Skip to content

Commit

Permalink
Stripped .arn .id and .name from aim references leaving it up to the …
Browse files Browse the repository at this point in the history 
…engine to determine what it needs.
  • Loading branch information
@gitwater
gitwater committed Aug 6, 2019
1 parent 1455210 commit e27cf35
Show file tree
Hide file tree
Showing 14 changed files with 44 additions and 62 deletions.
18 changes: 9 additions & 9 deletions docs/aim-config.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@ aim.ref netenv

To refer to a value in a NetworkEnvironment use an ``aim.ref netenv`` reference. For example:

``aim.ref netenv.my-aim-example.network.vpc.security_groups.app.lb.id``
``aim.ref netenv.my-aim-example.network.vpc.security_groups.app.lb``

After ``aim.ref netenv`` should be a part which matches the filename of a file (without the .yaml or .yml extension)
in the NetworkEnvironments directory.
Expand All @@ -231,7 +231,7 @@ An example where a ``aim.ref netenv`` refers to the id of a SecurityGroup:
- from_port: 80
name: HTTP
protocol: tcp
source_security_group_id: aim.ref netenv.my-aim-example.network.vpc.security_groups.app.lb.id
source_security_group: aim.ref netenv.my-aim-example.network.vpc.security_groups.app.lb
You can refer to an S3 Bucket and it will return the ARN of the bucket:

Expand Down Expand Up @@ -268,21 +268,21 @@ and configured with the ACM cert:
- port: 443
protocol: HTTPS
ssl_certificates:
- aim.ref netenv.my-aim-example.applications.app.groups.site.resources.cert.arn
- aim.ref netenv.my-aim-example.applications.app.groups.site.resources.cert
aim.ref resource
----------------

To refer to a global resource created in the Resources directory, use an ``aim.ref resource``. For example:

``aim.ref resource.route53.example.id``
``aim.ref resource.route53.example``

After the ``aim.ref resource`` the next part should matche the filename of a file
(without the .yaml or .yml extension) in the Resources directory.
Subsequent parts will walk down the YAML in that file.

In the example below, the ``hosted_zone_id`` of a Route53 record is looked up.
In the example below, the ``hosted_zone`` of a Route53 record is looked up.

.. code-block:: yaml
Expand All @@ -294,7 +294,7 @@ In the example below, the ``hosted_zone_id`` of a Route53 record is looked up.
site:
alb:
dns:
- hosted_zone_id: aim.ref resource.route53.example.id
- hosted_zone: aim.ref resource.route53.example
# Resources/Route53.yaml
Expand Down Expand Up @@ -580,7 +580,7 @@ Networks have the following hierarchy:
- from_port: 80
name: HTTP
protocol: tcp
source_security_group_id: aim.ref netenv.my-aim-example.network.vpc.security_groups.app.lb.id
source_security_group: aim.ref netenv.my-aim-example.network.vpc.security_groups.app.lb
to_port: 80
Expand Down Expand Up @@ -979,7 +979,7 @@ EgressRule
- None
- The IP protocol name (tcp, udp, icmp, icmpv6) or number.
- IP Protocol
* - source_security_group_id
* - source_security_group
- TextReference
- .. fa:: times
- None
Expand Down Expand Up @@ -1046,7 +1046,7 @@ IngressRule
- None
- The IP protocol name (tcp, udp, icmp, icmpv6) or number.
- IP Protocol
* - source_security_group_id
* - source_security_group
- TextReference
- .. fa:: times
- None
Expand Down
8 changes: 4 additions & 4 deletions docs/quickstart101.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ this file will describe your network and looks like this:
- from_port: 80
name: HTTP
protocol: tcp
source_security_group_id: aim.ref netenv.mynet.network.vpc.security_groups.myapp.alb.id
source_security_group: aim.ref netenv.mynet.network.vpc.security_groups.myapp.alb
to_port: 80
segments:
public:
Expand Down Expand Up @@ -331,7 +331,7 @@ section. There is only one application in this quickstart and it is named ``myap
target_group: myapp
scheme: internet-facing
security_groups:
- aim.ref netenv.mynet.network.vpc.security_groups.myapp.alb.id
- aim.ref netenv.mynet.network.vpc.security_groups.myapp.alb
segment: public
webserver:
type: ASG
Expand All @@ -352,9 +352,9 @@ section. There is only one application in this quickstart and it is named ``myap
min_instances: 1
desired_capacity: 1
target_groups:
- aim.ref netenv.mynet.applications.myapp.groups.site.resources.alb.target_groups.myapp.arn
- aim.ref netenv.mynet.applications.myapp.groups.site.resources.alb.target_groups.myapp
security_groups:
- aim.ref netenv.mynet.network.vpc.security_groups.myapp.webserver.id
- aim.ref netenv.mynet.network.vpc.security_groups.myapp.webserver
segment: webserver
termination_policies:
- Default
Expand Down
10 changes: 5 additions & 5 deletions docs/quickstart102.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ at the YAML location ``applications: myapp: groups``:
update_policy_max_batch_size: 1
update_policy_min_instances_in_service: 0
security_groups:
- aim.ref netenv.mynet.network.vpc.security_groups.myapp.bastion.id
- aim.ref netenv.mynet.network.vpc.security_groups.myapp.bastion
user_data_script: |
#!/bin/bash
yum update -y
Expand All @@ -75,7 +75,7 @@ a new security group:
.. code-block:: yaml
security_groups:
- aim.ref netenv.mynet.network.vpc.security_groups.myapp.bastion.id
- aim.ref netenv.mynet.network.vpc.security_groups.myapp.bastion
This new ``bastion`` security group will allow SSH access from your IP address to
EC2 instances that belong to this security group. You will also modify the ``web``
Expand Down Expand Up @@ -110,7 +110,7 @@ Then add the following the ingress rule to the ``web:`` security group:
to_port: 22
name: SSH
protocol: tcp
source_security_group_id: aim.ref netenv.mynet.network.vpc.security_groups.myapp.bastion.id
source_security_group: aim.ref netenv.mynet.network.vpc.security_groups.myapp.bastion
Your final network configuration should look like this:

Expand Down Expand Up @@ -161,13 +161,13 @@ Your final network configuration should look like this:
- from_port: 80
name: HTTP
protocol: tcp
source_security_group_id: aim.ref netenv.mynet.network.vpc.security_groups.myapp.alb.id
source_security_group: aim.ref netenv.mynet.network.vpc.security_groups.myapp.alb
to_port: 80
- from_port: 22
to_port: 22
name: SSH
protocol: tcp
source_security_group_id: aim.ref netenv.mynet.network.vpc.security_groups.myapp.bastion.id
source_security_group: aim.ref netenv.mynet.network.vpc.security_groups.myapp.bastion
bastion:
egress:
- cidr_ip: 0.0.0.0/0
Expand Down
6 changes: 1 addition & 5 deletions src/aim/application/app_engine.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -734,11 +734,7 @@ def init_codepipebuilddeploy_resource(self, grp_id, res_id, res_config, res_stac
self.stack_group.add_stack_order(kms_stack_post)

# Get the ASG Instance Role ARN
if res_config.asg_name[-5:] != '.name':
print("Invalid ASG Name reference: %s" % (res_config.asg_name))
raise StackException(AimErrorCode.Unknown)

asg_instance_role_ref = res_config.asg_name[:-5]+'.instance_iam_role.arn'
asg_instance_role_ref = res_config.asg+'.instance_iam_role.arn'
cpbd_s3_bucket_policy = {
'aws': [
"aim.sub '${{{0}}}'".format(codebuild_role_ref),
Expand Down
20 changes: 4 additions & 16 deletions src/aim/cftemplates/alb.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,6 @@ def __init__(self, aim_ctx,
self.set_parameter('ALBEnabled', alb_config.enabled)
vpc_stack = self.env_ctx.get_vpc_stack()
self.set_parameter(StackOutputParam('VPC', vpc_stack, 'VPC'))
self.set_parameter('CustomDomainName', getattr(alb_config.dns, 'domain_name', ''))
self.set_parameter('HostedZoneId', getattr(alb_config.dns, 'hosted_zone_id', ''))

alb_region = env_ctx.region
self.set_parameter('ALBHostedZoneId', self.lb_hosted_zone_id('alb', alb_region))

Expand Down Expand Up @@ -66,6 +63,7 @@ def __init__(self, aim_ctx,
for sg_ref in alb_config.security_groups:
# TODO: Better name for self.get_stack_outputs_key_from_ref?
# print("ALB: SG_REF: " + sg_ref)
sg_ref += '.id'
sg_output_key = self.get_stack_outputs_key_from_ref(Reference(sg_ref))
sg_stack = self.aim_ctx.get_ref(sg_ref)
sg_output_param.add_stack_output(sg_stack, sg_output_key)
Expand Down Expand Up @@ -107,15 +105,6 @@ def __init__(self, aim_ctx,
Description: A List of security groups to attach to the ALB
Type: List<AWS::EC2::SecurityGroup::Id>
CustomDomainName:
Description: Custom DNS name to assign to the ALB
Type: String
Default: ""
HostedZoneId:
Description: The Route53 Hosted Zone ID where the Custom Domain will be added
Type: String
ALBHostedZoneId:
Description: The Regonal AWS Route53 Hosted Zone ID
Type: String
Expand All @@ -125,7 +114,6 @@ def __init__(self, aim_ctx,
{0[SSLCertificateParameters]:s}
Conditions:
CustomDomainIsEnabled: !Not [!Equals [!Ref CustomDomainName, ""] ]
ALBIsEnabled: !Equals [!Ref ALBEnabled, "true"]
Resources:
Expand Down Expand Up @@ -384,7 +372,7 @@ def __init__(self, aim_ctx,
listener_table['ssl_listener_cert_list'] += ssl_certificate_list_fmt.format(ssl_certificate_table)
#print(listener_yaml)
ssl_cert_param_yaml += ssl_cert_param_fmt.format(ssl_certificate_table)
self.set_parameter('SSLCertificateIdL%sC%d' % (listener_name, ssl_cert_idx),listener.ssl_certificates[ssl_cert_idx])
self.set_parameter('SSLCertificateIdL%sC%d' % (listener_name, ssl_cert_idx),listener.ssl_certificates[ssl_cert_idx]+".arn")
listener_table['listener_certificate'] = listener_certificate_fmt.format(listener_table)
# Listener
listener_yaml += listener_fmt.format(listener_table)
Expand Down Expand Up @@ -444,9 +432,9 @@ def __init__(self, aim_ctx,
record_sets_param_yaml = ""
record_set_table['idx'] = 0
for alb_dns in alb_config.dns:
record_set_table['hosted_zone_id'] = alb_dns.hosted_zone_id
record_set_table['hosted_zone_id'] = alb_dns.hosted_zone+'.id'
record_set_table['domain_name'] = alb_dns.domain_name
self.set_parameter('HostedZoneID%d' % (record_set_table['idx']), alb_dns.hosted_zone_id)
self.set_parameter('HostedZoneID%d' % (record_set_table['idx']), alb_dns.hosted_zone+'.id')
record_sets_yaml += record_set_fmt.format(record_set_table)
record_sets_param_yaml += record_set_param_fmt.format(record_set_table)
record_set_table['idx'] += 1
Expand Down
8 changes: 5 additions & 3 deletions src/aim/cftemplates/asg.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ def __init__(self,
sg_output_param = StackOutputParam('LCSecurityGroupList')
for sg_ref in asg_config.security_groups:
# TODO: Better name for self.get_stack_outputs_key_from_ref?
sg_ref += '.id'
sg_output_key = self.get_stack_outputs_key_from_ref(Reference(sg_ref))
sg_stack = self.aim_ctx.get_ref(sg_ref)
sg_output_param.add_stack_output(sg_stack, sg_output_key)
Expand Down Expand Up @@ -90,9 +91,10 @@ def __init__(self,
# Target Group Arns
if asg_config.target_groups != None and len(asg_config.target_groups) > 0:
lb_param = StackOutputParam('TargetGroupArns')
for target_group_arn in asg_config.target_groups:
alb_stack = self.aim_ctx.get_ref(target_group_arn)
alb_output_key = self.get_stack_outputs_key_from_ref(Reference(target_group_arn))
for target_group_ref in asg_config.target_groups:
target_group_ref += '.arn'
alb_stack = self.aim_ctx.get_ref(target_group_ref)
alb_output_key = self.get_stack_outputs_key_from_ref(Reference(target_group_ref))
lb_param.add_stack_output(alb_stack, alb_output_key)
self.set_parameter(lb_param)

Expand Down
4 changes: 0 additions & 4 deletions src/aim/cftemplates/cftemplates.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,9 @@ def add_stack_output(self, stack, stack_output_key):
def gen_parameter_value(self):
param_value = ""
comma = ''
#print("cftemplates: StackOutputParam: gen_parameter_value: ")
#pprint(repr(self.entry_list))
for entry in self.entry_list:
for output_key in entry['output_keys']:
#print(entry['stack'].template.aws_name + ": gen_parameter: output_key: " + output_key)
output_value = entry['stack'].get_outputs_value(output_key)
#print("Value: " + output_value)
param_value += comma + output_value
comma = ','

Expand Down
6 changes: 3 additions & 3 deletions src/aim/cftemplates/codedeploy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,9 @@ def __init__(self,
# Initialize Parameters
self.set_parameter('ResourceNamePrefix', self.resource_name)
self.set_parameter('ApplicationName', self.application_name)
self.set_parameter('CodeDeployASGName', deploy_config.asg_name)
self.set_parameter('CodeDeployASGName', deploy_config.asg+'.name')
self.set_parameter('ELBName', deploy_config.elb_name)
self.set_parameter('ALBTargetGroupName', deploy_config.alb_target_group_name)
self.set_parameter('ALBTargetGroupName', deploy_config.alb_target_group+'.name')
self.set_parameter('ArtifactsBucketName', artifacts_bucket_name)
self.set_parameter('CodeDeployAutoRollbackEnabled', deploy_config.auto_rollback_enabled)
self.set_parameter('CodeDeployConfigType', deploy_config.deploy_config_type)
Expand All @@ -52,7 +52,7 @@ def __init__(self,
res_id=res_id,
attribute='kms')
self.set_parameter('CMKArn', deploy_kms_ref)
self.set_parameter('TargetInstanceRoleName', deploy_config.deploy_instance_role_name)
self.set_parameter('TargetInstanceRoleName', deploy_config.deploy_instance_role+'.name')

# Define the Template
template_fmt = """
Expand Down
1 change: 0 additions & 1 deletion src/aim/cftemplates/cw_alarms.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ def get_alarm_actions(notificationgroups, alarm):

for plugin_name, plugin_module in service_plugins.items():
if hasattr(plugin_module, 'override_alarm_actions'):
print('Loading Alarm Actions from service {}'.format(plugin_name))
return plugin_module.override_alarm_actions(None, alarm)

# default behaviour is to use notification groups directly
Expand Down
2 changes: 1 addition & 1 deletion src/aim/cftemplates/elb.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ def __init__(self, aim_ctx,
self.set_parameter('ConnectionSettingsIdleSeconds', elb_config['connection_settings']['idle_timeout'])
self.set_parameter('CrossZone', elb_config['cross_zone'])
self.set_parameter('CustomDomainName', elb_config['dns']['domain_name'])
self.set_parameter('HostedZoneId', elb_config['dns']['hosted_zone_id'])
self.set_parameter('HostedZoneId', elb_config['dns']['hosted_zone'])

elb_region = self.env_ctx.region
self.set_parameter('ELBHostedZoneId', self.lb_hosted_zone_id('elb', elb_region))
Expand Down
4 changes: 2 additions & 2 deletions src/aim/cftemplates/security_groups.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,10 +121,10 @@ def __init__(self,
# SourceSecurtiyGroupId or CidrIp are required
if sg_rule_config.cidr_ip != '':
sg_rule_table['source'] = '\n CidrIp: ' + sg_rule_config.cidr_ip
elif sg_rule_config.source_security_group_id != '':
elif sg_rule_config.source_security_group != '':
# XXX: TODO: This only handles references to security groups within the
# template currently being generated.
local_ref = self.get_local_sg_ref(sg_rule_config.source_security_group_id)
local_ref = self.get_local_sg_ref(sg_rule_config.source_security_group+'.id')
sg_rule_table['source'] = '\n SourceSecurityGroupId: !Ref ' + local_ref
else:
raise StackException(AimErrorCode.Unknown)
Expand Down
8 changes: 4 additions & 4 deletions ...ecutter.project_name}}/NetworkEnvironments/{{cookiecutter.network_environment_name}}.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ network:
- from_port: 80
name: HTTP
protocol: tcp
source_security_group_id: aim.ref netenv.{{cookiecutter.network_environment_name}}.network.vpc.security_groups.{{cookiecutter.application_name}}.alb.id
source_security_group: aim.ref netenv.{{cookiecutter.network_environment_name}}.network.vpc.security_groups.{{cookiecutter.application_name}}.alb
to_port: 80
segments:
public:
Expand Down Expand Up @@ -85,7 +85,7 @@ applications:
target_group: {{cookiecutter.application_name}}
scheme: internet-facing
security_groups:
- aim.ref netenv.{{cookiecutter.network_environment_name}}.network.vpc.security_groups.{{cookiecutter.application_name}}.alb.id
- aim.ref netenv.{{cookiecutter.network_environment_name}}.network.vpc.security_groups.{{cookiecutter.application_name}}.alb
segment: public
web:
type: ASG
Expand All @@ -106,9 +106,9 @@ applications:
min_instances: 1
desired_capacity: 1
target_groups:
- aim.ref netenv.{{cookiecutter.network_environment_name}}.applications.{{cookiecutter.application_name}}.groups.site.resources.alb.target_groups.{{cookiecutter.application_name}}.arn
- aim.ref netenv.{{cookiecutter.network_environment_name}}.applications.{{cookiecutter.application_name}}.groups.site.resources.alb.target_groups.{{cookiecutter.application_name}}
security_groups:
- aim.ref netenv.{{cookiecutter.network_environment_name}}.network.vpc.security_groups.{{cookiecutter.application_name}}.web.id
- aim.ref netenv.{{cookiecutter.network_environment_name}}.network.vpc.security_groups.{{cookiecutter.application_name}}.web
segment: web
termination_policies:
- Default
Expand Down
10 changes: 5 additions & 5 deletions src/aim/doc/docschema.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@
- from_port: 80
name: HTTP
protocol: tcp
source_security_group_id: aim.ref netenv.my-aim-example.network.vpc.security_groups.app.lb.id
source_security_group: aim.ref netenv.my-aim-example.network.vpc.security_groups.app.lb
You can refer to an S3 Bucket and it will return the ARN of the bucket:
Expand Down Expand Up @@ -274,15 +274,15 @@
- port: 443
protocol: HTTPS
ssl_certificates:
- aim.ref netenv.my-aim-example.applications.app.groups.site.resources.cert.arn
- aim.ref netenv.my-aim-example.applications.app.groups.site.resources.cert
aim.ref resource
-----------
If you need to refer to a global resource created in the Resources directory, use a ``aim.ref resource``.
In the example below, the ``hosted_zone_id`` of a Route53 record is looked up.
In the example below, the ``hosted_zone`` of a Route53 record is looked up.
.. code-block:: yaml
Expand All @@ -294,7 +294,7 @@
site:
alb:
dns:
- hosted_zone_id: aim.ref resource.route53.example.id
- hosted_zone: aim.ref resource.route53.example
# Resources/Route53.yaml
Expand Down Expand Up @@ -460,7 +460,7 @@
- from_port: 80
name: HTTP
protocol: tcp
source_security_group_id: aim.ref netenv.my-aim-example.network.vpc.security_groups.app.lb.id
source_security_group: aim.ref netenv.my-aim-example.network.vpc.security_groups.app.lb
to_port: 80
{network}
Expand Down

0 comments on commit e27cf35

Please sign in to comment.