From f01ab55afe8e6c0fc6cde8e5ae3eba255446f204 Mon Sep 17 00:00:00 2001 From: Georges Chaudy Date: Sun, 6 Oct 2019 04:55:28 +0100 Subject: [PATCH] feat(provider/aws): Add roleARN to cloudformation deployments (#4080) --- .../DeployCloudFormationDescription.java | 1 + .../DeployCloudFormationAtomicOperation.java | 22 +++++++++++++++++-- ...oyCloudFormationAtomicOperationSpec.groovy | 6 +++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/description/DeployCloudFormationDescription.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/description/DeployCloudFormationDescription.java index 53e605f02d3..68bd391df31 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/description/DeployCloudFormationDescription.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/description/DeployCloudFormationDescription.java @@ -29,6 +29,7 @@ public class DeployCloudFormationDescription extends AbstractAmazonCredentialsDe private String stackName; private String templateBody; + private String roleARN; private Map parameters = new HashMap<>(); private Map tags = new HashMap<>(); private String region; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperation.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperation.java index a714cf71f6d..75c575e43da 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperation.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperation.java @@ -57,6 +57,7 @@ public Map operate(List priorOutputs) { amazonClientProvider.getAmazonCloudFormation( description.getCredentials(), description.getRegion()); String template = description.getTemplateBody(); + String roleARN = description.getRoleARN(); List parameters = description.getParameters().entrySet().stream() .map( @@ -80,6 +81,7 @@ public Map operate(List priorOutputs) { createChangeSet( amazonCloudFormation, template, + roleARN, parameters, tags, description.getCapabilities(), @@ -89,12 +91,22 @@ public Map operate(List priorOutputs) { log.info("Updating existing stack {}", description); stackId = updateStack( - amazonCloudFormation, template, parameters, tags, description.getCapabilities()); + amazonCloudFormation, + template, + roleARN, + parameters, + tags, + description.getCapabilities()); } else { log.info("Creating new stack: {}", description); stackId = createStack( - amazonCloudFormation, template, parameters, tags, description.getCapabilities()); + amazonCloudFormation, + template, + roleARN, + parameters, + tags, + description.getCapabilities()); } } return Collections.singletonMap("stackId", stackId); @@ -103,6 +115,7 @@ public Map operate(List priorOutputs) { private String createStack( AmazonCloudFormation amazonCloudFormation, String template, + String roleARN, List parameters, List tags, List capabilities) { @@ -112,6 +125,7 @@ private String createStack( new CreateStackRequest() .withStackName(description.getStackName()) .withParameters(parameters) + .withRoleARN(roleARN) .withTags(tags) .withTemplateBody(template) .withCapabilities(capabilities); @@ -123,6 +137,7 @@ private String createStack( private String updateStack( AmazonCloudFormation amazonCloudFormation, String template, + String roleARN, List parameters, List tags, List capabilities) { @@ -132,6 +147,7 @@ private String updateStack( new UpdateStackRequest() .withStackName(description.getStackName()) .withParameters(parameters) + .withRoleARN(roleARN) .withTags(tags) .withTemplateBody(template) .withCapabilities(capabilities); @@ -148,6 +164,7 @@ private String updateStack( private String createChangeSet( AmazonCloudFormation amazonCloudFormation, String template, + String roleARN, List parameters, List tags, List capabilities, @@ -159,6 +176,7 @@ private String createChangeSet( .withStackName(description.getStackName()) .withChangeSetName(description.getChangeSetName()) .withParameters(parameters) + .withRoleARN(roleARN) .withTags(tags) .withTemplateBody(template) .withCapabilities(capabilities) diff --git a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperationSpec.groovy b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperationSpec.groovy index bdaa527e723..15f3e93f551 100644 --- a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperationSpec.groovy +++ b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperationSpec.groovy @@ -54,6 +54,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification { stackName: "stackTest", region: "eu-west-1", templateBody: '{"key":"value"}', + roleARN: "arn:aws:iam::123456789012:role/test", parameters: [ key: "value"], tags: [ key: "value" ], capabilities: ["cap1", "cap2"], @@ -73,6 +74,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification { 1 * amazonCloudFormation.createStack(_) >> { CreateStackRequest request -> assert request.getStackName() == "stackTest" assert request.getTemplateBody() == '{"key":"value"}' + assert request.getRoleARN() == "arn:aws:iam::123456789012:role/test" assert request.getParameters() == [ new Parameter().withParameterKey("key").withParameterValue("value") ] assert request.getTags() == [ new Tag().withKey("key").withValue("value") ] assert request.getCapabilities() == ["cap1", "cap2"] @@ -93,6 +95,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification { stackName: "stackTest", region: "eu-west-1", templateBody: '{"key":"value"}', + roleARN: "arn:aws:iam::123456789012:role/test", parameters: [ key: "value" ], tags: [ key: "value" ], capabilities: ["cap1", "cap2"], @@ -114,6 +117,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification { 1 * amazonCloudFormation.updateStack(_) >> { UpdateStackRequest request -> assert request.getStackName() == "stackTest" assert request.getTemplateBody() == '{"key":"value"}' + assert request.getRoleARN() == "arn:aws:iam::123456789012:role/test" assert request.getParameters() == [ new Parameter().withParameterKey("key").withParameterValue("value") ] assert request.getTags() == [ new Tag().withKey("key").withValue("value") ] assert request.getCapabilities() == ["cap1", "cap2"] @@ -135,6 +139,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification { stackName: "stackTest", region: "eu-west-1", templateBody: 'key: "value"', + roleARN: "arn:aws:iam::123456789012:role/test", parameters: [ key: "value" ], tags: [ key: "value" ], capabilities: ["cap1", "cap2"], @@ -162,6 +167,7 @@ class DeployCloudFormationAtomicOperationSpec extends Specification { 1* amazonCloudFormation.createChangeSet(_) >> { CreateChangeSetRequest request -> assert request.getStackName() == "stackTest" assert request.getTemplateBody() == 'key: "value"' + assert request.getRoleARN() == "arn:aws:iam::123456789012:role/test" assert request.getParameters() == [ new Parameter().withParameterKey("key").withParameterValue("value") ] assert request.getTags() == [ new Tag().withKey("key").withValue("value") ] assert request.getCapabilities() == ["cap1", "cap2"]