Page MenuHomePhabricator
Differential D14404

[scripts] Script to reset keyserver owner in DDB
ClosedPublic
Actions

Authored by bartek on Feb 25 2025, 12:57 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Apr 4, 7:59 AM
Unknown Object (File)
Thu, Apr 3, 3:43 PM
Unknown Object (File)
Thu, Apr 3, 3:37 PM
Unknown Object (File)
Wed, Apr 2, 6:43 AM
Unknown Object (File)
Wed, Apr 2, 1:20 AM
Unknown Object (File)
Tue, Apr 1, 11:07 PM
Unknown Object (File)
Tue, Apr 1, 10:30 PM
Unknown Object (File)
Tue, Apr 1, 5:38 AM
View All 49 Files
Subscribers
None

Details

Reviewers
ashoat
tomek
kamil
Commits
rCOMM20e275c76839: [scripts] Script to reset keyserver owner in DDB
Summary

Address ENG-10243.
The script:

  • Uses Terraform account to log in
  • Assumes IAM role on prod account
  • Performs DDB actions on target account, they're described in bottom part of this comment.

Depends on D14403

Test Plan

Made a copy of the target account DDB rows, with different userID. Ran the script and verified in AWS Console that all actions were successful

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

bartek created this revision.Feb 25 2025, 12:57 AM
bartek held this revision as a draft.
bartek published this revision for review.Feb 25 2025, 1:15 AM
bartek added inline comments.
scripts/aws-reset-keyserver-owner.sh
12–16 ↗(On Diff #47241)

Not sure if we need this check

18–22 ↗(On Diff #47241)

Nix environment sets these values, and AWS errors are sometimes misleading because of them, so added a clearer message

26–27 ↗(On Diff #47241)

I didn't want to publish the full value here

48–57 ↗(On Diff #47241)

Alternatively, these could be merged

111–117 ↗(On Diff #47241)

Reading https://stackoverflow.com/a/1885534 - perhaps I should use the first form (non-negated) because it's safer, at the cost of nesting

Harbormaster completed remote builds in B33620: Diff 47241.Feb 25 2025, 2:32 AM
ashoat added inline comments.Feb 25 2025, 7:49 AM
scripts/aws-reset-keyserver-owner.sh
12–16 ↗(On Diff #47241)

Is it in the Nix environment?

57 ↗(On Diff #47241)

During review, we found that we needed to add export AWS_REGION="us-east-2" here

ashoat accepted this revision.Feb 25 2025, 7:59 AM
ashoat added inline comments.
scripts/aws-reset-keyserver-owner.sh
12–16 ↗(On Diff #47241)

Sorry, missed the parent diff. Up to you, but probably fine to remove

This revision is now accepted and ready to land.Feb 25 2025, 7:59 AM
bartek updated this revision to Diff 47273.Feb 25 2025, 8:10 AM

Add AWS_REGION export, remove check for jq being installed

Harbormaster completed remote builds in B33631: Diff 47273.Feb 25 2025, 8:33 AM
bartek updated this revision to Diff 47286.Feb 27 2025, 1:56 AM

Invert confirmation prompt logic to make script more error-proof

bartek added inline comments.Feb 27 2025, 1:57 AM
scripts/aws-reset-keyserver-owner.sh
48–57 ↗(On Diff #47241)

Merging these causes Shellcheck to complain. It suggests separating them again

This revision was landed with ongoing or failed builds.Feb 27 2025, 2:25 AM
Closed by commit rCOMM20e275c76839: [scripts] Script to reset keyserver owner in DDB (authored by bartek). · Explain Why
This revision was automatically updated to reflect the committed changes.
bartek added a commit: rCOMM20e275c76839: [scripts] Script to reset keyserver owner in DDB.

Revision Contents
Changeset List

PathSize
scripts/
126 lines

Diff 47273

View Options

scripts/aws-reset-keyserver-owner.sh

Loading...