From 865ae5e8889f9ae70463a40a02ca2a5e12a4dd88 Mon Sep 17 00:00:00 2001 From: Khai Do Date: Wed, 28 Jun 2023 11:23:25 -0700 Subject: [PATCH] update access for GH OIDC we are switching from using a service user in GH action to using a OIDC provider thus we need to provide the OIDC role equivalent access as the service user role. --- config/infra-dev/nextflow-aurora-mysql.yaml | 1 + config/infra-dev/smtp-credentials.yaml | 1 + config/infra-prod/nextflow-aurora-mysql.yaml | 1 + config/infra-prod/smtp-credentials.yaml | 2 ++ config/infra-prod/workflows-kms-key.yaml | 1 + config/projects-ampad/agora-project.yaml | 1 + config/projects-ampad/jared-hendrickson-project.yaml | 1 + config/projects-ampad/strides-ampad-project.yaml | 1 + config/projects-ampad/wei-an-chen-project.yaml | 1 + config/projects-dev/example-dev-project.yaml | 1 + config/projects-dev/mc2-mcmicro-dev-project.yaml | 1 + config/projects-dev/orca-dev-project.yaml | 1 + config/projects-dev/orca-service-test-project.yaml | 1 + config/projects-dev/pec-dev-project.yaml | 1 + config/projects-prod/amp-ad-project.yaml | 1 + config/projects-prod/ctf-swnts-project.yaml | 1 + config/projects-prod/example-project.yaml | 1 + config/projects-prod/genie-bpc-project.yaml | 1 + config/projects-prod/htan-project.yaml | 1 + config/projects-prod/iatlas-project.yaml | 1 + config/projects-prod/imcore-project.yaml | 1 + config/projects-prod/jhu-biobank-nf-project.yaml | 1 + config/projects-prod/mc2-mcmicro-project.yaml | 1 + config/projects-prod/nf-ntap5-biobank-jineta.yaml | 1 + config/projects-prod/nfri-ctf-nf1-project.yaml | 1 + config/projects-prod/ntap-add5-project.yaml | 1 + config/projects-prod/ntap-cnf-cell-project.yaml | 1 + config/projects-prod/robert-allaway-project.yaml | 1 + config/projects-prod/sophia-jobe-project.yaml | 1 + config/projects-prod/ucf-dod-nf2-project.yaml | 1 + config/projects-prod/verena-chung-project.yaml | 1 + 31 files changed, 32 insertions(+) diff --git a/config/infra-dev/nextflow-aurora-mysql.yaml b/config/infra-dev/nextflow-aurora-mysql.yaml index ddfbfca2..5bd40a23 100644 --- a/config/infra-dev/nextflow-aurora-mysql.yaml +++ b/config/infra-dev/nextflow-aurora-mysql.yaml @@ -15,6 +15,7 @@ parameters: AccountAdminArns: - {{stack_group_config.sso_admin_role.arn}} - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn stack_tags: {{stack_group_config.default_stack_tags}} diff --git a/config/infra-dev/smtp-credentials.yaml b/config/infra-dev/smtp-credentials.yaml index f192c999..e60ee3c6 100644 --- a/config/infra-dev/smtp-credentials.yaml +++ b/config/infra-dev/smtp-credentials.yaml @@ -8,6 +8,7 @@ parameters: AccountAdminArns: - {{stack_group_config.sso_admin_role.arn}} - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn stack_tags: {{stack_group_config.default_stack_tags}} diff --git a/config/infra-prod/nextflow-aurora-mysql.yaml b/config/infra-prod/nextflow-aurora-mysql.yaml index 4a346b81..b8f05839 100644 --- a/config/infra-prod/nextflow-aurora-mysql.yaml +++ b/config/infra-prod/nextflow-aurora-mysql.yaml @@ -15,6 +15,7 @@ parameters: AccountAdminArns: - {{stack_group_config.sso_admin_role.arn}} - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn stack_tags: {{stack_group_config.default_stack_tags}} diff --git a/config/infra-prod/smtp-credentials.yaml b/config/infra-prod/smtp-credentials.yaml index f192c999..3c55c86c 100644 --- a/config/infra-prod/smtp-credentials.yaml +++ b/config/infra-prod/smtp-credentials.yaml @@ -8,6 +8,8 @@ parameters: AccountAdminArns: - {{stack_group_config.sso_admin_role.arn}} - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn stack_tags: {{stack_group_config.default_stack_tags}} diff --git a/config/infra-prod/workflows-kms-key.yaml b/config/infra-prod/workflows-kms-key.yaml index 1c853d97..9055daf4 100644 --- a/config/infra-prod/workflows-kms-key.yaml +++ b/config/infra-prod/workflows-kms-key.yaml @@ -8,6 +8,7 @@ parameters: - {{stack_group_config.sso_admin_role.arn}} - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn - !stack_output_external sagebase-github-oidc-workflows-prod-nextflow-infra::ProviderRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn stack_tags: {{stack_group_config.default_stack_tags}} diff --git a/config/projects-ampad/agora-project.yaml b/config/projects-ampad/agora-project.yaml index 8bce511e..76f58017 100644 --- a/config/projects-ampad/agora-project.yaml +++ b/config/projects-ampad/agora-project.yaml @@ -16,6 +16,7 @@ parameters: AccountAdminArns: - "{{stack_group_config.sso_admin_role.arn}}" - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: "https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com" TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-ampad/jared-hendrickson-project.yaml b/config/projects-ampad/jared-hendrickson-project.yaml index 42a3378a..978d2d77 100644 --- a/config/projects-ampad/jared-hendrickson-project.yaml +++ b/config/projects-ampad/jared-hendrickson-project.yaml @@ -14,6 +14,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-ampad/strides-ampad-project.yaml b/config/projects-ampad/strides-ampad-project.yaml index 35c08fbe..47cb9a22 100644 --- a/config/projects-ampad/strides-ampad-project.yaml +++ b/config/projects-ampad/strides-ampad-project.yaml @@ -16,6 +16,7 @@ parameters: AccountAdminArns: - "{{stack_group_config.sso_admin_role.arn}}" - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: "https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com" TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-ampad/wei-an-chen-project.yaml b/config/projects-ampad/wei-an-chen-project.yaml index cf60c317..c8e8e9c4 100644 --- a/config/projects-ampad/wei-an-chen-project.yaml +++ b/config/projects-ampad/wei-an-chen-project.yaml @@ -14,6 +14,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-dev/example-dev-project.yaml b/config/projects-dev/example-dev-project.yaml index 13b6e905..9cf75f7f 100644 --- a/config/projects-dev/example-dev-project.yaml +++ b/config/projects-dev/example-dev-project.yaml @@ -14,6 +14,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-dev/mc2-mcmicro-dev-project.yaml b/config/projects-dev/mc2-mcmicro-dev-project.yaml index d4670bf2..8bb612ed 100644 --- a/config/projects-dev/mc2-mcmicro-dev-project.yaml +++ b/config/projects-dev/mc2-mcmicro-dev-project.yaml @@ -12,6 +12,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-dev/orca-dev-project.yaml b/config/projects-dev/orca-dev-project.yaml index 2d013133..5137ecef 100644 --- a/config/projects-dev/orca-dev-project.yaml +++ b/config/projects-dev/orca-dev-project.yaml @@ -13,6 +13,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-dev/orca-service-test-project.yaml b/config/projects-dev/orca-service-test-project.yaml index 1ef5ec52..1fea8f09 100644 --- a/config/projects-dev/orca-service-test-project.yaml +++ b/config/projects-dev/orca-service-test-project.yaml @@ -14,6 +14,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-dev/pec-dev-project.yaml b/config/projects-dev/pec-dev-project.yaml index d8094cdf..e15e487b 100644 --- a/config/projects-dev/pec-dev-project.yaml +++ b/config/projects-dev/pec-dev-project.yaml @@ -13,6 +13,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/amp-ad-project.yaml b/config/projects-prod/amp-ad-project.yaml index b1f54bbc..4fbdde88 100644 --- a/config/projects-prod/amp-ad-project.yaml +++ b/config/projects-prod/amp-ad-project.yaml @@ -12,6 +12,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/ctf-swnts-project.yaml b/config/projects-prod/ctf-swnts-project.yaml index eb01f9bb..01168461 100644 --- a/config/projects-prod/ctf-swnts-project.yaml +++ b/config/projects-prod/ctf-swnts-project.yaml @@ -37,6 +37,7 @@ parameters: AccountAdminArns: - "{{stack_group_config.sso_admin_role.arn}}" - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: "https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com" TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/example-project.yaml b/config/projects-prod/example-project.yaml index 5d62901b..8b6dec36 100644 --- a/config/projects-prod/example-project.yaml +++ b/config/projects-prod/example-project.yaml @@ -44,6 +44,7 @@ parameters: AccountAdminArns: - "{{stack_group_config.sso_admin_role.arn}}" - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: "https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com" TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/genie-bpc-project.yaml b/config/projects-prod/genie-bpc-project.yaml index bf25de52..ffcb6a92 100644 --- a/config/projects-prod/genie-bpc-project.yaml +++ b/config/projects-prod/genie-bpc-project.yaml @@ -16,6 +16,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/htan-project.yaml b/config/projects-prod/htan-project.yaml index 2f172048..7c1a1b94 100644 --- a/config/projects-prod/htan-project.yaml +++ b/config/projects-prod/htan-project.yaml @@ -18,6 +18,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/iatlas-project.yaml b/config/projects-prod/iatlas-project.yaml index ae91d059..adf41954 100644 --- a/config/projects-prod/iatlas-project.yaml +++ b/config/projects-prod/iatlas-project.yaml @@ -23,6 +23,7 @@ parameters: AccountAdminArns: - "{{stack_group_config.sso_admin_role.arn}}" - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: "https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com" TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/imcore-project.yaml b/config/projects-prod/imcore-project.yaml index b90bc910..4cde5bee 100644 --- a/config/projects-prod/imcore-project.yaml +++ b/config/projects-prod/imcore-project.yaml @@ -13,6 +13,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/jhu-biobank-nf-project.yaml b/config/projects-prod/jhu-biobank-nf-project.yaml index 1d05b281..421c527d 100644 --- a/config/projects-prod/jhu-biobank-nf-project.yaml +++ b/config/projects-prod/jhu-biobank-nf-project.yaml @@ -13,6 +13,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/mc2-mcmicro-project.yaml b/config/projects-prod/mc2-mcmicro-project.yaml index 48c4b4f2..e4c3a740 100644 --- a/config/projects-prod/mc2-mcmicro-project.yaml +++ b/config/projects-prod/mc2-mcmicro-project.yaml @@ -21,6 +21,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/nf-ntap5-biobank-jineta.yaml b/config/projects-prod/nf-ntap5-biobank-jineta.yaml index 333bada8..53b06302 100644 --- a/config/projects-prod/nf-ntap5-biobank-jineta.yaml +++ b/config/projects-prod/nf-ntap5-biobank-jineta.yaml @@ -33,6 +33,7 @@ parameters: AccountAdminArns: - "{{stack_group_config.sso_admin_role.arn}}" - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: "https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com" TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/nfri-ctf-nf1-project.yaml b/config/projects-prod/nfri-ctf-nf1-project.yaml index b464653c..c18f2e27 100644 --- a/config/projects-prod/nfri-ctf-nf1-project.yaml +++ b/config/projects-prod/nfri-ctf-nf1-project.yaml @@ -29,6 +29,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/ntap-add5-project.yaml b/config/projects-prod/ntap-add5-project.yaml index 1d9c2554..901c270e 100644 --- a/config/projects-prod/ntap-add5-project.yaml +++ b/config/projects-prod/ntap-add5-project.yaml @@ -14,6 +14,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/ntap-cnf-cell-project.yaml b/config/projects-prod/ntap-cnf-cell-project.yaml index 45a14336..e0515a79 100644 --- a/config/projects-prod/ntap-cnf-cell-project.yaml +++ b/config/projects-prod/ntap-cnf-cell-project.yaml @@ -28,6 +28,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/robert-allaway-project.yaml b/config/projects-prod/robert-allaway-project.yaml index 586c85bc..c82f0b17 100644 --- a/config/projects-prod/robert-allaway-project.yaml +++ b/config/projects-prod/robert-allaway-project.yaml @@ -36,6 +36,7 @@ parameters: AccountAdminArns: - "{{stack_group_config.sso_admin_role.arn}}" - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: "https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com" TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/sophia-jobe-project.yaml b/config/projects-prod/sophia-jobe-project.yaml index bc2acd20..89808aa9 100644 --- a/config/projects-prod/sophia-jobe-project.yaml +++ b/config/projects-prod/sophia-jobe-project.yaml @@ -35,6 +35,7 @@ parameters: AccountAdminArns: - "{{stack_group_config.sso_admin_role.arn}}" - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: "https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com" TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/ucf-dod-nf2-project.yaml b/config/projects-prod/ucf-dod-nf2-project.yaml index bb2084f3..289a7dc1 100644 --- a/config/projects-prod/ucf-dod-nf2-project.yaml +++ b/config/projects-prod/ucf-dod-nf2-project.yaml @@ -29,6 +29,7 @@ parameters: AccountAdminArns: - '{{stack_group_config.sso_admin_role.arn}}' - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: 'https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com' TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn diff --git a/config/projects-prod/verena-chung-project.yaml b/config/projects-prod/verena-chung-project.yaml index 2370e769..8928b380 100644 --- a/config/projects-prod/verena-chung-project.yaml +++ b/config/projects-prod/verena-chung-project.yaml @@ -35,6 +35,7 @@ parameters: AccountAdminArns: - "{{stack_group_config.sso_admin_role.arn}}" - !stack_output_external workflows-nextflow-ci-service-account::ServiceRoleArn + - !stack_output_external github-oidc-nextflow-infra::ProviderRoleArn TemplateRootUrl: "https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com" TowerForgePolicyArn: !stack_output_external nextflow-forge-iam-policy::NextFlowForgePolicyArn TowerLaunchPolicyArn: !stack_output_external nextflow-launch-iam-policy::NextFlowLaunchPolicyArn