Merge pull request #6 from aws-ia/project_type_sync

Syncing project type updates and updating submodule

.project_automation/publication/assets/.taskcat_publish.yml

@@ -6,6 +6,10 @@ general:
     ap-southeast-3: ap-southeast-3-profile
     eu-south-1: eu-south-1-profile
     me-south-1: me-south-1-profile
+    cn-north-1: china-profile
+    cn-northwest-1: china-profile
+    us-gov-east-1: us-govcloud-profile
+    us-gov-west-1: us-govcloud-profile
 project:
   s3_regional_buckets: true
   s3_bucket: aws-ia
@@ -32,5 +36,9 @@ project:
     - ca-central-1
     - eu-central-1
     - eu-north-1
+    - cn-north-1
+    - cn-northwest-1
+    - us-gov-east-1
+    - us-gov-west-1
 tests:
   test1: {}

.project_automation/publication/assets/cred_helper.py

@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+import boto3
+import json
+import sys
+import argparse
+
+# https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html
+
+def _transform_creds(result, ak, sk):
+    AK = result[ak]
+    SAK = result[sk]
+    transformed_creds = {
+          "Version": 1,
+          "AccessKeyId": AK,
+          "SecretAccessKey": SAK
+    }
+    return transformed_creds
+
+def fetch_creds(region_name, secret_name, ak, sk, pr):
+    ssm = boto3.Session(profile_name=pr).client('secretsmanager', region_name=region_name)
+    value = ssm.get_secret_value(SecretId=secret_name)
+    value = json.loads(value["SecretString"])
+    return _transform_creds(value, ak, sk)
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        prog="cred_helper.py",
+        description="Snags creds from Secrets manager for use in an AWS profile. Leveraging botocore builtins.",
+    )
+    parser.add_argument(
+            "--region",
+        type=str,
+        help="region name. otherwise use the default.",
+        required=True
+    )
+    parser.add_argument(
+        "--secret-name",
+        type=str,
+        help="secret name to fetch",
+        required=True
+    )
+    parser.add_argument(
+        "--access-key-index",
+        type=str,
+        help="secret name to fetch",
+        required=True
+    )
+    parser.add_argument(
+        "--secret-access-key-index",
+        type=str,
+        help="secret name to fetch",
+        required=True
+    )
+    parser.add_argument(
+        "--secret-profile",
+        type=str,
+        help="profile to use when fetching the secret",
+        required=False,
+        default="default"
+    )
+    args = parser.parse_args()
+    try:
+        parsed_creds = fetch_creds(
+            args.region,
+            args.secret_name,
+            args.access_key_index,
+            args.secret_access_key_index,
+            args.secret_profile
+        )
+        json.dump(parsed_creds, sys.stdout, indent=2)
+    except:
+        raise

.project_automation/publication/s3_publish.sh

@@ -62,6 +62,7 @@ cat "${automation_scripts_path}tmp.yml"
 
 aws sts get-caller-identity --debug
 
+chmod 755 ${project_root}/.project_automation/publication/assets/cred_helper.py
 # push to regional S3 buckets
 export TASKCAT_PROJECT_S3_REGIONAL_BUCKETS=true; taskcat -d upload -p ${project_root} -c "${automation_scripts_path}tmp.yml"