From 604d34abf59de813d4b8c0126845eeb60efbad47 Mon Sep 17 00:00:00 2001 From: vsnyc Date: Fri, 27 Oct 2023 01:17:38 -0400 Subject: [PATCH 1/2] Updating submodules --- submodules/cfn-ps-aws-vpc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/cfn-ps-aws-vpc b/submodules/cfn-ps-aws-vpc index 0561674..2586c30 160000 --- a/submodules/cfn-ps-aws-vpc +++ b/submodules/cfn-ps-aws-vpc @@ -1 +1 @@ -Subproject commit 056167469bc937a80620b035156da8471b2bc369 +Subproject commit 2586c305dbdd3d8a48ca380eebbe90542a939d2e From cfd02d9de5e20c74d9337d352bd50e4684ce0e46 Mon Sep 17 00:00:00 2001 From: vsnyc Date: Fri, 27 Oct 2023 01:17:40 -0400 Subject: [PATCH 2/2] Synced publication stage from project type --- .../publication/assets/.taskcat_publish.yml | 8 +++ .../publication/assets/cred_helper.py | 72 +++++++++++++++++++ .project_automation/publication/s3_publish.sh | 1 + 3 files changed, 81 insertions(+) create mode 100644 .project_automation/publication/assets/cred_helper.py diff --git a/.project_automation/publication/assets/.taskcat_publish.yml b/.project_automation/publication/assets/.taskcat_publish.yml index 353dd03..8ffd750 100644 --- a/.project_automation/publication/assets/.taskcat_publish.yml +++ b/.project_automation/publication/assets/.taskcat_publish.yml @@ -6,6 +6,10 @@ general: ap-southeast-3: ap-southeast-3-profile eu-south-1: eu-south-1-profile me-south-1: me-south-1-profile + cn-north-1: china-profile + cn-northwest-1: china-profile + us-gov-east-1: us-govcloud-profile + us-gov-west-1: us-govcloud-profile project: s3_regional_buckets: true s3_bucket: aws-ia @@ -32,5 +36,9 @@ project: - ca-central-1 - eu-central-1 - eu-north-1 + - cn-north-1 + - cn-northwest-1 + - us-gov-east-1 + - us-gov-west-1 tests: test1: {} \ No newline at end of file diff --git a/.project_automation/publication/assets/cred_helper.py b/.project_automation/publication/assets/cred_helper.py new file mode 100644 index 0000000..c01d761 --- /dev/null +++ b/.project_automation/publication/assets/cred_helper.py @@ -0,0 +1,72 @@ +#!/usr/bin/env python3 +import boto3 +import json +import sys +import argparse + +# https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html + +def _transform_creds(result, ak, sk): + AK = result[ak] + SAK = result[sk] + transformed_creds = { + "Version": 1, + "AccessKeyId": AK, + "SecretAccessKey": SAK + } + return transformed_creds + +def fetch_creds(region_name, secret_name, ak, sk, pr): + ssm = boto3.Session(profile_name=pr).client('secretsmanager', region_name=region_name) + value = ssm.get_secret_value(SecretId=secret_name) + value = json.loads(value["SecretString"]) + return _transform_creds(value, ak, sk) + +if __name__ == "__main__": + parser = argparse.ArgumentParser( + prog="cred_helper.py", + description="Snags creds from Secrets manager for use in an AWS profile. Leveraging botocore builtins.", + ) + parser.add_argument( + "--region", + type=str, + help="region name. otherwise use the default.", + required=True + ) + parser.add_argument( + "--secret-name", + type=str, + help="secret name to fetch", + required=True + ) + parser.add_argument( + "--access-key-index", + type=str, + help="secret name to fetch", + required=True + ) + parser.add_argument( + "--secret-access-key-index", + type=str, + help="secret name to fetch", + required=True + ) + parser.add_argument( + "--secret-profile", + type=str, + help="profile to use when fetching the secret", + required=False, + default="default" + ) + args = parser.parse_args() + try: + parsed_creds = fetch_creds( + args.region, + args.secret_name, + args.access_key_index, + args.secret_access_key_index, + args.secret_profile + ) + json.dump(parsed_creds, sys.stdout, indent=2) + except: + raise diff --git a/.project_automation/publication/s3_publish.sh b/.project_automation/publication/s3_publish.sh index 6921d16..8d54835 100755 --- a/.project_automation/publication/s3_publish.sh +++ b/.project_automation/publication/s3_publish.sh @@ -62,6 +62,7 @@ cat "${automation_scripts_path}tmp.yml" aws sts get-caller-identity --debug +chmod 755 ${project_root}/.project_automation/publication/assets/cred_helper.py # push to regional S3 buckets export TASKCAT_PROJECT_S3_REGIONAL_BUCKETS=true; taskcat -d upload -p ${project_root} -c "${automation_scripts_path}tmp.yml"