fix: Various Pulumi fixes

This commit is contained in:
Stefan Reimer 2021-10-04 17:51:16 +02:00
parent 07470a206d
commit ea3361886b
4 changed files with 18 additions and 39 deletions

View File

@ -1,30 +0,0 @@
kind: pipeline
name: default
steps:
- name: test
image: python:3.7-alpine
commands:
- pip install -r dev-requirements.txt
- which make || apk add make
- make test
- name: build
image: python:3.7-alpine
commands:
- which make || apk add make
- pip install -r dev-requirements.txt
- make build
- name: upload
image: python:3.7-alpine
environment:
TWINE_USERNAME:
from_secret: TWINE_USERNAME
TWINE_PASSWORD:
from_secret: TWINE_PASSWORD
commands:
- which make || apk add make
- pip install -r dev-requirements.txt
- make upload
when:
event:
- tag

View File

@ -2,7 +2,7 @@ import logging
__author__ = "Stefan Reimer"
__email__ = "stefan@zero-downtimet.net"
__version__ = "0.10.0"
__version__ = "0.10.1"
# Set up logging to ``/dev/null`` like a library is supposed to.

View File

@ -45,8 +45,12 @@ def pulumi_init(stack):
# Remove stacknameprefix if equals Conglomerate as Pulumi implicitly prefixes project_name
pulumi_stackname = re.sub(r'^' + project_name + '-?', '', stack.stackname)
try:
pulumi_backend = '{}/{}/{}'.format(stack.pulumi['backend'], project_name, stack.region)
except KeyError:
raise KeyError('Missing pulumi.backend setting !')
account_id = stack.connection_manager.call('sts', 'get_caller_identity', profile=stack.profile, region=stack.region)['Account']
# Ugly hack as Pulumi currently doesnt support MFA_TOKENs during role assumptions
# Do NOT set them via 'aws:secretKey' as they end up in the stack.json in plain text !!!
@ -55,6 +59,7 @@ def pulumi_init(stack):
os.environ['AWS_ACCESS_KEY_ID'] = stack.connection_manager._sessions[(stack.profile, stack.region)].get_credentials().access_key
os.environ['AWS_SECRET_ACCESS_KEY'] = stack.connection_manager._sessions[(stack.profile, stack.region)].get_credentials().secret_key
os.environ['AWS_DEFAULT_REGION'] = stack.region
# Secrets provider
try:
@ -63,7 +68,8 @@ def pulumi_init(stack):
raise ValueError('Missing PULUMI_CONFIG_PASSPHRASE environment variable!')
except KeyError:
raise KeyError('Missing Pulumi securityProvider setting !')
logger.warning('Missing pulumi.secretsProvider setting, secrets disabled !')
secrets_provider = None
# Set tag for stack file name and version
_tags = stack.tags

View File

@ -676,13 +676,13 @@ class Stack(object):
with open(self.path, "r") as file:
settings = yaml.safe_load(file)
try:
if 'pulumi' not in settings:
settings['pulumi'] = {}
if 'encryptionsalt' in pulumi_settings:
settings['pulumi']['encryptionsalt'] = pulumi_settings['encryptionsalt']
if 'encryptedkey' in pulumi_settings:
settings['pulumi']['encryptedkey'] = pulumi_settings['encryptedkey']
except KeyError:
pass
if 'parameters' not in settings:
settings['parameters'] = {}
@ -877,4 +877,7 @@ class Stack(object):
return kwargs
def _log_pulumi(self, text):
# Remove some duplicated noise
text = re.sub('pulumi:pulumi:Stack {}-{}( running)?'.format(self.parameters['Conglomerate'], self.stackname), '', text)
if text:
logger.info(" ".join([self.region, self.stackname, text]))