feat(cfn): enable nested stacks for cloudformation changesets (#5187)

Co-authored-by: Jared Stehler <jared.stehler@gmail.com>
spinnaker · Jan 13, 2021 · 3b7486d · 3b7486d
1 parent c86a270
commit 3b7486d
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 1 deletion.
diff --git a/...s/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/AwsConfigurationProperties.groovy b/...s/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/AwsConfigurationProperties.groovy
@@ -45,8 +45,15 @@ class AwsConfigurationProperties {
     final AlarmsConfig alarms = new AlarmsConfig()
   }
 
+  @Canonical
+  static class CloudFormationConfig {
+    boolean changeSetsIncludeNestedStacks = false
+  }
+
   @NestedConfigurationProperty
   final ClientConfig client = new ClientConfig()
   @NestedConfigurationProperty
   final CleanupConfig cleanup = new CleanupConfig()
+  @NestedConfigurationProperty
+  final CloudFormationConfig cloudformation = new CloudFormationConfig()
 }
diff --git a/...com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperation.java b/...com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperation.java
@@ -18,6 +18,7 @@
 import com.amazonaws.services.cloudformation.AmazonCloudFormation;
 import com.amazonaws.services.cloudformation.model.*;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.netflix.spinnaker.clouddriver.aws.AwsConfigurationProperties;
 import com.netflix.spinnaker.clouddriver.aws.deploy.description.DeployCloudFormationDescription;
 import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider;
 import com.netflix.spinnaker.clouddriver.data.task.Task;
@@ -39,6 +40,7 @@ public class DeployCloudFormationAtomicOperation implements AtomicOperation<Map>
   private static final String NO_CHANGE_STACK_ERROR_MESSAGE = "No updates";
 
   @Autowired AmazonClientProvider amazonClientProvider;
+  @Autowired AwsConfigurationProperties awsConfigurationProperties;
 
   @Autowired
   @Qualifier("amazonObjectMapper")
@@ -191,7 +193,9 @@ private String createChangeSet(
             .withTags(tags)
             .withTemplateBody(template)
             .withCapabilities(capabilities)
-            .withChangeSetType(changeSetType);
+            .withChangeSetType(changeSetType)
+            .withIncludeNestedStacks(
+                awsConfigurationProperties.getCloudformation().getChangeSetsIncludeNestedStacks());
     if (StringUtils.hasText(roleARN)) {
       createChangeSetRequest.setRoleARN(roleARN);
     }

diff --git a/...tflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperationSpec.groovy b/...tflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperationSpec.groovy
@@ -30,6 +30,7 @@ import com.amazonaws.services.cloudformation.model.Tag
 import com.amazonaws.services.cloudformation.model.UpdateStackRequest
 import com.amazonaws.services.cloudformation.model.UpdateStackResult
 import com.fasterxml.jackson.databind.ObjectMapper
+import com.netflix.spinnaker.clouddriver.aws.AwsConfigurationProperties
 import com.netflix.spinnaker.clouddriver.aws.TestCredential
 import com.netflix.spinnaker.clouddriver.aws.deploy.description.DeployCloudFormationDescription
 import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider
@@ -149,6 +150,75 @@ class DeployCloudFormationAtomicOperationSpec extends Specification {
     def amazonClientProvider = Mock(AmazonClientProvider)
     def amazonCloudFormation = Mock(AmazonCloudFormation)
     def createChangeSetResult = Mock(CreateChangeSetResult)
+
+    def awsConfigurationProperties = new AwsConfigurationProperties()
+
+    def stackId = "stackId"
+    def op = new DeployCloudFormationAtomicOperation(
+      new DeployCloudFormationDescription(
+        [
+          stackName: "stackTest",
+          region: "eu-west-1",
+          templateBody: 'key: "value"',
+          roleARN: roleARN,
+          parameters: [ key: "value" ],
+          tags: [ key: "value" ],
+          capabilities: ["cap1", "cap2"],
+          credentials: TestCredential.named("test"),
+          isChangeSet: true,
+          changeSetName: "changeSetTest"
+        ]
+      )
+    )
+    op.amazonClientProvider = amazonClientProvider
+    op.awsConfigurationProperties = awsConfigurationProperties
+    op.objectMapper = new ObjectMapper()
+
+    when:
+    op.operate([])
+
+    then:
+    1 * amazonClientProvider.getAmazonCloudFormation(_, _) >> amazonCloudFormation
+    1 * amazonCloudFormation.describeStacks(_) >> {
+      if (existingStack) {
+        new DescribeStacksResult().withStacks([new Stack().withStackId("stackId")] as Collection)
+      } else {
+        new DescribeStacksResult().withStacks([] as Collection)
+      }
+    }
+    1* amazonCloudFormation.createChangeSet(_) >> { CreateChangeSetRequest request ->
+      assert request.getStackName() == "stackTest"
+      assert request.getTemplateBody() == 'key: "value"'
+      assert request.getRoleARN() == expectedRoleARN
+      assert request.getParameters() == [ new Parameter().withParameterKey("key").withParameterValue("value") ]
+      assert request.getTags() == [ new Tag().withKey("key").withValue("value") ]
+      assert request.getCapabilities() == ["cap1", "cap2"]
+      assert request.getChangeSetName() == "changeSetTest"
+      assert request.getChangeSetType() == changeSetType
+      assert request.isIncludeNestedStacks() == false
+      createChangeSetResult
+    }
+    1 * createChangeSetResult.getStackId() >> stackId
+
+    where:
+    roleARN                              | expectedRoleARN                      | existingStack || changeSetType
+    "arn:aws:iam:123456789012:role/test" | "arn:aws:iam:123456789012:role/test" | true          || ChangeSetType.UPDATE.toString()
+    ""                                   | null                                 | true          || ChangeSetType.UPDATE.toString()
+    "   "                                | null                                 | true          || ChangeSetType.UPDATE.toString()
+    "arn:aws:iam:123456789012:role/test" | "arn:aws:iam:123456789012:role/test" | true          || ChangeSetType.UPDATE.toString()
+    "arn:aws:iam:123456789012:role/test" | "arn:aws:iam:123456789012:role/test" | false         || ChangeSetType.CREATE.toString()
+  }
+
+  @Unroll
+  void "should build an CreateChangeSetRequest with includeNestedStacks if set"() {
+    given:
+    def amazonClientProvider = Mock(AmazonClientProvider)
+    def amazonCloudFormation = Mock(AmazonCloudFormation)
+    def createChangeSetResult = Mock(CreateChangeSetResult)
+
+    def awsConfigurationProperties = new AwsConfigurationProperties()
+    awsConfigurationProperties.cloudformation.changeSetsIncludeNestedStacks = true
+
     def stackId = "stackId"
     def op = new DeployCloudFormationAtomicOperation(
       new DeployCloudFormationDescription(
@@ -167,6 +237,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification {
       )
     )
     op.amazonClientProvider = amazonClientProvider
+    op.awsConfigurationProperties = awsConfigurationProperties
     op.objectMapper = new ObjectMapper()
 
     when:
@@ -190,6 +261,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification {
       assert request.getCapabilities() == ["cap1", "cap2"]
       assert request.getChangeSetName() == "changeSetTest"
       assert request.getChangeSetType() == changeSetType
+      assert request.isIncludeNestedStacks() == true
       createChangeSetResult
     }
     1 * createChangeSetResult.getStackId() >> stackId