This is an automated email from the ASF dual-hosted git repository.
lfrolov pushed a commit to branch 2.5.1-tcpc-deployment
in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
The following commit(s) were added to refs/heads/2.5.1-tcpc-deployment by this
push:
new 279accb [DATALAB-2545]: added predefined role for aws ssn
279accb is described below
commit 279accb4d5f346c6a4557c71abdfd3516076b6f4
Author: leonidfrolov <[email protected]>
AuthorDate: Wed Dec 15 17:30:11 2021 +0200
[DATALAB-2545]: added predefined role for aws ssn
---
.../scripts/deploy_datalab.py | 2 ++
.../src/general/scripts/aws/ssn_prepare.py | 30 ++++++++++++----------
2 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/infrastructure-provisioning/scripts/deploy_datalab.py
b/infrastructure-provisioning/scripts/deploy_datalab.py
index 34be5ec..9dd70e4 100644
--- a/infrastructure-provisioning/scripts/deploy_datalab.py
+++ b/infrastructure-provisioning/scripts/deploy_datalab.py
@@ -210,6 +210,8 @@ def build_parser():
aws_parser.add_argument('--aws_report_path', type=str, help='The path to
billing reports directory in S3 bucket')
aws_parser.add_argument('--aws_permissions_boundary_arn', type=str,
default='',
help='Permission boundary to be attached to new
roles')
+ aws_parser.add_argument('--aws_ssn_instance_role', type=str, default='',
+ help='Role to be attached to SSN instance')
aws_required_args = aws_parser.add_argument_group('Required arguments')
aws_required_args.add_argument('--aws_region', type=str, required=True,
help='AWS region')
diff --git a/infrastructure-provisioning/src/general/scripts/aws/ssn_prepare.py
b/infrastructure-provisioning/src/general/scripts/aws/ssn_prepare.py
index 7e21cb1..346f265 100644
--- a/infrastructure-provisioning/src/general/scripts/aws/ssn_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/aws/ssn_prepare.py
@@ -257,19 +257,23 @@ if __name__ == "__main__":
#creating roles
try:
- logging.info('[CREATE ROLES]')
- params = "--role_name {} --role_profile_name {} --policy_name {}
--policy_file_name {} --region {} " \
- "--infra_tag_name {} --infra_tag_value {} --user_tag_value
{}". \
- format(ssn_conf['role_name'], ssn_conf['role_profile_name'],
ssn_conf['policy_name'],
- ssn_conf['policy_path'], ssn_conf['region'],
ssn_conf['tag_name'],
- ssn_conf['service_base_name'], ssn_conf['user_tag'])
- if 'aws_permissions_boundary_arn' in os.environ:
- params = '{} --permissions_boundary_arn {}'.format(params,
os.environ['aws_permissions_boundary_arn'])
- try:
- subprocess.run("~/scripts/{}.py
{}".format('common_create_role_policy', params), shell=True, check=True)
- except:
- traceback.print_exc()
- raise Exception
+ if 'aws_ssn_instance_role' in os.environ and
os.environ['aws_ssn_instance_role'] != '':
+ ssn_conf['role_name'] = os.environ['aws_ssn_instance_role']
+ ssn_conf['role_profile_name'] = os.environ['aws_ssn_instance_role']
+ else:
+ logging.info('[CREATE ROLES]')
+ params = "--role_name {} --role_profile_name {} --policy_name {}
--policy_file_name {} --region {} " \
+ "--infra_tag_name {} --infra_tag_value {}
--user_tag_value {}". \
+ format(ssn_conf['role_name'], ssn_conf['role_profile_name'],
ssn_conf['policy_name'],
+ ssn_conf['policy_path'], ssn_conf['region'],
ssn_conf['tag_name'],
+ ssn_conf['service_base_name'], ssn_conf['user_tag'])
+ if 'aws_permissions_boundary_arn' in os.environ:
+ params = '{} --permissions_boundary_arn {}'.format(params,
os.environ['aws_permissions_boundary_arn'])
+ try:
+ subprocess.run("~/scripts/{}.py
{}".format('common_create_role_policy', params), shell=True, check=True)
+ except:
+ traceback.print_exc()
+ raise Exception
except Exception as err:
logging.error('Error: {0}'.format(err))
datalab.fab.append_result("Failed to create roles", str(err))
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
