This UUID stays the same even if a user submits the form multiple
times (unless they edit it manually in local storage, of course).
Change-Id: I4190fbfeb1027ce8a8d87bc283099539e8722b39
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8733
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Note that there doesn't seem to be a TF resource type for the IAM
binding between the bucket and the service account itself (other than
applying to all buckets in the folder, which I don't want).
For this reason I've added the `storage.uploader` IAM binding to the
`rih-backend` service account *on the bucket* manually.
Change-Id: I9fb06c7857e61dc642d9ea0d89159a0e343dc984
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8728
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Doesn't actually have bucket serving or access configuration yet, one
step at a time!
Change-Id: I0ce9b3b077252395bd807fad44cbdca40cdeac49
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8649
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Sets up a virtual machine image that is bootable on Yandex Cloud.
There are some slightly wonky behaviours still, like cloud-init
apparently putting all keys into root's authorized_keys no matter what
is specified in the metadata, but it does work now.
Change-Id: I57dcb7fcfa6872a28855dc1347f73a6db3c56828
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8496
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
This was a bit trickier than I anticipated, because there's no good
ways to avoid passing the credentials around manually.
What's basically happening now is that the credentials for the state
bucket are checked in (encrypted), and sourcing `creds.fish` uses the
cloud HSM to decrypt and load them into the environment.
Change-Id: I3f5ce1c9bd9d5efbf1013414f94771a09ea3a488
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8494
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Doesn't actually contain any configuration yet, just setting up TF
with the right providers and so on.
Change-Id: Ia7128dd977b4ff69eebaa36c6cad6ac104cafcdb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8492
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
