terraform: Hoist aws_profile into the terraform Kconfig

chucklever · chucklever · commit 447b2ca0ac70 · 2025-01-18T09:24:34.000-05:00
Enable automation to select among several AWS profiles by storing
the AWS profile name in the kdevops Kconfig.

This allows each test runner to use a distinct IAM user. This is a
way to parallelize the workflows.

Reviewed-by: Luis Chamberlain &lt;mcgrof@kernel.org&gt;
Signed-off-by: Chuck Lever &lt;chuck.lever@oracle.com&gt;
diff --git a/docs/kdevops-terraform.md b/docs/kdevops-terraform.md
@@ -238,10 +238,10 @@ aws_access_key_id = SOME_ACCESS_KEY
 aws_secret_access_key = SECRET_KEY
 ```
 
-The profile above is "default", and you can multiple profiles. By default
-our Terraform's AWS vars.tf assumes ~/.aws/credentials as the default
-credentials location, and the profile as "default". If this is different
-for you, you can override with the variables:
+The profile above is "default", and you can have multiple profiles. By
+default our Terraform's AWS vars.tf assumes ~/.aws/credentials as the
+default credentials location, and the profile as "default". If this is
+different for you, you can override with the variables:
 
 ```
 aws_shared_credentials_file
diff --git a/playbooks/roles/gen_tfvars/defaults/main.yml b/playbooks/roles/gen_tfvars/defaults/main.yml
@@ -17,6 +17,7 @@ terraform_private_net_enabled: "false"
 terraform_private_net_prefix: ""
 terraform_private_net_mask: 0
 
+terraform_aws_profile: "default"
 terraform_aws_region: "invalid"
 terraform_aws_av_region: "invalid"
 terraform_aws_ami_owner: "invalid"
diff --git a/playbooks/roles/gen_tfvars/templates/aws/terraform.tfvars.j2 b/playbooks/roles/gen_tfvars/templates/aws/terraform.tfvars.j2
@@ -1,3 +1,4 @@
+aws_profile = "{{ terraform_aws_profile }}"
 aws_region = "{{ terraform_aws_region }}"
 aws_availability_region = "{{ terraform_aws_av_region }}"
 aws_name_search = "{{ terraform_aws_ns }}"
diff --git a/scripts/terraform.Makefile b/scripts/terraform.Makefile
@@ -46,6 +46,7 @@ KDEVOPS_MRPROPER += $(KDEVOPS_NODES)
 DEFAULT_DEPS_REQS_EXTRA_VARS += $(KDEVOPS_TFVARS)
 
 ifeq (y,$(CONFIG_TERRAFORM_AWS))
+TERRAFORM_EXTRA_VARS += terraform_aws_profile=$(subst ",,$(CONFIG_TERRAFORM_AWS_PROFILE))
 TERRAFORM_EXTRA_VARS += terraform_aws_region=$(subst ",,$(CONFIG_TERRAFORM_AWS_REGION))
 TERRAFORM_EXTRA_VARS += terraform_aws_av_region=$(subst ",,$(CONFIG_TERRAFORM_AWS_AV_REGION))
 TERRAFORM_EXTRA_VARS += terraform_aws_ami_owner=$(subst ",,$(CONFIG_TERRAFORM_AWS_AMI_OWNER))
diff --git a/terraform/aws/Kconfig b/terraform/aws/Kconfig
@@ -1,5 +1,23 @@
 if TERRAFORM_AWS
 
+config TERRAFORM_AWS_PROFILE
+	prompt "AWS profile to use"
+	string
+	default "default"
+	help
+	  This option sets the value of the Terraform aws_profile
+	  variable. The AWS profile specifies an IAM user and secret
+	  key that Terraform uses to authenticate to AWS.
+
+	  AWS profiles are set up in ~/.aws/credentials using the
+	  "aws configure" command. You may also edit this file by
+	  hand, if you're daring.
+
+	  The default value of this Kconfig option selects the
+	  "default" profile, which is fine when using only a single
+	  AWS profile. Change the value of this option to select an
+	  alternate profile / login credentials.
+
 choice
 	prompt "AWS region to use"
 	default TERRAFORM_AWS_US_WEST_2

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+aws_profile = "{{ terraform_aws_profile }}"`
`1`	`2`	`aws_region = "{{ terraform_aws_region }}"`
`2`	`3`	`aws_availability_region = "{{ terraform_aws_av_region }}"`
`3`	`4`	`aws_name_search = "{{ terraform_aws_ns }}"`