Untitled

avatar
unknown
plain_text
a year ago
4.4 kB
15
Indexable
import os

import yaml
from aws_cdk import aws_iam as iam, App, LegacyStackSynthesizer, Stack, Tags

from principal_environment import PrincipalEnvironment
from stacks.hello import Hello

APPLICATION_NAME = "hello"


class Main:
    def __init__(self) -> None:
        self.physical_environments = ["dev", "staging", "prod"]
        self.create_app()

    def create_app(self) -> None:
        app = App()

        env = self.__create_environment()
        default_tags, services = self.__get_config()

        stacks = []
        for service in services:
            deploy_environments = service.get("environments", self.physical_environments)
            if env.aws_environment_name not in deploy_environments:
                continue

            virtual_environments = self.__get_virtual_environments()

            for virtual_environment in virtual_environments:
                virtual_environment_name = virtual_environment["name"]
                app_name = self.__get_app_name(service["name"], virtual_environment_name)

                current_stack = Hello(app, f"{app_name}", app_name=app_name,
                                      env=env, synthesizer=LegacyStackSynthesizer())

                stacks.append(current_stack)

                current_tags = default_tags | service.get("custom_tags", {})

                # Deployment will fail if no app inventory ID is provided, as the stack execution role won't have
                # access to all the necessary permissions
                if not current_tags.get("pfg-app-inventory-id"):
                    raise ValueError("App Inventory ID required for deployment")

                self.__add_tags(current_stack, current_tags)

        self.apply_permissions_boundary(env, stacks)

        app.synth()

    @staticmethod
    def apply_permissions_boundary(env: PrincipalEnvironment, stacks: list[Stack]) -> None:
        for stack in stacks:
            permissions_boundary = iam.ManagedPolicy.from_managed_policy_arn(
                stack,
                "application_permissions_boundary",
                f"arn:aws:iam::{env.account}:policy/pgam/infra/app-role-boundary"
            )
            iam.PermissionsBoundary.of(stack).apply(permissions_boundary)

    @staticmethod
    def __create_environment() -> PrincipalEnvironment:
        account = os.environ["AWS_ACCOUNT_ID"]
        region = os.environ["AWS_REGION"]
        primary_region = os.environ["AWS_PRIMARY_REGION"]
        secondary_region = os.environ["AWS_SECONDARY_REGION"]
        aws_environment_name = os.environ["AWS_ENVIRONMENT"]
        return PrincipalEnvironment(
            account=account,
            region=region,
            primary_region=primary_region,
            secondary_region=secondary_region,
            aws_environment_name=aws_environment_name
        )

    @staticmethod
    def __get_config() -> tuple[dict, list]:
        services = []
        for file in os.listdir("./config/services"):
            with open(f"./config/services/{file}", "r", encoding='utf-8') as config_file:
                services.append(yaml.safe_load(config_file))

        with open("./config/common.yaml", "r", encoding='utf-8') as config_file:
            config = yaml.safe_load(config_file)

        default_tags = config.get("default_tags")

        return default_tags, services

    @staticmethod
    def __get_virtual_environments() -> list[dict[str, str]]:
        aws_environment = os.environ.get("AWS_ENVIRONMENT", "sbx")

        with open("./environments.yaml", "r", encoding='utf-8') as config_file:
            environments_config = yaml.safe_load(config_file)

        return environments_config.get(aws_environment)

    def __get_app_name(self, service_name: str, virtual_environment_name: str) -> str:
        app_name = f"{APPLICATION_NAME}-{service_name}"

        if virtual_environment_name not in self.physical_environments:
            app_name = f"{app_name}-{virtual_environment_name}"

        return app_name

    @staticmethod
    def __add_tags(stack: Stack, custom_tags: dict) -> None:
        for key, value in custom_tags.items():
            Tags.of(stack).add(key=key, value=value, priority=None, apply_to_launched_instances=True)


if __name__ == "__main__":
    Main()
Editor is loading...
Leave a Comment