You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@datalab.apache.org by lf...@apache.org on 2021/12/15 15:30:28 UTC
[incubator-datalab] 01/01: [DATALAB-2545]: added predefined role for aws ssn
This is an automated email from the ASF dual-hosted git repository.
lfrolov pushed a commit to branch DATALAB-2545
in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
commit 56c64112e745519c4d8a063e41c27ca591de7c5b
Author: leonidfrolov <fr...@gmail.com>
AuthorDate: Wed Dec 15 17:30:11 2021 +0200
[DATALAB-2545]: added predefined role for aws ssn
---
.../scripts/deploy_datalab.py | 2 ++
.../src/general/scripts/aws/ssn_prepare.py | 30 ++++++++++++----------
2 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/infrastructure-provisioning/scripts/deploy_datalab.py b/infrastructure-provisioning/scripts/deploy_datalab.py
index 34be5ec..9dd70e4 100644
--- a/infrastructure-provisioning/scripts/deploy_datalab.py
+++ b/infrastructure-provisioning/scripts/deploy_datalab.py
@@ -210,6 +210,8 @@ def build_parser():
aws_parser.add_argument('--aws_report_path', type=str, help='The path to billing reports directory in S3 bucket')
aws_parser.add_argument('--aws_permissions_boundary_arn', type=str, default='',
help='Permission boundary to be attached to new roles')
+ aws_parser.add_argument('--aws_ssn_instance_role', type=str, default='',
+ help='Role to be attached to SSN instance')
aws_required_args = aws_parser.add_argument_group('Required arguments')
aws_required_args.add_argument('--aws_region', type=str, required=True, help='AWS region')
diff --git a/infrastructure-provisioning/src/general/scripts/aws/ssn_prepare.py b/infrastructure-provisioning/src/general/scripts/aws/ssn_prepare.py
index 7e21cb1..346f265 100644
--- a/infrastructure-provisioning/src/general/scripts/aws/ssn_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/aws/ssn_prepare.py
@@ -257,19 +257,23 @@ if __name__ == "__main__":
#creating roles
try:
- logging.info('[CREATE ROLES]')
- params = "--role_name {} --role_profile_name {} --policy_name {} --policy_file_name {} --region {} " \
- "--infra_tag_name {} --infra_tag_value {} --user_tag_value {}". \
- format(ssn_conf['role_name'], ssn_conf['role_profile_name'], ssn_conf['policy_name'],
- ssn_conf['policy_path'], ssn_conf['region'], ssn_conf['tag_name'],
- ssn_conf['service_base_name'], ssn_conf['user_tag'])
- if 'aws_permissions_boundary_arn' in os.environ:
- params = '{} --permissions_boundary_arn {}'.format(params, os.environ['aws_permissions_boundary_arn'])
- try:
- subprocess.run("~/scripts/{}.py {}".format('common_create_role_policy', params), shell=True, check=True)
- except:
- traceback.print_exc()
- raise Exception
+ if 'aws_ssn_instance_role' in os.environ and os.environ['aws_ssn_instance_role'] != '':
+ ssn_conf['role_name'] = os.environ['aws_ssn_instance_role']
+ ssn_conf['role_profile_name'] = os.environ['aws_ssn_instance_role']
+ else:
+ logging.info('[CREATE ROLES]')
+ params = "--role_name {} --role_profile_name {} --policy_name {} --policy_file_name {} --region {} " \
+ "--infra_tag_name {} --infra_tag_value {} --user_tag_value {}". \
+ format(ssn_conf['role_name'], ssn_conf['role_profile_name'], ssn_conf['policy_name'],
+ ssn_conf['policy_path'], ssn_conf['region'], ssn_conf['tag_name'],
+ ssn_conf['service_base_name'], ssn_conf['user_tag'])
+ if 'aws_permissions_boundary_arn' in os.environ:
+ params = '{} --permissions_boundary_arn {}'.format(params, os.environ['aws_permissions_boundary_arn'])
+ try:
+ subprocess.run("~/scripts/{}.py {}".format('common_create_role_policy', params), shell=True, check=True)
+ except:
+ traceback.print_exc()
+ raise Exception
except Exception as err:
logging.error('Error: {0}'.format(err))
datalab.fab.append_result("Failed to create roles", str(err))
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@datalab.apache.org
For additional commands, e-mail: commits-help@datalab.apache.org