feat(provider/aws): Add roleARN to cloudformation deployments (#4080)

spinnaker · Oct 6, 2019 · f01ab55 · f01ab55
1 parent d36e134
commit f01ab55
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/...netflix/spinnaker/clouddriver/aws/deploy/description/DeployCloudFormationDescription.java b/...netflix/spinnaker/clouddriver/aws/deploy/description/DeployCloudFormationDescription.java
@@ -29,6 +29,7 @@ public class DeployCloudFormationDescription extends AbstractAmazonCredentialsDe
 
   private String stackName;
   private String templateBody;
+  private String roleARN;
   private Map<String, String> parameters = new HashMap<>();
   private Map<String, String> tags = new HashMap<>();
   private String region;

diff --git a/...com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperation.java b/...com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperation.java
@@ -57,6 +57,7 @@ public Map operate(List priorOutputs) {
         amazonClientProvider.getAmazonCloudFormation(
             description.getCredentials(), description.getRegion());
     String template = description.getTemplateBody();
+    String roleARN = description.getRoleARN();
     List<Parameter> parameters =
         description.getParameters().entrySet().stream()
             .map(
@@ -80,6 +81,7 @@ public Map operate(List priorOutputs) {
           createChangeSet(
               amazonCloudFormation,
               template,
+              roleARN,
               parameters,
               tags,
               description.getCapabilities(),
@@ -89,12 +91,22 @@ public Map operate(List priorOutputs) {
         log.info("Updating existing stack {}", description);
         stackId =
             updateStack(
-                amazonCloudFormation, template, parameters, tags, description.getCapabilities());
+                amazonCloudFormation,
+                template,
+                roleARN,
+                parameters,
+                tags,
+                description.getCapabilities());
       } else {
         log.info("Creating new stack: {}", description);
         stackId =
             createStack(
-                amazonCloudFormation, template, parameters, tags, description.getCapabilities());
+                amazonCloudFormation,
+                template,
+                roleARN,
+                parameters,
+                tags,
+                description.getCapabilities());
       }
     }
     return Collections.singletonMap("stackId", stackId);
@@ -103,6 +115,7 @@ public Map operate(List priorOutputs) {
   private String createStack(
       AmazonCloudFormation amazonCloudFormation,
       String template,
+      String roleARN,
       List<Parameter> parameters,
       List<Tag> tags,
       List<String> capabilities) {
@@ -112,6 +125,7 @@ private String createStack(
         new CreateStackRequest()
             .withStackName(description.getStackName())
             .withParameters(parameters)
+            .withRoleARN(roleARN)
             .withTags(tags)
             .withTemplateBody(template)
             .withCapabilities(capabilities);
@@ -123,6 +137,7 @@ private String createStack(
   private String updateStack(
       AmazonCloudFormation amazonCloudFormation,
       String template,
+      String roleARN,
       List<Parameter> parameters,
       List<Tag> tags,
       List<String> capabilities) {
@@ -132,6 +147,7 @@ private String updateStack(
         new UpdateStackRequest()
             .withStackName(description.getStackName())
             .withParameters(parameters)
+            .withRoleARN(roleARN)
             .withTags(tags)
             .withTemplateBody(template)
             .withCapabilities(capabilities);
@@ -148,6 +164,7 @@ private String updateStack(
   private String createChangeSet(
       AmazonCloudFormation amazonCloudFormation,
       String template,
+      String roleARN,
       List<Parameter> parameters,
       List<Tag> tags,
       List<String> capabilities,
@@ -159,6 +176,7 @@ private String createChangeSet(
             .withStackName(description.getStackName())
             .withChangeSetName(description.getChangeSetName())
             .withParameters(parameters)
+            .withRoleARN(roleARN)
             .withTags(tags)
             .withTemplateBody(template)
             .withCapabilities(capabilities)

diff --git a/...tflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperationSpec.groovy b/...tflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperationSpec.groovy
@@ -54,6 +54,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification {
           stackName: "stackTest",
           region: "eu-west-1",
           templateBody: '{"key":"value"}',
+          roleARN: "arn:aws:iam::123456789012:role/test",
           parameters: [ key: "value"],
           tags: [ key: "value" ],
           capabilities: ["cap1", "cap2"],
@@ -73,6 +74,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification {
     1 * amazonCloudFormation.createStack(_) >> { CreateStackRequest request ->
       assert request.getStackName() == "stackTest"
       assert request.getTemplateBody() == '{"key":"value"}'
+      assert request.getRoleARN() == "arn:aws:iam::123456789012:role/test"
       assert request.getParameters() == [ new Parameter().withParameterKey("key").withParameterValue("value") ]
       assert request.getTags() == [ new Tag().withKey("key").withValue("value") ]
       assert request.getCapabilities() == ["cap1", "cap2"]
@@ -93,6 +95,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification {
           stackName: "stackTest",
           region: "eu-west-1",
           templateBody: '{"key":"value"}',
+          roleARN: "arn:aws:iam::123456789012:role/test",
           parameters: [ key: "value" ],
           tags: [ key: "value" ],
           capabilities: ["cap1", "cap2"],
@@ -114,6 +117,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification {
     1 * amazonCloudFormation.updateStack(_) >> { UpdateStackRequest request ->
       assert request.getStackName() == "stackTest"
       assert request.getTemplateBody() == '{"key":"value"}'
+      assert request.getRoleARN() == "arn:aws:iam::123456789012:role/test"
       assert request.getParameters() == [ new Parameter().withParameterKey("key").withParameterValue("value") ]
       assert request.getTags() == [ new Tag().withKey("key").withValue("value") ]
       assert request.getCapabilities() == ["cap1", "cap2"]
@@ -135,6 +139,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification {
           stackName: "stackTest",
           region: "eu-west-1",
           templateBody: 'key: "value"',
+          roleARN: "arn:aws:iam::123456789012:role/test",
           parameters: [ key: "value" ],
           tags: [ key: "value" ],
           capabilities: ["cap1", "cap2"],
@@ -162,6 +167,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification {
     1* amazonCloudFormation.createChangeSet(_) >> { CreateChangeSetRequest request ->
       assert request.getStackName() == "stackTest"
       assert request.getTemplateBody() == 'key: "value"'
+      assert request.getRoleARN() == "arn:aws:iam::123456789012:role/test"
       assert request.getParameters() == [ new Parameter().withParameterKey("key").withParameterValue("value") ]
       assert request.getTags() == [ new Tag().withKey("key").withValue("value") ]
       assert request.getCapabilities() == ["cap1", "cap2"]