def run(self): rendered = config.env.get_template("policies.template.yaml.j2").render( sharing_policies=self.sharing_policies, VERSION=config.get_puppet_version(), HOME_REGION=self.region, ) with self.output().open("w") as output_file: output_file.write(rendered)
def bootstrap_spoke(puppet_account_id, permission_boundary): with betterboto_client.ClientContextManager('cloudformation') as cloudformation: _do_bootstrap_spoke( puppet_account_id, cloudformation, config.get_puppet_version(), permission_boundary )
def bootstrap_spoke_as(puppet_account_id, iam_role_arns, permission_boundary): cross_accounts = [] index = 0 for role in iam_role_arns: cross_accounts.append((role, 'bootstrapping-role-{}'.format(index))) index += 1 with betterboto_client.CrossMultipleAccountsClientContextManager( 'cloudformation', cross_accounts) as cloudformation: _do_bootstrap_spoke(puppet_account_id, cloudformation, config.get_puppet_version(), permission_boundary)
def run(self): if len(self.sharing_policies.get("accounts")) > 50: self.warning( "You have specified more than 50 accounts will not create the eventbus policy and spoke execution mode will not work" ) rendered = config.env.get_template("policies.template.yaml.j2").render( sharing_policies=self.sharing_policies, VERSION=config.get_puppet_version(), HOME_REGION=self.region, ) with self.output().open("w") as output_file: output_file.write(rendered)
def bootstrap_spoke( puppet_account_id, permission_boundary, puppet_role_name, puppet_role_path ): with betterboto_client.ClientContextManager("cloudformation") as cloudformation: _do_bootstrap_spoke( puppet_account_id, cloudformation, config.get_puppet_version(), permission_boundary, puppet_role_name, puppet_role_path, )
def bootstrap_org_master(puppet_account_id): with betterboto_client.ClientContextManager( 'cloudformation', ) as cloudformation: org_iam_role_arn = None puppet_version = config.get_puppet_version() logger.info('Starting bootstrap of org master') stack_name = f"{constants.BOOTSTRAP_STACK_NAME}-org-master-{puppet_account_id}" template = asset_helpers.read_from_site_packages( f'{constants.BOOTSTRAP_STACK_NAME}-org-master.template.yaml') template = Template(template).render( VERSION=puppet_version, puppet_account_id=puppet_account_id) args = { 'StackName': stack_name, 'TemplateBody': template, 'Capabilities': ['CAPABILITY_NAMED_IAM'], 'Parameters': [ { 'ParameterKey': 'PuppetAccountId', 'ParameterValue': str(puppet_account_id), }, { 'ParameterKey': 'Version', 'ParameterValue': puppet_version, 'UsePreviousValue': False, }, ], 'Tags': [{ "Key": "ServiceCatalogPuppet:Actor", "Value": "Framework", }] } cloudformation.create_or_update(**args) response = cloudformation.describe_stacks(StackName=stack_name) if len(response.get('Stacks')) != 1: raise Exception( "Expected there to be only one {} stack".format(stack_name)) stack = response.get('Stacks')[0] for output in stack.get('Outputs'): if output.get( 'OutputKey') == constants.PUPPET_ORG_ROLE_FOR_EXPANDS_ARN: logger.info('Finished bootstrap of org-master') org_iam_role_arn = output.get("OutputValue") if org_iam_role_arn is None: raise Exception("Could not find output: {} in stack: {}".format( constants.PUPPET_ORG_ROLE_FOR_EXPANDS_ARN, stack_name)) click.echo("Bootstrapped org master, org-iam-role-arn: {}".format( org_iam_role_arn))
def bootstrap( with_manual_approvals, puppet_code_pipeline_role_permission_boundary, source_role_permissions_boundary, puppet_generate_role_permission_boundary, puppet_deploy_role_permission_boundary, puppet_provisioning_role_permissions_boundary, cloud_formation_deploy_role_permissions_boundary, ): _do_bootstrap( config.get_puppet_version(), with_manual_approvals, puppet_code_pipeline_role_permission_boundary, source_role_permissions_boundary, puppet_generate_role_permission_boundary, puppet_deploy_role_permission_boundary, puppet_provisioning_role_permissions_boundary, cloud_formation_deploy_role_permissions_boundary, )
def bootstrap( with_manual_approvals, puppet_account_id, puppet_code_pipeline_role_permission_boundary, source_role_permissions_boundary, puppet_generate_role_permission_boundary, puppet_deploy_role_permission_boundary, puppet_provisioning_role_permissions_boundary, cloud_formation_deploy_role_permissions_boundary, deploy_environment_compute_type, deploy_num_workers, source_provider, owner, repo, branch, poll_for_source_changes, webhook_secret, puppet_role_name, puppet_role_path, ): _do_bootstrap( config.get_puppet_version(), puppet_account_id, with_manual_approvals, puppet_code_pipeline_role_permission_boundary, source_role_permissions_boundary, puppet_generate_role_permission_boundary, puppet_deploy_role_permission_boundary, puppet_provisioning_role_permissions_boundary, cloud_formation_deploy_role_permissions_boundary, deploy_environment_compute_type, deploy_num_workers, source_provider, owner, repo, branch, poll_for_source_changes, webhook_secret, puppet_role_name, puppet_role_path, )
def bootstrap(with_manual_approvals): _do_bootstrap( config.get_puppet_version(), with_manual_approvals, )
def run_tasks_for_generate_shares(tasks_to_run): for type in [ "failure", "success", "timeout", "process_failure", "processing_time", "broken_task", ]: os.makedirs(Path(constants.RESULTS_DIRECTORY) / type) run_result = luigi.build( tasks_to_run, local_scheduler=True, detailed_summary=True, workers=10, log_level='INFO', ) should_use_sns = config.get_should_use_sns() puppet_account_id = config.get_puppet_account_id() version = config.get_puppet_version() for region in config.get_regions(): sharing_policies = { 'accounts': [], 'organizations': [], } with betterboto_client.ClientContextManager( 'cloudformation', region_name=region) as cloudformation: cloudformation.ensure_deleted( StackName="servicecatalog-puppet-shares") logger.info(f"generating policies collection for region {region}") if os.path.exists(os.path.sep.join(['data', 'bucket'])): logger.info(f"Updating policies for the region: {region}") path = os.path.sep.join(['data', 'bucket', region, 'accounts']) if os.path.exists(path): for account_file in os.listdir(path): account = account_file.split(".")[0] sharing_policies['accounts'].append(account) path = os.path.sep.join( ['data', 'bucket', region, 'organizations']) if os.path.exists(path): for organization_file in os.listdir(path): organization = organization_file.split(".")[0] sharing_policies['organizations'].append(organization) logger.info(f"Finished generating policies collection") template = config.env.get_template( 'policies.template.yaml.j2').render( sharing_policies=sharing_policies, VERSION=version, ) with betterboto_client.ClientContextManager( 'cloudformation', region_name=region) as cloudformation: cloudformation.create_or_update( StackName="servicecatalog-puppet-policies", TemplateBody=template, NotificationARNs=[ f"arn:aws:sns:{region}:{puppet_account_id}:servicecatalog-puppet-cloudformation-regional-events" ] if should_use_sns else [], ) for filename in glob('results/failure/*.json'): result = json.loads(open(filename, 'r').read()) click.echo( colorclass.Color("{red}" + result.get('task_type') + " failed{/red}")) click.echo( f"{yaml.safe_dump({'parameters':result.get('task_params')})}") click.echo("\n".join(result.get('exception_stack_trace'))) click.echo('') exit_status_codes = { LuigiStatusCode.SUCCESS: 0, LuigiStatusCode.SUCCESS_WITH_RETRY: 0, LuigiStatusCode.FAILED: 1, LuigiStatusCode.FAILED_AND_SCHEDULING_FAILED: 2, LuigiStatusCode.SCHEDULING_FAILED: 3, LuigiStatusCode.NOT_RUN: 4, LuigiStatusCode.MISSING_EXT: 5, } sys.exit(exit_status_codes.get(run_result.status))