Tags · linz/geostore

This repository was archived by the owner on Nov 23, 2023. It is now read-only.

release-0.10.0

feat: Switching to OIDC connect (#1822)

* feat: Change AccountPrincipal to WebIdentityPrincipal for oidc

The application_stack.py uses aws_iam account principal to deploy AWS resources. This change updates account principal to web identity principal, which connects via oidc. GitHub actions no longer relies non using AWS access keys for deployment.

* feat: Update GitHub workflow to use oidc

Oidc integration requires id-token write and contents read permissions to authenticate. Remove AWS access keys as they are no longer required for oidc. Update ci role-to-assume as a transitory measure (to avoid breaking existing workflow during testing). Prod and non-prod role-to-assume are left untouched. These role arns will be updated manually on GitHub secrets during switch over.

* feat: Assume role with web identity provider for boto3

Boto3 requires a web_identity_token_file paired with a role_arn to establish connection to AWS using oidc. AWS_WEB_IDENTITY_TOKEN_FILE is supported by AWS CLI

* fix: Include account root principal in main principal

Should allow S3 role assumption.

* fix: Remove role from secrets to help with debugging

Apply this change to CI, NON-PROD and PROD AWS accounts. Context: #1822 (comment)

* fix: Move static values to env

The following values AWS_ROLE_ARN, AWS_WEB_IDENTITY, and AWS_DEFAULT_REGION doesn't need to be made available to / within other processes. Moving them to env as to be a bit tidier. Context: #1822 (comment)

* fix: Remove role from secrets to help with debugging

* feat: Set oidc role arn in .env file

Centralise role arn in .env file that get parse as environment variable prior to configuring AWS credentials.

* refactor: Make token filename obvious, tidy up env file

* fix: Remove AssumeRoleWithWebIdentity

This part of the workflow isn't used anywhere. It was added in 54dd655 with the assumption that it is used for s3 role assumption. This turned out not to be the case and was fixed in afbc25d; however, this section of the workflow was left behind.

Co-authored-by: Victor Engmark <vengmark@linz.govt.nz>

Jul 27, 2022
f9176c7
zip
tar.gz

release-0.9.0

fix: bump lambda timeout to 15 mins (#1825)

Jul 6, 2022
c67a4db
zip
tar.gz

release-0.8.0

feat: delete assets no longer referenced (#1773)

* feat: delete s3 files not referenced in latest dataset version

* refactor: check Delete Marker in test & remove delete markers on cleanup

Co-authored-by: Victor Engmark <vengmark@linz.govt.nz>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>

Jun 30, 2022
b0e31f6
zip
tar.gz

release-0.7.0

fix: Typo (#1785)

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>

Jun 27, 2022
93d1179
zip
tar.gz

release-0.6.0

build(deps): bump actions/setup-python from 3 to 4 (#1728)

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mitchell Paff <77649372+MitchellPaff@users.noreply.github.com>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>

Jun 9, 2022
4138a52
zip
tar.gz

release-0.5.1

feat: validate partial datasets prep 4 (#1665)

In order to handle the cases where the file is used from the Geostore.

May 23, 2022
7fdaf31
zip
tar.gz

release-0.5.0

refactor: remove s3 users role in order to move in stack (#1646)

May 16, 2022
dbf6095
zip
tar.gz

PreviousNext

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

release-0.13.0

release-0.12.0

release-0.11.0