fix: Various Pulumi fixes
This commit is contained in:
parent
07470a206d
commit
ea3361886b
30
.drone.yml
30
.drone.yml
@ -1,30 +0,0 @@
|
|||||||
kind: pipeline
|
|
||||||
name: default
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: test
|
|
||||||
image: python:3.7-alpine
|
|
||||||
commands:
|
|
||||||
- pip install -r dev-requirements.txt
|
|
||||||
- which make || apk add make
|
|
||||||
- make test
|
|
||||||
- name: build
|
|
||||||
image: python:3.7-alpine
|
|
||||||
commands:
|
|
||||||
- which make || apk add make
|
|
||||||
- pip install -r dev-requirements.txt
|
|
||||||
- make build
|
|
||||||
- name: upload
|
|
||||||
image: python:3.7-alpine
|
|
||||||
environment:
|
|
||||||
TWINE_USERNAME:
|
|
||||||
from_secret: TWINE_USERNAME
|
|
||||||
TWINE_PASSWORD:
|
|
||||||
from_secret: TWINE_PASSWORD
|
|
||||||
commands:
|
|
||||||
- which make || apk add make
|
|
||||||
- pip install -r dev-requirements.txt
|
|
||||||
- make upload
|
|
||||||
when:
|
|
||||||
event:
|
|
||||||
- tag
|
|
||||||
@ -2,7 +2,7 @@ import logging
|
|||||||
|
|
||||||
__author__ = "Stefan Reimer"
|
__author__ = "Stefan Reimer"
|
||||||
__email__ = "stefan@zero-downtimet.net"
|
__email__ = "stefan@zero-downtimet.net"
|
||||||
__version__ = "0.10.0"
|
__version__ = "0.10.1"
|
||||||
|
|
||||||
|
|
||||||
# Set up logging to ``/dev/null`` like a library is supposed to.
|
# Set up logging to ``/dev/null`` like a library is supposed to.
|
||||||
|
|||||||
@ -45,8 +45,12 @@ def pulumi_init(stack):
|
|||||||
|
|
||||||
# Remove stacknameprefix if equals Conglomerate as Pulumi implicitly prefixes project_name
|
# Remove stacknameprefix if equals Conglomerate as Pulumi implicitly prefixes project_name
|
||||||
pulumi_stackname = re.sub(r'^' + project_name + '-?', '', stack.stackname)
|
pulumi_stackname = re.sub(r'^' + project_name + '-?', '', stack.stackname)
|
||||||
|
try:
|
||||||
pulumi_backend = '{}/{}/{}'.format(stack.pulumi['backend'], project_name, stack.region)
|
pulumi_backend = '{}/{}/{}'.format(stack.pulumi['backend'], project_name, stack.region)
|
||||||
|
|
||||||
|
except KeyError:
|
||||||
|
raise KeyError('Missing pulumi.backend setting !')
|
||||||
|
|
||||||
account_id = stack.connection_manager.call('sts', 'get_caller_identity', profile=stack.profile, region=stack.region)['Account']
|
account_id = stack.connection_manager.call('sts', 'get_caller_identity', profile=stack.profile, region=stack.region)['Account']
|
||||||
# Ugly hack as Pulumi currently doesnt support MFA_TOKENs during role assumptions
|
# Ugly hack as Pulumi currently doesnt support MFA_TOKENs during role assumptions
|
||||||
# Do NOT set them via 'aws:secretKey' as they end up in the stack.json in plain text !!!
|
# Do NOT set them via 'aws:secretKey' as they end up in the stack.json in plain text !!!
|
||||||
@ -55,6 +59,7 @@ def pulumi_init(stack):
|
|||||||
|
|
||||||
os.environ['AWS_ACCESS_KEY_ID'] = stack.connection_manager._sessions[(stack.profile, stack.region)].get_credentials().access_key
|
os.environ['AWS_ACCESS_KEY_ID'] = stack.connection_manager._sessions[(stack.profile, stack.region)].get_credentials().access_key
|
||||||
os.environ['AWS_SECRET_ACCESS_KEY'] = stack.connection_manager._sessions[(stack.profile, stack.region)].get_credentials().secret_key
|
os.environ['AWS_SECRET_ACCESS_KEY'] = stack.connection_manager._sessions[(stack.profile, stack.region)].get_credentials().secret_key
|
||||||
|
os.environ['AWS_DEFAULT_REGION'] = stack.region
|
||||||
|
|
||||||
# Secrets provider
|
# Secrets provider
|
||||||
try:
|
try:
|
||||||
@ -63,7 +68,8 @@ def pulumi_init(stack):
|
|||||||
raise ValueError('Missing PULUMI_CONFIG_PASSPHRASE environment variable!')
|
raise ValueError('Missing PULUMI_CONFIG_PASSPHRASE environment variable!')
|
||||||
|
|
||||||
except KeyError:
|
except KeyError:
|
||||||
raise KeyError('Missing Pulumi securityProvider setting !')
|
logger.warning('Missing pulumi.secretsProvider setting, secrets disabled !')
|
||||||
|
secrets_provider = None
|
||||||
|
|
||||||
# Set tag for stack file name and version
|
# Set tag for stack file name and version
|
||||||
_tags = stack.tags
|
_tags = stack.tags
|
||||||
|
|||||||
@ -676,13 +676,13 @@ class Stack(object):
|
|||||||
with open(self.path, "r") as file:
|
with open(self.path, "r") as file:
|
||||||
settings = yaml.safe_load(file)
|
settings = yaml.safe_load(file)
|
||||||
|
|
||||||
try:
|
|
||||||
if 'pulumi' not in settings:
|
if 'pulumi' not in settings:
|
||||||
settings['pulumi'] = {}
|
settings['pulumi'] = {}
|
||||||
|
|
||||||
|
if 'encryptionsalt' in pulumi_settings:
|
||||||
settings['pulumi']['encryptionsalt'] = pulumi_settings['encryptionsalt']
|
settings['pulumi']['encryptionsalt'] = pulumi_settings['encryptionsalt']
|
||||||
|
if 'encryptedkey' in pulumi_settings:
|
||||||
settings['pulumi']['encryptedkey'] = pulumi_settings['encryptedkey']
|
settings['pulumi']['encryptedkey'] = pulumi_settings['encryptedkey']
|
||||||
except KeyError:
|
|
||||||
pass
|
|
||||||
|
|
||||||
if 'parameters' not in settings:
|
if 'parameters' not in settings:
|
||||||
settings['parameters'] = {}
|
settings['parameters'] = {}
|
||||||
@ -877,4 +877,7 @@ class Stack(object):
|
|||||||
return kwargs
|
return kwargs
|
||||||
|
|
||||||
def _log_pulumi(self, text):
|
def _log_pulumi(self, text):
|
||||||
|
# Remove some duplicated noise
|
||||||
|
text = re.sub('pulumi:pulumi:Stack {}-{}( running)?'.format(self.parameters['Conglomerate'], self.stackname), '', text)
|
||||||
|
if text:
|
||||||
logger.info(" ".join([self.region, self.stackname, text]))
|
logger.info(" ".join([self.region, self.stackname, text]))
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user