def test_secret_base_ref(self):
base_ref = 'paco.ref netenv.mynet.dev.eu-central-1.secrets_manager.myapp.mygroup.mydb'
test_refs = [
'paco.ref netenv.mynet.dev.eu-central-1.secrets_manager.myapp.mygroup.mydb',
'paco.ref netenv.mynet.dev.eu-central-1.secrets_manager.myapp.mygroup.mydb.arn',
'paco.ref netenv.mynet.dev.eu-central-1.secrets_manager.myapp.mygroup.mydb.myjsonfield',
'paco.ref netenv.mynet.dev.eu-central-1.secrets_manager.myapp.mygroup.mydb.myjsonfield.arn',
]
for test_ref in test_refs:
ref_obj = references.Reference(test_ref)
base_ref_obj = ref_obj.secret_base_ref()
assert base_ref_obj.raw == base_ref
bogus_ref = 'paco.ref netenv.mynet.dev.eu-central-1.applications.myapp'
ref_obj = references.Reference(bogus_ref)
with self.assertRaises(paco.models.exceptions.InvalidPacoReference):
ref_obj.secret_base_ref()
def processed_document(self):
if self._document != None:
return self._document
# resolve variable references and replace with resolved value
# ToDo: only looks up Stack output values?
for key, var in self.iotpolicy.variables.items():
if references.is_ref(var):
ref_value = references.resolve_ref(var, self.project)
if isinstance(ref_value, Stack):
output_key = ref_value.get_outputs_key_from_ref(
references.Reference(var))
ref_value = ref_value.get_outputs_value(output_key)
self.iotpolicy.variables[key] = ref_value
# replace ${variable} strings
def var_replace(match):
value = match.groups()[0]
if value.lower() == 'AWS::Region'.lower():
return self.aws_region
elif value.lower() == 'AWS::AccountId'.lower():
return self.account_ctx.id
elif value.find(':') != -1:
return "${" + value + "}"
else:
return self.iotpolicy.variables[value]
self._document = re.sub('\${(.+?)}', var_replace,
self.iotpolicy.policy_json)
return self._document
def get_peer_config(self, peer_config):
# Get Config
netenv_ref = references.Reference(peer_config.network_environment + '.network')
netenv_config = netenv_ref.resolve(self.paco_ctx.project)
# Peer Account ID
peer_config.peer_account_id = self.paco_ctx.get_ref(netenv_config.aws_account + '.id')
# Peer Region
peer_config.peer_region = netenv_ref.region
# Peer VPC Id
peer_config.peer_vpcid = self.paco_ctx.get_ref(netenv_config.vpc.paco_ref + '.id')
# Peer Role name is not yet automated and needs manual configuration
return peer_config
def resolve_ref(self, ref):
ref_obj = ref
if isinstance(ref, str):
ref_obj = references.Reference(ref)
base_ref_obj = ref_obj.secret_base_ref()
return self.secrets_stack[self.secret_account_lookup[base_ref_obj.raw]]