Interrelated:

	- Update decorator signature
	- Move to Cobra for CLI parsing
	- Promote `CommonIAMStatements` from map to struct with named fields
	- Use new `sparta/aws.NewSession()`
	- Increase stack creation timeout to support alternative topologies

provision.go

@@ -31,6 +31,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/s3"
 	"github.com/aws/aws-sdk-go/service/s3/s3manager"
 	gocf "github.com/crewjam/go-cloudformation"
+	spartaAWS "github.com/mweagle/Sparta/aws"
 )
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -444,7 +445,7 @@ func verifyIAMRoles(ctx *workflowContext) (workflowStep, error) {
 				// Insert it into the resource creation map and add
 				// the "Ref" entry to the hashmap
 				ctx.cfTemplate.AddResource(logicalName,
-					eachLambdaInfo.RoleDefinition.toResource(eachLambdaInfo.EventSourceMappings, ctx.logger))
+					eachLambdaInfo.RoleDefinition.toResource(eachLambdaInfo.EventSourceMappings, eachLambdaInfo.Options, ctx.logger))
 
 				ctx.lambdaIAMRoleNameMap[logicalName] = gocf.GetAtt(logicalName, "Arn")
 			}
@@ -459,8 +460,7 @@ func verifyIAMRoles(ctx *workflowContext) (workflowStep, error) {
 				_, exists := ctx.lambdaIAMRoleNameMap[customResourceLogicalName]
 				if !exists {
 					ctx.cfTemplate.AddResource(customResourceLogicalName,
-						eachCustomResource.roleDefinition.toResource(nil, ctx.logger))
-
+						eachCustomResource.roleDefinition.toResource(nil, eachCustomResource.options, ctx.logger))
 					ctx.lambdaIAMRoleNameMap[customResourceLogicalName] = gocf.GetAtt(customResourceLogicalName, "Arn")
 				}
 			}
@@ -974,7 +974,7 @@ func convergeStackState(cfTemplateURL string, ctx *workflowContext) (*cloudforma
 		createStackInput := &cloudformation.CreateStackInput{
 			StackName:        aws.String(ctx.serviceName),
 			TemplateURL:      aws.String(cfTemplateURL),
-			TimeoutInMinutes: aws.Int64(5),
+			TimeoutInMinutes: aws.Int64(20),
 			OnFailure:        aws.String(cloudformation.OnFailureDelete),
 			Capabilities:     stackCapabilities(ctx.cfTemplate),
 		}
@@ -1279,7 +1279,7 @@ func Provision(noop bool,
 		},
 		cfTemplate:     gocf.NewTemplate(),
 		s3Bucket:       s3Bucket,
-		awsSession:     awsSession(logger),
+		awsSession:     spartaAWS.NewSession(logger),
 		templateWriter: templateWriter,
 		logger:         logger,
 	}
@@ -1294,6 +1294,8 @@ func Provision(noop bool,
 		next, err := step(ctx)
 		if err != nil {
 			ctx.rollback()
+			// Workflow step?
+			ctx.logger.Error(err)
 			return err
 		}
 		if next == nil {

provision_test.go

@@ -40,9 +40,12 @@ func TestProvision(t *testing.T) {
 	}
 }
 
-func templateDecorator(lambdaResourceName string,
+func templateDecorator(serviceName string,
+	lambdaResourceName string,
 	lambdaResource gocf.LambdaFunction,
 	resourceMetadata map[string]interface{},
+	S3Bucket string,
+	S3Key string,
 	template *gocf.Template,
 	logger *logrus.Logger) error {
 

provision_utils.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"strings"
 
+	spartaIAM "github.com/mweagle/Sparta/aws/iam"
 	"github.com/mweagle/cloudformationresources"
 
 	gocf "github.com/crewjam/go-cloudformation"
@@ -157,7 +158,7 @@ func ensureIAMRoleForCustomResource(awsPrincipalName string,
 	if !exists {
 		// Insert the IAM role here.  We'll walk the policies data in the next section
 		// to make sure that the sourceARN we have is in the list
-		statements := CommonIAMStatements["core"]
+		statements := CommonIAMStatements.Core
 
 		iamPolicyList := gocf.IAMPoliciesList{}
 		iamPolicyList = append(iamPolicyList,
@@ -188,7 +189,7 @@ func ensureIAMRoleForCustomResource(awsPrincipalName string,
 		for _, eachPolicy := range *existingIAMRole.Policies {
 			policyDoc := eachPolicy.PolicyDocument.(ArbitraryJSONObject)
 			statements := policyDoc["Statement"]
-			for _, eachStatement := range statements.([]iamPolicyStatement) {
+			for _, eachStatement := range statements.([]spartaIAM.PolicyStatement) {
 				if sourceArn.String() == eachStatement.Resource.String() {
 
 					logger.WithFields(logrus.Fields{
@@ -210,8 +211,8 @@ func ensureIAMRoleForCustomResource(awsPrincipalName string,
 		if len(principalActions) > 0 {
 			rootPolicy := (*existingIAMRole.Policies)[0]
 			rootPolicyDoc := rootPolicy.PolicyDocument.(ArbitraryJSONObject)
-			rootPolicyStatements := rootPolicyDoc["Statement"].([]iamPolicyStatement)
-			rootPolicyDoc["Statement"] = append(rootPolicyStatements, iamPolicyStatement{
+			rootPolicyStatements := rootPolicyDoc["Statement"].([]spartaIAM.PolicyStatement)
+			rootPolicyDoc["Statement"] = append(rootPolicyStatements, spartaIAM.PolicyStatement{
 				Effect:   "Allow",
 				Action:   principalActions,
 				Resource: sourceArn,

s3site.go

@@ -8,6 +8,7 @@ import (
 	"github.com/mweagle/cloudformationresources"
 
 	gocf "github.com/crewjam/go-cloudformation"
+	spartaIAM "github.com/mweagle/Sparta/aws/iam"
 
 	"github.com/Sirupsen/logrus"
 	"github.com/aws/aws-sdk-go/aws"
@@ -127,22 +128,22 @@ func (s3Site *S3Site) export(serviceName string,
 	// 3 - Create the IAM role for the lambda function
 	// The lambda function needs to download the posted resource content, as well
 	// as manage the S3 bucket that hosts the site.
-	statements := CommonIAMStatements["core"]
-	statements = append(statements, iamPolicyStatement{
+	statements := CommonIAMStatements.Core
+	statements = append(statements, spartaIAM.PolicyStatement{
 		Action: []string{"s3:ListBucket",
 			"s3:ListObjectsPages"},
 		Effect:   "Allow",
 		Resource: s3SiteBucketResourceValue,
 	})
-	statements = append(statements, iamPolicyStatement{
+	statements = append(statements, spartaIAM.PolicyStatement{
 		Action: []string{"s3:DeleteObject",
 			"s3:PutObject",
 			"s3:DeleteObjects",
 			"s3:DeleteObjects"},
 		Effect:   "Allow",
 		Resource: s3SiteBucketAllKeysResourceValue,
 	})
-	statements = append(statements, iamPolicyStatement{
+	statements = append(statements, spartaIAM.PolicyStatement{
 		Action: []string{"s3:GetObject"},
 		Effect: "Allow",
 		Resource: gocf.Join("",