Regenerate credentials for NASA SMDE accounts

Regenerate credentials for NASA SMDE accounts#

This document describes how we regenerate credentials for users and the deployer when they expire in NASA SMDC accounts.

Regenerate credentials for the deployer#

  1. Set the cluster name as an environment variable

    export CLUSTER_NAME=...

  2. Authenticate yourself with https://aws.sciencecloud.nasa.gov/

  3. Navigate to the AWS terraform folder in the infrastructure repo.

    cd terraform/aws

  4. Initialise terraform.

    terraform init

  5. Select the correct workspace, either by using the terraform command or setting another environment variable.

    # Using terraform command
terraform workspace select $CLUSTER_NAME

# Using an environment variable
export TF_WORKSPACE=$CLUSTER_NAME

  6. Replace the previous deployer credentials with new ones.

    terraform apply -replace=aws_iam_access_key.continuous_deployer -var-file=projects/$CLUSTER_NAME.tfvars

  7. Export the new credentials to a file and then encrypt them in-place with sops.

    terraform output -raw continuous_deployer_creds > ../../config/clusters/$CLUSTER_NAME/enc-deployer-credentials.secret.json
sops -i -e ../../config/clusters/$CLUSTER_NAME/enc-deployer-credentials.secret.json

  8. git add the modified files and then commit them.

    git commit -m "nasa smce clusters: re-generate deployer credentials"

    You can then open a Pull Request and merge it.