stack_master 2.16.0 → 2.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +18 -0
- data/lib/stack_master/parameter_resolvers/accounts_by_tags.rb +60 -0
- data/lib/stack_master/parameter_resolvers/sso_group_id.rb +21 -0
- data/lib/stack_master/sso_group_id_finder.rb +33 -0
- data/lib/stack_master/test_driver/cloud_formation.rb +1 -0
- data/lib/stack_master/version.rb +1 -1
- data/lib/stack_master.rb +3 -0
- metadata +36 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 637daba2dddc707df22584fad412d87df4ee24aab069885231561d847c762496
|
|
4
|
+
data.tar.gz: 7abcea21ecfbc080886b4181dc66392066a9360255ed2186bf2e7d652f6101e2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dba94d8ecf220d837673ef95f68c8d534b979bd31d67b8056e0836355a88f713499ca55420906ffb16855f7c3acb17e320c41ec90cb9c84263c59539f00c4cb2
|
|
7
|
+
data.tar.gz: 680f31e8fef7a94d387582acdb6c9381844aae4e2c56e6c4088f36d9c1ac2969feb27b9703c90c21416cef96572efc32455d4621951567611a18cb3481f22f56
|
data/README.md
CHANGED
|
@@ -416,6 +416,24 @@ ssh_sg:
|
|
|
416
416
|
- WebAccessSecurityGroup
|
|
417
417
|
```
|
|
418
418
|
|
|
419
|
+
### AWS IIC/SSO Group IDs
|
|
420
|
+
|
|
421
|
+
Looks up AWS Identity Center group name in the configured Identity Store and returns the ID suitable for use in AWS IIC assignments.
|
|
422
|
+
It is likely that account and role will need to be specified to do the lookup, the region specification is optional it defaults to stack region.
|
|
423
|
+
|
|
424
|
+
```yaml
|
|
425
|
+
GroupId:
|
|
426
|
+
sso_group_id: '[region:]identity-store-id/SSO Group Name'
|
|
427
|
+
```
|
|
428
|
+
|
|
429
|
+
e.g.
|
|
430
|
+
```yaml
|
|
431
|
+
GroupIdNotInStackRegion:
|
|
432
|
+
sso_group_id: 'us-east-1:d-123456df8:Okta-App-AWS-FooBar'
|
|
433
|
+
GroupIdInStackRegion:
|
|
434
|
+
sso_group_id: 'd-123456df8:Okta-App-AWS-FooBar'
|
|
435
|
+
```
|
|
436
|
+
|
|
419
437
|
### SNS Topic
|
|
420
438
|
|
|
421
439
|
Looks up an SNS topic by name and returns the ARN.
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
module StackMaster
|
|
2
|
+
module ParameterResolvers
|
|
3
|
+
class AccountsByTags < Resolver
|
|
4
|
+
array_resolver class_name: 'AccountsByTags'
|
|
5
|
+
|
|
6
|
+
def initialize(config, stack_definition)
|
|
7
|
+
@config = config
|
|
8
|
+
@stack_definition = stack_definition
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def resolve(team)
|
|
12
|
+
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
def fetch_all_aws_accounts()
|
|
18
|
+
return @aws_accounts if defined(@aws_accounts)
|
|
19
|
+
@aws_accounts = []
|
|
20
|
+
next_token = nil
|
|
21
|
+
client = Aws::Organizations::Client.new(region: @stack_definition.region)
|
|
22
|
+
loop do
|
|
23
|
+
resp = client.list_accounts(next_token: next_token)
|
|
24
|
+
@aws_accounts << resp.accounts
|
|
25
|
+
next_token = resp.next_token
|
|
26
|
+
break if next_token.nil?
|
|
27
|
+
end
|
|
28
|
+
@aws_accounts.flatten! || @aws_accounts
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def_fetch_tags_for_account(account)
|
|
32
|
+
client = Aws::Organizations::Client.new(region: @stack_definition.region)
|
|
33
|
+
next_token = nil
|
|
34
|
+
tags = []
|
|
35
|
+
loop do
|
|
36
|
+
client.list_tags_for_resource(resource_id: account.id, next_token: next_token)
|
|
37
|
+
tags << resp.tags
|
|
38
|
+
next_token = resp.next_token
|
|
39
|
+
break if next_token.nil?
|
|
40
|
+
end
|
|
41
|
+
tags.flatten! || tags
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def fetch_tags_for_accounts()
|
|
45
|
+
return @tagged_aws_accounts if defined?(@tagged_aws_accounts )
|
|
46
|
+
@tagged_aws_accounts = Hash.new()
|
|
47
|
+
fetch_all_aws_accounts()
|
|
48
|
+
@aws_accounts.each do |account|
|
|
49
|
+
@tagged_aws_accounts[account.id.to_sym] = { :account => account.id, :tags => fetch_tags_for_account(account.id) }
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def account_in_group?(account, group)
|
|
54
|
+
fetch_tags_for_accounts if defined?(@tagged_aws_accounts)
|
|
55
|
+
@tagged_aws_accounts[:account.to_sym][:tags].select {|tag| tag['key'] =='Group' && tag['value']==group}
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module StackMaster
|
|
2
|
+
module ParameterResolvers
|
|
3
|
+
class SsoGroupId < Resolver
|
|
4
|
+
InvalidParameter = Class.new(StandardError)
|
|
5
|
+
|
|
6
|
+
def initialize(config, stack_definition)
|
|
7
|
+
@config = config
|
|
8
|
+
@stack_definition = stack_definition
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def resolve(value)
|
|
12
|
+
sso_group_id_finder.find(value)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
def sso_group_id_finder
|
|
17
|
+
StackMaster::SsoGroupIdFinder.new()
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
module StackMaster
|
|
2
|
+
class SsoGroupIdFinder
|
|
3
|
+
SsoGroupNotFound = Class.new(StandardError)
|
|
4
|
+
|
|
5
|
+
def find(reference)
|
|
6
|
+
output_regex = %r{(?:(?<region>[^:]+):)?(?<identity_store_id>[^:/]+)/(?<group_name>.+)}
|
|
7
|
+
|
|
8
|
+
if !reference.is_a?(String) || !(match = output_regex.match(reference))
|
|
9
|
+
raise ArgumentError, 'Sso group lookup parameter must be in the form of [region:]identity-store-id/group_name'
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
region = match[:region] || StackMaster.cloud_formation_driver.region
|
|
13
|
+
client = Aws::IdentityStore::Client.new({ region: region })
|
|
14
|
+
|
|
15
|
+
begin
|
|
16
|
+
response = client.get_group_id({
|
|
17
|
+
identity_store_id: match[:identity_store_id],
|
|
18
|
+
alternate_identifier: {
|
|
19
|
+
unique_attribute: {
|
|
20
|
+
attribute_path: 'displayName',
|
|
21
|
+
attribute_value: match[:group_name],
|
|
22
|
+
},
|
|
23
|
+
},
|
|
24
|
+
})
|
|
25
|
+
return response.group_id
|
|
26
|
+
rescue Aws::IdentityStore::Errors::ServiceError => e
|
|
27
|
+
puts "Error calling GetGroupId: #{e.message}"
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
raise SsoGroupNotFound, "No group with name #{match[:group_name]} found in identity store #{match[:identity_store_id]} in #{region}"
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
data/lib/stack_master/version.rb
CHANGED
data/lib/stack_master.rb
CHANGED
|
@@ -4,6 +4,7 @@ require 'aws-sdk-acm'
|
|
|
4
4
|
require 'aws-sdk-cloudformation'
|
|
5
5
|
require 'aws-sdk-ec2'
|
|
6
6
|
require 'aws-sdk-ecr'
|
|
7
|
+
require 'aws-sdk-identitystore'
|
|
7
8
|
require 'aws-sdk-s3'
|
|
8
9
|
require 'aws-sdk-sns'
|
|
9
10
|
require 'aws-sdk-ssm'
|
|
@@ -33,6 +34,7 @@ module StackMaster
|
|
|
33
34
|
autoload :StackStatus, 'stack_master/stack_status'
|
|
34
35
|
autoload :SnsTopicFinder, 'stack_master/sns_topic_finder'
|
|
35
36
|
autoload :SecurityGroupFinder, 'stack_master/security_group_finder'
|
|
37
|
+
autoload :SsoGroupIdFinder, 'stack_master/sso_group_id_finder'
|
|
36
38
|
autoload :ParameterLoader, 'stack_master/parameter_loader'
|
|
37
39
|
autoload :ParameterResolver, 'stack_master/parameter_resolver'
|
|
38
40
|
autoload :RoleAssumer, 'stack_master/role_assumer'
|
|
@@ -84,6 +86,7 @@ module StackMaster
|
|
|
84
86
|
autoload :Ejson, 'stack_master/parameter_resolvers/ejson'
|
|
85
87
|
autoload :SnsTopicName, 'stack_master/parameter_resolvers/sns_topic_name'
|
|
86
88
|
autoload :SecurityGroup, 'stack_master/parameter_resolvers/security_group'
|
|
89
|
+
autoload :SsoGroupId, 'stack_master/parameter_resolvers/sso_group_id'
|
|
87
90
|
autoload :LatestAmiByTags, 'stack_master/parameter_resolvers/latest_ami_by_tags'
|
|
88
91
|
autoload :LatestAmi, 'stack_master/parameter_resolvers/latest_ami'
|
|
89
92
|
autoload :Env, 'stack_master/parameter_resolvers/env'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: stack_master
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.17.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Steve Hodgkiss
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2025-07-11 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -109,6 +109,20 @@ dependencies:
|
|
|
109
109
|
- - ">="
|
|
110
110
|
- !ruby/object:Gem::Version
|
|
111
111
|
version: '0'
|
|
112
|
+
- !ruby/object:Gem::Dependency
|
|
113
|
+
name: ostruct
|
|
114
|
+
requirement: !ruby/object:Gem::Requirement
|
|
115
|
+
requirements:
|
|
116
|
+
- - ">="
|
|
117
|
+
- !ruby/object:Gem::Version
|
|
118
|
+
version: '0'
|
|
119
|
+
type: :development
|
|
120
|
+
prerelease: false
|
|
121
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
122
|
+
requirements:
|
|
123
|
+
- - ">="
|
|
124
|
+
- !ruby/object:Gem::Version
|
|
125
|
+
version: '0'
|
|
112
126
|
- !ruby/object:Gem::Dependency
|
|
113
127
|
name: os
|
|
114
128
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -199,6 +213,20 @@ dependencies:
|
|
|
199
213
|
- - "~>"
|
|
200
214
|
- !ruby/object:Gem::Version
|
|
201
215
|
version: '1'
|
|
216
|
+
- !ruby/object:Gem::Dependency
|
|
217
|
+
name: aws-sdk-identitystore
|
|
218
|
+
requirement: !ruby/object:Gem::Requirement
|
|
219
|
+
requirements:
|
|
220
|
+
- - "~>"
|
|
221
|
+
- !ruby/object:Gem::Version
|
|
222
|
+
version: '1'
|
|
223
|
+
type: :runtime
|
|
224
|
+
prerelease: false
|
|
225
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
226
|
+
requirements:
|
|
227
|
+
- - "~>"
|
|
228
|
+
- !ruby/object:Gem::Version
|
|
229
|
+
version: '1'
|
|
202
230
|
- !ruby/object:Gem::Dependency
|
|
203
231
|
name: aws-sdk-s3
|
|
204
232
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -514,6 +542,7 @@ files:
|
|
|
514
542
|
- lib/stack_master/paged_response_accumulator.rb
|
|
515
543
|
- lib/stack_master/parameter_loader.rb
|
|
516
544
|
- lib/stack_master/parameter_resolver.rb
|
|
545
|
+
- lib/stack_master/parameter_resolvers/accounts_by_tags.rb
|
|
517
546
|
- lib/stack_master/parameter_resolvers/acm_certificate.rb
|
|
518
547
|
- lib/stack_master/parameter_resolvers/ami_finder.rb
|
|
519
548
|
- lib/stack_master/parameter_resolvers/ejson.rb
|
|
@@ -525,6 +554,7 @@ files:
|
|
|
525
554
|
- lib/stack_master/parameter_resolvers/parameter_store.rb
|
|
526
555
|
- lib/stack_master/parameter_resolvers/security_group.rb
|
|
527
556
|
- lib/stack_master/parameter_resolvers/sns_topic_name.rb
|
|
557
|
+
- lib/stack_master/parameter_resolvers/sso_group_id.rb
|
|
528
558
|
- lib/stack_master/parameter_resolvers/stack_output.rb
|
|
529
559
|
- lib/stack_master/parameter_validator.rb
|
|
530
560
|
- lib/stack_master/prompter.rb
|
|
@@ -548,6 +578,7 @@ files:
|
|
|
548
578
|
- lib/stack_master/sparkle_formation/compile_time/value_validator.rb
|
|
549
579
|
- lib/stack_master/sparkle_formation/compile_time/value_validator_factory.rb
|
|
550
580
|
- lib/stack_master/sparkle_formation/template_file.rb
|
|
581
|
+
- lib/stack_master/sso_group_id_finder.rb
|
|
551
582
|
- lib/stack_master/stack.rb
|
|
552
583
|
- lib/stack_master/stack_definition.rb
|
|
553
584
|
- lib/stack_master/stack_differ.rb
|
|
@@ -579,8 +610,8 @@ licenses:
|
|
|
579
610
|
metadata:
|
|
580
611
|
bug_tracker_uri: https://github.com/envato/stack_master/issues
|
|
581
612
|
changelog_uri: https://github.com/envato/stack_master/blob/master/CHANGELOG.md
|
|
582
|
-
documentation_uri: https://www.rubydoc.info/gems/stack_master/2.
|
|
583
|
-
source_code_uri: https://github.com/envato/stack_master/tree/v2.
|
|
613
|
+
documentation_uri: https://www.rubydoc.info/gems/stack_master/2.17.0
|
|
614
|
+
source_code_uri: https://github.com/envato/stack_master/tree/v2.17.0
|
|
584
615
|
post_install_message:
|
|
585
616
|
rdoc_options: []
|
|
586
617
|
require_paths:
|
|
@@ -596,7 +627,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
596
627
|
- !ruby/object:Gem::Version
|
|
597
628
|
version: '0'
|
|
598
629
|
requirements: []
|
|
599
|
-
rubygems_version: 3.
|
|
630
|
+
rubygems_version: 3.0.3.1
|
|
600
631
|
signing_key:
|
|
601
632
|
specification_version: 4
|
|
602
633
|
summary: StackMaster is a sure-footed way of creating, updating and keeping track
|