Merge pull request #6 from aws-ia/project_type_sync

Syncing project type updates and updating submodule

.project_automation/publication/assets/.taskcat_publish.yml

@@ -6,6 +6,10 @@ general:
  ap-southeast-3: ap-southeast-3-profile
  eu-south-1: eu-south-1-profile
  me-south-1: me-south-1-profile
+ cn-north-1: china-profile
+ cn-northwest-1: china-profile
+ us-gov-east-1: us-govcloud-profile
+ us-gov-west-1: us-govcloud-profile
 project:
  s3_regional_buckets: true
  s3_bucket: aws-ia
@@ -32,5 +36,9 @@ project:
  - ca-central-1
  - eu-central-1
  - eu-north-1
+ - cn-north-1
+ - cn-northwest-1
+ - us-gov-east-1
+ - us-gov-west-1
 tests:
  test1: {}

.project_automation/publication/assets/cred_helper.py

@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+import boto3
+import json
+import sys
+import argparse
+
+# https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html
+
+def _transform_creds(result, ak, sk):
+ AK = result[ak]
+ SAK = result[sk]
+ transformed_creds = {
+ "Version": 1,
+ "AccessKeyId": AK,
+ "SecretAccessKey": SAK
+ }
+ return transformed_creds
+
+def fetch_creds(region_name, secret_name, ak, sk, pr):
+ ssm = boto3.Session(profile_name=pr).client('secretsmanager', region_name=region_name)
+ value = ssm.get_secret_value(SecretId=secret_name)
+ value = json.loads(value["SecretString"])
+ return _transform_creds(value, ak, sk)
+
+if __name__ == "__main__":
+ parser = argparse.ArgumentParser(
+ prog="cred_helper.py",
+ description="Snags creds from Secrets manager for use in an AWS profile. Leveraging botocore builtins.",
+ )
+ parser.add_argument(
+ "--region",
+ type=str,
+ help="region name. otherwise use the default.",
+ required=True
+ )
+ parser.add_argument(
+ "--secret-name",
+ type=str,
+ help="secret name to fetch",
+ required=True
+ )
+ parser.add_argument(
+ "--access-key-index",
+ type=str,
+ help="secret name to fetch",
+ required=True
+ )
+ parser.add_argument(
+ "--secret-access-key-index",
+ type=str,
+ help="secret name to fetch",
+ required=True
+ )
+ parser.add_argument(
+ "--secret-profile",
+ type=str,
+ help="profile to use when fetching the secret",
+ required=False,
+ default="default"
+ )
+ args = parser.parse_args()
+ try:
+ parsed_creds = fetch_creds(
+ args.region,
+ args.secret_name,
+ args.access_key_index,
+ args.secret_access_key_index,
+ args.secret_profile
+ )
+ json.dump(parsed_creds, sys.stdout, indent=2)
+ except:
+ raise

.project_automation/publication/s3_publish.sh

@@ -62,6 +62,7 @@ cat "${automation_scripts_path}tmp.yml"
 
 aws sts get-caller-identity --debug
 
+chmod 755 ${project_root}/.project_automation/publication/assets/cred_helper.py
 # push to regional S3 buckets
 export TASKCAT_PROJECT_S3_REGIONAL_BUCKETS=true; taskcat -d upload -p ${project_root} -c "${automation_scripts_path}tmp.yml"