Make this project public
While figuring out how to handle secrets better in tandem with https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit/-/issues/22 we still want to make the project public and discoverable as we do that work.
To achieve this we need to remove our (Quality) current secrets as defined below and update the docs with any needed updates.
Current secrets:
- Terraform Provider - Configures Terraform to speak to specific Cloud Provider. Requires authentication and location details. Can be passed in file or as multiple environment variables. Supports variable interpolation.
- Terraform Backend - Configures Terraform to store state in remote location (key for teams). Config is dependent on specific remote backend service. Requires authentication and bucket details. No variable interpolation allowed - must be hardcoded. Can be passed as env vars though.
- Terraform Scripts - The actual scripts for setting up the environment need to be present in disk in some form. Each environment requires it's own folder as a workspace. Work is underway to reduce the files users need to specify on disk but there will still need to be some.
- Ansible Inventory (dynamic or static) - Configures Ansible on where to find boxes along with how to reach and authenticate into them. Also contains variables specific to the environment. While authentication details specifically can be passed as environment variables the inventory config itself requires files.
After analysis the following tasks have been identified to achieve this goal:
-
Figure out a design for running GET in CI without the config baked in that will work for both Ansible and Terraform (https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit/-/issues/22) -
Determine the best way to handle hardcoded application passwords currently in this project. Several options are available and under review. -
Remove all current baked-in Quality config and secrets (as detailed above) as well as pipelines (https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit/-/merge_requests/116) -
Set up new replacement Quality specific config, secrets and pipelines in new project that follows the new design -
Add in new License file (https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit/-/issues/31)
Edited by Grant Young