Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduction in Privileges in Azure #1208

Closed
10 tasks done
halprin opened this issue Jul 31, 2024 · 1 comment
Closed
10 tasks done

Reduction in Privileges in Azure #1208

halprin opened this issue Jul 31, 2024 · 1 comment
Assignees
@halprin
Labels
foundational A foundational backlog task none for CDC mapping Stream 1

Comments

@halprin
Copy link
Member

halprin commented Jul 31, 2024
edited
Loading

Backlog Task

The CDC unilaterally reduced the permissions of the role assigned to our GitHub deployer and our user accounts. We need to work with the CDC to understand why this was done, push back if we can, and subsequently modify our Terraform depending on the discussions with the CDC.

Completion Criteria

  • We come to a conclusion of having our permissions restored in some form or fashion or not.
  • Our Terraform is updated to remove items from management that we can no longer modify.

Tasks

  • Research what has been impacted by this priviledge change (other than our NSGs). - @halprin
  • Respond to Bob's e-mail. - @halprin
  • Update TI's Terraform and successfully deploy to Dev environment.
  • Update TI's Terraform and successfully deploy to PR environment.
  • Remove the same resources from the Internal environment's TF state and successfully deploy.
  • Push TI's Terraform updates to Staging and Production.
  • Update SFTP Ingestion's Terraform and successfully deploy to Dev environment.
  • Push SFTP Ingestion's Terraform updates to Staging.

Other Notes

  • Any other notes to help clarify this task for the team
@halprin halprin added foundational A foundational backlog task Stream 1 labels Jul 31, 2024
@halprin halprin self-assigned this Jul 31, 2024
@somesylvie
Copy link
Contributor

somesylvie commented Jul 31, 2024
edited
Loading

CDC wants to own route tables, network security groups, and peering settings

For envs where these resources already exist, we'll need to remove them from terraform state and convert them in our TF from resources to data sources (removing them from state tells TF we're not managing those and it shouldn't delete them). By using the Azure Portal Cloud Shell, we can interact with the Terraform CLI while logged in as ourselves (this will be the easiest way to manage this stuff for the -SU accounts). Clone our repo, CD into our TF directories, terraform init, then run commands to remove the relevant resources

For envs where these resources don't yet exist (prod for ingestion service), we'll need to submit a helpdesk ticket to get the relevant resources created. The naming convention will need to match our existing resources or else we'll have to have them recreate everything, which is much riskier

@jherrflexion jherrflexion mentioned this issue Aug 2, 2024
Merged
halprin added a commit that referenced this issue Aug 5, 2024
@halprin
Merge pull request #1223 from CDCgov/privilege-fix-
5fa3f35 
#1208 -  Reduction in Privileges in Azure
@saquino0827 saquino0827 mentioned this issue Aug 5, 2024
Merged
4 tasks
@halprin halprin closed this as completed Aug 7, 2024
@sfradkin sfradkin added the none for CDC mapping label Sep 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@halprin halprin

Labels
foundational A foundational backlog task none for CDC mapping Stream 1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sfradkin @halprin @somesylvie