- Fixed role.global_role_name

- Added availability_zone config to VPC endpoints - SSM wait command skips instances that are not running
waterbear-cloud · Dec 30, 2021 · f6db843 · f6db843
1 parent be9cd66
commit f6db843
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 12 deletions.
diff --git a/src/paco/cftemplates/iam_roles.py b/src/paco/cftemplates/iam_roles.py
@@ -212,11 +212,8 @@ def __init__(
         # Role
         role_path_param_name = self.get_cf_resource_name_prefix(role_id) + "RolePath"
         iam_role_table['role_path_param_name'] = role_path_param_name
-        if role_config.global_role_name:
-            iam_role_table['role_name'] = role_config.role_name
-        else:
-            # Hashed name to avoid conflicts between environments, etc.
-            iam_role_table['role_name'] = self.gen_iam_role_name("Role", role_ref, role_id)
+        # Hashed name to avoid conflicts between environments, etc.
+        iam_role_table['role_name'] = self.gen_iam_role_name("Role", role)
         iam_role_table['cf_resource_name_prefix'] = self.get_cf_resource_name_prefix(role_id)
 
         # Assume Role Principal
@@ -254,7 +251,7 @@ def __init__(
 
         # Instance Profile
         if role_config.instance_profile == True:
-            iam_role_table['profile_name'] = self.gen_iam_role_name("Profile", role_ref, role_id)
+            iam_role_table['profile_name'] = self.gen_iam_role_name("Profile", role)
             iam_role_table['instance_profile'] = iam_profile_fmt.format(iam_role_table)
         else:
             iam_role_table['instance_profile'] = ""
@@ -273,9 +270,12 @@ def __init__(
         template_table['outputs_yaml'] = outputs_yaml
         self.set_template(template_fmt.format(template_table))
 
-    def gen_iam_role_name(self, role_type, role_ref, role_id):
+    def gen_iam_role_name(self, role_type, role):
         "Generate a name valid in CloudFormation"
-        iam_context_hash = md5sum(str_data=role_ref)[:8].upper()
+        if role.global_role_name == True:
+            return f'{role.role_name}-{role_type[0]}'
+        role_id = self.resource.name + '-' + role.name
+        iam_context_hash = md5sum(str_data=role.paco_ref_parts)[:8].upper()
         role_name = self.create_resource_name_join(
             name_list=[iam_context_hash, role_type[0], role_id],
             separator='-',

diff --git a/src/paco/cftemplates/vpcendpoints.py b/src/paco/cftemplates/vpcendpoints.py
@@ -31,6 +31,8 @@ def __init__(self, stack, paco_ctx):
             # Generate a RouteTable Ids
             for segment_id in endpoint.segments:
                 for az_idx in range(1, network_config.availability_zones+1):
+                    if endpoint.availability_zone != 'all' and str(az_idx) != endpoint.availability_zone:
+                        continue
                     # Route Table: TODO: Not needed until we support GATEWAY endpoint types
                     # route_table_id_param_name = self.create_cfn_logical_id_join(
                     #     str_list=['RouteTable', segment_id, 'AZ', str(az_idx)],

diff --git a/src/paco/controllers/ctl_iam.py b/src/paco/controllers/ctl_iam.py
@@ -103,10 +103,9 @@ def __init__(
             support_resource_ref_ext=role_ext,
         )
         self.role_template = self.role_stack.template
-        role_id = self.resource.name + '-' + self.role.name
-        self.role_name = self.role_template.gen_iam_role_name("Role", self.role.paco_ref_parts, role_id)
+        self.role_name = self.role_template.gen_iam_role_name("Role", self.role)
         self.role_arn = "arn:aws:iam::{0}:role/{1}".format(self.account_ctx.get_id(), self.role_name)
-        role_profile_name = self.role_template.gen_iam_role_name("Profile", self.role.paco_ref_parts, role_id)
+        role_profile_name = self.role_template.gen_iam_role_name("Profile", self.role)
         self.role_profile_arn = "arn:aws:iam::{0}:instance-profile/{1}".format(self.account_ctx.get_id(), role_profile_name)
 
     def aws_name(self):

diff --git a/src/paco/controllers/ctl_ssm.py b/src/paco/controllers/ctl_ssm.py
@@ -80,6 +80,8 @@ def wait_for_command(self, ssm_client, account_ctx, region, resource, command_id
         )
         for instance in ec2_response['Reservations'][0]['Instances']:
             instance_id = instance['InstanceId']
+            if instance['State']['Name'] != 'Running':
+                continue
             while True:
                 # TODO: Needs a try for InvocationDoesNotExist Exception
                 try:
@@ -90,7 +92,7 @@ def wait_for_command(self, ssm_client, account_ctx, region, resource, command_id
                 except Exception as e:
                     # An instance may need more time if we get here, try again.
                     # breakpoint()
-                    print(f"{e}")
+                    print(f"{instance_id}: {e}")
                     break
                 if command_response['Status'] not in ('Pending', 'InProgress', 'Delayed'):
                     if command_response['Status'] == 'Success':