vincbeck commented on code in PR #52769: URL: https://github.com/apache/airflow/pull/52769#discussion_r2198001546
########## providers/amazon/tests/system/amazon/aws/example_ssm.py: ########## @@ -0,0 +1,239 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +from __future__ import annotations + +import datetime +import logging +import time + +import boto3 +from botocore.exceptions import ClientError + +from airflow.decorators import task +from airflow.models.baseoperator import chain +from airflow.models.dag import DAG +from airflow.providers.amazon.aws.operators.ec2 import EC2CreateInstanceOperator, EC2TerminateInstanceOperator +from airflow.providers.amazon.aws.operators.ssm import SsmRunCommandOperator +from airflow.providers.amazon.aws.sensors.ssm import SsmRunCommandCompletedSensor +from airflow.utils.trigger_rule import TriggerRule + +from system.amazon.aws.utils import ENV_ID_KEY, SystemTestContextBuilder, get_role_name +from system.amazon.aws.utils.ec2 import get_latest_ami_id + +DAG_ID = "example_ssm" + +ROLE_ARN_KEY = "ROLE_ARN" +sys_test_context_task = SystemTestContextBuilder().add_variable(ROLE_ARN_KEY).build() + +USER_DATA = """ + #!/bin/bash + set -e + + # Update the system + if command -v yum &> /dev/null; then + PACKAGE_MANAGER="yum" + elif command -v dnf &> /dev/null; then + PACKAGE_MANAGER="dnf" + else + exit 1 + fi + + # Install SSM agent if it's not installed + if ! command -v amazon-ssm-agent &> /dev/null; then + if [[ "$PACKAGE_MANAGER" == "yum" || "$PACKAGE_MANAGER" == "dnf" ]]; then + $PACKAGE_MANAGER install -y amazon-ssm-agent + else + exit 1 + fi + fi + + # Enable and start the SSM agent + systemctl enable amazon-ssm-agent + systemctl start amazon-ssm-agent + + shutdown -h +8 +""" + +log = logging.getLogger(__name__) + + +@task +def create_instance_profile(role_name: str, instance_profile_name: str): + client = boto3.client("iam") + + try: + client.create_instance_profile(InstanceProfileName=instance_profile_name) + except ClientError as e: + if e.response["Error"]["Code"] != "EntityAlreadyExists": + raise Review Comment: We should assume the instance profile does not exist ########## providers/amazon/tests/system/amazon/aws/example_ssm.py: ########## @@ -0,0 +1,239 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +from __future__ import annotations + +import datetime +import logging +import time + +import boto3 +from botocore.exceptions import ClientError + +from airflow.decorators import task +from airflow.models.baseoperator import chain +from airflow.models.dag import DAG +from airflow.providers.amazon.aws.operators.ec2 import EC2CreateInstanceOperator, EC2TerminateInstanceOperator +from airflow.providers.amazon.aws.operators.ssm import SsmRunCommandOperator +from airflow.providers.amazon.aws.sensors.ssm import SsmRunCommandCompletedSensor +from airflow.utils.trigger_rule import TriggerRule + +from system.amazon.aws.utils import ENV_ID_KEY, SystemTestContextBuilder, get_role_name +from system.amazon.aws.utils.ec2 import get_latest_ami_id + +DAG_ID = "example_ssm" + +ROLE_ARN_KEY = "ROLE_ARN" +sys_test_context_task = SystemTestContextBuilder().add_variable(ROLE_ARN_KEY).build() + +USER_DATA = """ + #!/bin/bash + set -e + + # Update the system + if command -v yum &> /dev/null; then + PACKAGE_MANAGER="yum" + elif command -v dnf &> /dev/null; then + PACKAGE_MANAGER="dnf" + else + exit 1 + fi + + # Install SSM agent if it's not installed + if ! command -v amazon-ssm-agent &> /dev/null; then + if [[ "$PACKAGE_MANAGER" == "yum" || "$PACKAGE_MANAGER" == "dnf" ]]; then + $PACKAGE_MANAGER install -y amazon-ssm-agent + else + exit 1 + fi + fi + + # Enable and start the SSM agent + systemctl enable amazon-ssm-agent + systemctl start amazon-ssm-agent + + shutdown -h +8 +""" + +log = logging.getLogger(__name__) + + +@task +def create_instance_profile(role_name: str, instance_profile_name: str): + client = boto3.client("iam") + + try: + client.create_instance_profile(InstanceProfileName=instance_profile_name) + except ClientError as e: + if e.response["Error"]["Code"] != "EntityAlreadyExists": + raise + + instance_profile = client.get_instance_profile(InstanceProfileName=instance_profile_name) Review Comment: No need to call `get_instance_profile`, you can get this information from the response of `create_instance_profile`. And since we are assuming the instance profile does not exist, no need to check whether the role is already associated to the instance profile ########## providers/amazon/tests/system/amazon/aws/example_ssm.py: ########## @@ -143,6 +184,8 @@ def wait_until_ssm_ready(instance_id: str, max_attempts: int = 10, delay_seconds min_count=1, config=config, wait_for_completion=True, + retries=5, + retry_delay=datetime.timedelta(seconds=15), Review Comment: Instead of doing that, you can wait using https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam/waiter/InstanceProfileExists.html -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
