Merge branch 'release/3.1.10'

azavea · Jan 27, 2021 · 005ad74 · 005ad74
2 parents 42d9e6e + dfabe34
commit 005ad74
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 129 deletions.
diff --git a/.gitignore b/.gitignore
@@ -15,6 +15,7 @@ develop-eggs
 lib
 lib64
 __pycache__
+.venv
 
 # Installer logs
 pip-log.txt

diff --git a/deployment/auth.py b/deployment/auth.py
diff --git a/deployment/cac-stack.py b/deployment/cac-stack.py
@@ -3,70 +3,50 @@
 """Commands for building AMIs and setting up CAC TripPlanner stacks on AWS"""
 import argparse
 import os
-import sys
 
 from cloudformation.stacks import build_stacks
 from cloudformation.template_utils import get_config
 from packer.cac_packer import run_packer
-from auth import get_creds, write_creds, delete_creds
 
 
 file_dir = os.path.dirname(os.path.realpath(__file__))
 
 
-def launch_stacks(cac_config, creds, stack_type, stack_color, **kwargs):
+def launch_stacks(cac_config, stack_type, stack_color, **kwargs):
     """Launches the specified stacks
 
     Args:
       cac_config (Dict): Dictionary of AWS parameter values
-      creds (Dict): Dictionary containing AWS credentials
       stack_type (str): Type of environment (dev, prod, test)
       stack_color (str): Color of environment (blue, green)
     """
 
-    # Launching the stack is a lot easier with the credentials file in place. Otherwise,
-    # there are several places where credentials need to be passed into boto directly.
-    # Write it out temporarily, and remove it afterwards.
-    write_creds(creds, True)
-    try:
-        build_stacks(cac_config, stack_type, stack_color)
-    finally:
-        delete_creds()
+    build_stacks(cac_config, stack_type, stack_color)
 
 
-def create_ami(machine_type, aws_region, creds, aws_config, **kwargs):
+def create_ami(machine_type, aws_region, aws_profile, **kwargs):
     """Creates the specified AMI(s)
 
     Args:
       machine_type (str): Optional type of AMI to build (all are built if unspecified)
       aws_region (str): AWS region id
-      creds (Dict): Dictionary containing AWS credentials
+      aws_profile (str): AWS profile name
     """
-    run_packer(machine_type, aws_region, creds, aws_config)
+    run_packer(machine_type, aws_region, aws_profile)
 
 
 def main():
     """Parse args and run desired commands"""
     common_parser = argparse.ArgumentParser(add_help=False)
     common_parser.add_argument('--aws-region', default='us-east-1',
                                help='AWS region -- defaults to us-east-1')
-    common_parser.add_argument('--aws-access-key-id', required=True,
-                               help='AWS Access Key ID')
-    common_parser.add_argument('--aws-secret-access-key', required=True,
-                               help='AWS Secret Access Key')
-    common_parser.add_argument('--aws-role-arn', required=True,
-                               help='AWS ARN for assumed role')
+    common_parser.add_argument('--aws-profile', default=os.environ.get('AWS_PROFILE', 'gophillygo'),
+                               help='AWS profile')
     common_parser.add_argument('--cac-config-path', default=os.path.join(file_dir, 'default.yaml'),
                                help='Path to CAC stack config')
     common_parser.add_argument('--cac-profile', default='default',
                                help='CAC stack profile to use for launching stacks')
 
-    if os.path.isfile(os.path.expanduser('~/.aws/credentials')):
-        # There is a bug in Packer that makes it so the only way to successfully build
-        # an AMI using MFA tokens is to not have the ~/.aws/credentials file, and instead
-        # specify the parameters via environment variables.
-        print("Please delete your ~/.aws/credentials and try again")
-        sys.exit(1)
 
     parser = argparse.ArgumentParser()
     subparsers = parser.add_subparsers(title='CAC TripPlanner Stack Commands')
@@ -93,14 +73,10 @@ def main():
                          help='Optional machine type. One of "app", "bastion", "otp"')
     cac_ami.set_defaults(func=create_ami)
 
-    # Parse, obtain temporary MFA credentials, and run
+    # Parse and run
     args = parser.parse_args()
-    creds = get_creds(args.aws_access_key_id, args.aws_secret_access_key,
-                      args.aws_role_arn)
-    aws_config = {'aws_access_key_id': args.aws_access_key_id,
-                  "aws_secret_access_key": args.aws_secret_access_key}
     cac_config = get_config(args.cac_config_path, args.cac_profile)
-    args.func(cac_config=cac_config, creds=creds, aws_config=aws_config, **vars(args))
+    args.func(cac_config=cac_config, **vars(args))
 
 if __name__ == '__main__':
     main()
diff --git a/deployment/packer/cac_packer.py b/deployment/packer/cac_packer.py
@@ -13,7 +13,7 @@ class CacStackException(Exception):
     pass
 
 
-def get_ubuntu_ami(region, creds):
+def get_ubuntu_ami(region):
     """Gets AMI ID for current release in region
 
     Args:
@@ -42,13 +42,13 @@ def ami_filter(ami):
     return amis[0]['id']
 
 
-def run_packer(machine_type, region, creds, aws_config):
+def run_packer(machine_type, aws_region, aws_profile):
     """Runs packer command to build the desired AMI(s)
 
     Args:
       machine_type (str): Optional machine type string for passing in as the `-only` param
-      region (str): AWS region id
-      creds (Dict): Dictionary containing AWS credentials
+      aws_region (str): AWS region id
+      aws_profile (str): AWS profile name
     """
 
     # Remove examples subdirectory from all Azavea roles
@@ -60,16 +60,11 @@ def run_packer(machine_type, region, creds, aws_config):
             print(('Removing {}'.format(examples_path)))
             shutil.rmtree(examples_path)
 
-    env = os.environ.copy()
-    env['AWS_ACCESS_KEY_ID'] = creds['aws_access_key_id']
-    env['AWS_SECRET_ACCESS_KEY'] = creds['aws_secret_access_key']
-    env['AWS_SESSION_TOKEN'] = creds['aws_security_token']
-
-    aws_ubuntu_ami = get_ubuntu_ami(region, aws_config)
+    aws_ubuntu_ami = get_ubuntu_ami(aws_region)
 
     packer_template_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'cac.json')
     packer_command = ['packer', 'build',
-                      '-var', 'aws_region={}'.format(region),
+                      '-var', 'aws_region={}'.format(aws_region),
                       '-var', 'ubuntu_ami={}'.format(aws_ubuntu_ami)]
 
     # Create the specified machine type, or all of them if one is not specified
@@ -80,4 +75,4 @@ def run_packer(machine_type, region, creds, aws_config):
     packer_command.append(packer_template_path)
 
     print('Running Packer Command: {}'.format(' '.join(packer_command)))
-    subprocess.check_call(packer_command, env=env)
+    subprocess.check_call(packer_command, env=os.environ.copy().update({'AWS_PROFILE': aws_profile}))