Fix the tf wrapper script – c6978c3 – scripts

Fix the `tf` wrapper script

ID

c6978c3

date

2023-11-30 09:47:26+00:00

author

Alex Chan <alex@alexwlchan.net>

parent

adf5d2b

message

Fix the `tf` wrapper script

changed files

2 files, 2 additions, 32 deletions

aws/README.md
terraform/tf

Changed files

aws/README.md (5469) → aws/README.md (4275)

diff --git a/aws/README.md b/aws/README.md
index 5b91958..b063774 100644
--- a/aws/README.md
+++ b/aws/README.md
@@ -97,19 +97,3 @@ Some of the scripts require me to explicitly pick an IAM profile or account; oth
 
 *   The `download_sqs_messages` script looks at an individual queue, and takes a queue URL as argument.
     SQS queue URLs include the account ID, so it can pick a suitable IAM role for that account.
-
-## _ensure_aws_credentials_are_fresh
-
-At Wellcome, we don't have permanent AWS credentials on our local machines – instead, we use [aws-azure-login] to get short-lived credentials that last a few hours.
-This is meant to reduce the risk profile of lost secrets; e.g. if a laptop is stolen, it's less likely to have useful AWS credentials than if we all had long-lived, permanent credentials.
-(See our [platform-infrastructure docs][pi-docs].)
-
-It's moderately frustrating to run a command, be told "your credentials have expired, go get some new ones", and have to do that before running the same command again – so the `_ensure_aws_credentials_are_fresh` does that freshness check for me.
-
-If it detects my AWS credentials are out-of-date, it proactively fetches a new set of credentials and then runs the original command I was trying to run.
-This makes everything run a little smoother.
-
-I never invoke this script directly, but it is invoked by a bunch of my other tools to get this nice behaviour.
-
-[aws-azure-login]: https://github.com/aws-azure-login/aws-azure-login
-[pi-docs]: https://github.com/wellcomecollection/platform-infrastructure/blob/main/accounts/docs/cli-credentials.md

terraform/tf (562) → terraform/tf (110)

diff --git a/terraform/tf b/terraform/tf
index 9adc777..3ecc3db 100755
--- a/terraform/tf
+++ b/terraform/tf
@@ -1,18 +1,4 @@
 #!/usr/bin/env bash
-# In some of the Wellcome Terraform projects, we invoke Terraform via
-# a wrapper script.  This fetches extra credentials from Secrets Manager,
-# e.g. our Auth0 API tokens, and passes them to Terraform as env vars.
-#
-# This script does the boring work of checking whether a project uses
-# a wrapper script, or whether to invoke Terraform directly.
-#
-# All arguments are then passed to the underlying `terraform` command.
+# A shortcut because I'm too lazy to type all the letters of "terraform".
 
-_ensure_aws_credentials_are_fresh
-
-if [[ -f run_terraform.sh ]]
-then
-  ./run_terraform.sh "$@"
-else
-  terraform "$@"
-fi
+terraform "$@"