Skip to content

Commit

Permalink
feat: DBTP-1687 Reduce length of artifact and KMS key names (#323)
Browse files Browse the repository at this point in the history
  • Loading branch information
tony-griffin authored Jan 30, 2025
1 parent e9bd6cf commit 0b5241b
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 15 deletions.
4 changes: 2 additions & 2 deletions codebase-pipelines/artifactstore.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ resource "aws_s3_bucket" "artifact_store" {
# checkov:skip=CKV2_AWS_62: It's just a pipeline artifacts bucket, event notifications are not needed.
# checkov:skip=CKV_AWS_21: It's just a pipeline artifacts bucket, versioning is not needed.
# checkov:skip=CKV_AWS_18: It's just a pipeline artifacts bucket, access logging is not needed.
bucket = "${var.application}-${var.codebase}-codebase-pipeline-artifact-store"
bucket = "${var.application}-${var.codebase}-cb-arts"

tags = local.tags
}
Expand Down Expand Up @@ -96,7 +96,7 @@ resource "aws_kms_key" "artifact_store_kms_key" {

resource "aws_kms_alias" "artifact_store_kms_alias" {
depends_on = [aws_kms_key.artifact_store_kms_key]
name = "alias/${var.application}-${var.codebase}-codebase-pipeline-artifact-store-key"
name = "alias/${var.application}-${var.codebase}-cb-arts-key"
target_key_id = aws_kms_key.artifact_store_kms_key.id
}

Expand Down
20 changes: 10 additions & 10 deletions codebase-pipelines/tests/unit.tftest.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -147,12 +147,12 @@ run "test_artifact_store" {
command = plan

assert {
condition = aws_s3_bucket.artifact_store.bucket == "my-app-my-codebase-codebase-pipeline-artifact-store"
error_message = "Should be: my-app-my-codebase-codebase-pipeline-artifact-store"
condition = aws_s3_bucket.artifact_store.bucket == "my-app-my-codebase-cb-arts"
error_message = "Should be: my-app-my-codebase-cb-arts"
}
assert {
condition = aws_kms_alias.artifact_store_kms_alias.name == "alias/my-app-my-codebase-codebase-pipeline-artifact-store-key"
error_message = "Should be: alias/my-app-my-codebase-codebase-pipeline-artifact-store-key"
condition = aws_kms_alias.artifact_store_kms_alias.name == "alias/my-app-my-codebase-cb-arts-key"
error_message = "Should be: alias/my-app-my-codebase-cb-arts-key"
}
assert {
condition = [for el in data.aws_iam_policy_document.artifact_store_bucket_policy.statement[0].condition : el.variable][0] == "aws:SecureTransport"
Expand Down Expand Up @@ -809,8 +809,8 @@ run "test_codebuild_deploy" {
error_message = "Should be: 'S3'"
}
assert {
condition = one(aws_codebuild_project.codebase_deploy.cache).location == "my-app-my-codebase-codebase-pipeline-artifact-store"
error_message = "Should be: 'my-app-my-codebase-codebase-pipeline-artifact-store'"
condition = one(aws_codebuild_project.codebase_deploy.cache).location == "my-app-my-codebase-cb-arts"
error_message = "Should be: 'my-app-my-codebase-cb-arts'"
}
assert {
condition = one(aws_codebuild_project.codebase_deploy.environment).compute_type == "BUILD_GENERAL1_SMALL"
Expand Down Expand Up @@ -900,8 +900,8 @@ run "test_main_pipeline" {
error_message = "Should be: 'Tagged image in ECR to deploy'"
}
assert {
condition = tolist(aws_codepipeline.codebase_pipeline[0].artifact_store)[0].location == "my-app-my-codebase-codebase-pipeline-artifact-store"
error_message = "Should be: 'my-app-my-codebase-codebase-pipeline-artifact-store'"
condition = tolist(aws_codepipeline.codebase_pipeline[0].artifact_store)[0].location == "my-app-my-codebase-cb-arts"
error_message = "Should be: 'my-app-my-codebase-cb-arts'"
}
assert {
condition = tolist(aws_codepipeline.codebase_pipeline[0].artifact_store)[0].type == "S3"
Expand Down Expand Up @@ -1192,8 +1192,8 @@ run "test_manual_release_pipeline" {
error_message = "Should be: 'Name of the environment to deploy to'"
}
assert {
condition = tolist(aws_codepipeline.manual_release_pipeline.artifact_store)[0].location == "my-app-my-codebase-codebase-pipeline-artifact-store"
error_message = "Should be: 'my-app-my-codebase-codebase-pipeline-artifact-store'"
condition = tolist(aws_codepipeline.manual_release_pipeline.artifact_store)[0].location == "my-app-my-codebase-cb-arts"
error_message = "Should be: 'my-app-my-codebase-cb-arts'"
}
assert {
condition = tolist(aws_codepipeline.manual_release_pipeline.artifact_store)[0].type == "S3"
Expand Down
4 changes: 2 additions & 2 deletions extensions/iam.tf
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,8 @@ data "aws_iam_policy_document" "artifact_store_access" {
"s3:PutObject",
]
resources = [
"arn:aws:s3:::${var.args.application}-*-codebase-pipeline-artifact-store/*",
"arn:aws:s3:::${var.args.application}-*-codebase-pipeline-artifact-store"
"arn:aws:s3:::${var.args.application}-*-cb-arts/*",
"arn:aws:s3:::${var.args.application}-*-cb-arts"
]
}

Expand Down
2 changes: 1 addition & 1 deletion extensions/tests/unit.tftest.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -441,7 +441,7 @@ run "codebase_deploy_iam_test" {
error_message = "Unexpected actions"
}
assert {
condition = data.aws_iam_policy_document.artifact_store_access.statement[0].resources == toset(["arn:aws:s3:::test-application-*-codebase-pipeline-artifact-store", "arn:aws:s3:::test-application-*-codebase-pipeline-artifact-store/*"])
condition = data.aws_iam_policy_document.artifact_store_access.statement[0].resources == toset(["arn:aws:s3:::test-application-*-cb-arts", "arn:aws:s3:::test-application-*-cb-arts/*"])
error_message = "Unexpected resources"
}
assert {
Expand Down

0 comments on commit 0b5241b

Please sign in to comment.