add a configuration parameter to locate named document templates - #75

reply-fr · Jun 22, 2023 · 3d35f1f · 3d35f1f
1 parent 05e55a2
commit 3d35f1f
Show file tree

Hide file tree

Showing 4 changed files with 142 additions and 1 deletion.
diff --git a/cdk/configuration.py b/cdk/configuration.py
@@ -47,6 +47,7 @@ class Configuration:
         features_with_cost_management_tag='str',
         features_with_csv_files='list',
         features_with_email_subscriptions_on_alerts='list',
+        features_with_end_user_documents='dict',
         features_with_microsoft_webhook_on_alerts='str',
         features_with_origin_email_recipient='str',
         features_with_response_plan_arn='str',
@@ -140,6 +141,7 @@ def set_default_values(toggles=None):
         toggles.features_with_cost_management_tag = None
         toggles.features_with_csv_files = None
         toggles.features_with_email_subscriptions_on_alerts = None
+        toggles.features_with_end_user_documents = None
         toggles.features_with_microsoft_webhook_on_alerts = None
         toggles.features_with_origin_email_recipient = None
         toggles.features_with_response_plan_arn = ''
@@ -177,6 +179,7 @@ def set_from_settings(cls, settings={}, toggles=None, path=None):
             cls.set_attribute('defaults', settings['defaults'], toggles=toggles)
 
         toggles.features_with_csv_files = None
+        toggles.features_with_end_user_documents = None
         for key in settings.keys():
             if key == 'defaults':
                 continue

diff --git a/fixtures/messages/user-agreement-template.md → fixtures/messages/terms-of-use-template.md b/fixtures/messages/user-agreement-template.md → fixtures/messages/terms-of-use-template.md
@@ -1,3 +1,6 @@
+---
+title: User Agreement for Personal Sandbox AWS Account
+---
 # User Agreement for Personal Sandbox AWS Account
 
 This User Agreement ("Agreement") governs your use of the personal AWS sandbox account ("Account") provided to you by ___corporation___. By accessing or using this Sandbox Account, you agree to be bound by this Agreement.

diff --git a/fixtures/settings/settings-with-templates.yaml b/fixtures/settings/settings-with-templates.yaml
@@ -0,0 +1,126 @@
+# prefix for cloud resources and cloud stack
+environment_identifier: SpaWithCSV
+
+# parameters for resources deployed in the automation account
+automation:
+
+  # the target account for the deployment of the solution
+  account_id: "123456789012"
+
+  # the target region for the deployment of the solution
+  region: "eu-west-1"
+
+  # this role is assumed by Lambda functions either to list AWS accounts in the OU, or to tag AWS accounts
+  role_arn_to_manage_accounts: 'arn:aws:iam::222222222222:role/SpaAccountsManagementRole'
+
+  # this role is assumed by Lambda functions to create CodeBuild projects and to start them
+  role_name_to_manage_codebuild: 'AWSControlTowerExecution'
+
+# parameters for resources deployed in managed accounts
+worker:
+
+  # this is the buildspec template for the preparation of an account managed by SPA
+  #
+  preparation_buildspec_template_file: "fixtures/buildspec/preparation_account_template.yaml"
+
+  # this is the buildspec tempalte for the purge of an account managed by SPA
+  #
+  purge_buildspec_template_file: "fixtures/buildspec/purge_account_with_awsweeper_template.yaml"
+
+# default settings for managed accounts
+defaults:
+
+  # added to every account, accross all organizational units, except if overriden
+  account_tags:
+    managed-by: SPA
+
+  preparation: # of managed accounts
+
+    # processing is skipped if not enabled explicitly - 'enabled' or 'disabled'
+    feature: disabled
+
+    # passed to Codebuild project for the preparation of an account
+    variables:
+      ALERT_THRESHOLD: 80 # percentage of budget
+      BUDGET_AMOUNT: 500.0 # USD
+      BUDGET_NAME: SpaBudget
+
+  purge: # of expired accounts
+
+    # processing is skipped if not enabled explicitly - 'enabled' or 'disabled'
+    feature: disabled
+
+    # passed to Codebuild project for the purge of an account
+    variables:
+      MAXIMUM_AGE: 9M  # '5d', '2w', '3M', '1y', etc.
+      PURGE_MODE: '--dry-run'  # '--dry-run' or '--force'
+      TAG_KEY: purge
+      TAG_VALUE: me
+
+
+# these are specific settings for individual accounts managed by the solution
+accounts:
+
+  # settings specific to this acount
+  - identifier: '123456789012'
+    note: 'one specific account'
+
+    # added to this account
+    account_tags:
+      cost-imputation: 'SB-123'
+      cost-center: 'Alice'
+      account-manager: alice@example.com
+
+    preparation: # of this account
+
+      # processing is skipped if not enabled explicitly - 'enabled' or 'disabled'
+      feature: enabled
+
+      # passed to Codebuild project for the preparation of this account
+      variables:
+        ALERT_THRESHOLD: 90 # percentage of budget
+        BUDGET_AMOUNT: 3000 # USD
+        BUDGET_NAME: SpecificAliceBudget
+
+    purge: # of this account
+
+      # processing is skipped if not enabled explicitly - 'enabled' or 'disabled'
+      feature: disabled
+
+  # settings specific to accounts placed in this organizational unit
+  - identifier: '210987654321'
+    note: 'another specific account'
+
+    # added to this account
+    account_tags:
+      cost-imputation: 'SB-456'
+      cost-center: 'Bob'
+      account-manager: bob@example.com
+
+    preparation: # of this account
+
+      # processing is skipped if not enabled explicitly - 'enabled' or 'disabled'
+      feature: enabled
+
+      # passed to Codebuild project for the preparation of an account
+      variables:
+        ALERT_THRESHOLD: 90 # percentage of budget
+        BUDGET_AMOUNT: 4000 # USD
+        BUDGET_NAME: SpecificBobBudget
+
+
+    purge: # of this account
+
+      # processing is skipped if not enabled explicitly - 'enabled' or 'disabled'
+      feature: disabled
+
+
+# additional features that can be activated optionally
+features:
+
+  # list of end user documents
+  # - each item is pushed to Parameter Store
+  # - default value: empty dictionary
+  #
+  with_end_user_documents:
+    TermsOfUse: fixtures/messages/terms-of-use-template.md
diff --git a/tests/test_cdk_configuration.py b/tests/test_cdk_configuration.py
@@ -27,7 +27,7 @@
 
 from cdk import Configuration
 
-# pytestmark = pytest.mark.wip
+pytestmark = pytest.mark.wip
 
 
 @pytest.fixture
@@ -108,6 +108,7 @@ def test_set_default_values(toggles):
     assert toggles.features_with_cost_management_tag is None
     assert toggles.features_with_csv_files is None
     assert toggles.features_with_email_subscriptions_on_alerts is None
+    assert toggles.features_with_end_user_documents is None
     assert toggles.features_with_microsoft_webhook_on_alerts is None
     assert toggles.features_with_origin_email_recipient is None
     assert toggles.features_with_tag_prefix == 'account-'
@@ -277,6 +278,14 @@ def test_set_from_csv_files(toggles):
                                                                         'TAG_VALUE': 'me'}}}                          # default
 
 
+@pytest.mark.integration_tests
+@pytest.mark.slow
+def test_set_from_templates(toggles):
+    Configuration.set_from_yaml('fixtures/settings/settings-with-templates.yaml', toggles=toggles)
+    assert toggles.automation_account_id == '123456789012'
+    assert toggles.features_with_end_user_documents == {'TermsOfUse': 'fixtures/messages/terms-of-use-template.md'}
+
+
 @pytest.mark.unit_tests
 def test_transform_list_to_dictionary():