[PATCH v1 9/9] terraform: Hoist aws_profile into the terraform Kconfig

All of lore.kernel.org
 help / color / mirror / Atom feed

From: cel@kernel.org
To: <kdevops@lists.linux.dev>
Cc: Chuck Lever <chuck.lever@oracle.com>
Subject: [PATCH v1 9/9] terraform: Hoist aws_profile into the terraform Kconfig
Date: Tue, 14 Jan 2025 15:03:48 -0500	[thread overview]
Message-ID: <20250114200348.1706018-10-cel@kernel.org> (raw)
In-Reply-To: <20250114200348.1706018-1-cel@kernel.org>

From: Chuck Lever <chuck.lever@oracle.com>

Enable automation to select among several AWS profiles by storing
the AWS profile name in the kdevops Kconfig.

This allows each test runner to use a distinct IAM user. This is a
way to parallelize the workflows.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 docs/kdevops-terraform.md                      |  8 ++++----
 playbooks/roles/gen_tfvars/defaults/main.yml   |  1 +
 .../templates/aws/terraform.tfvars.j2          |  1 +
 scripts/terraform.Makefile                     |  1 +
 terraform/aws/Kconfig                          | 18 ++++++++++++++++++
 5 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/docs/kdevops-terraform.md b/docs/kdevops-terraform.md
index 1ac4d55a856f..5e5107fef73e 100644
--- a/docs/kdevops-terraform.md
+++ b/docs/kdevops-terraform.md
@@ -238,10 +238,10 @@ aws_access_key_id = SOME_ACCESS_KEY
 aws_secret_access_key = SECRET_KEY
 ```
 
-The profile above is "default", and you can multiple profiles. By default
-our Terraform's AWS vars.tf assumes ~/.aws/credentials as the default
-credentials location, and the profile as "default". If this is different
-for you, you can override with the variables:
+The profile above is "default", and you can have multiple profiles. By
+default our Terraform's AWS vars.tf assumes ~/.aws/credentials as the
+default credentials location, and the profile as "default". If this is
+different for you, you can override with the variables:
 
 ```
 aws_shared_credentials_file
diff --git a/playbooks/roles/gen_tfvars/defaults/main.yml b/playbooks/roles/gen_tfvars/defaults/main.yml
index 3eba918e84e4..8d13e04bd33a 100644
--- a/playbooks/roles/gen_tfvars/defaults/main.yml
+++ b/playbooks/roles/gen_tfvars/defaults/main.yml
@@ -17,6 +17,7 @@ terraform_private_net_enabled: "false"
 terraform_private_net_prefix: ""
 terraform_private_net_mask: 0
 
+terraform_aws_profile: "default"
 terraform_aws_region: "invalid"
 terraform_aws_av_region: "invalid"
 terraform_aws_ami_owner: "invalid"
diff --git a/playbooks/roles/gen_tfvars/templates/aws/terraform.tfvars.j2 b/playbooks/roles/gen_tfvars/templates/aws/terraform.tfvars.j2
index cce9f399ca51..cafb1b322c31 100644
--- a/playbooks/roles/gen_tfvars/templates/aws/terraform.tfvars.j2
+++ b/playbooks/roles/gen_tfvars/templates/aws/terraform.tfvars.j2
@@ -1,3 +1,4 @@
+aws_profile = "{{ terraform_aws_profile }}"
 aws_region = "{{ terraform_aws_region }}"
 aws_availability_region = "{{ terraform_aws_av_region }}"
 aws_name_search = "{{ terraform_aws_ns }}"
diff --git a/scripts/terraform.Makefile b/scripts/terraform.Makefile
index 842dd28a5c0c..888d3af88e3e 100644
--- a/scripts/terraform.Makefile
+++ b/scripts/terraform.Makefile
@@ -46,6 +46,7 @@ KDEVOPS_MRPROPER += $(KDEVOPS_NODES)
 DEFAULT_DEPS_REQS_EXTRA_VARS += $(KDEVOPS_TFVARS)
 
 ifeq (y,$(CONFIG_TERRAFORM_AWS))
+TERRAFORM_EXTRA_VARS += terraform_aws_profile=$(subst ",,$(CONFIG_TERRAFORM_AWS_PROFILE))
 TERRAFORM_EXTRA_VARS += terraform_aws_region=$(subst ",,$(CONFIG_TERRAFORM_AWS_REGION))
 TERRAFORM_EXTRA_VARS += terraform_aws_av_region=$(subst ",,$(CONFIG_TERRAFORM_AWS_AV_REGION))
 TERRAFORM_EXTRA_VARS += terraform_aws_ami_owner=$(subst ",,$(CONFIG_TERRAFORM_AWS_AMI_OWNER))
diff --git a/terraform/aws/Kconfig b/terraform/aws/Kconfig
index 18e7713105ce..1f345df57c30 100644
--- a/terraform/aws/Kconfig
+++ b/terraform/aws/Kconfig
@@ -1,5 +1,23 @@
 if TERRAFORM_AWS
 
+config TERRAFORM_AWS_PROFILE
+	prompt "AWS profile to use"
+	string
+	default "default"
+	help
+	  This option sets the value of the Terraform aws_profile
+	  variable. The AWS profile specifies an IAM user and secret
+	  key that Terraform uses to authenticate to AWS.
+
+	  AWS profiles are set up in ~/.aws/credentials using the
+	  "aws configure" command. You may also edit this file by
+	  hand, if you're daring.
+
+	  The default value of this Kconfig option selects the
+	  "default" profile, which is fine when using only a single
+	  AWS profile. Change the value of this option to select an
+	  alternate profile / login credentials.
+
 choice
 	prompt "AWS region to use"
 	default TERRAFORM_AWS_US_WEST_2
-- 
2.47.1

next prev parent reply	other threads:[~2025-01-14 20:03 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-14 20:03 [PATCH v1 0/9] Random short subjects cel
2025-01-14 20:03 ` [PATCH v1 1/9] bringup: prevent the use of vagrant cel
2025-01-14 20:03 ` [PATCH v1 2/9] Remove defconfigs/nfsd cel
2025-01-14 20:03 ` [PATCH v1 3/9] terraform/aws: Clean up a few nits cel
2025-01-14 20:03 ` [PATCH v1 4/9] Clean up task messages cel
2025-01-14 20:03 ` [PATCH v1 5/9] devconfig: Replace import_tasks with include_tasks cel
2025-01-28 13:03   ` Daniel Gomez
2025-01-28 14:20     ` Chuck Lever
2025-01-28 14:40       ` Daniel Gomez
2025-01-28 14:43         ` Chuck Lever
2025-01-14 20:03 ` [PATCH v1 6/9] terraform/aws: Enable selection of a Fedora (40) AMI cel
2025-01-14 20:03 ` [PATCH v1 7/9] terraform/aws: Add a couple more instance types cel
2025-01-14 20:03 ` [PATCH v1 8/9] terraform/aws: Add support for m7a " cel
2025-01-14 20:03 ` cel [this message]
2025-01-17 21:05 ` [PATCH v1 0/9] Random short subjects Luis Chamberlain

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1ac4d55a856 dfblob:5e5107fef73 dfblob:3eba918e84e
dfblob:8d13e04bd33 dfblob:cce9f399ca5 dfblob:cafb1b322c3
dfblob:842dd28a5c0 dfblob:888d3af88e3 dfblob:18e7713105c
dfblob:1f345df57c3 )
 OR (
bs:"[PATCH v1 9/9] terraform: Hoist aws_profile into the terraform Kconfig" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250114200348.1706018-10-cel@kernel.org \
    --to=cel@kernel.org \
    --cc=chuck.lever@oracle.com \
    --cc=kdevops@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.