Python get_portfolio_for示例

示例#1

文件： portfoliomanagement.py 项目： ajoga/aws-service-catalog-puppet

    def run(self):
        p = f'data/associations/{self.region}/{self.portfolio}/'
        if not os.path.exists(p):
            os.makedirs(p, exist_ok=True)
        path = f'{p}/{self.account_id}.json'
        with open(path, 'w') as f:
            f.write("{}")

        portfolio_id = aws.get_portfolio_for(self.portfolio, self.account_id,
                                             self.region).get('Id')
        logging.info(
            f"{self.uid}: Creating the association for portfolio {portfolio_id}"
        )
        with betterboto_client.ClientContextManager(
                'servicecatalog', region_name=self.region) as servicecatalog:
            servicecatalog.associate_principal_with_portfolio(
                PortfolioId=portfolio_id,
                PrincipalARN=
                f"arn:aws:iam::{self.account_id}:role/servicecatalog-puppet/PuppetRole",
                PrincipalType='IAM')
        self.write_output(self.param_kwargs)

示例#2

def deploy_spoke_local_portfolios(manifest, launch_tasks):
    section = constants.SPOKE_LOCAL_PORTFOLIOS
    deployment_map = manifest_utils.build_deployment_map(manifest, section)
    deployment_map = set_regions_for_deployment_map(deployment_map, section)

    tasks_to_run = []
    puppet_account_id = get_puppet_account_id()

    for account_id, deployments_for_account in deployment_map.items():
        for launch_name, launch_details in deployments_for_account.get(
                section).items():
            for region_name in launch_details.get('regions'):

                depends_on = launch_details.get('depends_on')
                dependencies = []
                for dependency in depends_on:
                    for task_uid, task in launch_tasks.items():
                        if task.get('launch_name') == dependency:
                            dependencies.append(task)

                hub_portfolio = aws.get_portfolio_for(
                    launch_details.get('portfolio'), puppet_account_id,
                    region_name)

                create_spoke_local_portfolio_task_params = {
                    'account_id': account_id,
                    'region': region_name,
                    'portfolio': launch_details.get('portfolio'),
                    'provider_name': hub_portfolio.get('ProviderName'),
                    'description': hub_portfolio.get('Description'),
                }
                create_spoke_local_portfolio_task = luigi_tasks_and_targets.CreateSpokeLocalPortfolioTask(
                    **create_spoke_local_portfolio_task_params)
                tasks_to_run.append(create_spoke_local_portfolio_task)

                create_spoke_local_portfolio_task_as_dependency_params = {
                    'account_id': account_id,
                    'region': region_name,
                    'portfolio': launch_details.get('portfolio'),
                }

                create_associations_task_params = {
                    'associations': launch_details.get('associations'),
                    'puppet_account_id': puppet_account_id,
                }
                create_associations_for_portfolio_task = luigi_tasks_and_targets.CreateAssociationsForPortfolioTask(
                    **create_spoke_local_portfolio_task_as_dependency_params,
                    **create_associations_task_params,
                    dependencies=dependencies,
                )
                tasks_to_run.append(create_associations_for_portfolio_task)

                import_into_spoke_local_portfolio_task_params = {
                    'hub_portfolio_id': hub_portfolio.get('Id')
                }
                import_into_spoke_local_portfolio_task = luigi_tasks_and_targets.ImportIntoSpokeLocalPortfolioTask(
                    **create_spoke_local_portfolio_task_as_dependency_params,
                    **import_into_spoke_local_portfolio_task_params,
                )
                tasks_to_run.append(import_into_spoke_local_portfolio_task)

                launch_constraints = launch_details.get('constraints',
                                                        {}).get('launch', [])
                if len(launch_constraints) > 0:
                    create_launch_role_constraints_for_portfolio_task_params = {
                        'launch_constraints': launch_constraints,
                        'puppet_account_id': puppet_account_id,
                    }
                    create_launch_role_constraints_for_portfolio = luigi_tasks_and_targets.CreateLaunchRoleConstraintsForPortfolio(
                        **
                        create_spoke_local_portfolio_task_as_dependency_params,
                        **import_into_spoke_local_portfolio_task_params,
                        **
                        create_launch_role_constraints_for_portfolio_task_params,
                        dependencies=dependencies,
                    )
                    tasks_to_run.append(
                        create_launch_role_constraints_for_portfolio)

    return tasks_to_run

示例#3

文件： portfoliomanagement.py 项目： ajoga/aws-service-catalog-puppet

    def run(self):
        logger.info(f"{self.uid} starting ShareAndAcceptPortfolioTask")
        portfolio_id = aws.get_portfolio_for(self.portfolio,
                                             self.puppet_account_id,
                                             self.region).get('Id')
        p = f'data/shares/{self.region}/{self.portfolio}/'
        if not os.path.exists(p):
            os.makedirs(p, exist_ok=True)
        path = f'{p}/{self.account_id}.json'
        with open(path, 'w') as f:
            f.write("{}")

        logging.info(
            f"{self.uid}: checking {portfolio_id} with {self.account_id}")

        with betterboto_client.ClientContextManager(
                'servicecatalog', region_name=self.region) as servicecatalog:
            account_ids = servicecatalog.list_portfolio_access(
                PortfolioId=portfolio_id).get('AccountIds')

            if self.account_id in account_ids:
                logging.info(
                    f"{self.uid}: not sharing {portfolio_id} with {self.account_id} as was previously shared"
                )
            else:
                logging.info(
                    f"{self.uid}: sharing {portfolio_id} with {self.account_id}"
                )

            with betterboto_client.CrossAccountClientContextManager(
                    'servicecatalog',
                    f"arn:aws:iam::{self.account_id}:role/servicecatalog-puppet/PuppetRole",
                    f"{self.account_id}-{self.region}-PuppetRole",
                    region_name=self.region,
            ) as cross_account_servicecatalog:
                was_accepted = False
                accepted_portfolio_shares = cross_account_servicecatalog.list_accepted_portfolio_shares_single_page(
                ).get('PortfolioDetails')
                for accepted_portfolio_share in accepted_portfolio_shares:
                    if accepted_portfolio_share.get('Id') == portfolio_id:
                        was_accepted = True
                        break
                if not was_accepted:
                    logging.info(f"{self.uid}: accepting {portfolio_id}")
                    cross_account_servicecatalog.accept_portfolio_share(
                        PortfolioId=portfolio_id, )

                principals_for_portfolio = cross_account_servicecatalog.list_principals_for_portfolio_single_page(
                    PortfolioId=portfolio_id).get('Principals')
                principal_was_associated = False
                principal_to_associate = f"arn:aws:iam::{self.account_id}:role/servicecatalog-puppet/PuppetRole"
                for principal_for_portfolio in principals_for_portfolio:
                    if principal_for_portfolio.get(
                            'PrincipalARN') == principal_to_associate:
                        principal_was_associated = True

                if not principal_was_associated:
                    cross_account_servicecatalog.associate_principal_with_portfolio(
                        PortfolioId=portfolio_id,
                        PrincipalARN=principal_to_associate,
                        PrincipalType='IAM',
                    )

        self.write_output(self.param_kwargs)

示例#4

def convert_manifest_into_task_defs_for_spoke_local_portfolios_in(
        account_id, expanded_from, organization, region, launch_details,
        puppet_account_id, should_use_sns, launch_tasks, pre_actions, post_actions
):
    dependencies = []
    for depend in launch_details.get('depends_on', []):
        for launch_task in launch_tasks:
            if isinstance(launch_task, provisioning.ProvisionProductTask):
                l_params = launch_task.to_str_params()
                if l_params.get('launch_name') == depend:
                    dependencies.append(launch_task.param_kwargs)
    hub_portfolio = aws.get_portfolio_for(
        launch_details.get('portfolio'), puppet_account_id, region
    )
    tasks_to_run = []
    create_spoke_local_portfolio_task_params = {
        'account_id': account_id,
        'region': region,
        'portfolio': launch_details.get('portfolio'),
        'provider_name': hub_portfolio.get('ProviderName'),
        'description': hub_portfolio.get('Description'),
        'pre_actions': pre_actions,
        'organization': expanded_from
    }
    create_spoke_local_portfolio_task = portfoliomanagement.CreateSpokeLocalPortfolioTask(
        **create_spoke_local_portfolio_task_params,
    )
    tasks_to_run.append(create_spoke_local_portfolio_task)

    create_spoke_local_portfolio_task_as_dependency_params = {
        'account_id': account_id,
        'region': region,
        'portfolio': launch_details.get('portfolio'),
        'organization': organization,
    }

    if len(launch_details.get('associations', [])) > 0:
        create_associations_for_portfolio_task = portfoliomanagement.CreateAssociationsForPortfolioTask(
            **create_spoke_local_portfolio_task_as_dependency_params,
            associations= launch_details.get('associations'),
            puppet_account_id= puppet_account_id,
            should_use_sns= should_use_sns,
            dependencies=dependencies,
            pre_actions=pre_actions,
        )
        tasks_to_run.append(create_associations_for_portfolio_task)

    import_into_spoke_local_portfolio_task_params = {
        'hub_portfolio_id': hub_portfolio.get('Id')
    }

    launch_constraints = launch_details.get('constraints', {}).get('launch', [])

    import_into_spoke_local_portfolio_task = portfoliomanagement.ImportIntoSpokeLocalPortfolioTask(
        **create_spoke_local_portfolio_task_as_dependency_params,
        **import_into_spoke_local_portfolio_task_params,
        pre_actions=pre_actions,
        post_actions=post_actions if len(launch_constraints) == 0 else []
    )
    tasks_to_run.append(import_into_spoke_local_portfolio_task)

    if len(launch_constraints) > 0:
        create_launch_role_constraints_for_portfolio_task_params = {
            'launch_constraints': launch_constraints,
            'puppet_account_id': puppet_account_id,
            'should_use_sns': should_use_sns,
        }
        create_launch_role_constraints_for_portfolio = portfoliomanagement.CreateLaunchRoleConstraintsForPortfolio(
            **create_spoke_local_portfolio_task_as_dependency_params,
            **import_into_spoke_local_portfolio_task_params,
            **create_launch_role_constraints_for_portfolio_task_params,
            dependencies=dependencies,
            post_actions=post_actions,
            pre_actions=pre_actions,
        )
        tasks_to_run.append(create_launch_role_constraints_for_portfolio)
    return tasks_to_run