11 changed files with 330 additions and 83 deletions
@ -0,0 +1,100 @@
|
||||
import sys |
||||
import os |
||||
import re |
||||
import shutil |
||||
import importlib |
||||
import pulumi |
||||
|
||||
import logging |
||||
logger = logging.getLogger(__name__) |
||||
|
||||
|
||||
def pulumi_init(stack): |
||||
|
||||
# Fail early if pulumi binaries are not available |
||||
if not shutil.which('pulumi'): |
||||
raise FileNotFoundError("Cannot find pulumi binary, see https://www.pulumi.com/docs/get-started/install/") |
||||
|
||||
# add all artifact_paths/pulumi to the search path for easier imports in the pulumi code |
||||
for artifacts_path in stack.ctx['artifact_paths']: |
||||
_path = '{}/pulumi'.format(artifacts_path.resolve()) |
||||
sys.path.append(_path) |
||||
|
||||
# Try local implementation first, similar to Jinja2 mode |
||||
_found = False |
||||
try: |
||||
_stack = importlib.import_module('config.{}.{}'.format(stack.rel_path, stack.template).replace('/', '.')) |
||||
_found = True |
||||
|
||||
except ImportError: |
||||
for artifacts_path in stack.ctx['artifact_paths']: |
||||
try: |
||||
spec = importlib.util.spec_from_file_location("_stack", '{}/pulumi/{}.py'.format(artifacts_path.resolve(), stack.template)) |
||||
_stack = importlib.util.module_from_spec(spec) |
||||
spec.loader.exec_module(_stack) |
||||
_found = True |
||||
|
||||
except FileNotFoundError: |
||||
pass |
||||
|
||||
if not _found: |
||||
raise FileNotFoundError("Cannot find Pulumi implementation for {}".format(stack.stackname)) |
||||
|
||||
project_name = stack.parameters['Conglomerate'] |
||||
|
||||
# Remove stacknameprefix if equals Conglomerate as Pulumi implicitly prefixes project_name |
||||
pulumi_stackname = re.sub(r'^' + project_name + '-?', '', stack.stackname) |
||||
pulumi_backend = '{}/{}/{}'.format(stack.pulumi['backend'], project_name, stack.region) |
||||
|
||||
account_id = stack.connection_manager.call('sts', 'get_caller_identity', profile=stack.profile, region=stack.region)['Account'] |
||||
# Ugly hack as Pulumi currently doesnt support MFA_TOKENs during role assumptions |
||||
# Do NOT set them via 'aws:secretKey' as they end up in the stack.json in plain text !!! |
||||
if stack.connection_manager._sessions[(stack.profile, stack.region)].get_credentials().token: |
||||
os.environ['AWS_SESSION_TOKEN'] = stack.connection_manager._sessions[(stack.profile, stack.region)].get_credentials().token |
||||
|
||||
os.environ['AWS_ACCESS_KEY_ID'] = stack.connection_manager._sessions[(stack.profile, stack.region)].get_credentials().access_key |
||||
os.environ['AWS_SECRET_ACCESS_KEY'] = stack.connection_manager._sessions[(stack.profile, stack.region)].get_credentials().secret_key |
||||
|
||||
# Secrets provider |
||||
try: |
||||
secrets_provider = stack.pulumi['secretsProvider'] |
||||
if secrets_provider == 'passphrase' and 'PULUMI_CONFIG_PASSPHRASE' not in os.environ: |
||||
raise ValueError('Missing PULUMI_CONFIG_PASSPHRASE environment variable!') |
||||
|
||||
except KeyError: |
||||
raise KeyError('Missing Pulumi securityProvider setting !') |
||||
|
||||
_config = { |
||||
"aws:region": stack.region, |
||||
"aws:profile": stack.profile, |
||||
"aws:defaultTags": {"tags": stack.tags}, |
||||
"zdt:region": stack.region, |
||||
"zdt:awsAccount": account_id, |
||||
} |
||||
|
||||
# inject all parameters as config in the <Conglomerate> namespace |
||||
for p in stack.parameters: |
||||
_config['{}:{}'.format(stack.parameters['Conglomerate'], p)] = stack.parameters[p] |
||||
|
||||
stack_settings = pulumi.automation.StackSettings( |
||||
config=_config, |
||||
secrets_provider=secrets_provider, |
||||
encryption_salt=stack.pulumi.get('encryptionsalt', None), |
||||
encrypted_key=stack.pulumi.get('encryptedkey', None) |
||||
) |
||||
|
||||
project_settings = pulumi.automation.ProjectSettings( |
||||
name=project_name, |
||||
runtime="python", |
||||
backend={"url": pulumi_backend}) |
||||
|
||||
ws_opts = pulumi.automation.LocalWorkspaceOptions( |
||||
work_dir=stack.work_dir, |
||||
project_settings=project_settings, |
||||
stack_settings={pulumi_stackname: stack_settings}, |
||||
secrets_provider=secrets_provider) |
||||
|
||||
stack = pulumi.automation.create_or_select_stack(stack_name=pulumi_stackname, project_name=project_name, program=_stack.pulumi_program, opts=ws_opts) |
||||
stack.workspace.install_plugin("aws", "4.19.0") |
||||
|
||||
return stack |
@ -1,5 +1,6 @@
|
||||
boto3 |
||||
Jinja2 |
||||
Jinja2<3 |
||||
click |
||||
pyminifier |
||||
cfn-lint>=0.34 |
||||
pulumi |
||||
|
Loading…
Reference in new issue