refactor

packages/app/docker/codebuild/main.tf

@@ -14,16 +14,16 @@ provider "aws" {
   region  = "ap-northeast-1"
 }
 
-resource "aws_s3_bucket" "growi-official-image-builder-cache" {
+resource "aws_s3_bucket" "s3_bucket" {
   bucket = "growi-official-image-builder-cache"
 }
 
-resource "aws_s3_bucket_acl" "growi-official-image-builder-cache" {
-  bucket = aws_s3_bucket.growi-official-image-builder-cache.id
+resource "aws_s3_bucket_acl" "s3_bucket_acl" {
+  bucket = aws_s3_bucket.s3_bucket.id
   acl    = "private"
 }
 
-resource "aws_iam_role" "growi-official-image-builder" {
+resource "aws_iam_role" "iam_role" {
   name = "growi-official-image-builder"
 
   assume_role_policy = <<EOF
@@ -56,7 +56,7 @@ resource "aws_secretsmanager_secret_version" "main" {
 }
 
 resource "aws_iam_role_policy" "growi-official-image-builder" {
-  role = aws_iam_role.growi-official-image-builder.name
+  role = aws_iam_role.iam_role.name
 
   policy = <<POLICY
 {
@@ -79,8 +79,8 @@ resource "aws_iam_role_policy" "growi-official-image-builder" {
         "s3:*"
       ],
       "Resource": [
-        "${aws_s3_bucket.growi-official-image-builder-cache.arn}",
-        "${aws_s3_bucket.growi-official-image-builder-cache.arn}/*"
+        "${aws_s3_bucket.s3_bucket.arn}",
+        "${aws_s3_bucket.s3_bucket.arn}/*"
       ]
     },
     {
@@ -116,11 +116,14 @@ resource "aws_iam_role_policy" "growi-official-image-builder" {
 POLICY
 }
 
-resource "aws_codebuild_project" "growi-official-image-builder" {
+resource "aws_codebuild_project" "codebuild" {
   name           = "growi-official-image-builder"
   description    = "The CodeBuild Project for GROWI official docker image"
 
-  service_role = aws_iam_role.growi-official-image-builder.arn
+  service_role = aws_iam_role.iam_role.arn
+  build_batch_config {
+    service_role = aws_iam_role.iam_role.arn
+  }
 
   artifacts {
     type = "NO_ARTIFACTS"
@@ -131,6 +134,11 @@ resource "aws_codebuild_project" "growi-official-image-builder" {
     image                       = "aws/codebuild/standard:6.0"
     type                        = "LINUX_CONTAINER"
     privileged_mode             = true
+
+    environment_variable {
+      name  = "SECRETS_NAME"
+      value = "${aws_secretsmanager_secret.secret.name}"
+    }
   }
 
   source {
@@ -142,8 +150,4 @@ resource "aws_codebuild_project" "growi-official-image-builder" {
   }
   source_version = "refs/heads/support/build-with-codebuild"
 
-  build_batch_config {
-    service_role = aws_iam_role.growi-official-image-builder.arn
-  }
-
 }

packages/app/docker/codebuild/terraform.tfstate

@@ -1,14 +1,14 @@
 {
   "version": 4,
   "terraform_version": "1.3.7",
-  "serial": 13,
+  "serial": 57,
   "lineage": "7413839f-c67c-02f5-4933-fcb84251bb29",
   "outputs": {},
   "resources": [
     {
       "mode": "managed",
       "type": "aws_codebuild_project",
-      "name": "growi-official-image-builder",
+      "name": "codebuild",
       "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
       "instances": [
         {
@@ -118,7 +118,7 @@
           "sensitive_attributes": [],
           "private": "bnVsbA==",
           "dependencies": [
-            "aws_iam_role.growi-official-image-builder"
+            "aws_iam_role.iam_role"
           ]
         }
       ]
@@ -126,7 +126,7 @@
     {
       "mode": "managed",
       "type": "aws_iam_role",
-      "name": "growi-official-image-builder",
+      "name": "iam_role",
       "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
       "instances": [
         {
@@ -134,13 +134,13 @@
           "attributes": {
             "arn": "arn:aws:iam::259692501178:role/growi-official-image-builder",
             "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codebuild.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}",
-            "create_date": "2023-01-12T14:31:25Z",
+            "create_date": "2023-01-12T20:35:25Z",
             "description": "",
             "force_detach_policies": false,
             "id": "growi-official-image-builder",
             "inline_policy": [
               {
-                "name": "terraform-20230112185553389000000001",
+                "name": "terraform-20230112203526188400000001",
                 "policy": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Resource\": [\n        \"*\"\n      ],\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"s3:*\"\n      ],\n      \"Resource\": [\n        \"arn:aws:s3:::growi-official-image-builder-cache\",\n        \"arn:aws:s3:::growi-official-image-builder-cache/*\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"codebuild:StartBuild\",\n        \"codebuild:StopBuild\",\n        \"codebuild:RetryBuild\",\n        \"codebuild:CreateReportGroup\",\n        \"codebuild:CreateReport\",\n        \"codebuild:UpdateReport\",\n        \"codebuild:BatchPutTestCases\",\n        \"codebuild:BatchPutCodeCoverages\"\n      ],\n      \"Resource\": [\n        \"*\"\n      ]\n    }\n  ]\n}\n"
               }
             ],
@@ -152,7 +152,7 @@
             "permissions_boundary": null,
             "tags": {},
             "tags_all": {},
-            "unique_id": "AROATY5XBDC5HD2CFLB75"
+            "unique_id": "AROATY5XBDC5BIKKM3GAO"
           },
           "sensitive_attributes": [],
           "private": "bnVsbA=="
@@ -168,17 +168,18 @@
         {
           "schema_version": 0,
           "attributes": {
-            "id": "growi-official-image-builder:terraform-20230112185553389000000001",
-            "name": "terraform-20230112185553389000000001",
+            "id": "growi-official-image-builder:terraform-20230112203526188400000001",
+            "name": "terraform-20230112203526188400000001",
             "name_prefix": null,
-            "policy": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Resource\": [\n        \"*\"\n      ],\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"s3:*\"\n      ],\n      \"Resource\": [\n        \"arn:aws:s3:::growi-official-image-builder-cache\",\n        \"arn:aws:s3:::growi-official-image-builder-cache/*\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"codebuild:StartBuild\",\n        \"codebuild:StopBuild\",\n        \"codebuild:RetryBuild\",\n        \"codebuild:CreateReportGroup\",\n        \"codebuild:CreateReport\",\n        \"codebuild:UpdateReport\",\n        \"codebuild:BatchPutTestCases\",\n        \"codebuild:BatchPutCodeCoverages\"\n      ],\n      \"Resource\": [\n        \"*\"\n      ]\n    }\n  ]\n}\n",
+            "policy": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Resource\": [\n        \"*\"\n      ],\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"s3:*\"\n      ],\n      \"Resource\": [\n        \"arn:aws:s3:::growi-official-image-builder-cache\",\n        \"arn:aws:s3:::growi-official-image-builder-cache/*\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"secretsmanager:GetResourcePolicy\",\n        \"secretsmanager:GetSecretValue\",\n        \"secretsmanager:DescribeSecret\",\n        \"secretsmanager:ListSecretVersionIds\"\n      ],\n      \"Resource\": [\n        \"arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"codebuild:StartBuild\",\n        \"codebuild:StopBuild\",\n        \"codebuild:RetryBuild\",\n        \"codebuild:CreateReportGroup\",\n        \"codebuild:CreateReport\",\n        \"codebuild:UpdateReport\",\n        \"codebuild:BatchPutTestCases\",\n        \"codebuild:BatchPutCodeCoverages\"\n      ],\n      \"Resource\": [\n        \"*\"\n      ]\n    }\n  ]\n}\n",
             "role": "growi-official-image-builder"
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
           "dependencies": [
-            "aws_iam_role.growi-official-image-builder",
-            "aws_s3_bucket.growi-official-image-builder-cache"
+            "aws_iam_role.iam_role",
+            "aws_s3_bucket.s3_bucket",
+            "aws_secretsmanager_secret.secret"
           ]
         }
       ]
@@ -186,7 +187,7 @@
     {
       "mode": "managed",
       "type": "aws_s3_bucket",
-      "name": "growi-official-image-builder-cache",
+      "name": "s3_bucket",
       "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
       "instances": [
         {
@@ -243,7 +244,7 @@
     {
       "mode": "managed",
       "type": "aws_s3_bucket_acl",
-      "name": "growi-official-image-builder-cache",
+      "name": "s3_bucket_acl",
       "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
       "instances": [
         {
@@ -281,7 +282,64 @@
           "sensitive_attributes": [],
           "private": "bnVsbA==",
           "dependencies": [
-            "aws_s3_bucket.growi-official-image-builder-cache"
+            "aws_s3_bucket.s3_bucket"
+          ]
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "aws_secretsmanager_secret",
+      "name": "secret",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN",
+            "description": "",
+            "force_overwrite_replica_secret": false,
+            "id": "arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN",
+            "kms_key_id": "",
+            "name": "growi/official-image-builder",
+            "name_prefix": "",
+            "policy": "",
+            "recovery_window_in_days": 30,
+            "replica": [],
+            "rotation_enabled": false,
+            "rotation_lambda_arn": "",
+            "rotation_rules": [],
+            "tags": {},
+            "tags_all": {}
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "aws_secretsmanager_secret_version",
+      "name": "main",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN",
+            "id": "arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN|032079BF-5A86-42F2-BBA0-CCDCA4F53CBC",
+            "secret_binary": "",
+            "secret_id": "arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN",
+            "secret_string": "CHANGE THIS",
+            "version_id": "032079BF-5A86-42F2-BBA0-CCDCA4F53CBC",
+            "version_stages": [
+              "AWSPREVIOUS"
+            ]
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "aws_secretsmanager_secret.secret"
           ]
         }
       ]