issue #527 (#598)

pyproject.toml

@@ -3,7 +3,7 @@
 
 [tool.poetry]
 name = "aws-service-catalog-puppet"
-version = "0.205.0"
+version = "0.206.0"
 description = "Making it easier to deploy ServiceCatalog products"
 classifiers = ["Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "Programming Language :: Python :: 3", "License :: OSI Approved :: Apache Software License", "Operating System :: OS Independent", "Natural Language :: English"]
 homepage = "https://service-catalog-tools-workshop.com/"

servicecatalog_puppet/cli.py

@@ -416,6 +416,7 @@ def setup_config(
     output_cache_starting_point="",
     is_caching_enabled="",
     global_sharing_mode_default="",
+    global_share_tag_options_default="",
     on_complete_url=None,
 ):
     home_region_to_use = home_region or constants.HOME_REGION
@@ -513,10 +514,21 @@ def setup_config(
         ] = remote_config.get_global_sharing_mode_default(
             puppet_account_id_to_use, home_region
         )
+    else:
+        os.environ[environmental_variables.GLOBAL_SHARING_MODE] = str(
+            global_sharing_mode_default
+        )
+
+    if global_share_tag_options_default == "":
+        os.environ[environmental_variables.GLOBAL_SHARE_TAG_OPTIONS] = str(
+            remote_config.get_global_share_tag_options_default(
+                puppet_account_id_to_use, home_region
+            )
+        )
     else:
         os.environ[
-            environmental_variables.GLOBAL_SHARING_MODE
-        ] = global_sharing_mode_default
+            environmental_variables.GLOBAL_SHARE_TAG_OPTIONS
+        ] = global_share_tag_options_default
     if on_complete_url:
         os.environ[environmental_variables.ON_COMPLETE_URL] = on_complete_url
     if not os.environ.get(environmental_variables.SPOKE_EXECUTION_MODE_DEPLOY_ENV):
@@ -651,6 +663,11 @@ def deploy_from_task_reference(
 @click.option(
     "--global-sharing-mode-default", default="", envvar="SCT_GLOBAL_SHARING_MODE",
 )
+@click.option(
+    "--global-share-tag-options-default",
+    default="",
+    envvar="SCT_GLOBAL_SHARE_TAG_OPTIONS",
+)
 def deploy_in_spoke_from_task_reference(
     p,
     num_workers,
@@ -665,6 +682,7 @@ def deploy_in_spoke_from_task_reference(
     output_cache_starting_point,
     is_caching_enabled,
     global_sharing_mode_default,
+    global_share_tag_options_default,
 ):
     setup_config(
         puppet_account_id=puppet_account_id,
@@ -679,6 +697,7 @@ def deploy_in_spoke_from_task_reference(
         output_cache_starting_point=output_cache_starting_point,
         is_caching_enabled=is_caching_enabled,
         global_sharing_mode_default=global_sharing_mode_default,
+        global_share_tag_options_default=global_share_tag_options_default,
     )
     click.echo(
         f"running in partition: {config.get_partition()} as {config.get_puppet_role_path()}{config.get_puppet_role_name()}"

servicecatalog_puppet/commands/task_reference.py

@@ -1085,6 +1085,7 @@ def handle_spoke_local_portfolios(
                     account_id=task_to_add.get("account_id"),
                     region=task_to_add.get("region"),
                     task_reference=share_and_accept_ref,
+                    share_tag_options=task_to_add.get("share_tag_options"),
                     dependencies_by_reference=[
                         hub_portfolio_ref,
                         constants.CREATE_POLICIES,
@@ -1370,6 +1371,7 @@ def handle_launches(
                 puppet_account_id=puppet_account_id,
                 account_id=task_to_add.get("account_id"),
                 region=task_to_add.get("region"),
+                share_tag_options=task_to_add.get("share_tag_options"),
                 task_reference=share_and_accept_ref,
                 dependencies_by_reference=[
                     hub_portfolio_ref,

servicecatalog_puppet/config.py

@@ -222,6 +222,10 @@ def get_global_sharing_mode_default():
     return os.environ.get(environmental_variables.GLOBAL_SHARING_MODE)
 
 
+def get_global_share_tag_options_default():
+    return os.environ.get(environmental_variables.GLOBAL_SHARE_TAG_OPTIONS)
+
+
 def get_on_complete_url():
     return os.environ.get(environmental_variables.ON_COMPLETE_URL, "")
 

servicecatalog_puppet/constants.py

@@ -93,6 +93,8 @@
 SHARING_MODE_AWS_ORGANIZATIONS = "AWS_ORGANIZATIONS"
 SHARING_MODE_DEFAULT = SHARING_MODE_ACCOUNT
 
+SHARE_TAG_OPTIONS_DEFAULT = False
+
 PARTITION_DEFAULT = "aws"
 PARTITION_ENVIRONMENTAL_VARIABLE_NAME = "PARTITION"
 PARTITION_SSM_PARAMETER_VARIABLE_NAME = "/servicecatalog-puppet/partition"

servicecatalog_puppet/environmental_variables.py

@@ -19,6 +19,7 @@
 OUTPUT_CACHE_STARTING_POINT = "SCT_OUTPUT_CACHE_STARTING_POINT"
 IS_CACHING_ENABLED = "SCT_IS_CACHING_ENABLED"
 GLOBAL_SHARING_MODE = "SCT_GLOBAL_SHARING_MODE"
+GLOBAL_SHARE_TAG_OPTIONS = "SCT_GLOBAL_SHARE_TAG_OPTIONS"
 ON_COMPLETE_URL = "SCT_ON_COMPLETE_URL"
 SPOKE_EXECUTION_MODE_DEPLOY_ENV = "SCT_SPOKE_EXECUTION_MODE_DEPLOY_ENV"
 SCHEDULER_THREADS_OR_PROCESSES = "SCT_SCHEDULER_THREADS_OR_PROCESSES"

servicecatalog_puppet/manifest_utils.py

@@ -741,6 +741,7 @@ def get_tasks_for(
         provisioning_tasks = list()
         item = section[item_name]
         sharing_mode_default = config.get_global_sharing_mode_default()
+        share_tag_options_default = config.get_global_share_tag_options_default()
 
         deploy_to = {
             "launches": "deploy_to",
@@ -768,6 +769,9 @@ def get_tasks_for(
                 # launch_parameters=item.get("parameters", {}),
                 # manifest_parameters=self.get("parameters", {}),
                 ssm_param_outputs=item.get("outputs", {}).get("ssm", []),
+                share_tag_options=item.get(
+                    "share_tag_options", share_tag_options_default
+                ),
                 portfolio=item.get("portfolio"),
                 product=item.get("product"),
                 version=item.get("version"),
@@ -820,6 +824,9 @@ def get_tasks_for(
                 ),
                 execution=item.get("execution", constants.EXECUTION_MODE_DEFAULT),
                 sharing_mode=item.get("sharing_mode", sharing_mode_default),
+                share_tag_options=item.get(
+                    "share_tag_options", share_tag_options_default
+                ),
                 associations=item.get("associations", list()),
                 launch_constraints=item.get("constraints", {}).get("launch", []),
                 resource_update_constraints=item.get("constraints", {}).get(

servicecatalog_puppet/remote_config.py

@@ -153,6 +153,18 @@ def get_global_sharing_mode_default(puppet_account_id, default_region=None):
     )
 
 
+@functools.lru_cache(maxsize=32)
+def get_global_share_tag_options_default(puppet_account_id, default_region=None):
+    logger.info(
+        "getting global_share_tag_options_default,  default_region: {}".format(
+            default_region
+        )
+    )
+    return get_config(puppet_account_id, default_region).get(
+        "global_share_tag_options_default", constants.SHARE_TAG_OPTIONS_DEFAULT
+    )
+
+
 def get_spoke_deploy_environment_compute_type(puppet_account_id, default_region):
     logger.info(
         "getting spoke_deploy_environment_compute_type,  default_region: {}".format(

servicecatalog_puppet/schema.yaml

@@ -185,6 +185,7 @@ launch:
   portfolio: str()
   product: str()
   version: str()
+  share_tag_options: bool(required=False)
   parameters: include('parameters', required=False)
   depends_on: list(include('depends_on'), required=False)
   tags: list(include('tags_for_resources'), required=False)
@@ -223,6 +224,7 @@ assertion:
 spoke-local-portfolio:
   portfolio: str()
   sharing_mode: enum('AWS_ORGANIZATIONS', "ACCOUNT", required=False)
+  share_tag_options: bool(required=False)
   product_generation_method: enum('copy', 'import', required=False)
   depends_on: list(include('depends_on'), required=False)
   associations: list(include('associations_arns'), required=False)

servicecatalog_puppet/workflow/dependencies/task_factory.py

@@ -501,6 +501,7 @@ def create(
             return share_and_accept_portfolio_task.ShareAndAcceptPortfolioForAccountTask(
                 **common_parameters,
                 portfolio=parameters_to_use.get("portfolio"),
+                share_tag_options=parameters_to_use.get("share_tag_options"),
                 portfolio_task_reference=parameters_to_use.get(
                     "portfolio_task_reference"
                 ),
@@ -518,6 +519,7 @@ def create(
                 **minimum_common_parameters,
                 region=parameters_to_use.get("region"),
                 portfolio=parameters_to_use.get("portfolio"),
+                share_tag_options=parameters_to_use.get("share_tag_options"),
                 portfolio_task_reference=parameters_to_use.get(
                     "portfolio_task_reference"
                 ),

servicecatalog_puppet/workflow/launch/run_deploy_in_spoke_task.py

@@ -111,6 +111,11 @@ def run(self):
                 "value": config.get_scheduler_threads_or_processes(),
                 "type": "PLAINTEXT",
             },
+            {
+                "name": environmental_variables.GLOBAL_SHARE_TAG_OPTIONS,
+                "value": config.get_global_share_tag_options_default(),
+                "type": "PLAINTEXT",
+            },
         ]
 
         if "http" in version:

servicecatalog_puppet/workflow/portfolio/sharing_management/share_and_accept_portfolio_task.py

@@ -10,6 +10,7 @@ class ShareAndAcceptPortfolioForAccountTask(tasks.TaskWithReference):
     account_id = luigi.Parameter()
     region = luigi.Parameter()
     portfolio = luigi.Parameter()
+    share_tag_options = luigi.BoolParameter()
     portfolio_task_reference = luigi.Parameter()
 
     def params_for_results_display(self):
@@ -19,6 +20,7 @@ def params_for_results_display(self):
             "portfolio": self.portfolio,
             "region": self.region,
             "account_id": self.account_id,
+            "share_tag_options": self.share_tag_options,
         }
 
     def has_already_been_shared(self, portfolio_id):
@@ -60,7 +62,9 @@ def run(self):
             self.info(f"sharing {portfolio_id} with {self.account_id}")
             with self.hub_regional_client("servicecatalog") as servicecatalog:
                 servicecatalog.create_portfolio_share(
-                    PortfolioId=portfolio_id, AccountId=self.account_id,
+                    PortfolioId=portfolio_id,
+                    AccountId=self.account_id,
+                    ShareTagOptions=self.share_tag_options,
                 )
 
         # ACCEPT

servicecatalog_puppet/workflow/portfolio/sharing_management/share_portfolio_via_orgs_task.py

@@ -12,6 +12,7 @@
 class SharePortfolioViaOrgsTask(tasks.TaskWithReference):
     region = luigi.Parameter()
     portfolio = luigi.Parameter()
+    share_tag_options = luigi.BoolParameter()
     ou_to_share_with = luigi.Parameter()
     portfolio_task_reference = luigi.Parameter()
 
@@ -21,6 +22,7 @@ def params_for_results_display(self):
             "portfolio": self.portfolio,
             "region": self.region,
             "ou_to_share_with": self.ou_to_share_with,
+            "share_tag_options": self.share_tag_options,
         }
 
     def run(self):
@@ -32,6 +34,7 @@ def run(self):
         with self.hub_regional_client("servicecatalog") as servicecatalog:
             portfolio_share_token = servicecatalog.create_portfolio_share(
                 PortfolioId=portfolio_id,
+                ShareTagOptions=self.share_tag_options,
                 OrganizationNode=dict(
                     Type="ORGANIZATIONAL_UNIT", Value=self.ou_to_share_with
                 ),

setup.py

@@ -65,7 +65,7 @@
 
 setup_kwargs = {
     'name': 'aws-service-catalog-puppet',
-    'version': '0.205.0',
+    'version': '0.206.0',
     'description': 'Making it easier to deploy ServiceCatalog products',
     'long_description': '# aws-service-catalog-puppet\n\n![logo](./docs/logo.png) \n\n## Badges\n\n[![codecov](https://codecov.io/gh/awslabs/aws-service-catalog-puppet/branch/master/graph/badge.svg?token=e8M7mdsmy0)](https://codecov.io/gh/awslabs/aws-service-catalog-puppet)\n\n\n## What is it?\nThis is a python3 framework that makes it easier to share multi region AWS Service Catalog portfolios and makes it \npossible to provision products into accounts declaratively using a metadata based rules engine.\n\nWith this framework you define your accounts in a YAML file.  You give each account a set of tags, a default region and \na set of enabled regions.\n\nOnce you have done this you can define portfolios should be shared with each set of accounts using the tags and you \ncan specify which regions the shares occur in.\n\nIn addition to this, you can also define products that should be provisioned into accounts using the same tag based \napproach.  The framework will assume role into the target account and provision the product on your behalf.\n\n\n## Getting started\n\nYou can read the [installation how to](https://service-catalog-tools-workshop.com/30-how-tos/10-installation/30-service-catalog-puppet.html)\nor you can read through the [every day use](https://service-catalog-tools-workshop.com/30-how-tos/50-every-day-use.html)\nguides.\n\nYou can read the [documentation](https://aws-service-catalog-puppet.readthedocs.io/en/latest/) to understand the inner \nworkings. \n\n\n## Going further\n\nThe framework is one of a pair.  The other is [aws-service-catalog-factory](https://github.com/awslabs/aws-service-catalog-factory).\nWith Service Catalog Factory you can create pipelines that deploy multi region portfolios very easily. \n\n## License\n\nThis library is licensed under the Apache 2.0 License. \n \n',
     'author': 'Eamonn Faherty',