Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gitlab with curl - synching with main head #354

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Gitlab with curl - synching with main head #354

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
f29d03d
gitlab support through api calls
cnfait Jun 19, 2024
76836d6
gitlab support through api calls - full implementation
tuladp Jun 21, 2024
3041729
gitlab support through api calls - full implementation
tuladp Jun 21, 2024
ab29739
Merge branch 'awslabs:gitlab-with-curl' into gitlab-with-curl
tuladp Jun 23, 2024
8670322
fix: covestro issues
Jun 24, 2024
75505dd
fix: iam policy through patch
Jun 24, 2024
ad86942
fix: patch
Jun 24, 2024
63dd803
fix: deploy script and remove vpcId conditions
Jun 25, 2024
58d2226
fix: updating changes from covestro
Jul 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 23 additions & 7 deletions deploy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ function template_protection()
--profile "$CURRENT_PROFILE_NAME"
}

crossaccount_cicd_roles () {
crossaccount_cicd_roles () {
pflag=false
rflag=false
dflag=false
Expand Down Expand Up @@ -132,7 +132,7 @@ crossaccount_cicd_roles () {
exit
}

devops_account () {
devops_account () {
pflag=false
rflag=false
dflag=false
Expand Down Expand Up @@ -257,7 +257,7 @@ devops_account () {
template_protection "$STACK_NAME" "$REGION" "$DEVOPS_AWS_PROFILE"
rm -Rf "$DIRNAME"/output

declare -a REPOSITORIES=("sdlf-cicd" "sdlf-foundations" "sdlf-team" "sdlf-pipeline" "sdlf-dataset" "sdlf-datalakeLibrary" "sdlf-stageA" "sdlf-stageB" "sdlf-main")
declare -a REPOSITORIES=("sdlf-cicd" "sdlf-foundations" "sdlf-team" "sdlf-pipeline" "sdlf-dataset" "sdlf-datalakeLibrary" "sdlf-stageA" "sdlf-stageB" "sdlf-main" "sdlf-stage-lambda" "sdlf-stage-glue")
if "$MONITORING"
then
REPOSITORIES+=("sdlf-monitoring")
Expand All @@ -268,8 +268,23 @@ devops_account () {
then
GITLAB_URL=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --with-decryption --name /SDLF/GitLab/Url --query "Parameter.Value" --output text)
GITLAB_ACCESSTOKEN=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --with-decryption --name /SDLF/GitLab/AccessToken --query "Parameter.Value" --output text)
GITLAB_REPOSITORY_URL="https://aws:$GITLAB_ACCESSTOKEN@${GITLAB_URL#https://}sdlf/$REPOSITORY.git"

GITLAB_NAMESPACE_ID=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --with-decryption --name /SDLF/GitLab/NamespaceId --query "Parameter.Value" --output text)
GITLAB_GROUP_NAME=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --name /SDLF/GitLab/SdlfGitLabGroup --query "Parameter.Value" --output text)

GITLAB_HOST_NAME=gitlab.ssh.covestro.com

echo "Creating $REPOSITORY repository in GitLab ..."
curl --insecure --request POST --header "PRIVATE-TOKEN: $GITLAB_ACCESSTOKEN" \
--header "Content-Type: application/json" \
--data "{\"name\": \"$REPOSITORY\", \"description\": \"$REPOSITORY\", \"path\": \"$REPOSITORY\", \"namespace_id\": \"$GITLAB_NAMESPACE_ID\", \"initialize_with_readme\": false}" \
--url "${GITLAB_URL}api/v4/projects/"


GITLAB_REPOSITORY_URL="https://aws:$GITLAB_ACCESSTOKEN@${GITLAB_URL#https://}${GITLAB_GROUP_NAME}/$REPOSITORY.git"
GITLAB_SSH_URI=git@${GITLAB_HOST_NAME}:${GITLAB_GROUP_NAME}/$REPOSITORY.git

echo "Origin for repo is $GITLAB_SSH_URI"
if [ "$REPOSITORY" = "sdlf-main" ]
then
mkdir sdlf-main
Expand All @@ -278,8 +293,9 @@ devops_account () {
pushd "$REPOSITORY" || exit
if [ ! -d .git ] # if .git exists, deploy.sh has likely been run before - do not try to push the base repositories
then
git init
git remote add origin "$GITLAB_REPOSITORY_URL" || exit 1
git init --initial-branch=main
git remote rename origin old-origin
git remote add origin "$GITLAB_SSH_URI" || exit 1
git add .
git commit -m "initial commit"
git push origin main || exit 1
Expand All @@ -295,7 +311,7 @@ devops_account () {
done

aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" s3api put-object --bucket "$ARTIFACTS_BUCKET" --key sam-translate.py --body "$DIRNAME"/sdlf-cicd/sam-translate.py
curl -L -O --output-dir "$DIRNAME"/sdlf-cicd/ https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip
curl -L -O --insecure --output-dir "$DIRNAME"/sdlf-cicd/ https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip
aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" s3api put-object --bucket "$ARTIFACTS_BUCKET" --key aws-sam-cli-linux-x86_64.zip --body "$DIRNAME"/sdlf-cicd/aws-sam-cli-linux-x86_64.zip
rm "$DIRNAME"/sdlf-cicd/aws-sam-cli-linux-x86_64.zip

Expand Down
52 changes: 51 additions & 1 deletion sdlf-cicd/lambda/domain-cicd/src/lambda_function.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@
import logging
import os
import zipfile
import ssl
from io import BytesIO
from tempfile import mkdtemp
from urllib.request import HTTPError, Request, URLError, urlopen

import boto3
from botocore.client import Config
Expand Down Expand Up @@ -163,6 +165,34 @@ def delete_domain_team_role_stack(cloudformation, team):


def create_team_repository_cicd_stack(domain, team_name, template_body_url, cloudformation_role):
gitlab_url = ssm.get_parameter(Name="/SDLF/GitLab/Url", WithDecryption=True)["Parameter"]["Value"]
gitlab_accesstoken = ssm.get_parameter(Name="/SDLF/GitLab/AccessToken", WithDecryption=True)["Parameter"]["Value"]
repository = f"sdlf-main-{domain}-{team_name}"
namespace_id = ssm.get_parameter(Name="/SDLF/GitLab/NamespaceId", WithDecryption=True)["Parameter"]["Value"]
url = f"{gitlab_url}api/v4/projects/"
headers = {
"Content-Type": "application/json",
"PRIVATE-TOKEN": gitlab_accesstoken
}
data = {
"name": repository,
"description": repository,
"path": repository,
"namespace_id": namespace_id,
"initialize_with_readme": "false"
}
json_data = json.dumps(data).encode('utf-8')
req = Request(url, data=json_data, headers=headers, method='POST')
unverified_context = ssl._create_unverified_context()
try:
with urlopen(req, context=unverified_context) as response:
response_body = response.read().decode('utf-8')
logger.info(response_body)
except HTTPError as e:
logger.warn(f"HTTP error occurred: {e.code} {e.reason}. Most likely the repository {repository} already exists")
except URLError as e:
logger.error(f"URL error occurred: {e.reason}")

response = {}
cloudformation_waiter_type = None
stack_name = f"sdlf-cicd-teams-{domain}-{team_name}-repository"
Expand Down Expand Up @@ -289,11 +319,21 @@ def create_team_pipeline_cicd_stack(
"ParameterValue": f"/SDLF/{git_platform}/StageA{git_platform}",
"UsePreviousValue": False,
},
{
"ParameterKey": "pStageLambdaRepository",
"ParameterValue": f"/SDLF/{git_platform}/StageLambda{git_platform}",
"UsePreviousValue": False,
},
{
"ParameterKey": "pStageBRepository",
"ParameterValue": f"/SDLF/{git_platform}/StageB{git_platform}",
"UsePreviousValue": False,
},
{
"ParameterKey": "pStageGlueRepository",
"ParameterValue": f"/SDLF/{git_platform}/StageGlue{git_platform}",
"UsePreviousValue": False,
},
{
"ParameterKey": "pDatasetRepository",
"ParameterValue": f"/SDLF/{git_platform}/Dataset{git_platform}",
Expand Down Expand Up @@ -361,11 +401,21 @@ def create_team_pipeline_cicd_stack(
"ParameterValue": f"/SDLF/{git_platform}/StageA{git_platform}",
"UsePreviousValue": False,
},
{
"ParameterKey": "pStageLambdaRepository",
"ParameterValue": f"/SDLF/{git_platform}/StageLambda{git_platform}",
"UsePreviousValue": False,
},
{
"ParameterKey": "pStageBRepository",
"ParameterValue": f"/SDLF/{git_platform}/StageB{git_platform}",
"UsePreviousValue": False,
},
{
"ParameterKey": "pStageGlueRepository",
"ParameterValue": f"/SDLF/{git_platform}/StageGlue{git_platform}",
"UsePreviousValue": False,
},
{
"ParameterKey": "pDatasetRepository",
"ParameterValue": f"/SDLF/{git_platform}/Dataset{git_platform}",
Expand Down Expand Up @@ -668,4 +718,4 @@ def lambda_handler(event, context):
raise

codepipeline.put_job_success_result(jobId=event["CodePipeline.job"]["id"])
return "Success"
return "Success"
34 changes: 18 additions & 16 deletions sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,24 +90,17 @@ Resources:
- ec2:DeleteNetworkInterface # W11 condition applied
Resource:
- "*"
Condition:
ArnEqualsIfExists:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- !If
- RunInVpc
- Effect: Allow
Action:
- ec2:CreateNetworkInterfacePermission
Resource:
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*"
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:network-interface/*"
Condition:
StringEquals:
"ec2:AuthorizedService": codebuild.amazonaws.com
ArnEquals:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- PolicyName: sdlf-cicd-build-stages-cfn-modules
PolicyDocument:
Expand All @@ -127,7 +120,7 @@ Resources:
- codecommit:GetUploadArchiveStatus
- codecommit:CancelUploadArchive
Resource:
- !Sub arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:${pStagesRepositoriesPrefix}*
- !Sub arn:${AWS::Partition}:codecommit:${AWS::Region}:*:${pStagesRepositoriesPrefix}*

rBuildCloudformationModuleStage:
Type: AWS::CodeBuild::Project
Expand All @@ -139,8 +132,13 @@ Resources:
EncryptionKey: !Ref pKMSKey
VpcConfig: !If
- RunInVpc
- SecurityGroupIds: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-security-groups]
Subnets: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets]
- SecurityGroupIds:
!Split [
",",
!ImportValue sdlf-cicd-prerequisites-vpc-security-groups,
]
Subnets:
!Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets]
VpcId: "{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"
Environment:
Expand All @@ -167,9 +165,8 @@ Resources:
&& unzip -q aws-sam-cli-linux-x86_64.zip -d sam-installation
./sam-installation/install \
&& sam --version
- |-
pip3 install cfn-lint==0.87.7
pip3 install cloudformation-cli
- pip3 install cfn-lint==0.87.7
- pip3 install cloudformation-cli
- aws s3api get-object --bucket "$ARTIFACTS_BUCKET" --key sam-translate.py sam-translate.py
build:
commands:
Expand Down Expand Up @@ -246,8 +243,13 @@ Resources:
EncryptionKey: !Ref pKMSKey
VpcConfig: !If
- RunInVpc
- SecurityGroupIds: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-security-groups]
Subnets: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets]
- SecurityGroupIds:
!Split [
",",
!ImportValue sdlf-cicd-prerequisites-vpc-security-groups,
]
Subnets:
!Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets]
VpcId: "{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"
Environment:
Expand Down
9 changes: 1 addition & 8 deletions sdlf-cicd/nested-stacks/template-cicd-glue-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,24 +87,17 @@ Resources:
- ec2:DeleteNetworkInterface # W11 condition applied
Resource:
- "*"
Condition:
ArnEqualsIfExists:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- !If
- RunInVpc
- Effect: Allow
Action:
- ec2:CreateNetworkInterfacePermission
Resource:
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*"
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:network-interface/*"
Condition:
StringEquals:
"ec2:AuthorizedService": codebuild.amazonaws.com
ArnEquals:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"

rGlueJobPackage:
Expand Down
9 changes: 1 addition & 8 deletions sdlf-cicd/nested-stacks/template-cicd-lambda-layer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,24 +83,17 @@ Resources:
- ec2:DeleteNetworkInterface # W11 condition applied
Resource:
- "*"
Condition:
ArnEqualsIfExists:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- !If
- RunInVpc
- Effect: Allow
Action:
- ec2:CreateNetworkInterfacePermission
Resource:
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*"
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:network-interface/*"
Condition:
StringEquals:
"ec2:AuthorizedService": codebuild.amazonaws.com
ArnEquals:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"

rBuildLambdaLayersPackage:
Expand Down
6 changes: 0 additions & 6 deletions sdlf-cicd/template-cicd-domain-roles.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -427,12 +427,6 @@ Resources:
- lambda:CreateFunction
- lambda:UpdateFunctionConfiguration
Resource: !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf-*
Condition: !If
- RunInVpc
- StringEquals:
"lambda:VpcIds":
- "{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- Effect: Allow
Action:
- lambda:AddPermission
Expand Down
6 changes: 0 additions & 6 deletions sdlf-cicd/template-cicd-domain-team-role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -293,12 +293,6 @@ Resources:
- lambda:CreateFunction
- lambda:UpdateFunctionConfiguration
Resource: !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf-${pTeamName}-*
Condition: !If
- RunInVpc
- StringEquals:
"lambda:VpcIds":
- "{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- Effect: Allow
Action:
- lambda:AddPermission
Expand Down
19 changes: 3 additions & 16 deletions sdlf-cicd/template-cicd-sdlf-pipelines.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,7 @@ Resources:
- ssm:GetParametersByPath
Resource:
- !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF/Misc/*
- !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF/GitLab/*
- Effect: Allow
Action:
- s3:PutObject
Expand Down Expand Up @@ -663,24 +664,17 @@ Resources:
- ec2:DeleteNetworkInterface # W11 condition applied
Resource:
- "*"
Condition:
ArnEqualsIfExists:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- !If
- RunInVpc
- Effect: Allow
Action:
- ec2:CreateNetworkInterfacePermission
Resource:
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*"
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:network-interface/*"
Condition:
StringEquals:
"ec2:AuthorizedService": codebuild.amazonaws.com
ArnEquals:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"

rCloudFormationPackageCodeBuildProject:
Expand Down Expand Up @@ -791,24 +785,17 @@ Resources:
- ec2:DeleteNetworkInterface # W11 condition applied
Resource:
- "*"
Condition:
ArnEqualsIfExists:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- !If
- RunInVpc
- Effect: Allow
Action:
- ec2:CreateNetworkInterfacePermission
Resource:
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*"
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:network-interface/*"
Condition:
StringEquals:
"ec2:AuthorizedService": codebuild.amazonaws.com
ArnEquals:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Ref "AWS::NoValue"


Expand Down
Loading