Skip to content
This repository has been archived by the owner on Jul 7, 2021. It is now read-only.

Commit

Permalink
Replace get_fqn references with AWS::StackName
Browse files Browse the repository at this point in the history 
get_fqn relies on stacker internals, and can change if you ever change
the top level namespace of your config. AWS::StackName is more
consistent.
  • Loading branch information
@ejholmes
ejholmes committed Mar 23, 2018
1 parent 073e0c7 commit 95c9ec9
Show file tree
Hide file tree
Showing 23 changed files with 196 additions and 170 deletions.
4 changes: 4 additions & 0 deletions setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@
src_dir = os.path.dirname(__file__)

install_requires = [
# See thread here:
# https://remind.slack.com/archives/C03GHL501/p1520983157000263
# Hope to remove lock on python-dateutil someday
"python-dateutil==2.6.1",
"stacker>=1.0.1",
"troposphere>=1.9.5",
"awacs>=0.6.0",
Expand Down
11 changes: 5 additions & 6 deletions stacker_blueprints/aws_lambda.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
NoValue,
Output,
Ref,
Sub,
iam,
)

Expand Down Expand Up @@ -260,12 +261,11 @@ def generate_policy_statements(self):

def create_policy(self):
t = self.template
policy_prefix = self.context.get_fqn(self.name)

self.policy = t.add_resource(
iam.PolicyType(
"Policy",
PolicyName="%s-policy" % policy_prefix,
PolicyName=Sub("${AWS::StackName}-policy"),
PolicyDocument=Policy(
Statement=self.generate_policy_statements()
),
Expand All @@ -289,10 +289,9 @@ def create_role(self):

if self.get_variables()["VpcConfig"]:
# allow this Lambda to modify ENIs to allow it to run in our VPC.
policy_prefix = self.context.get_fqn(self.name)
self.role.Policies = [
iam.Policy(
PolicyName="%s-vpc-policy" % policy_prefix,
PolicyName=Sub("${AWS::StackName}-vpc-policy"),
PolicyDocument=Policy(
Statement=lambda_vpc_execution_statements()
),
Expand Down Expand Up @@ -374,8 +373,8 @@ def create_event_source_mapping(self):
if mapping:
if "FunctionName" in mapping:
logger.warn(
"FunctionName defined in EventSourceMapping in "
"%s. Overriding.", self.context.get_fqn(self.name)
Sub("FunctionName defined in EventSourceMapping in "
"${AWS::StackName}. Overriding.")
)
mapping["FunctionName"] = self.function.GetAtt("Arn")
resource = t.add_resource(
Expand Down
4 changes: 2 additions & 2 deletions stacker_blueprints/firehose/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
GetAtt,
Output,
Ref,
Sub,
)

from ..policies import (
Expand Down Expand Up @@ -214,9 +215,8 @@ def generate_iam_policy_statements(self):
return statements

def generate_iam_policy(self):
name_prefix = self.context.get_fqn(self.name)
return iam.Policy(
PolicyName="{}-policy".format(name_prefix),
PolicyName=Sub("${AWS::StackName}-policy"),
PolicyDocument=Policy(
Statement=self.generate_iam_policy_statements()
)
Expand Down
4 changes: 2 additions & 2 deletions stacker_blueprints/iam_roles.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
GetAtt,
Output,
Ref,
Sub,
iam,
)

Expand Down Expand Up @@ -78,12 +79,11 @@ def create_policy(self, name):
return

t = self.template
policy_prefix = self.context.get_fqn(self.name)

policy = t.add_resource(
iam.PolicyType(
"{}Policy".format(name),
PolicyName="{}-{}-policy".format(policy_prefix, name),
PolicyName=Sub("${AWS::StackName}-${Name}-policy", Name=name),
PolicyDocument=Policy(
Statement=statements,
),
Expand Down
7 changes: 3 additions & 4 deletions stacker_blueprints/s3.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
FindInMap,
GetAtt,
Output,
Sub,
Ref,
Region,
s3,
Expand Down Expand Up @@ -66,8 +67,6 @@ def create_template(self):
t = self.template
variables = self.get_variables()

policy_prefix = self.context.get_fqn(self.name)

bucket_ids = []

for title, attrs in variables["Buckets"].items():
Expand Down Expand Up @@ -113,7 +112,7 @@ def create_template(self):
t.add_resource(
iam.PolicyType(
"ReadWritePolicy",
PolicyName=policy_prefix + "ReadWritePolicy",
PolicyName=Sub("${AWS::StackName}-ReadWritePolicy"),
PolicyDocument=read_write_s3_bucket_policy(
bucket_ids
),
Expand All @@ -126,7 +125,7 @@ def create_template(self):
t.add_resource(
iam.PolicyType(
"ReadPolicy",
PolicyName=policy_prefix + "ReadPolicy",
PolicyName=Sub("${AWS::StackName}-ReadPolicy"),
PolicyDocument=read_only_s3_bucket_policy(
bucket_ids
),
Expand Down
8 changes: 6 additions & 2 deletions tests/fixtures/blueprints/buckets.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,9 @@
}
]
},
"PolicyName": "test-bucketsReadPolicy",
"PolicyName": {
"Fn::Sub": "${AWS::StackName}-ReadPolicy"
},
"Roles": [
"Role1",
"Role2"
Expand Down Expand Up @@ -215,7 +217,9 @@
}
]
},
"PolicyName": "test-bucketsReadWritePolicy",
"PolicyName": {
"Fn::Sub": "${AWS::StackName}-ReadWritePolicy"
},
"Roles": [
"Role3",
"Role4"
Expand Down
46 changes: 23 additions & 23 deletions tests/fixtures/blueprints/kms_key_a.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,78 +4,78 @@
"Value": {
"Ref": "Alias"
}
},
},
"KeyArn": {
"Value": {
"Fn::Join": [
"",
"",
[
"arn:aws:kms:",
"arn:aws:kms:",
{
"Ref": "AWS::Region"
},
":",
},
":",
{
"Ref": "AWS::AccountId"
},
":key/",
},
":key/",
{
"Ref": "Key"
}
]
]
}
},
},
"KeyId": {
"Value": {
"Ref": "Key"
}
}
},
},
"Resources": {
"Alias": {
"Properties": {
"AliasName": "alias/a-test-key",
"AliasName": "alias/a-test-key",
"TargetKeyId": {
"Ref": "Key"
}
},
},
"Type": "AWS::KMS::Alias"
},
},
"Key": {
"Properties": {
"Description": "a KMS test-key.",
"Description": "a KMS test-key.",
"KeyPolicy": {
"Id": "root-account-access",
"Id": "root-account-access",
"Statement": [
{
"Action": [
"kms:*"
],
"Effect": "Allow",
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::Join": [
":",
":",
[
"arn:aws:iam:",
"arn:aws:iam:",
{
"Ref": "AWS::AccountId"
},
},
"root"
]
]
}
},
},
"Resource": [
"*"
],
],
"Sid": "Enable IAM User Permissions"
}
],
],
"Version": "2012-10-17"
}
},
},
"Type": "AWS::KMS::Key"
}
}
Expand Down
46 changes: 23 additions & 23 deletions tests/fixtures/blueprints/kms_key_b.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,78 +4,78 @@
"Value": {
"Ref": "Alias"
}
},
},
"KeyArn": {
"Value": {
"Fn::Join": [
"",
"",
[
"arn:aws:kms:",
"arn:aws:kms:",
{
"Ref": "AWS::Region"
},
":",
},
":",
{
"Ref": "AWS::AccountId"
},
":key/",
},
":key/",
{
"Ref": "Key"
}
]
]
}
},
},
"KeyId": {
"Value": {
"Ref": "Key"
}
}
},
},
"Resources": {
"Alias": {
"Properties": {
"AliasName": "alias/b-test-key",
"AliasName": "alias/b-test-key",
"TargetKeyId": {
"Ref": "Key"
}
},
},
"Type": "AWS::KMS::Alias"
},
},
"Key": {
"Properties": {
"Description": "b KMS test-key.",
"Description": "b KMS test-key.",
"KeyPolicy": {
"Id": "root-account-access",
"Id": "root-account-access",
"Statement": [
{
"Action": [
"kms:*"
],
"Effect": "Allow",
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::Join": [
":",
":",
[
"arn:aws:iam:",
"arn:aws:iam:",
{
"Ref": "AWS::AccountId"
},
},
"root"
]
]
}
},
},
"Resource": [
"*"
],
],
"Sid": "Enable IAM User Permissions"
}
],
],
"Version": "2012-10-17"
}
},
},
"Type": "AWS::KMS::Key"
}
}
Expand Down
Loading

0 comments on commit 95c9ec9

Please sign in to comment.