Enable access via ssh-oidc and cloud.egi.eu #54

sebastian-luna-valero · 2024-07-08T11:41:40Z

Summary

Would you be happy granting access via ssh-oidc?

Is this something to consider not only for this but for other EGI managed VMs?

Related issue :

github-actions · 2024-07-08T11:43:07Z

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Show Plan

terraform
Acquiring state lock. This may take a few moments...
openstack_networking_floatingip_v2.fip: Refreshing state... [id=1a2e1285-0a20-4582-aab9-27255607a862]
openstack_compute_secgroup_v2.secgroup: Refreshing state... [id=47779555-2ce1-400c-ba68-d177683c7228]
openstack_compute_instance_v2.dashboard: Refreshing state... [id=8ef9fcce-19e4-41c6-ab03-d1730a924510]
openstack_compute_floatingip_associate_v2.fip: Refreshing state... [id=147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Warning: Deprecated Resource

  with openstack_compute_secgroup_v2.secgroup,
  on main.tf line 12, in resource "openstack_compute_secgroup_v2" "secgroup":
  12: resource "openstack_compute_secgroup_v2" "secgroup" {

use openstack_networking_secgroup_v2 resource instead

(and 3 more similar warnings elsewhere)
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

enolfc · 2024-07-08T11:43:55Z

deployment/playbook.yaml

-
+  - role: 'grycap.motley-cue'
+    ssh_oidc_my_vo: false
+    ssh_oidc_other_vos: cloud.egi.eu


can we be more specific on the role from the VO?

Checking: fedcloud-eu/vault-doc#2

is that issue related to the role restriction in motley-cue? I understand this is independent to secrets but a matter of how the entitlement is configured ssh-oidc

Yes, the variable ssh_oidc_other_vos: cloud.egi.eu in the Ansible role above will be translated into:

authorised_vos = ['urn:mace:egi.eu:group:cloud.egi.eu:role=member#aai.egi.eu']

inside a file /etc/motley_cue/motley_cue.conf on the target VM via:

https://github.com/marcvs/contextualise_ssh_server/blob/v0.8.6/contextualise_ssh_server/motley_cue.template.conf#L127

https://github.com/grycap/ansible-role-motley-cue/blob/950d21af0724550dc17dd8019165ca2a4e2a7b93/tasks/main.yml#L101-L119

https://github.com/grycap/ansible-role-motley-cue/blob/950d21af0724550dc17dd8019165ca2a4e2a7b93/tasks/main.yml#L79-L82

The solution is to configure /etc/motley_cue/motley_cue.conf on the target VM with this instead:

authorised_vos = ['urn:mace:egi.eu:group:cloud.egi.eu:role=auditor#aai.egi.eu']

I think the best way to accomplish this is to update this task in Ansible:

https://github.com/grycap/ansible-role-motley-cue/blob/950d21af0724550dc17dd8019165ca2a4e2a7b93/tasks/main.yml#L79-L82

To make the role=member#aai.egi.eu part of the entitlement configurable instead of hard coded.

What do you think?

If you agree, I will open a PR in https://github.com/grycap/ansible-role-motley-cue/

Here it is: grycap/ansible-role-motley-cue#13

Ok, I have now applied the changes required:

restrict access to members of the cloud.egi.eu VO with the auditor role.

once logged in, these members can use unrestricted sudo

Please let me know your thoughts.

…ansible-role-motley-cue#13

github-actions · 2024-09-05T13:06:53Z

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Show Plan

terraform
Acquiring state lock. This may take a few moments...
openstack_networking_floatingip_v2.fip: Refreshing state... [id=1a2e1285-0a20-4582-aab9-27255607a862]
openstack_compute_secgroup_v2.secgroup: Refreshing state... [id=47779555-2ce1-400c-ba68-d177683c7228]
openstack_compute_instance_v2.dashboard: Refreshing state... [id=8ef9fcce-19e4-41c6-ab03-d1730a924510]
openstack_compute_floatingip_associate_v2.fip: Refreshing state... [id=147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_floatingip_associate_v2.fip must be replaced
-/+ resource "openstack_compute_floatingip_associate_v2" "fip" {
      ~ id          = "147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/" -> (known after apply)
      ~ instance_id = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

  # openstack_compute_instance_v2.dashboard must be replaced
-/+ resource "openstack_compute_instance_v2" "dashboard" {
      ~ access_ip_v4        = "192.168.10.69" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2021-12-02 14:53:32 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "m1.medium" -> (known after apply)
      ~ id                  = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply)
      ~ image_name          = "Ubuntu-20.04-20211006" -> (known after apply)
        name                = "dashboard"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-04 11:45:09 +0000 UTC" -> (known after apply)
      ~ user_data           = "90023f7e1954389c6ef071f11a027c2e52481ace" -> "c593885502681cba1bb54dedb1ddf5e8fc0f433b" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.10.69" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          ~ mac            = "fa:16:3e:f7:19:1f" -> (known after apply)
          ~ name           = "private-network" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Warning: Deprecated Resource

  with openstack_compute_secgroup_v2.secgroup,
  on main.tf line 12, in resource "openstack_compute_secgroup_v2" "secgroup":
  12: resource "openstack_compute_secgroup_v2" "secgroup" {

use openstack_networking_secgroup_v2 resource instead

(and 3 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

github-actions · 2024-09-05T13:23:13Z

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Show Plan

terraform
Acquiring state lock. This may take a few moments...
openstack_networking_floatingip_v2.fip: Refreshing state... [id=1a2e1285-0a20-4582-aab9-27255607a862]
openstack_compute_secgroup_v2.secgroup: Refreshing state... [id=47779555-2ce1-400c-ba68-d177683c7228]
openstack_compute_instance_v2.dashboard: Refreshing state... [id=8ef9fcce-19e4-41c6-ab03-d1730a924510]
openstack_compute_floatingip_associate_v2.fip: Refreshing state... [id=147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_floatingip_associate_v2.fip must be replaced
-/+ resource "openstack_compute_floatingip_associate_v2" "fip" {
      ~ id          = "147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/" -> (known after apply)
      ~ instance_id = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

  # openstack_compute_instance_v2.dashboard must be replaced
-/+ resource "openstack_compute_instance_v2" "dashboard" {
      ~ access_ip_v4        = "192.168.10.69" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2021-12-02 14:53:32 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "m1.medium" -> (known after apply)
      ~ id                  = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply)
      ~ image_name          = "Ubuntu-20.04-20211006" -> (known after apply)
        name                = "dashboard"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-04 11:45:09 +0000 UTC" -> (known after apply)
      ~ user_data           = "90023f7e1954389c6ef071f11a027c2e52481ace" -> "c593885502681cba1bb54dedb1ddf5e8fc0f433b" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.10.69" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          ~ mac            = "fa:16:3e:f7:19:1f" -> (known after apply)
          ~ name           = "private-network" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Warning: Deprecated Resource

  with openstack_compute_secgroup_v2.secgroup,
  on main.tf line 12, in resource "openstack_compute_secgroup_v2" "secgroup":
  12: resource "openstack_compute_secgroup_v2" "secgroup" {

use openstack_networking_secgroup_v2 resource instead

(and 3 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

enolfc

LGTM

github-actions · 2024-09-10T10:33:31Z

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Show Plan

terraform
Acquiring state lock. This may take a few moments...
openstack_networking_floatingip_v2.fip: Refreshing state... [id=1a2e1285-0a20-4582-aab9-27255607a862]
openstack_compute_secgroup_v2.secgroup: Refreshing state... [id=47779555-2ce1-400c-ba68-d177683c7228]
openstack_compute_instance_v2.dashboard: Refreshing state... [id=8ef9fcce-19e4-41c6-ab03-d1730a924510]
openstack_compute_floatingip_associate_v2.fip: Refreshing state... [id=147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_floatingip_associate_v2.fip must be replaced
-/+ resource "openstack_compute_floatingip_associate_v2" "fip" {
      ~ id          = "147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/" -> (known after apply)
      ~ instance_id = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

  # openstack_compute_instance_v2.dashboard must be replaced
-/+ resource "openstack_compute_instance_v2" "dashboard" {
      ~ access_ip_v4        = "192.168.10.69" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2021-12-02 14:53:32 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "m1.medium" -> (known after apply)
      ~ id                  = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply)
      ~ image_name          = "Ubuntu-20.04-20211006" -> (known after apply)
        name                = "dashboard"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-04 11:45:09 +0000 UTC" -> (known after apply)
      ~ user_data           = "90023f7e1954389c6ef071f11a027c2e52481ace" -> "c593885502681cba1bb54dedb1ddf5e8fc0f433b" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.10.69" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          ~ mac            = "fa:16:3e:f7:19:1f" -> (known after apply)
          ~ name           = "private-network" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Warning: Deprecated Resource

  with openstack_compute_secgroup_v2.secgroup,
  on main.tf line 12, in resource "openstack_compute_secgroup_v2" "secgroup":
  12: resource "openstack_compute_secgroup_v2" "secgroup" {

use openstack_networking_secgroup_v2 resource instead

(and 3 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

github-actions · 2024-09-10T10:44:41Z

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Show Plan

terraform
Acquiring state lock. This may take a few moments...
openstack_networking_floatingip_v2.fip: Refreshing state... [id=1a2e1285-0a20-4582-aab9-27255607a862]
openstack_compute_secgroup_v2.secgroup: Refreshing state... [id=47779555-2ce1-400c-ba68-d177683c7228]
openstack_compute_instance_v2.dashboard: Refreshing state... [id=8ef9fcce-19e4-41c6-ab03-d1730a924510]
openstack_compute_floatingip_associate_v2.fip: Refreshing state... [id=147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_floatingip_associate_v2.fip must be replaced
-/+ resource "openstack_compute_floatingip_associate_v2" "fip" {
      ~ id          = "147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/" -> (known after apply)
      ~ instance_id = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

  # openstack_compute_instance_v2.dashboard must be replaced
-/+ resource "openstack_compute_instance_v2" "dashboard" {
      ~ access_ip_v4        = "192.168.10.69" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2021-12-02 14:53:32 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "m1.medium" -> (known after apply)
      ~ id                  = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply)
      ~ image_name          = "Ubuntu-20.04-20211006" -> (known after apply)
        name                = "dashboard"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-04 11:45:09 +0000 UTC" -> (known after apply)
      ~ user_data           = "90023f7e1954389c6ef071f11a027c2e52481ace" -> "6c588ea279fcbab00ffbf4846b7b910950ae0f26" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.10.69" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          ~ mac            = "fa:16:3e:f7:19:1f" -> (known after apply)
          ~ name           = "private-network" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Warning: Deprecated Resource

  with openstack_compute_secgroup_v2.secgroup,
  on main.tf line 12, in resource "openstack_compute_secgroup_v2" "secgroup":
  12: resource "openstack_compute_secgroup_v2" "secgroup" {

use openstack_networking_secgroup_v2 resource instead

(and 3 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

github-actions · 2024-09-10T11:15:30Z

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Show Plan

terraform
Acquiring state lock. This may take a few moments...
openstack_networking_floatingip_v2.fip: Refreshing state... [id=1a2e1285-0a20-4582-aab9-27255607a862]
openstack_compute_secgroup_v2.secgroup: Refreshing state... [id=47779555-2ce1-400c-ba68-d177683c7228]
openstack_compute_instance_v2.dashboard: Refreshing state... [id=8ef9fcce-19e4-41c6-ab03-d1730a924510]
openstack_compute_floatingip_associate_v2.fip: Refreshing state... [id=147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_floatingip_associate_v2.fip must be replaced
-/+ resource "openstack_compute_floatingip_associate_v2" "fip" {
      ~ id          = "147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/" -> (known after apply)
      ~ instance_id = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

  # openstack_compute_instance_v2.dashboard must be replaced
-/+ resource "openstack_compute_instance_v2" "dashboard" {
      ~ access_ip_v4        = "192.168.10.69" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2021-12-02 14:53:32 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "m1.medium" -> (known after apply)
      ~ id                  = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply)
      ~ image_name          = "Ubuntu-20.04-20211006" -> (known after apply)
        name                = "dashboard"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-04 11:45:09 +0000 UTC" -> (known after apply)
      ~ user_data           = "90023f7e1954389c6ef071f11a027c2e52481ace" -> "6c588ea279fcbab00ffbf4846b7b910950ae0f26" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.10.69" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          ~ mac            = "fa:16:3e:f7:19:1f" -> (known after apply)
          ~ name           = "private-network" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Warning: Deprecated Resource

  with openstack_compute_secgroup_v2.secgroup,
  on main.tf line 12, in resource "openstack_compute_secgroup_v2" "secgroup":
  12: resource "openstack_compute_secgroup_v2" "secgroup" {

use openstack_networking_secgroup_v2 resource instead

(and 3 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

github-actions · 2024-09-19T08:20:50Z

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Show Plan

terraform
Acquiring state lock. This may take a few moments...
openstack_networking_floatingip_v2.fip: Refreshing state... [id=1a2e1285-0a20-4582-aab9-27255607a862]
openstack_compute_secgroup_v2.secgroup: Refreshing state... [id=47779555-2ce1-400c-ba68-d177683c7228]
openstack_compute_instance_v2.dashboard: Refreshing state... [id=8ef9fcce-19e4-41c6-ab03-d1730a924510]
openstack_compute_floatingip_associate_v2.fip: Refreshing state... [id=147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_floatingip_associate_v2.fip must be replaced
-/+ resource "openstack_compute_floatingip_associate_v2" "fip" {
      ~ id          = "147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/" -> (known after apply)
      ~ instance_id = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

  # openstack_compute_instance_v2.dashboard must be replaced
-/+ resource "openstack_compute_instance_v2" "dashboard" {
      ~ access_ip_v4        = "192.168.10.69" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2021-12-02 14:53:32 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "m1.medium" -> (known after apply)
      ~ id                  = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply)
      ~ image_name          = "Ubuntu-20.04-20211006" -> (known after apply)
        name                = "dashboard"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-18 10:37:15 +0000 UTC" -> (known after apply)
      ~ user_data           = "90023f7e1954389c6ef071f11a027c2e52481ace" -> "6c588ea279fcbab00ffbf4846b7b910950ae0f26" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.10.69" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          ~ mac            = "fa:16:3e:f7:19:1f" -> (known after apply)
          ~ name           = "private-network" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Warning: Deprecated Resource

  with openstack_compute_secgroup_v2.secgroup,
  on main.tf line 12, in resource "openstack_compute_secgroup_v2" "secgroup":
  12: resource "openstack_compute_secgroup_v2" "secgroup" {

use openstack_networking_secgroup_v2 resource instead

(and 3 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

github-actions · 2024-09-19T08:30:01Z

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Show Plan

terraform
Acquiring state lock. This may take a few moments...
openstack_networking_floatingip_v2.fip: Refreshing state... [id=1a2e1285-0a20-4582-aab9-27255607a862]
openstack_compute_secgroup_v2.secgroup: Refreshing state... [id=47779555-2ce1-400c-ba68-d177683c7228]
openstack_compute_instance_v2.dashboard: Refreshing state... [id=8ef9fcce-19e4-41c6-ab03-d1730a924510]
openstack_compute_floatingip_associate_v2.fip: Refreshing state... [id=147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_floatingip_associate_v2.fip must be replaced
-/+ resource "openstack_compute_floatingip_associate_v2" "fip" {
      ~ id          = "147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/" -> (known after apply)
      ~ instance_id = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

  # openstack_compute_instance_v2.dashboard must be replaced
-/+ resource "openstack_compute_instance_v2" "dashboard" {
      ~ access_ip_v4        = "192.168.10.69" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2021-12-02 14:53:32 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "m1.medium" -> (known after apply)
      ~ id                  = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply)
      ~ image_name          = "Ubuntu-20.04-20211006" -> (known after apply)
        name                = "dashboard"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-18 10:37:15 +0000 UTC" -> (known after apply)
      ~ user_data           = "90023f7e1954389c6ef071f11a027c2e52481ace" -> "6c588ea279fcbab00ffbf4846b7b910950ae0f26" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.10.69" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          ~ mac            = "fa:16:3e:f7:19:1f" -> (known after apply)
          ~ name           = "private-network" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Warning: Deprecated Resource

  with openstack_compute_secgroup_v2.secgroup,
  on main.tf line 12, in resource "openstack_compute_secgroup_v2" "secgroup":
  12: resource "openstack_compute_secgroup_v2" "secgroup" {

use openstack_networking_secgroup_v2 resource instead

(and 3 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

github-actions · 2024-09-19T08:35:18Z

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Show Plan

terraform
Acquiring state lock. This may take a few moments...
openstack_networking_floatingip_v2.fip: Refreshing state... [id=1a2e1285-0a20-4582-aab9-27255607a862]
openstack_compute_secgroup_v2.secgroup: Refreshing state... [id=47779555-2ce1-400c-ba68-d177683c7228]
openstack_compute_instance_v2.dashboard: Refreshing state... [id=8ef9fcce-19e4-41c6-ab03-d1730a924510]
openstack_compute_floatingip_associate_v2.fip: Refreshing state... [id=147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_floatingip_associate_v2.fip must be replaced
-/+ resource "openstack_compute_floatingip_associate_v2" "fip" {
      ~ id          = "147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/" -> (known after apply)
      ~ instance_id = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

  # openstack_compute_instance_v2.dashboard must be replaced
-/+ resource "openstack_compute_instance_v2" "dashboard" {
      ~ access_ip_v4        = "192.168.10.69" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2021-12-02 14:53:32 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "m1.medium" -> (known after apply)
      ~ id                  = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply)
      ~ image_name          = "Ubuntu-20.04-20211006" -> (known after apply)
        name                = "dashboard"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-18 10:37:15 +0000 UTC" -> (known after apply)
      ~ user_data           = "90023f7e1954389c6ef071f11a027c2e52481ace" -> "6c588ea279fcbab00ffbf4846b7b910950ae0f26" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.10.69" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          ~ mac            = "fa:16:3e:f7:19:1f" -> (known after apply)
          ~ name           = "private-network" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Warning: Deprecated Resource

  with openstack_compute_secgroup_v2.secgroup,
  on main.tf line 12, in resource "openstack_compute_secgroup_v2" "secgroup":
  12: resource "openstack_compute_secgroup_v2" "secgroup" {

use openstack_networking_secgroup_v2 resource instead

(and 3 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

enolfc

Let's try

github-actions · 2024-09-19T08:39:18Z

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Show Plan

terraform
Acquiring state lock. This may take a few moments...
openstack_networking_floatingip_v2.fip: Refreshing state... [id=1a2e1285-0a20-4582-aab9-27255607a862]
openstack_compute_secgroup_v2.secgroup: Refreshing state... [id=47779555-2ce1-400c-ba68-d177683c7228]
openstack_compute_instance_v2.dashboard: Refreshing state... [id=8ef9fcce-19e4-41c6-ab03-d1730a924510]
openstack_compute_floatingip_associate_v2.fip: Refreshing state... [id=147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_floatingip_associate_v2.fip must be replaced
-/+ resource "openstack_compute_floatingip_associate_v2" "fip" {
      ~ id          = "147.213.76.217/8ef9fcce-19e4-41c6-ab03-d1730a924510/" -> (known after apply)
      ~ instance_id = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

  # openstack_compute_instance_v2.dashboard must be replaced
-/+ resource "openstack_compute_instance_v2" "dashboard" {
      ~ access_ip_v4        = "192.168.10.69" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2021-12-02 14:53:32 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "m1.medium" -> (known after apply)
      ~ id                  = "8ef9fcce-19e4-41c6-ab03-d1730a924510" -> (known after apply)
      ~ image_name          = "Ubuntu-20.04-20211006" -> (known after apply)
        name                = "dashboard"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-18 10:37:15 +0000 UTC" -> (known after apply)
      ~ user_data           = "90023f7e1954389c6ef071f11a027c2e52481ace" -> "6c588ea279fcbab00ffbf4846b7b910950ae0f26" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.10.69" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          ~ mac            = "fa:16:3e:f7:19:1f" -> (known after apply)
          ~ name           = "private-network" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Warning: Deprecated Resource

  with openstack_compute_secgroup_v2.secgroup,
  on main.tf line 12, in resource "openstack_compute_secgroup_v2" "secgroup":
  12: resource "openstack_compute_secgroup_v2" "secgroup" {

use openstack_networking_secgroup_v2 resource instead

(and 3 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

enable access via ssh-oidc and cloud.egi.eu

af3b3f2

sebastian-luna-valero requested a review from a team as a code owner July 8, 2024 11:41

enolfc reviewed Jul 8, 2024

View reviewed changes

sebastian-luna-valero added 2 commits September 5, 2024 15:04

Replace ssh_oidc_other_vos with ssh_oidc_other_vos_name after grycap/…

933905e

…ansible-role-motley-cue#13

sudo powers for members of the vo.cloud.egi.eu with the auditor role

b4c90e9

sebastian-luna-valero and others added 2 commits September 5, 2024 15:16

update CONTRIBUTING.md with latest version in the template

97439f2

Merge branch 'main' into ssh-oidc

680681b

enolfc approved these changes Sep 9, 2024

View reviewed changes

fix role name

4d60bbf

linting

43b856b

linting

68497e2

sebastian-luna-valero added 2 commits September 19, 2024 10:18

fix grycap.motley_cue name

08c4a9d

pass access token to Ansible playbook

1ab95a1

use prettier to lint .github/workflows/deploy.yaml

06e8ae5

add PWD to PATH

32d2ac7

enolfc approved these changes Sep 19, 2024

View reviewed changes

linting

da8d341

enolfc merged commit 703bcca into main Sep 19, 2024
5 checks passed

enolfc deleted the ssh-oidc branch September 19, 2024 08:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enable access via ssh-oidc and cloud.egi.eu #54

Enable access via ssh-oidc and cloud.egi.eu #54

sebastian-luna-valero commented Jul 8, 2024

github-actions bot commented Jul 8, 2024

enolfc Jul 8, 2024

sebastian-luna-valero Jul 8, 2024

enolfc Aug 21, 2024

sebastian-luna-valero Aug 21, 2024

sebastian-luna-valero Aug 22, 2024

sebastian-luna-valero Sep 5, 2024

github-actions bot commented Sep 5, 2024

github-actions bot commented Sep 5, 2024

enolfc left a comment

github-actions bot commented Sep 10, 2024

github-actions bot commented Sep 10, 2024

github-actions bot commented Sep 10, 2024

github-actions bot commented Sep 19, 2024

github-actions bot commented Sep 19, 2024

github-actions bot commented Sep 19, 2024

enolfc left a comment

github-actions bot commented Sep 19, 2024

Enable access via ssh-oidc and cloud.egi.eu #54

Enable access via ssh-oidc and cloud.egi.eu #54

Conversation

sebastian-luna-valero commented Jul 8, 2024

Summary

github-actions bot commented Jul 8, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

enolfc Jul 8, 2024

Choose a reason for hiding this comment

sebastian-luna-valero Jul 8, 2024

Choose a reason for hiding this comment

enolfc Aug 21, 2024

Choose a reason for hiding this comment

sebastian-luna-valero Aug 21, 2024

Choose a reason for hiding this comment

sebastian-luna-valero Aug 22, 2024

Choose a reason for hiding this comment

sebastian-luna-valero Sep 5, 2024

Choose a reason for hiding this comment

github-actions bot commented Sep 5, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

github-actions bot commented Sep 5, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

enolfc left a comment

Choose a reason for hiding this comment

github-actions bot commented Sep 10, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

github-actions bot commented Sep 10, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

github-actions bot commented Sep 10, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

github-actions bot commented Sep 19, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

github-actions bot commented Sep 19, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

github-actions bot commented Sep 19, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

enolfc left a comment

Choose a reason for hiding this comment

github-actions bot commented Sep 19, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`