "s3:PutObjectTagging",
                          + "s3:DeleteObject",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:s3:::nextstrain-data/yellow-fever.json",
                          + "arn:aws:s3:::nextstrain-data/yellow-fever_*.json",
                          + "arn:aws:s3:::nextstrain-staging/yellow-fever.json",
                          + "arn:aws:s3:::nextstrain-staging/yellow-fever_*.json",
                          + "arn:aws:s3:::nextstrain-staging/trial_*_yellow-fever.json",
                          + "arn:aws:s3:::nextstrain-staging/trial_*_yellow-fever_*.json",
                          + "arn:aws:s3:::nextstrain-data/files/workflows/yellow-fever/*",
                          + "arn:aws:s3:::nextstrain-data/files/datasets/yellow-fever/*",
                          + "arn:aws:s3:::nextstrain-data-private/files/workflows/yellow-fever/*",
                          + "arn:aws:s3:::nextstrain-data-private/files/datasets/yellow-fever/*",
                          + "arn:aws:s3:::nextstrain-staging/files/workflows/yellow-fever/*",
                          + "arn:aws:s3:::nextstrain-staging/files/datasets/yellow-fever/*",
                        ]
                      + Sid      = "ReadWrite"
                    },
                  + {
                      + Action   = [
                          + "cloudfront:ListDistributions",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = "CloudFrontList"
                    },
                  + {
                      + Action   = [
                          + "cloudfront:CreateInvalidation",
                          + "cloudfront:GetInvalidation",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:cloudfront::827581582529:distribution/E3LB0EWZKCCV",
                          + "arn:aws:cloudfront::827581582529:distribution/E3L83FTHWUN0BV",
                        ]
                      + Sid      = "CloudFrontReadWrite"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id   = (known after apply)
      + tags_all    = (known after apply)
    }

  # aws_iam_role.GitHubActionsRoleNextstrainBatchJobs will be updated in-place
  ~ resource "aws_iam_role" "GitHubActionsRoleNextstrainBatchJobs" {
      ~ assume_role_policy    = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Condition = {
                          ~ StringLike = {
                              ~ "token.actions.githubusercontent.com:sub" = [
                                    # (15 unchanged elements hidden)
                                    "repo:nextstrain/seasonal-flu:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*",
                                  + "repo:nextstrain/yellow-fever:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*",
                                    "repo:nextstrain/zika:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*",
                                    # (1 unchanged element hidden)
                                ]
                                # (1 unchanged attribute hidden)
                            }
                        }
                        # (3 unchanged attributes hidden)
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        id                    = "GitHubActionsRoleNextstrainBatchJobs"
        name                  = "GitHubActionsRoleNextstrainBatchJobs"
        tags                  = {}
        # (10 unchanged attributes hidden)
    }

  # aws_iam_role.GitHubActionsRoleNextstrainRepo["yellow-fever"] will be created
  + resource "aws_iam_role" "GitHubActionsRoleNextstrainRepo" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRoleWithWebIdentity"
                      + Condition = {
                          + StringLike = {
                              + "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com"
                              + "token.actions.githubusercontent.com:sub" = "repo:nextstrain/yellow-fever:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*"
                            }
                        }
                      + Effect    = "Allow"
                      + Principal = {
                          + Federated = "arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + description           = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen to select repos and select GitHub Actions OIDC workflows."
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 43200
      + name                  = "GitHubActionsRoleNextstrainRepo@yellow-fever"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + role_last_used        = (known after apply)
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {}
    }

  # github_actions_repository_oidc_subject_claim_customization_template.nextstrain["yellow-fever"] will be created
  + resource "github_actions_repository_oidc_subject_claim_customization_template" "nextstrain" {
      + id                 = (known after apply)
      + include_claim_keys = [
          + "repo",
          + "context",
          + "job_workflow_ref",
        ]
      + repository         = "yellow-fever"
      + use_default        = false
    }

  # github_repository_topics.pathogen["yellow-fever"] will be created
  + resource "github_repository_topics" "pathogen" {
      + id         = (known after apply)
      + repository = "yellow-fever"
      + topics     = [
          + "nextstrain",
          + "pathogen",
        ]
    }

Plan: 4 to add, 1 to change, 0 to destroy.

@genehack genehack mentioned this pull request Nov 21, 2024
Merged
1 task
@genehack genehack merged commit 49842f9 into main Nov 26, 2024
1 check passed
@genehack genehack deleted the add-yellow-fever branch November 26, 2024 18:23
@genehack
Copy link
Contributor Author

These changes were applied, with the following output:

> terraform -chdir=env/production apply plan
Acquiring state lock. This may take a few moments...
github_actions_repository_oidc_subject_claim_customization_template.nextstrain["yellow-fever"]: Creating...
github_repository_topics.pathogen["yellow-fever"]: Creating...
aws_iam_policy.NextstrainPathogen["yellow-fever"]: Creating...
aws_iam_role.GitHubActionsRoleNextstrainBatchJobs: Modifying... [id=GitHubActionsRoleNextstrainBatchJobs]
aws_iam_policy.NextstrainPathogen["yellow-fever"]: Creation complete after 2s [id=arn:aws:iam::827581582529:policy/NextstrainPathogen@yellow-fever]
aws_iam_role.GitHubActionsRoleNextstrainRepo["yellow-fever"]: Creating...
aws_iam_role.GitHubActionsRoleNextstrainBatchJobs: Modifications complete after 2s [id=GitHubActionsRoleNextstrainBatchJobs]
github_actions_repository_oidc_subject_claim_customization_template.nextstrain["yellow-fever"]: Creation complete after 2s [id=yellow-fever]
github_repository_topics.pathogen["yellow-fever"]: Creation complete after 3s [id=yellow-fever]
aws_iam_role.GitHubActionsRoleNextstrainRepo["yellow-fever"]: Creation complete after 1s [id=GitHubActionsRoleNextstrainRepo@yellow-fever]
Releasing state lock. This may take a few moments...

Apply complete! Resources: 4 added, 1 changed, 0 destroyed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joverlee521 joverlee521 joverlee521 approved these changes

@tsibley tsibley Awaiting requested review from tsibley

@victorlin victorlin Awaiting requested review from victorlin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@genehack @joverlee521