Skip to content

Commit

Permalink
refactor to use paths at the edges
Browse files Browse the repository at this point in the history
  • Loading branch information
@kukushking
kukushking committed Feb 9, 2025
1 parent 25d2bae commit f0cfcd4
Show file tree
Hide file tree
Showing 10 changed files with 51 additions and 46 deletions.
8 changes: 4 additions & 4 deletions seedfarmer/__main__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ def version() -> None:
)
@click.option(
"--role-prefix",
default="/",
default=None,
help="""An IAM path prefix to use with the seedfarmer roles.
Use only if bootstrapped with this path""",
required=False,
Expand Down Expand Up @@ -136,7 +136,7 @@ def apply(
profile: Optional[str],
region: Optional[str],
qualifier: Optional[str],
role_prefix: str,
role_prefix: Optional[str],
env_files: List[str],
debug: bool,
dry_run: bool,
Expand Down Expand Up @@ -211,7 +211,7 @@ def apply(
)
@click.option(
"--role-prefix",
default="/",
default=None,
help="""An IAM path prefix to use with the seedfarmer roles.
Use only if bootstrapped with this path""",
required=False,
Expand Down Expand Up @@ -264,7 +264,7 @@ def destroy(
profile: Optional[str],
region: Optional[str],
qualifier: Optional[str],
role_prefix: str,
role_prefix: Optional[str],
env_files: List[str],
debug: bool,
enable_session_timeout: bool,
Expand Down
12 changes: 6 additions & 6 deletions seedfarmer/cli_groups/_bootstrap_group.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,13 +103,13 @@ def bootstrap() -> None:
)
@click.option(
"--role-prefix",
default="/",
default=None,
help="An IAM path prefix to use with the seedfarmer roles.",
required=False,
)
@click.option(
"--policy-prefix",
default="/",
default=None,
help="An IAM path prefix to use with the seedfarmer policies.",
required=False,
)
Expand All @@ -133,8 +133,8 @@ def bootstrap_toolchain(
profile: Optional[str],
region: Optional[str],
qualifier: Optional[str],
role_prefix: str,
policy_prefix: str,
role_prefix: Optional[str],
policy_prefix: Optional[str],
as_target: bool,
synth: bool,
debug: bool,
Expand Down Expand Up @@ -215,7 +215,7 @@ def bootstrap_toolchain(
)
@click.option(
"--role-prefix",
default="/",
default=None,
help="An IAM path prefix to use with the seedfarmer roles.",
required=False,
)
Expand All @@ -237,7 +237,7 @@ def bootstrap_target(
profile: Optional[str],
region: Optional[str],
qualifier: Optional[str],
role_prefix: str,
role_prefix: Optional[str],
synth: bool,
debug: bool,
) -> None:
Expand Down
21 changes: 12 additions & 9 deletions seedfarmer/commands/_bootstrap_commands.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ def get_toolchain_template(
principal_arn: List[str],
role_name: str,
permissions_boundary_arn: Optional[str] = None,
role_prefix: str = "/",
role_prefix: Optional[str] = None,
) -> Dict[Any, Any]:
with open((os.path.join(CLI_ROOT, "resources/toolchain_role.template")), "r") as f:
role = yaml.safe_load(f)
Expand All @@ -49,6 +49,7 @@ def get_toolchain_template(
] = principal_arn
if permissions_boundary_arn:
role["Resources"]["ToolchainRole"]["Properties"]["PermissionsBoundary"] = permissions_boundary_arn
role_prefix = role_prefix if role_prefix else "/"
template = Template(json.dumps(role))
t = template.render(
{
Expand All @@ -67,15 +68,17 @@ def get_deployment_template(
role_name: str,
policy_arns: Optional[List[str]],
permissions_boundary_arn: Optional[str] = None,
role_prefix: str = "/",
policy_prefix: str = "/",
role_prefix: Optional[str] = None,
policy_prefix: Optional[str] = None,
) -> Dict[Any, Any]:
with open((os.path.join(CLI_ROOT, "resources/deployment_role.template")), "r") as f:
role = yaml.safe_load(f)
if permissions_boundary_arn:
role["Resources"]["DeploymentRole"]["Properties"]["PermissionsBoundary"] = permissions_boundary_arn
if policy_arns:
role["Resources"]["DeploymentRole"]["Properties"]["ManagedPolicyArns"] = policy_arns
role_prefix = role_prefix if role_prefix else "/"
policy_prefix = policy_prefix if policy_prefix else "/"
template = Template(json.dumps(role))
t = template.render(
{
Expand All @@ -101,8 +104,8 @@ def bootstrap_toolchain_account(
permissions_boundary_arn: Optional[str] = None,
policy_arns: Optional[List[str]] = None,
qualifier: Optional[str] = None,
role_prefix: str = "/",
policy_prefix: str = "/",
role_prefix: Optional[str] = None,
policy_prefix: Optional[str] = None,
profile: Optional[str] = None,
region_name: Optional[str] = None,
synthesize: bool = False,
Expand All @@ -126,7 +129,7 @@ def bootstrap_toolchain_account(
_logger.debug((json.dumps(template, indent=4)))
if not synthesize:
session = create_new_session(profile=profile, region_name=region_name)
session_account_id, session_role_arn, partition = get_sts_identity_info(session=session)
session_account_id, _, _ = get_sts_identity_info(session=session)
apply_deploy_logic(
template=template,
role_name=role_stack_name,
Expand Down Expand Up @@ -169,8 +172,8 @@ def bootstrap_target_account(
project_name: str,
permissions_boundary_arn: Optional[str] = None,
qualifier: Optional[str] = None,
role_prefix: str = "/",
policy_prefix: str = "/",
role_prefix: Optional[str] = None,
policy_prefix: Optional[str] = None,
profile: Optional[str] = None,
region_name: Optional[str] = None,
session: Optional[Session] = None,
Expand All @@ -182,7 +185,7 @@ def bootstrap_target_account(

if not session:
session = create_new_session(profile=profile, region_name=region_name)
session_account_id, session_role_arn, partition = get_sts_identity_info(session=session)
session_account_id, _, partition = get_sts_identity_info(session=session)

role_stack_name = get_deployment_role_name(project_name=project_name, qualifier=cast(str, qualifier))
toolchain_role_arn = get_toolchain_role_arn(
Expand Down
14 changes: 9 additions & 5 deletions seedfarmer/commands/_deployment_commands.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -436,11 +436,12 @@ def _prime_accounts(args: Dict[str, Any]) -> List[Any]:
"region": region,
"update_seedkit": update_seedkit,
"update_project_policy": update_project_policy,
"role_prefix": role_prefix,
"policy_prefix": policy_prefix,
"permissions_boundary_arn": permissions_boundary_arn,
}

if role_prefix:
param_d["role_prefix"] = role_prefix
if policy_prefix:
param_d["policy_prefix"] = policy_prefix
if target_account_region["network"] is not None:
network = commands.load_network_values(
cast(NetworkMapping, target_account_region["network"]),
Expand Down Expand Up @@ -765,7 +766,7 @@ def apply(
profile: Optional[str] = None,
region_name: Optional[str] = None,
qualifier: Optional[str] = None,
role_prefix: str = "/",
role_prefix: Optional[str] = None,
dryrun: bool = False,
show_manifest: bool = False,
enable_session_timeout: bool = False,
Expand Down Expand Up @@ -914,7 +915,7 @@ def destroy(
profile: Optional[str] = None,
region_name: Optional[str] = None,
qualifier: Optional[str] = None,
role_prefix: str = "/",
role_prefix: Optional[str] = None,
dryrun: bool = False,
show_manifest: bool = False,
remove_seedkit: bool = False,
Expand All @@ -936,6 +937,9 @@ def destroy(
qualifier : str, optional
Any qualifier on the name of toolchain role
Defaults to None
role_prefix : str, optional
IAM path prefix on the ARN of the toolchain and deployment roles
Defaults to '/'
dryrun : bool, optional
This flag indicates that the deployment WILL NOT
enact any deployment changes.
Expand Down
8 changes: 4 additions & 4 deletions seedfarmer/commands/_stack_commands.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ def create_module_deployment_role(
docker_credentials_secret: Optional[str] = None,
permissions_boundary_arn: Optional[str] = None,
session: Optional[boto3.Session] = None,
role_prefix: str = "/",
role_prefix: Optional[str] = None,
) -> None:
iam.create_check_iam_role(
project_name=config.PROJECT,
Expand Down Expand Up @@ -442,7 +442,7 @@ def deploy_module_stack(
parameters: List[ModuleParameter],
docker_credentials_secret: Optional[str] = None,
permissions_boundary_arn: Optional[str] = None,
role_prefix: str = "/",
role_prefix: Optional[str] = None,
) -> Tuple[str, str]:
"""
deploy_module_stack
Expand Down Expand Up @@ -589,8 +589,8 @@ def deploy_seedkit(
private_subnet_ids: Optional[List[str]] = None,
security_group_ids: Optional[List[str]] = None,
update_seedkit: Optional[bool] = False,
role_prefix: str = "/",
policy_prefix: str = "/",
role_prefix: Optional[str] = None,
policy_prefix: Optional[str] = None,
permissions_boundary_arn: Optional[str] = None,
**kwargs: Any,
) -> Dict[str, Any]:
Expand Down
2 changes: 1 addition & 1 deletion seedfarmer/mgmt/deploy_utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ def _get_module_info(args: Dict[str, Any]) -> None:
{
"account_id": target_account_region["account_id"],
"region": target_account_region["region"],
"role_prefix": target_account_region.get("role_prefix", "/"),
"role_prefix": target_account_region["role_prefix"],
}
for target_account_region in deployment_manifest.target_accounts_regions
]
Expand Down
12 changes: 4 additions & 8 deletions seedfarmer/models/manifests/_deployment_manifest.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,22 +234,18 @@ def target_accounts_regions(self) -> List[Dict[str, str]]:
self._accounts_regions = []
for target_account in self.target_account_mappings:
for region in target_account.region_mappings:
role_prefix = region.role_prefix if region.role_prefix else target_account.role_prefix
policy_prefix = region.policy_prefix if region.policy_prefix else target_account.policy_prefix
account_region_args = {
"alias": target_account.alias,
"account_id": target_account.actual_account_id,
"region": region.region,
"network": region.network,
"parameters_regional": region.parameters_regional,
"codebuild_image": cast(str, region.codebuild_image),
"role_prefix": role_prefix,
"policy_prefix": policy_prefix,
}
role_prefix = region.role_prefix if region.role_prefix else target_account.role_prefix
policy_prefix = region.policy_prefix if region.policy_prefix else target_account.policy_prefix

if role_prefix:
account_region_args["role_prefix"] = role_prefix
if policy_prefix:
account_region_args["policy_prefix"] = policy_prefix

self._accounts_regions.append(account_region_args) # type: ignore
return self._accounts_regions

Expand Down
4 changes: 2 additions & 2 deletions seedfarmer/services/_iam.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ def create_check_iam_role(
group_name: Optional[str] = None,
module_name: Optional[str] = None,
session: Optional[Session] = None,
role_prefix: str = "/",
role_prefix: Optional[str] = None,
) -> None:
_logger.debug("Creating IAM Role with name: %s ", role_name)
iam_client = boto3_client("iam", session=session)
Expand All @@ -61,7 +61,7 @@ def create_check_iam_role(
except iam_client.exceptions.NoSuchEntityException:
args: Dict[str, Any] = {
"RoleName": role_name,
"Path": role_prefix,
"Path": role_prefix if role_prefix else "/",
"AssumeRolePolicyDocument": json.dumps(trust_policy),
"Description": f"deployment-role for {role_name}",
"Tags": [
Expand Down
10 changes: 5 additions & 5 deletions seedfarmer/services/session_manager.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ def get_or_create(
region_name: Optional[str] = None,
toolchain_region: Optional[str] = None,
qualifier: Optional[str] = None,
role_prefix: str = "/",
role_prefix: Optional[str] = None,
profile: Optional[str] = None,
enable_reaper: bool = False,
**kwargs: Optional[Any],
Expand Down Expand Up @@ -87,7 +87,7 @@ def get_or_create(
profile: Optional[str] = None,
toolchain_region: Optional[str] = None,
qualifier: Optional[str] = None,
role_prefix: str = "/",
role_prefix: Optional[str] = None,
reaper_interval: Optional[int] = None,
enable_reaper: bool = False,
**kwargs: Optional[Any],
Expand All @@ -102,7 +102,7 @@ def get_or_create(
self.config["profile"] = profile
self.config["toolchain_region"] = toolchain_region
self.config["qualifier"] = qualifier if qualifier else None
self.config["role_prefix"] = role_prefix
self.config["role_prefix"] = role_prefix if role_prefix else "/"
self.config = {**self.config, **kwargs}
self.toolchain_role_name = get_toolchain_role_name(project_name, cast(str, qualifier))

Expand Down Expand Up @@ -143,7 +143,7 @@ def get_deployment_session(self, account_id: str, region_name: str) -> Session:
session_key = f"{account_id}-{region_name}"
project_name = self.config["project_name"]
qualifier = self.config.get("qualifier") if self.config.get("qualifier") else None
role_prefix = self.config.get("role_prefix", "/")
role_prefix = self.config.get("role_prefix")
toolchain_region = self.config.get("toolchain_region")
if not self.created:
raise seedfarmer.errors.InvalidConfigurationError("The SessionManager object was never properly created...")
Expand Down Expand Up @@ -212,7 +212,7 @@ def _get_toolchain(self) -> Tuple[Session, "AssumeRoleResponseTypeDef"]:
profile_name = self.config.get("profile")
project_name = self.config.get("project_name")
qualifier = self.config.get("qualifier") if self.config.get("qualifier") else None
role_prefix = self.config.get("role_prefix", "/")
role_prefix = self.config.get("role_prefix")
toolchain_region = self.config.get("toolchain_region")
_logger.debug(
f"""Creating a local session with the following info passed in:
Expand Down
6 changes: 4 additions & 2 deletions seedfarmer/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,8 +148,9 @@ def get_toolchain_role_arn(
toolchain_account_id: str,
project_name: str,
qualifier: Optional[str] = None,
role_prefix: str = "/",
role_prefix: Optional[str] = None,
) -> str:
role_prefix = role_prefix if role_prefix else "/"
return (
f"arn:{partition}:iam::{toolchain_account_id}:role{role_prefix}"
f"{get_toolchain_role_name(project_name, qualifier)}"
Expand All @@ -166,8 +167,9 @@ def get_deployment_role_arn(
deployment_account_id: str,
project_name: str,
qualifier: Optional[str] = None,
role_prefix: str = "/",
role_prefix: Optional[str] = None,
) -> str:
role_prefix = role_prefix if role_prefix else "/"
return (
f"arn:{partition}:iam::{deployment_account_id}:role{role_prefix}"
f"{get_deployment_role_name(project_name, qualifier)}"
Expand Down

0 comments on commit f0cfcd4

Please sign in to comment.