def run(self):
rendered = config.env.get_template("policies.template.yaml.j2").render(
sharing_policies=self.sharing_policies,
VERSION=config.get_puppet_version(),
HOME_REGION=self.region,
)
with self.output().open("w") as output_file:
output_file.write(rendered)
def bootstrap_spoke(puppet_account_id, permission_boundary):
with betterboto_client.ClientContextManager('cloudformation') as cloudformation:
_do_bootstrap_spoke(
puppet_account_id,
cloudformation,
config.get_puppet_version(),
permission_boundary
)
def bootstrap_spoke_as(puppet_account_id, iam_role_arns, permission_boundary):
cross_accounts = []
index = 0
for role in iam_role_arns:
cross_accounts.append((role, 'bootstrapping-role-{}'.format(index)))
index += 1
with betterboto_client.CrossMultipleAccountsClientContextManager(
'cloudformation', cross_accounts) as cloudformation:
_do_bootstrap_spoke(puppet_account_id, cloudformation,
config.get_puppet_version(), permission_boundary)
def run(self):
if len(self.sharing_policies.get("accounts")) > 50:
self.warning(
"You have specified more than 50 accounts will not create the eventbus policy and spoke execution mode will not work"
)
rendered = config.env.get_template("policies.template.yaml.j2").render(
sharing_policies=self.sharing_policies,
VERSION=config.get_puppet_version(),
HOME_REGION=self.region,
)
with self.output().open("w") as output_file:
output_file.write(rendered)
def bootstrap_spoke(
puppet_account_id, permission_boundary, puppet_role_name, puppet_role_path
):
with betterboto_client.ClientContextManager("cloudformation") as cloudformation:
_do_bootstrap_spoke(
puppet_account_id,
cloudformation,
config.get_puppet_version(),
permission_boundary,
puppet_role_name,
puppet_role_path,
)
def bootstrap_org_master(puppet_account_id):
with betterboto_client.ClientContextManager(
'cloudformation', ) as cloudformation:
org_iam_role_arn = None
puppet_version = config.get_puppet_version()
logger.info('Starting bootstrap of org master')
stack_name = f"{constants.BOOTSTRAP_STACK_NAME}-org-master-{puppet_account_id}"
template = asset_helpers.read_from_site_packages(
f'{constants.BOOTSTRAP_STACK_NAME}-org-master.template.yaml')
template = Template(template).render(
VERSION=puppet_version, puppet_account_id=puppet_account_id)
args = {
'StackName':
stack_name,
'TemplateBody':
template,
'Capabilities': ['CAPABILITY_NAMED_IAM'],
'Parameters': [
{
'ParameterKey': 'PuppetAccountId',
'ParameterValue': str(puppet_account_id),
},
{
'ParameterKey': 'Version',
'ParameterValue': puppet_version,
'UsePreviousValue': False,
},
],
'Tags': [{
"Key": "ServiceCatalogPuppet:Actor",
"Value": "Framework",
}]
}
cloudformation.create_or_update(**args)
response = cloudformation.describe_stacks(StackName=stack_name)
if len(response.get('Stacks')) != 1:
raise Exception(
"Expected there to be only one {} stack".format(stack_name))
stack = response.get('Stacks')[0]
for output in stack.get('Outputs'):
if output.get(
'OutputKey') == constants.PUPPET_ORG_ROLE_FOR_EXPANDS_ARN:
logger.info('Finished bootstrap of org-master')
org_iam_role_arn = output.get("OutputValue")
if org_iam_role_arn is None:
raise Exception("Could not find output: {} in stack: {}".format(
constants.PUPPET_ORG_ROLE_FOR_EXPANDS_ARN, stack_name))
click.echo("Bootstrapped org master, org-iam-role-arn: {}".format(
org_iam_role_arn))
def bootstrap(
with_manual_approvals,
puppet_code_pipeline_role_permission_boundary,
source_role_permissions_boundary,
puppet_generate_role_permission_boundary,
puppet_deploy_role_permission_boundary,
puppet_provisioning_role_permissions_boundary,
cloud_formation_deploy_role_permissions_boundary,
):
_do_bootstrap(
config.get_puppet_version(),
with_manual_approvals,
puppet_code_pipeline_role_permission_boundary,
source_role_permissions_boundary,
puppet_generate_role_permission_boundary,
puppet_deploy_role_permission_boundary,
puppet_provisioning_role_permissions_boundary,
cloud_formation_deploy_role_permissions_boundary,
)
def bootstrap(
with_manual_approvals,
puppet_account_id,
puppet_code_pipeline_role_permission_boundary,
source_role_permissions_boundary,
puppet_generate_role_permission_boundary,
puppet_deploy_role_permission_boundary,
puppet_provisioning_role_permissions_boundary,
cloud_formation_deploy_role_permissions_boundary,
deploy_environment_compute_type,
deploy_num_workers,
source_provider,
owner,
repo,
branch,
poll_for_source_changes,
webhook_secret,
puppet_role_name,
puppet_role_path,
):
_do_bootstrap(
config.get_puppet_version(),
puppet_account_id,
with_manual_approvals,
puppet_code_pipeline_role_permission_boundary,
source_role_permissions_boundary,
puppet_generate_role_permission_boundary,
puppet_deploy_role_permission_boundary,
puppet_provisioning_role_permissions_boundary,
cloud_formation_deploy_role_permissions_boundary,
deploy_environment_compute_type,
deploy_num_workers,
source_provider,
owner,
repo,
branch,
poll_for_source_changes,
webhook_secret,
puppet_role_name,
puppet_role_path,
)
def bootstrap(with_manual_approvals):
_do_bootstrap(
config.get_puppet_version(),
with_manual_approvals,
)
def run_tasks_for_generate_shares(tasks_to_run):
for type in [
"failure",
"success",
"timeout",
"process_failure",
"processing_time",
"broken_task",
]:
os.makedirs(Path(constants.RESULTS_DIRECTORY) / type)
run_result = luigi.build(
tasks_to_run,
local_scheduler=True,
detailed_summary=True,
workers=10,
log_level='INFO',
)
should_use_sns = config.get_should_use_sns()
puppet_account_id = config.get_puppet_account_id()
version = config.get_puppet_version()
for region in config.get_regions():
sharing_policies = {
'accounts': [],
'organizations': [],
}
with betterboto_client.ClientContextManager(
'cloudformation', region_name=region) as cloudformation:
cloudformation.ensure_deleted(
StackName="servicecatalog-puppet-shares")
logger.info(f"generating policies collection for region {region}")
if os.path.exists(os.path.sep.join(['data', 'bucket'])):
logger.info(f"Updating policies for the region: {region}")
path = os.path.sep.join(['data', 'bucket', region, 'accounts'])
if os.path.exists(path):
for account_file in os.listdir(path):
account = account_file.split(".")[0]
sharing_policies['accounts'].append(account)
path = os.path.sep.join(
['data', 'bucket', region, 'organizations'])
if os.path.exists(path):
for organization_file in os.listdir(path):
organization = organization_file.split(".")[0]
sharing_policies['organizations'].append(organization)
logger.info(f"Finished generating policies collection")
template = config.env.get_template(
'policies.template.yaml.j2').render(
sharing_policies=sharing_policies,
VERSION=version,
)
with betterboto_client.ClientContextManager(
'cloudformation', region_name=region) as cloudformation:
cloudformation.create_or_update(
StackName="servicecatalog-puppet-policies",
TemplateBody=template,
NotificationARNs=[
f"arn:aws:sns:{region}:{puppet_account_id}:servicecatalog-puppet-cloudformation-regional-events"
] if should_use_sns else [],
)
for filename in glob('results/failure/*.json'):
result = json.loads(open(filename, 'r').read())
click.echo(
colorclass.Color("{red}" + result.get('task_type') +
" failed{/red}"))
click.echo(
f"{yaml.safe_dump({'parameters':result.get('task_params')})}")
click.echo("\n".join(result.get('exception_stack_trace')))
click.echo('')
exit_status_codes = {
LuigiStatusCode.SUCCESS: 0,
LuigiStatusCode.SUCCESS_WITH_RETRY: 0,
LuigiStatusCode.FAILED: 1,
LuigiStatusCode.FAILED_AND_SCHEDULING_FAILED: 2,
LuigiStatusCode.SCHEDULING_FAILED: 3,
LuigiStatusCode.NOT_RUN: 4,
LuigiStatusCode.MISSING_EXT: 5,
}
sys.exit(exit_status_codes.get(run_result.status))
