This document describes how we regenerate credentials for users and the deployer when they expire in NASA SMDC accounts.
Regenerate credentials for the deployer¶
Set the cluster name as an environment variable
export CLUSTER_NAME=...Authenticate yourself with https://
aws .sciencecloud .nasa .gov/ Navigate to the AWS terraform folder in the infrastructure repo.
cd terraform/awsInitialise terraform.
terraform initSelect the correct workspace, either by using the terraform command or setting another environment variable.
# Using terraform command terraform workspace select $CLUSTER_NAME # Using an environment variable export TF_WORKSPACE=$CLUSTER_NAMEReplace the previous deployer credentials with new ones.
terraform apply -replace=aws_iam_access_key.continuous_deployer -var-file=projects/$CLUSTER_NAME.tfvarsExport the new credentials to a file and then encrypt them in-place with
sops.terraform output -raw continuous_deployer_creds > ../../config/clusters/$CLUSTER_NAME/enc-deployer-credentials.secret.json sops -i -e ../../config/clusters/$CLUSTER_NAME/enc-deployer-credentials.secret.jsongit addthe modified files and then commit them.git commit -m "nasa smce clusters: re-generate deployer credentials"You can then open a Pull Request and merge it.