Merge pull request #12 from brettswift/feature/lambda_action

Support a Lambda Invoke step in the pipeline
brettswift · Sep 25, 2018 · c64c736 · c64c736
2 parents 2539adf + 2937228
commit c64c736
Show file tree

Hide file tree

Showing 5 changed files with 137 additions and 6 deletions.
diff --git a/cumulus/steps/dev_tools/lambda_action.py b/cumulus/steps/dev_tools/lambda_action.py
@@ -0,0 +1,92 @@
+import awacs
+import awacs.aws
+import awacs.ec2
+import awacs.iam
+import awacs.logs
+import awacs.s3
+import awacs.sts
+from troposphere import iam, \
+    codepipeline
+
+import cumulus.policies
+import cumulus.policies.codebuild
+import cumulus.types.codebuild.buildaction
+import cumulus.util.tropo
+from cumulus.chain import step
+from cumulus.steps.dev_tools import META_PIPELINE_BUCKET_POLICY_REF
+
+
+class LambdaAction(step.Step):
+
+    def __init__(self,
+                 action_name,
+                 input_artifact_name,
+                 stage_name_to_add,
+                 function_name,
+                 user_parameters=None,
+                 ):
+        """
+        :type action_name: basestring Displayed on the console
+        :type input_artifact_name: basestring The artifact name in the pipeline. Must contain a buildspec.yml
+        :type vpc_config.Vpc_Config: Only required if the codebuild step requires access to the VPC
+        """
+        step.Step.__init__(self)
+        self.user_parameters = user_parameters
+        self.function_name = function_name
+        self.input_artifact_name = input_artifact_name
+        self.action_name = action_name
+        self.stage_name_to_add = stage_name_to_add
+
+    def handle(self, chain_context):
+
+        print("Adding action %s to Stage." % self.action_name)
+        suffix = "%s%s" % (self.stage_name_to_add, self.action_name)
+
+        policy_name = "LambdaPolicy%s" % chain_context.instance_name
+        role_name = "LambdaRole%s" % suffix
+
+        lambda_role = iam.Role(
+            role_name,
+            Path="/",
+            AssumeRolePolicyDocument=awacs.aws.Policy(
+                Statement=[
+                    awacs.aws.Statement(
+                        Effect=awacs.aws.Allow,
+                        Action=[awacs.sts.AssumeRole],
+                        Principal=awacs.aws.Principal(
+                            'Service',
+                            "lambda.amazonaws.com"
+                        )
+                    )]
+            ),
+            Policies=[
+                # TODO: new policy
+                cumulus.policies.codebuild.get_policy_code_build_general_access(policy_name)
+            ],
+            ManagedPolicyArns=[
+                chain_context.metadata[META_PIPELINE_BUCKET_POLICY_REF]
+            ]
+        )
+
+        lambda_action = cumulus.types.codebuild.buildaction.LambdaAction(
+            Name=self.action_name,
+            InputArtifacts=[
+                codepipeline.InputArtifacts(Name=self.input_artifact_name)
+            ],
+            Configuration={
+                'FunctionName': self.function_name
+            },
+            RunOrder="1"
+        )
+
+        chain_context.template.add_resource(lambda_role)
+
+        stage = cumulus.util.tropo.TemplateQuery.get_pipeline_stage_by_name(
+            template=chain_context.template,
+            stage_name=self.stage_name_to_add,
+        )
+
+        # TODO accept a parallel action to the previous action, and don't +1 here.
+        next_run_order = len(stage.Actions) + 1
+        lambda_action.RunOrder = next_run_order
+        stage.Actions.append(lambda_action)
diff --git a/cumulus/steps/dev_tools/pipeline.py b/cumulus/steps/dev_tools/pipeline.py
@@ -9,6 +9,7 @@
 import awacs.ec2
 import awacs.iam
 import awacs.codecommit
+import awacs.awslambda
 
 from cumulus.chain import step
 import cumulus.steps.dev_tools
@@ -161,6 +162,13 @@ def handle(self, chain_context):
                         ],
                         Resource=["*"]
                     ),
+                    awacs.aws.Statement(
+                        Effect=awacs.aws.Allow,
+                        Action=[
+                            awacs.aws.Action("lambda", "*")
+                        ],
+                        Resource=["*"]
+                    )
                 ],
             )
         )

diff --git a/cumulus/types/codebuild/buildaction.py b/cumulus/types/codebuild/buildaction.py
@@ -49,6 +49,22 @@ def __init__(self, **kwargs):
         self.RunOrder = "1"
 
 
+class LambdaAction(troposphere.codepipeline.Actions):
+    """
+        This class doesn't do much except set the ActionType to reduce code clutter
+    """
+    def __init__(self, **kwargs):
+        super(LambdaAction, self).__init__(**kwargs)
+
+        self.ActionTypeId = troposphere.codepipeline.ActionTypeId(
+                Category="Invoke",
+                Owner="AWS",
+                Version="1",
+                Provider='Lambda',
+            )
+        self.RunOrder = "1"
+
+
 class ApprovalAction(troposphere.codepipeline.Actions):
     """
       This class doesn't do much except set the ActionType to reduce code clutter

diff --git a/tests/stacker_test/blueprints/pipeline_simple.py b/tests/stacker_test/blueprints/pipeline_simple.py
@@ -3,7 +3,7 @@
 import troposphere.codebuild
 
 from cumulus.chain import chain, chaincontext
-from cumulus.steps.dev_tools import pipeline, code_build_action, pipeline_stage, pipeline_source_action
+from cumulus.steps.dev_tools import pipeline, code_build_action, pipeline_stage, pipeline_source_action, lambda_action
 from cumulus.steps.dev_tools.approval_action import ApprovalAction
 
 
@@ -80,13 +80,24 @@ def create_template(self):
             ],
         )
 
-        the_chain.add(code_build_action.CodeBuildAction(
+        deploy_test = code_build_action.CodeBuildAction(
             action_name="DeployMyStuff",
             stage_name_to_add=deploy_stage_name,
             input_artifact_name=service_artifact,
             environment=test_env,
             buildspec=inline_ls_url_spec,
-        ))
+        )
+
+        the_chain.add(deploy_test)
+
+        lambda1 = lambda_action.LambdaAction(
+            action_name="TriggerLambda",
+            input_artifact_name=service_artifact,  # TODO make optional ?
+            stage_name_to_add=deploy_stage_name,
+            function_name="bswift-mock-function-mock-createUser"
+        )
+
+        the_chain.add(lambda1)
 
         # the_chain.add(code_build_action.CodeBuildAction(
         #     action_name="NotificationSmokeTest",

diff --git a/tests/stacker_test/run-integration.sh b/tests/stacker_test/run-integration.sh
@@ -57,10 +57,14 @@ while [ $SECONDS -lt ${end} ]; do
     fi
 done
 
-aws s3 rm s3://${BUCKET} --recursive
-python delete_bucket_versions.py ${BUCKET}
 
-stacker destroy conf/acceptance.env stacker.yaml --force -t
+SHOULD_DESTROY=false
+if $SHOULD_DESTROY; then
+    aws s3 rm s3://${BUCKET} --recursive
+    python delete_bucket_versions.py ${BUCKET}
+
+    stacker destroy conf/acceptance.env stacker.yaml --force -t
+fi
 
 echo "Completing with exit code ${pipeline_result}"