You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@datalab.apache.org by ol...@apache.org on 2022/02/23 08:44:23 UTC
[incubator-datalab] branch security/DLAB-2882 updated: versioning var moved to conf section
This is an automated email from the ASF dual-hosted git repository.
olehmykolaishyn pushed a commit to branch security/DLAB-2882
in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
The following commit(s) were added to refs/heads/security/DLAB-2882 by this push:
new f39a3af versioning var moved to conf section
f39a3af is described below
commit f39a3afcf6f5350342409962bf67cc74699dc38c
Author: oleh_mykolaishyn <ow...@gmail.com>
AuthorDate: Wed Feb 23 10:42:39 2022 +0200
versioning var moved to conf section
---
infrastructure-provisioning/scripts/deploy_datalab.py | 10 ++++++----
.../src/general/scripts/aws/project_prepare.py | 14 +++++++-------
.../src/general/scripts/gcp/project_prepare.py | 2 +-
.../src/general/templates/aws/edge_s3_policy.json | 6 ++----
4 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/infrastructure-provisioning/scripts/deploy_datalab.py b/infrastructure-provisioning/scripts/deploy_datalab.py
index c86aa5e..357f673 100644
--- a/infrastructure-provisioning/scripts/deploy_datalab.py
+++ b/infrastructure-provisioning/scripts/deploy_datalab.py
@@ -114,6 +114,8 @@ def build_parser():
help='Column name in report file that contains cost tag')
parser.add_argument('--resource_id', type=str, default='line_item_resource_id',
help='Column name in report file that contains datalab resource id tag')
+ parser.add_argument('--conf_bucket_versioning_enabled', type=str, default='true', choices=BOOL_CHOICES_LIST,
+ help='Versioning for S3 bucket (valid choices: %s)' % BOOL_CHOICES_LIST)
parser.add_argument('--tags', type=str, default='line_item_operation,line_item_line_item_description',
help='Column name in report file that contains tags')
@@ -212,8 +214,8 @@ def build_parser():
help='Permission boundary to be attached to new roles')
aws_parser.add_argument('--aws_ssn_instance_role', type=str, default='',
help='Role to be attached to SSN instance')
- aws_parser.add_argument('--aws_bucket_versioning_enabled', type=str, default='true', choices=BOOL_CHOICES_LIST,
- help='Versioning for S3 bucket (valid choices: %s)' % BOOL_CHOICES_LIST)
+ #aws_parser.add_argument('--aws_bucket_versioning_enabled', type=str, default='true', #choices=BOOL_CHOICES_LIST,
+ # help='Versioning for S3 bucket (valid choices: %s)') #% BOOL_CHOICES_LIST)
aws_required_args = aws_parser.add_argument_group('Required arguments')
aws_required_args.add_argument('--aws_region', type=str, required=True, help='AWS region')
@@ -265,8 +267,8 @@ def build_parser():
help='"TRUE" to enable os login for gcp instances')
gcp_parser.add_argument('--gcp_block_project_ssh_keys', type=str, default='FALSE',
help='"TRUE" to block project ssh keys for gcp instances')
- gcp_parser.add_argument('--gcp_bucket_enable_versioning', type=str, default='false',
- help='"true" to enable versioning for gcp storage buckets')
+ #gcp_parser.add_argument('--gcp_bucket_enable_versioning', type=str, default='false',
+ # help='"true" to enable versioning for gcp storage buckets')
gcp_parser.add_argument('--gcp_cmek_resource_name', type=str, default='',
help='customer managed encryption key resource name '
'e.g. projects/{project_name}/locations/{us}/keyRings/{keyring_name}/cryptoKeys/{key_name}')
diff --git a/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py b/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py
index dd2518e..d6ad1a1 100644
--- a/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py
@@ -62,8 +62,8 @@ if __name__ == "__main__":
project_conf['project_name'],
project_conf['endpoint_name'])
project_conf['bucket_name'] = project_conf['bucket_name_tag'].lower().replace('_', '-')
- #
- project_conf['bucket_versioning_enabled'] = os.environ['aws_bucket_versioning_enabled']
+
+ project_conf['bucket_versioning_enabled'] = os.environ['conf_bucket_versioning_enabled']
#
project_conf['shared_bucket_name_tag'] = '{0}-{1}-shared-bucket'.format(
project_conf['service_base_name'], project_conf['endpoint_tag'])
@@ -559,9 +559,9 @@ if __name__ == "__main__":
project_conf['endpoint_tag'], os.environ['conf_billing_tag_key'], os.environ['conf_billing_tag_value'],
project_conf['tag_name'], project_conf['shared_bucket_name'],
project_conf['bucket_additional_tags']).replace(';', ',')
- params = "--bucket_name {} --bucket_tags {} --region {} --bucket_name_tag {} --bucket_versioning_enabled {}". \
- format(project_conf['shared_bucket_name'], project_conf['shared_bucket_tags'], project_conf['region'],
- project_conf['shared_bucket_name_tag'], project_conf['bucket_versioning_enabled'])
+ params = "--bucket_name {} --bucket_tags {} --region {} --bucket_name_tag {} --bucket_versioning_enabled {}" \
+ .format(project_conf['shared_bucket_name'], project_conf['shared_bucket_tags'], project_conf['region'],
+ project_conf['shared_bucket_name_tag'], project_conf['bucket_versioning_enabled'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_bucket', params), shell=True, check=True)
except:
@@ -572,8 +572,8 @@ if __name__ == "__main__":
project_conf['project_tag'], project_conf['tag_name'], project_conf['bucket_name'],
project_conf['bucket_additional_tags']).replace(';', ',')
params = "--bucket_name {} --bucket_tags {} --region {} --bucket_name_tag {} --bucket_versioning_enabled {}" \
- .format(project_conf['bucket_name'], project_conf['bucket_tags'], project_conf['region'],
- project_conf['bucket_name_tag'], project_conf['bucket_versioning_enabled'])
+ .format(project_conf['bucket_name'], project_conf['bucket_tags'], project_conf['region'],
+ project_conf['bucket_name_tag'], project_conf['bucket_versioning_enabled'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_bucket', params), shell=True, check=True)
except:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py b/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py
index 15a7270..12a1a5f 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py
@@ -121,7 +121,7 @@ if __name__ == "__main__":
else:
project_conf['user_subnets_range'] = ''
- project_conf['gcp_bucket_enable_versioning'] = os.environ['gcp_bucket_enable_versioning']
+ project_conf['gcp_bucket_enable_versioning'] = os.environ['conf_bucket_versioning_enabled']
if 'gcp_cmek_resource_name' in os.environ:
project_conf['gcp_cmek_resource_name'] = os.environ['gcp_cmek_resource_name']
else:
diff --git a/infrastructure-provisioning/src/general/templates/aws/edge_s3_policy.json b/infrastructure-provisioning/src/general/templates/aws/edge_s3_policy.json
index 3fc4b81..dac85ad 100644
--- a/infrastructure-provisioning/src/general/templates/aws/edge_s3_policy.json
+++ b/infrastructure-provisioning/src/general/templates/aws/edge_s3_policy.json
@@ -12,8 +12,7 @@
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:PutBucketPolicy",
- "s3:PutEncryptionConfiguration",
- "s3:PutBucketVersioning"
+ "s3:PutEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::SSN_BUCK",
@@ -36,8 +35,7 @@
"s3:Put*",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
- "s3:AbortMultipartUpload",
- "s3:PutBucketVersioning"
+ "s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::BUCKET_NAME/*",
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@datalab.apache.org
For additional commands, e-mail: commits-help@datalab.apache.org