SlideShare a Scribd company logo

Managing Github via Terrafom.pdf

M
micharaeck

Managing Github via Terrafom

Presentations & Public Speaking
1 of 47
Download to read offline
MANAGING GITHUB VIA TERRAFOM TO BE COMPLIANT WITH ISO27001 Remove the UI from your On- / Offboarding GitHub Workflow
MICHA(EL) RAECK PRODUCT OWNER DEVSECOPS Developing a platform as a Product tailored for all engineering colleagues. Utilizing Kubernetes to manage cloud-native services within Hyperscalers (AWS mostly). Offering consultancy services for customer projects. Coordination of contractors. • 37 y/o • From Leipzig (working Hybrid) • Owned an Full Service Media Agency for 10 years • Owned a Bar and a Restaurant • Was a Lead Developer and Head of Infrastrcuture at 1337 UGC What we do as a Team? Who am I ?
3 PROBLEM 1
4 1. PROBLEM 800Repos within 12Organizations Different Teams / Teams in Teams / External Users / External Users in Internal Repos ?!
5 1. PROBLEM 1.Complexity in Management: § Managing a variety of GitHub repositories. § Managing a variety of GitHub Organizations. 2.User and Access Management: • Coordinating multiple users, groups, and teams. • Implementing consistent permissions and branch protection rules. 3.Collaboration with External Parties: • Providing guest access to partners and customers. • Ensuring controlled permissions for external users to pull or push to repositories.
6 1. PROBLEM ISO27001:2013 requires: Access Control: Ensuring strict access control in line with ISO 27001 to prevent unauthorized information disclosure or modification. Audit Trails: Implementing comprehensive audit trails for changes and access to repositories and its User Management to meet ISO 27001's monitoring and logging standards. Information Security Policies: Developing and enforcing information security policies that comply with the ISO 27001 framework across all GitHub repositories and teams. 4-Eyes Principle:
7 1. PROBLEM ACCESS CONTROL ONBOARDING / OFFBOARDING What GitHub offers:
8 1. PROBLEM GITHUB AUDIT LOG What GitHub offers:
9 1. PROBLEM Does The GitHub Stuff helps in Order To be compliant to ISO?
10 1. PROBLEM Does The GitHub Stuff helps in Order To be compliant to ISO? Nah, Not really.
11 1. PROBLEM Does The GitHub Stuff helps in Order To be compliant to ISO? Nah, Not really. And the UI is annoying
12 1. PROBLEM Also
13 THE NOT SO BORING PART 2 Utilizing Terraform for Managing GitHub
14 2. SOLVE IT TERRAFORM GITHUB PROVIDER registry.terraform.io/providers/integrations/github/latest/docs • Uses the GitHub API
15 2. SOLVE IT TERRAFORM GITHUB PROVIDER • In Order to have proper rights, and Access Control you should set up an Organization: • https://github.com/orgs/terraform-github-test-orga
16 2. SOLVE IT TERRAFORM GITHUB PROVIDER Assumptions: • Terraform is up and running • You store your state in some Sort of Backend • S3 dynamo DB • Terraform Cloud ? • GH Access Personal Access token is stored in an ENV Variable
17 2. SOLVE IT TERRAFORM GITHUB PROVIDER • Wanna try some code?
18 2. SOLVE IT TERRAFORM GITHUB PROVIDER DEFINE A REPO provider "github" { owner = "terraform-github-test-orga" } # Repo resource "github_repository" "example-repo" { name = "terraform-github-test-repo-devops-meetup-2023" description = "A Repo for the Terraform GitHub Provider Example" visibility = "public" }
19 2. SOLVE IT TERRAFORM GITHUB PROVIDER SETUP A PULL TEAM # Creating a Team with Pull Rights resource "github_team" "pull_team" { name = "Pull Team" description = "A team to READ on Terraform-managed repositories" } # Giving the Team correct Permissions resource "github_team_repository" "team_repo_pull" { team_id = github_team.pull_team.id repository = github_repository.example-repo.name permission = "pull" } # Assigning a Member to the Team resource "github_team_membership" "team_membership_pull" { team_id = github_team.pull_team.id username = “exampleUserOnGitHub" role = "member" }
20 2. SOLVE IT TERRAFORM GITHUB PROVIDER PLANING CREATE AN PR FOR IT ➜ ✗ terrafrom plan
21 2. SOLVE IT TERRAFORM GITHUB PROVIDER PLANING CREATE AN PR FOR IT terraform will perform the following actions: # github_team.pull_team will be created + resource "github_team" "pull_team" { + create_default_maintainer = false + description = "A team to READ on Terraform-managed repositories" … } # github_team_membership.team_membership_pull will be created + resource "github_team_membership" "team_membership_pull" { + etag = (known after apply) + id = (known after apply) + role = "member" + team_id = (known after apply) + username = "mixxor" } # github_team_repository.team_repo_pull will be created + resource "github_team_repository" "team_repo_pull" { + etag = (known after apply) + id = (known after apply) + permission = "pull" + repository = "terraform-github-test-repo-devops-meetup-2023" + team_id = (known after apply) } Plan: 3 to add, 0 to change, 0 to destroy.
22 2. SOLVE IT TERRAFORM GITHUB PROVIDER PLANING CREATE AN PR FOR IT ➜ ✗ git commit –m „chore(YOUR-JIRA-TICKET): Add Max Mustermann“
23 2. SOLVE IT TERRAFORM GITHUB PROVIDER
24 2. SOLVE IT TERRAFORM GITHUB PROVIDER • Let someone else grant this request. • 4 eyes Principle in place. ➜ ✗ terrafrom apply ...
25 2. SOLVE IT TERRAFORM GITHUB PROVIDER Nicely done, now we have a way to create Repos and Teams for all repos we manage / create with terraform!
26 2. SOLVE IT TERRAFORM GITHUB PROVIDER Wait ? Only Repos which are managed via Terraform?
27 2. SOLVE IT TERRAFORM GITHUB PROVIDER Yes! You need to import them!
28 2. SOLVE IT TERRAFORM GITHUB PROVIDER APPLYING # main.tf # define first your existing repo here resource "github_repository" "_devops_meetup" { name = "_devops_meetup" description = "let the Teams care about the Repo" visibility = "private“ #sh ➜ ✗ terraform import github_repository._devops_meetup _devops_meetup ➜ ✗ terraform plan ➜ ✗ terraform apply
29 2. SOLVE IT TERRAFORM GITHUB PROVIDER What can we do now ? • Create / Manage Repos • Create / Manage Teams • Create / Manage Users All this in a declerative Way.
30 2. SOLVE IT TERRAFORM GITHUB PROVIDER This is ISO Compliant, as it will follow the Guidelines: Access Control: WE define who has Access to our Repo which manages the GH Orgas Audit Trails: WE will use the GH built-in Stuff for Changes, but use our GH Repo for all other Stuff Information Security Policies: Process is comprehensible and you can explain and show it to an Auditor NO UI ClickOps. 4-Eyes Principle: In Place via PR.
31 2. SOLVE IT TERRAFORM GITHUB PROVIDER That‘s all?
32 2. SOLVE IT TERRAFORM GITHUB PROVIDER That‘s all? Wait, there is more.
33 2. SOLVE IT TERRAFORM GITHUB PROVIDER The state of your Repo is save, right?
34 2. SOLVE IT TERRAFORM GITHUB PROVIDER The state of your Repo is save, right? Somewhere at Terraform Cloud or AWS ?
35 2. SOLVE IT TERRAFORM GITHUB PROVIDER The state of your Repo is save, right? Somewhere at Terraform Cloud or AWS ! Sure, but your doing State changes locally after the approval of the PR ?
36 2. SOLVE IT TERRAFORM GITHUB PROVIDER
37 2. SOLVE IT TERRAFORM GITHUB PROVIDER
38 2. SOLVE IT TERRAFORM GITHUB PROVIDER Enhancing Terraform Infrastructure Management with Atlantis • Integrate terraform plan / apply output into Pull Requests • informed decision-making during reviews • Works with all sorts of Providers • AWS • GCP • GitHub • GitLab • BitBucket • …
39 2. SOLVE IT TERRAFORM GITHUB PROVIDER How does Atlantis work ?
40 2. SOLVE IT TERRAFORM GITHUB PROVIDER Error!!!
41 2. SOLVE IT TERRAFORM GITHUB PROVIDER Error!!!
42 2. SOLVE IT TERRAFORM GITHUB PROVIDER It works!!!1111einseins Automatic Planing
43 2. SOLVE IT TERRAFORM GITHUB PROVIDER It works!!!1111einseins Automatic Planing
44 2. SOLVE IT TERRAFORM GITHUB PROVIDER Get your PR approved ! • Atlantis also Supports Slack Notifications Now, APPLY! And Merge.
45 2. SOLVE IT TERRAFORM GITHUB PROVIDER Your done J • You can improve this workflow even more • Atlantis represents a significant improvement in establishing reliable audit control and governance over Infrastructure as Code (IaC). • This process supports your ISO Certification and helps to convince auditors of the robust measures you have taken.
46 3. QUESTIONS Any Questions ?
THANK YOU

Recommended

Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Haggai Philip Zagury
 
SHIFT LEFT WITH DEVSECOPS
SHIFT LEFT WITH DEVSECOPSSHIFT LEFT WITH DEVSECOPS
SHIFT LEFT WITH DEVSECOPSNETUserGroupBern
 
Gerrit Code Review: how to script a plugin with Scala and Groovy
Gerrit Code Review: how to script a plugin with Scala and GroovyGerrit Code Review: how to script a plugin with Scala and Groovy
Gerrit Code Review: how to script a plugin with Scala and GroovyLuca Milanesio
 
Speeding up your team with GitOps
Speeding up your team with GitOpsSpeeding up your team with GitOps
Speeding up your team with GitOpsBrice Fernandes
 
Enterprise git
Enterprise gitEnterprise git
Enterprise gitPedro Melo
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWeaveworks
 
Diffy gets enterprise grade
Diffy gets enterprise gradeDiffy gets enterprise grade
Diffy gets enterprise gradeEryk Szymanski
 
Gitops Hands On
Gitops Hands OnGitops Hands On
Gitops Hands OnBrice Fernandes
 

Recommended

Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Haggai Philip Zagury
 
SHIFT LEFT WITH DEVSECOPS
SHIFT LEFT WITH DEVSECOPSSHIFT LEFT WITH DEVSECOPS
SHIFT LEFT WITH DEVSECOPSNETUserGroupBern
 
Gerrit Code Review: how to script a plugin with Scala and Groovy
Gerrit Code Review: how to script a plugin with Scala and GroovyGerrit Code Review: how to script a plugin with Scala and Groovy
Gerrit Code Review: how to script a plugin with Scala and GroovyLuca Milanesio
 
Speeding up your team with GitOps
Speeding up your team with GitOpsSpeeding up your team with GitOps
Speeding up your team with GitOpsBrice Fernandes
 
Enterprise git
Enterprise gitEnterprise git
Enterprise gitPedro Melo
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWeaveworks
 
Diffy gets enterprise grade
Diffy gets enterprise gradeDiffy gets enterprise grade
Diffy gets enterprise gradeEryk Szymanski
 
Gitops Hands On
Gitops Hands OnGitops Hands On
Gitops Hands OnBrice Fernandes
 
Git Basics
Git BasicsGit Basics
Git BasicsRyan Condron
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyJérémy Wimsingues
 
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)Mark Hamstra
 
Delivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOpsDelivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOpsWeaveworks
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
 
Introduction to GitHub, Open Source and Tech Article
Introduction to GitHub, Open Source and Tech ArticleIntroduction to GitHub, Open Source and Tech Article
Introduction to GitHub, Open Source and Tech ArticlePRIYATHAMDARISI
 
DevOps - Interview Question.pdf
DevOps - Interview Question.pdfDevOps - Interview Question.pdf
DevOps - Interview Question.pdfMinhTrnNht7
 
Don't Let Git Get Your Goat!
Don't Let Git Get Your Goat!Don't Let Git Get Your Goat!
Don't Let Git Get Your Goat!CollabNet
 
Icinga Camp New York 2018 - Icinga2bot
Icinga Camp New York 2018 - Icinga2botIcinga Camp New York 2018 - Icinga2bot
Icinga Camp New York 2018 - Icinga2botIcinga
 
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...Edureka!
 
[2020 git lab commit] continuous infrastructure
[2020 git lab commit] continuous infrastructure[2020 git lab commit] continuous infrastructure
[2020 git lab commit] continuous infrastructureRodrigo Stefani Domingues
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWeaveworks
 
Leveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioningLeveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioningEvans Ye
 
Leveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioningLeveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioningDataWorks Summit
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
 
Open up your platform with Open Source and GitHub
Open up your platform with Open Source and GitHubOpen up your platform with Open Source and GitHub
Open up your platform with Open Source and GitHubScott Graham
 
Github basics
Github basicsGithub basics
Github basicsRadoslav Georgiev
 
Intro to Git for Drupal 7
Intro to Git for Drupal 7Intro to Git for Drupal 7
Intro to Git for Drupal 7Chris Caple
 
La importancia de versionar el código: GitHub, portafolio y recursos para est...
La importancia de versionar el código: GitHub, portafolio y recursos para est...La importancia de versionar el código: GitHub, portafolio y recursos para est...
La importancia de versionar el código: GitHub, portafolio y recursos para est...CloudNativeElSalvado
 
Terraform GitOps on Codefresh
Terraform GitOps on CodefreshTerraform GitOps on Codefresh
Terraform GitOps on CodefreshCodefresh
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 

More Related Content

Similar to Managing Github via Terrafom.pdf

Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyJérémy Wimsingues
 
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)Mark Hamstra
 
Delivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOpsDelivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOpsWeaveworks
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
 
Introduction to GitHub, Open Source and Tech Article
Introduction to GitHub, Open Source and Tech ArticleIntroduction to GitHub, Open Source and Tech Article
Introduction to GitHub, Open Source and Tech ArticlePRIYATHAMDARISI
 
DevOps - Interview Question.pdf
DevOps - Interview Question.pdfDevOps - Interview Question.pdf
DevOps - Interview Question.pdfMinhTrnNht7
 
Don't Let Git Get Your Goat!
Don't Let Git Get Your Goat!Don't Let Git Get Your Goat!
Don't Let Git Get Your Goat!CollabNet
 
Icinga Camp New York 2018 - Icinga2bot
Icinga Camp New York 2018 - Icinga2botIcinga Camp New York 2018 - Icinga2bot
Icinga Camp New York 2018 - Icinga2botIcinga
 
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...Edureka!
 
[2020 git lab commit] continuous infrastructure
[2020 git lab commit] continuous infrastructure[2020 git lab commit] continuous infrastructure
[2020 git lab commit] continuous infrastructureRodrigo Stefani Domingues
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWeaveworks
 
Leveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioningLeveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioningEvans Ye
 
Leveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioningLeveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioningDataWorks Summit
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
 
Open up your platform with Open Source and GitHub
Open up your platform with Open Source and GitHubOpen up your platform with Open Source and GitHub
Open up your platform with Open Source and GitHubScott Graham
 
Intro to Git for Drupal 7
Intro to Git for Drupal 7Intro to Git for Drupal 7
Intro to Git for Drupal 7Chris Caple
 
La importancia de versionar el código: GitHub, portafolio y recursos para est...
La importancia de versionar el código: GitHub, portafolio y recursos para est...La importancia de versionar el código: GitHub, portafolio y recursos para est...
La importancia de versionar el código: GitHub, portafolio y recursos para est...CloudNativeElSalvado
 
Terraform GitOps on Codefresh
Terraform GitOps on CodefreshTerraform GitOps on Codefresh
Terraform GitOps on CodefreshCodefresh
 

Similar to Managing Github via Terrafom.pdf (20)

Git Basics
Git BasicsGit Basics
Git Basics
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
 
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
 
Delivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOpsDelivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOps
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
 
Introduction to GitHub, Open Source and Tech Article
Introduction to GitHub, Open Source and Tech ArticleIntroduction to GitHub, Open Source and Tech Article
Introduction to GitHub, Open Source and Tech Article
 
DevOps - Interview Question.pdf
DevOps - Interview Question.pdfDevOps - Interview Question.pdf
DevOps - Interview Question.pdf
 
Don't Let Git Get Your Goat!
Don't Let Git Get Your Goat!Don't Let Git Get Your Goat!
Don't Let Git Get Your Goat!
 
Icinga Camp New York 2018 - Icinga2bot
Icinga Camp New York 2018 - Icinga2botIcinga Camp New York 2018 - Icinga2bot
Icinga Camp New York 2018 - Icinga2bot
 
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
 
[2020 git lab commit] continuous infrastructure
[2020 git lab commit] continuous infrastructure[2020 git lab commit] continuous infrastructure
[2020 git lab commit] continuous infrastructure
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
 
Leveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioningLeveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioning
 
Leveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioningLeveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioning
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
 
Open up your platform with Open Source and GitHub
Open up your platform with Open Source and GitHubOpen up your platform with Open Source and GitHub
Open up your platform with Open Source and GitHub
 
Github basics
Github basicsGithub basics
Github basics
 
Intro to Git for Drupal 7
Intro to Git for Drupal 7Intro to Git for Drupal 7
Intro to Git for Drupal 7
 
La importancia de versionar el código: GitHub, portafolio y recursos para est...
La importancia de versionar el código: GitHub, portafolio y recursos para est...La importancia de versionar el código: GitHub, portafolio y recursos para est...
La importancia de versionar el código: GitHub, portafolio y recursos para est...
 
Terraform GitOps on Codefresh
Terraform GitOps on CodefreshTerraform GitOps on Codefresh
Terraform GitOps on Codefresh
 

Recently uploaded

OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸mathanramanathan2005
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)Basil Achie
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxJohnree4
 
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...marjmae69
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationNathan Young
 

Recently uploaded (20)

OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptx
 
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism Presentation
 

Managing Github via Terrafom.pdf

  • 1. MANAGING GITHUB VIA TERRAFOM TO BE COMPLIANT WITH ISO27001 Remove the UI from your On- / Offboarding GitHub Workflow
  • 2. MICHA(EL) RAECK PRODUCT OWNER DEVSECOPS Developing a platform as a Product tailored for all engineering colleagues. Utilizing Kubernetes to manage cloud-native services within Hyperscalers (AWS mostly). Offering consultancy services for customer projects. Coordination of contractors. • 37 y/o • From Leipzig (working Hybrid) • Owned an Full Service Media Agency for 10 years • Owned a Bar and a Restaurant • Was a Lead Developer and Head of Infrastrcuture at 1337 UGC What we do as a Team? Who am I ?
  • 4. 4 1. PROBLEM 800Repos within 12Organizations Different Teams / Teams in Teams / External Users / External Users in Internal Repos ?!
  • 5. 5 1. PROBLEM 1.Complexity in Management: § Managing a variety of GitHub repositories. § Managing a variety of GitHub Organizations. 2.User and Access Management: • Coordinating multiple users, groups, and teams. • Implementing consistent permissions and branch protection rules. 3.Collaboration with External Parties: • Providing guest access to partners and customers. • Ensuring controlled permissions for external users to pull or push to repositories.
  • 6. 6 1. PROBLEM ISO27001:2013 requires: Access Control: Ensuring strict access control in line with ISO 27001 to prevent unauthorized information disclosure or modification. Audit Trails: Implementing comprehensive audit trails for changes and access to repositories and its User Management to meet ISO 27001's monitoring and logging standards. Information Security Policies: Developing and enforcing information security policies that comply with the ISO 27001 framework across all GitHub repositories and teams. 4-Eyes Principle:
  • 7. 7 1. PROBLEM ACCESS CONTROL ONBOARDING / OFFBOARDING What GitHub offers:
  • 8. 8 1. PROBLEM GITHUB AUDIT LOG What GitHub offers:
  • 9. 9 1. PROBLEM Does The GitHub Stuff helps in Order To be compliant to ISO?
  • 10. 10 1. PROBLEM Does The GitHub Stuff helps in Order To be compliant to ISO? Nah, Not really.
  • 11. 11 1. PROBLEM Does The GitHub Stuff helps in Order To be compliant to ISO? Nah, Not really. And the UI is annoying
  • 13. 13 THE NOT SO BORING PART 2 Utilizing Terraform for Managing GitHub
  • 14. 14 2. SOLVE IT TERRAFORM GITHUB PROVIDER registry.terraform.io/providers/integrations/github/latest/docs • Uses the GitHub API
  • 15. 15 2. SOLVE IT TERRAFORM GITHUB PROVIDER • In Order to have proper rights, and Access Control you should set up an Organization: • https://github.com/orgs/terraform-github-test-orga
  • 16. 16 2. SOLVE IT TERRAFORM GITHUB PROVIDER Assumptions: • Terraform is up and running • You store your state in some Sort of Backend • S3 dynamo DB • Terraform Cloud ? • GH Access Personal Access token is stored in an ENV Variable
  • 17. 17 2. SOLVE IT TERRAFORM GITHUB PROVIDER • Wanna try some code?
  • 18. 18 2. SOLVE IT TERRAFORM GITHUB PROVIDER DEFINE A REPO provider "github" { owner = "terraform-github-test-orga" } # Repo resource "github_repository" "example-repo" { name = "terraform-github-test-repo-devops-meetup-2023" description = "A Repo for the Terraform GitHub Provider Example" visibility = "public" }
  • 19. 19 2. SOLVE IT TERRAFORM GITHUB PROVIDER SETUP A PULL TEAM # Creating a Team with Pull Rights resource "github_team" "pull_team" { name = "Pull Team" description = "A team to READ on Terraform-managed repositories" } # Giving the Team correct Permissions resource "github_team_repository" "team_repo_pull" { team_id = github_team.pull_team.id repository = github_repository.example-repo.name permission = "pull" } # Assigning a Member to the Team resource "github_team_membership" "team_membership_pull" { team_id = github_team.pull_team.id username = “exampleUserOnGitHub" role = "member" }
  • 20. 20 2. SOLVE IT TERRAFORM GITHUB PROVIDER PLANING CREATE AN PR FOR IT ➜ ✗ terrafrom plan
  • 21. 21 2. SOLVE IT TERRAFORM GITHUB PROVIDER PLANING CREATE AN PR FOR IT terraform will perform the following actions: # github_team.pull_team will be created + resource "github_team" "pull_team" { + create_default_maintainer = false + description = "A team to READ on Terraform-managed repositories" … } # github_team_membership.team_membership_pull will be created + resource "github_team_membership" "team_membership_pull" { + etag = (known after apply) + id = (known after apply) + role = "member" + team_id = (known after apply) + username = "mixxor" } # github_team_repository.team_repo_pull will be created + resource "github_team_repository" "team_repo_pull" { + etag = (known after apply) + id = (known after apply) + permission = "pull" + repository = "terraform-github-test-repo-devops-meetup-2023" + team_id = (known after apply) } Plan: 3 to add, 0 to change, 0 to destroy.
  • 22. 22 2. SOLVE IT TERRAFORM GITHUB PROVIDER PLANING CREATE AN PR FOR IT ➜ ✗ git commit –m „chore(YOUR-JIRA-TICKET): Add Max Mustermann“
  • 24. 24 2. SOLVE IT TERRAFORM GITHUB PROVIDER • Let someone else grant this request. • 4 eyes Principle in place. ➜ ✗ terrafrom apply ...
  • 25. 25 2. SOLVE IT TERRAFORM GITHUB PROVIDER Nicely done, now we have a way to create Repos and Teams for all repos we manage / create with terraform!
  • 26. 26 2. SOLVE IT TERRAFORM GITHUB PROVIDER Wait ? Only Repos which are managed via Terraform?
  • 27. 27 2. SOLVE IT TERRAFORM GITHUB PROVIDER Yes! You need to import them!
  • 28. 28 2. SOLVE IT TERRAFORM GITHUB PROVIDER APPLYING # main.tf # define first your existing repo here resource "github_repository" "_devops_meetup" { name = "_devops_meetup" description = "let the Teams care about the Repo" visibility = "private“ #sh ➜ ✗ terraform import github_repository._devops_meetup _devops_meetup ➜ ✗ terraform plan ➜ ✗ terraform apply
  • 29. 29 2. SOLVE IT TERRAFORM GITHUB PROVIDER What can we do now ? • Create / Manage Repos • Create / Manage Teams • Create / Manage Users All this in a declerative Way.
  • 30. 30 2. SOLVE IT TERRAFORM GITHUB PROVIDER This is ISO Compliant, as it will follow the Guidelines: Access Control: WE define who has Access to our Repo which manages the GH Orgas Audit Trails: WE will use the GH built-in Stuff for Changes, but use our GH Repo for all other Stuff Information Security Policies: Process is comprehensible and you can explain and show it to an Auditor NO UI ClickOps. 4-Eyes Principle: In Place via PR.
  • 31. 31 2. SOLVE IT TERRAFORM GITHUB PROVIDER That‘s all?
  • 32. 32 2. SOLVE IT TERRAFORM GITHUB PROVIDER That‘s all? Wait, there is more.
  • 33. 33 2. SOLVE IT TERRAFORM GITHUB PROVIDER The state of your Repo is save, right?
  • 34. 34 2. SOLVE IT TERRAFORM GITHUB PROVIDER The state of your Repo is save, right? Somewhere at Terraform Cloud or AWS ?
  • 35. 35 2. SOLVE IT TERRAFORM GITHUB PROVIDER The state of your Repo is save, right? Somewhere at Terraform Cloud or AWS ! Sure, but your doing State changes locally after the approval of the PR ?
  • 38. 38 2. SOLVE IT TERRAFORM GITHUB PROVIDER Enhancing Terraform Infrastructure Management with Atlantis • Integrate terraform plan / apply output into Pull Requests • informed decision-making during reviews • Works with all sorts of Providers • AWS • GCP • GitHub • GitLab • BitBucket • …
  • 39. 39 2. SOLVE IT TERRAFORM GITHUB PROVIDER How does Atlantis work ?
  • 40. 40 2. SOLVE IT TERRAFORM GITHUB PROVIDER Error!!!
  • 41. 41 2. SOLVE IT TERRAFORM GITHUB PROVIDER Error!!!
  • 42. 42 2. SOLVE IT TERRAFORM GITHUB PROVIDER It works!!!1111einseins Automatic Planing
  • 43. 43 2. SOLVE IT TERRAFORM GITHUB PROVIDER It works!!!1111einseins Automatic Planing
  • 44. 44 2. SOLVE IT TERRAFORM GITHUB PROVIDER Get your PR approved ! • Atlantis also Supports Slack Notifications Now, APPLY! And Merge.
  • 45. 45 2. SOLVE IT TERRAFORM GITHUB PROVIDER Your done J • You can improve this workflow even more • Atlantis represents a significant improvement in establishing reliable audit control and governance over Infrastructure as Code (IaC). • This process supports your ISO Certification and helps to convince auditors of the robust measures you have taken.