Add makefile, update ssm path, fix sqs check

* I add the makefile to this branch, which was used to create, push, and run the permission check in staging. * I update the DSS_SSM_PATH and WILEY_SSM_PATH to not append the WORKSPACE to them, since the path is the true, actual path already, and includes stage/prod. * I update the `check_write_permissions` command to include the baseURL, an expected parameter.
MITLibraries · Jan 21, 2022 · e4bfaa4 · e4bfaa4
1 parent 999e97e
commit e4bfaa4
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 4 deletions.
diff --git a/Makefile b/Makefile
@@ -1,3 +1,28 @@
+SHELL=/bin/bash
+DATETIME:=$(shell date -u +%Y%m%dT%H%M%SZ)
+ECR_REGISTRY=672626379771.dkr.ecr.us-east-1.amazonaws.com
+
+dist: ## Build docker container
+	docker build --platform linux/amd64 -t $(ECR_REGISTRY)/wiley-deposits-stage:latest \
+		-t $(ECR_REGISTRY)/wiley-deposits-stage:`git describe --always` \
+		-t awd:latest .	
+
+publish: dist ## Build, tag and push
+	docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_REGISTRY)
+	docker push $(ECR_REGISTRY)/wiley-deposits-stage:latest
+	docker push $(ECR_REGISTRY)/wiley-deposits-stage:`git describe --always`
+
+promote: ## Promote the current staging build to production
+	docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_REGISTRY)
+	docker pull $(ECR_REGISTRY)/wiley-deposits-stage:latest
+	docker tag $(ECR_REGISTRY)/wiley-deposits-stage:latest $(ECR_REGISTRY)/wiley-deposits-prod:latest
+	docker tag $(ECR_REGISTRY)/wiley-deposits-stage:latest $(ECR_REGISTRY)/wiley-deposits-prod:$(DATETIME)
+	docker push $(ECR_REGISTRY)/wiley-deposits-prod:latest
+	docker push $(ECR_REGISTRY)/wiley-deposits-prod:$(DATETIME)
+
+check-permissions-stage: ## Check infrastructure permissions on the staging deplpyment
+	aws ecs run-task --cluster wiley-stage --task-definition wiley-stage --network-configuration "awsvpcConfiguration={subnets=[subnet-0b860205e2831b8d0,subnet-039b5e11cd30385c3],securityGroups=[sg-0dbcd7c12a35e44a0],assignPublicIp=DISABLED}" --launch-type FARGATE --region us-east-1 --overrides '{"containerOverrides": [{"name": "wiley","command": ["check-permissions"]}]}'
+
 lint: bandit black flake8 isort
 
 bandit:

diff --git a/awd/cli.py b/awd/cli.py
@@ -335,7 +335,7 @@ def check_permissions():
         logger.info(ssm.check_permissions(path))
 
     sqs = SQS()
-    logger.info(sqs.check_write_permissions(config.SQS_INPUT_QUEUE))
-    logger.info(sqs.check_read_permissions(config.SQS_OUTPUT_QUEUE))
+    logger.info(sqs.check_write_permissions(config.SQS_BASE_URL, config.SQS_INPUT_QUEUE))
+    logger.info(sqs.check_read_permissions(config.SQS_BASE_URL, config.SQS_OUTPUT_QUEUE))
 
     logger.info(f"All permissions confirmed for env: {config.ENV}")
diff --git a/awd/config.py b/awd/config.py
@@ -4,8 +4,8 @@
 from awd.ssm import SSM
 
 ENV = os.getenv("WORKSPACE")
-DSS_SSM_PATH = f'{os.getenv("DSS_SSM_PATH")}{ENV}/'
-WILEY_SSM_PATH = f'{os.getenv("WILEY_SSM_PATH")}{ENV}/'
+DSS_SSM_PATH = f'{os.getenv("DSS_SSM_PATH")}'
+WILEY_SSM_PATH = f'{os.getenv("WILEY_SSM_PATH")}'
 
 logger = logging.getLogger(__name__)
 logger.debug("Configuring awd for current env: %s", ENV)