From patchwork Tue Jan 14 20:03:48 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chuck Lever <cel@kernel.org>
X-Patchwork-Id: 13939437
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 21D291FF60E
	for <kdevops@lists.linux.dev>; Tue, 14 Jan 2025 20:03:55 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1736885036; cv=none;
 b=r81I7e/a6zMToJhlwjQAX+xIbEjX5kZF0ygFhPystENpwyv6ZXiv25PtVREycFq4JlYlEu7i/9bzMlvsXc3ZOXxs6bHFOkO7EoA7BQX2DO1PIw8OZM80k0T6VqAUHUzLj8EO6rlADlfKIw1GEfN3y5L4OOYriqTONvGLP57nhmg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1736885036; c=relaxed/simple;
	bh=OTT2GholZ+AFPx1AR03gW+KzWndrSsDZl/IWLPMZqqA=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=L7y7A6+mV3Rc9lAgqX6GFmlmBX8LDuWTalc+ErnCjTta7ojGUa5kTmEiy/brQOuBomIHWoeafeb/47O1DIu/vLDXT8nYNg8JZgtVfCkpvuJRuVwOY9S5esCgty8a1vBHUzEEPULTZ61XHSigZfhPjcUog64tt6WnGlg7qRSAv7s=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=uIdNnZFl; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="uIdNnZFl"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 37CD6C4CEE0;
	Tue, 14 Jan 2025 20:03:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1736885035;
	bh=OTT2GholZ+AFPx1AR03gW+KzWndrSsDZl/IWLPMZqqA=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=uIdNnZFljrgIYrX+uk1VDGZKXU+aHFhXAKwHzuFDN3sPouoiiltcgTaNWUi8ZahFQ
	 C/W+4+EF63xwdmEfss/ksezRw1PdrL24iaEU/btivr2uy0esf8HY3EslpZZ8HEPs/j
	 skhNdX0QkAc9HuqWYg3bjSfV6i2XCJul/chNy9LrLfjuNchR+8xj2RUYWQ64TSN8Jn
	 6kMqHAtStV6TLhodePT4Wi6gPcIlb1R/xIXbAad/05XXsZYEDpyBr96f9odG7+bcky
	 VYU9+INivDCdOxovWOhl71+dDJxyt8rznGkgLsZiFG3s9eO78n/+bvbyYRCc8fiAC0
	 50cSFDFAIgNrg==
From: cel@kernel.org
To: <kdevops@lists.linux.dev>
Cc: Chuck Lever <chuck.lever@oracle.com>
Subject: [PATCH v1 9/9] terraform: Hoist aws_profile into the terraform
 Kconfig
Date: Tue, 14 Jan 2025 15:03:48 -0500
Message-ID: <20250114200348.1706018-10-cel@kernel.org>
X-Mailer: git-send-email 2.47.1
In-Reply-To: <20250114200348.1706018-1-cel@kernel.org>
References: <20250114200348.1706018-1-cel@kernel.org>
Precedence: bulk
X-Mailing-List: kdevops@lists.linux.dev
List-Id: <kdevops.lists.linux.dev>
List-Subscribe: <mailto:kdevops+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:kdevops+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Chuck Lever <chuck.lever@oracle.com>

Enable automation to select among several AWS profiles by storing
the AWS profile name in the kdevops Kconfig.

This allows each test runner to use a distinct IAM user. This is a
way to parallelize the workflows.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 docs/kdevops-terraform.md                      |  8 ++++----
 playbooks/roles/gen_tfvars/defaults/main.yml   |  1 +
 .../templates/aws/terraform.tfvars.j2          |  1 +
 scripts/terraform.Makefile                     |  1 +
 terraform/aws/Kconfig                          | 18 ++++++++++++++++++
 5 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/docs/kdevops-terraform.md b/docs/kdevops-terraform.md
index 1ac4d55a856f..5e5107fef73e 100644
--- a/docs/kdevops-terraform.md
+++ b/docs/kdevops-terraform.md
@@ -238,10 +238,10 @@ aws_access_key_id = SOME_ACCESS_KEY
 aws_secret_access_key = SECRET_KEY
 ```
 
-The profile above is "default", and you can multiple profiles. By default
-our Terraform's AWS vars.tf assumes ~/.aws/credentials as the default
-credentials location, and the profile as "default". If this is different
-for you, you can override with the variables:
+The profile above is "default", and you can have multiple profiles. By
+default our Terraform's AWS vars.tf assumes ~/.aws/credentials as the
+default credentials location, and the profile as "default". If this is
+different for you, you can override with the variables:
 
 ```
 aws_shared_credentials_file
diff --git a/playbooks/roles/gen_tfvars/defaults/main.yml b/playbooks/roles/gen_tfvars/defaults/main.yml
index 3eba918e84e4..8d13e04bd33a 100644
--- a/playbooks/roles/gen_tfvars/defaults/main.yml
+++ b/playbooks/roles/gen_tfvars/defaults/main.yml
@@ -17,6 +17,7 @@ terraform_private_net_enabled: "false"
 terraform_private_net_prefix: ""
 terraform_private_net_mask: 0
 
+terraform_aws_profile: "default"
 terraform_aws_region: "invalid"
 terraform_aws_av_region: "invalid"
 terraform_aws_ami_owner: "invalid"
diff --git a/playbooks/roles/gen_tfvars/templates/aws/terraform.tfvars.j2 b/playbooks/roles/gen_tfvars/templates/aws/terraform.tfvars.j2
index cce9f399ca51..cafb1b322c31 100644
--- a/playbooks/roles/gen_tfvars/templates/aws/terraform.tfvars.j2
+++ b/playbooks/roles/gen_tfvars/templates/aws/terraform.tfvars.j2
@@ -1,3 +1,4 @@
+aws_profile = "{{ terraform_aws_profile }}"
 aws_region = "{{ terraform_aws_region }}"
 aws_availability_region = "{{ terraform_aws_av_region }}"
 aws_name_search = "{{ terraform_aws_ns }}"
diff --git a/scripts/terraform.Makefile b/scripts/terraform.Makefile
index 842dd28a5c0c..888d3af88e3e 100644
--- a/scripts/terraform.Makefile
+++ b/scripts/terraform.Makefile
@@ -46,6 +46,7 @@ KDEVOPS_MRPROPER += $(KDEVOPS_NODES)
 DEFAULT_DEPS_REQS_EXTRA_VARS += $(KDEVOPS_TFVARS)
 
 ifeq (y,$(CONFIG_TERRAFORM_AWS))
+TERRAFORM_EXTRA_VARS += terraform_aws_profile=$(subst ",,$(CONFIG_TERRAFORM_AWS_PROFILE))
 TERRAFORM_EXTRA_VARS += terraform_aws_region=$(subst ",,$(CONFIG_TERRAFORM_AWS_REGION))
 TERRAFORM_EXTRA_VARS += terraform_aws_av_region=$(subst ",,$(CONFIG_TERRAFORM_AWS_AV_REGION))
 TERRAFORM_EXTRA_VARS += terraform_aws_ami_owner=$(subst ",,$(CONFIG_TERRAFORM_AWS_AMI_OWNER))
diff --git a/terraform/aws/Kconfig b/terraform/aws/Kconfig
index 18e7713105ce..1f345df57c30 100644
--- a/terraform/aws/Kconfig
+++ b/terraform/aws/Kconfig
@@ -1,5 +1,23 @@
 if TERRAFORM_AWS
 
+config TERRAFORM_AWS_PROFILE
+	prompt "AWS profile to use"
+	string
+	default "default"
+	help
+	  This option sets the value of the Terraform aws_profile
+	  variable. The AWS profile specifies an IAM user and secret
+	  key that Terraform uses to authenticate to AWS.
+
+	  AWS profiles are set up in ~/.aws/credentials using the
+	  "aws configure" command. You may also edit this file by
+	  hand, if you're daring.
+
+	  The default value of this Kconfig option selects the
+	  "default" profile, which is fine when using only a single
+	  AWS profile. Change the value of this option to select an
+	  alternate profile / login credentials.
+
 choice
 	prompt "AWS region to use"
 	default TERRAFORM_AWS_US_WEST_2