awspub 0.0.10__py3-none-any.whl → 0.0.13__py3-none-any.whl

awspub/common.py

@@ -15,13 +15,20 @@ def _split_partition(val: str) -> Tuple[str, str]:
     :return: the partition and the resource
     :rtype: Tuple[str, str]
     """
-    if ":" in val:
-        partition, resource = val.split(":")
-    else:
-        # if no partition is given, assume default commercial partition "aws"
-        partition = "aws"
-        resource = val
-    return partition, resource
+
+    # ARNs encode partition https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html
+    if val.startswith("arn:"):
+        arn, partition, resource = val.split(":", maxsplit=2)
+        # Return extracted partition, but keep full ARN intact
+        return partition, val
+
+    # Partition prefix
+    if ":" in val and val.startswith("aws"):
+        partition, resource = val.split(":", maxsplit=1)
+        return partition, resource
+
+    # if no partition is given, assume default commercial partition "aws"
+    return "aws", val
 
 
 def _get_regions(region_to_query: str, regions_allowlist: List[str]) -> List[str]:

awspub/configmodels.py

@@ -1,4 +1,5 @@
 import pathlib
+import re
 from enum import Enum
 from typing import Dict, List, Literal, Optional
 
@@ -161,8 +162,8 @@ class ConfigImageModel(BaseModel):
     )
     imds_support: Optional[Literal["v2.0"]] = Field(description="Optional IMDS support", default=None)
     share: Optional[List[str]] = Field(
-        description="Optional list of account IDs the image and snapshot will be shared with. The account"
-        "ID can be prefixed with the partition and separated by ':'. Eg 'aws-cn:123456789123'",
+        description="Optional list of account IDs, organization ARN, OU ARN the image and snapshot will be shared with."
+        " The account ID can be prefixed with the partition and separated by ':'. Eg 'aws-cn:123456789123'",
         default=None,
     )
     temporary: Optional[bool] = Field(
@@ -193,11 +194,25 @@ class ConfigImageModel(BaseModel):
         """
         Make sure the account IDs are valid and if given the partition is correct
         """
+        patterns = [
+            # https://docs.aws.amazon.com/organizations/latest/APIReference/API_Account.html
+            r"\d{12}",
+            # Adjusted for partitions
+            # https://docs.aws.amazon.com/organizations/latest/APIReference/API_Organization.html
+            r"arn:aws(?:-cn)?(?:-us-gov)?:organizations::\d{12}:organization\/o-[a-z0-9]{10,32}",
+            # https://docs.aws.amazon.com/organizations/latest/APIReference/API_OrganizationalUnit.html
+            r"arn:aws(?:-cn)?(?:-us-gov)?:organizations::\d{12}:ou\/o-[a-z0-9]{10,32}\/ou-[0-9a-z]{4,32}-[0-9a-z]{8,32}",  # noqa:E501
+        ]
         if v is not None:
             for val in v:
-                partition, account_id = _split_partition(val)
-                if len(account_id) != 12:
-                    raise ValueError("Account ID must be 12 characters long")
+                partition, account_id_or_arn = _split_partition(val)
+                valid = False
+                for pattern in patterns:
+                    if re.fullmatch(pattern, account_id_or_arn):
+                        valid = True
+                        break
+                if not valid:
+                    raise ValueError("Account ID must be 12 digits long or an ARN for Organization or OU")
                 if partition not in ["aws", "aws-cn", "aws-us-gov"]:
                     raise ValueError("Partition must be one of 'aws', 'aws-cn', 'aws-us-gov'")
         return v

awspub/image.py

@@ -2,7 +2,7 @@ import hashlib
 import logging
 from dataclasses import dataclass
 from enum import Enum
-from typing import Any, Dict, List, Optional
+from typing import Any, Dict, List, Optional, Tuple
 
 import boto3
 import botocore.exceptions
@@ -145,23 +145,30 @@ class Image:
             tags.append({"Key": name, "Value": value})
         return tags
 
-    def _share_list_filtered(self, share_conf: List[str]) -> List[Dict[str, str]]:
+    def _share_list_filtered(self, share_conf: List[str]) -> Tuple[List[Dict[str, str]], List[Dict[str, str]]]:
         """
         Get a filtered list of share configurations based on the current partition
         :param share_conf: the share configuration
         :type share_conf: List[str]
         :return: a List of share configurations that is usable by modify_image_attribute()
-        :rtype: List[Dict[str, str]]
+        :rtype: Tuple[List[Dict[str, str]], List[Dict[str, str]]]
         """
         # the current partition
         partition_current = boto3.client("ec2").meta.partition
 
         share_list: List[Dict[str, str]] = []
+        volume_list: List[Dict[str, str]] = []
         for share in share_conf:
-            partition, account_id = _split_partition(share)
+            partition, account_id_or_arn = _split_partition(share)
             if partition == partition_current:
-                share_list.append({"UserId": account_id})
-        return share_list
+                if ":organization/o-" in account_id_or_arn:
+                    share_list.append({"OrganizationArn": account_id_or_arn})
+                elif ":ou/o-" in account_id_or_arn:
+                    share_list.append({"OrganizationalUnitArn": account_id_or_arn})
+                else:
+                    share_list.append({"UserId": account_id_or_arn})
+                    volume_list.append({"UserId": account_id_or_arn})
+        return share_list, volume_list
 
     def _share(self, share_conf: List[str], images: Dict[str, _ImageInfo]):
         """
@@ -172,7 +179,7 @@ class Image:
         :param images: a Dict with region names as keys and _ImageInfo objects as values
         :type images: Dict[str, _ImageInfo]
         """
-        share_list = self._share_list_filtered(share_conf)
+        share_list, volume_list = self._share_list_filtered(share_conf)
 
         if not share_list:
             logger.info("no valid accounts found for sharing in this partition, skipping")
@@ -188,11 +195,11 @@ class Image:
             )
 
             # modify snapshot permissions
-            if image_info.snapshot_id:
+            if image_info.snapshot_id and volume_list:
                 ec2client.modify_snapshot_attribute(
                     Attribute="createVolumePermission",
                     SnapshotId=image_info.snapshot_id,
-                    CreateVolumePermission={"Add": share_list},  # type: ignore
+                    CreateVolumePermission={"Add": volume_list},  # type: ignore
                 )
 
         logger.info(f"shared images & snapshots with '{share_conf}'")

awspub/tests/fixtures/config1.yaml

@@ -83,6 +83,8 @@ awspub:
         - "221020170000"
         - "aws:290620200000"
         - "aws-cn:334455667788"
+        - "arn:aws:organizations::123456789012:organization/o-123example"
+        - "arn:aws-cn:organizations::334455667788:ou/o-123example/ou-1234-5example"
       marketplace:
         entity_id: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
         access_role_arn: "arn:aws:iam::xxxxxxxxxxxx:role/AWSMarketplaceAccess"

awspub/tests/test_common.py

@@ -12,6 +12,30 @@ from awspub.common import _get_regions, _split_partition
         ("aws:123456789123", ("aws", "123456789123")),
         ("aws-cn:123456789123", ("aws-cn", "123456789123")),
         ("aws-us-gov:123456789123", ("aws-us-gov", "123456789123")),
+        (
+            "arn:aws:organizations::123456789012:organization/o-123example",
+            ("aws", "arn:aws:organizations::123456789012:organization/o-123example"),
+        ),
+        (
+            "arn:aws:organizations::123456789012:ou/o-123example/ou-1234-5example",
+            ("aws", "arn:aws:organizations::123456789012:ou/o-123example/ou-1234-5example"),
+        ),
+        (
+            "arn:aws-cn:organizations::123456789012:organization/o-123example",
+            ("aws-cn", "arn:aws-cn:organizations::123456789012:organization/o-123example"),
+        ),
+        (
+            "arn:aws-cn:organizations::123456789012:ou/o-123example/ou-1234-5example",
+            ("aws-cn", "arn:aws-cn:organizations::123456789012:ou/o-123example/ou-1234-5example"),
+        ),
+        (
+            "arn:aws-us-gov:organizations::123456789012:organization/o-123example",
+            ("aws-us-gov", "arn:aws-us-gov:organizations::123456789012:organization/o-123example"),
+        ),
+        (
+            "arn:aws-us-gov:organizations::123456789012:ou/o-123example/ou-1234-5example",
+            ("aws-us-gov", "arn:aws-us-gov:organizations::123456789012:ou/o-123example/ou-1234-5example"),
+        ),
     ],
 )
 def test_common__split_partition(input, expected_output):

awspub/tests/test_image.py

@@ -478,14 +478,38 @@ def test_image__verify(image_found, config, config_image_name, expected_problems
 
 
 @pytest.mark.parametrize(
-    "partition,imagename,share_list_expected",
+    "partition,imagename,share_list_expected,volume_list_expected",
     [
-        ("aws", "test-image-8", [{"UserId": "123456789123"}, {"UserId": "221020170000"}, {"UserId": "290620200000"}]),
-        ("aws-cn", "test-image-8", [{"UserId": "334455667788"}]),
-        ("aws-us-gov", "test-image-8", []),
+        (
+            "aws",
+            "test-image-8",
+            [
+                {"UserId": "123456789123"},
+                {"UserId": "221020170000"},
+                {"UserId": "290620200000"},
+                {"OrganizationArn": "arn:aws:organizations::123456789012:organization/o-123example"},
+            ],
+            [
+                {"UserId": "123456789123"},
+                {"UserId": "221020170000"},
+                {"UserId": "290620200000"},
+            ],
+        ),
+        (
+            "aws-cn",
+            "test-image-8",
+            [
+                {"UserId": "334455667788"},
+                {"OrganizationalUnitArn": "arn:aws-cn:organizations::334455667788:ou/o-123example/ou-1234-5example"},
+            ],
+            [
+                {"UserId": "334455667788"},
+            ],
+        ),
+        ("aws-us-gov", "test-image-8", [], []),
     ],
 )
-def test_image__share_list_filtered(partition, imagename, share_list_expected):
+def test_image__share_list_filtered(partition, imagename, share_list_expected, volume_list_expected):
     """
     Test _share_list_filtered() for a given image
     """
@@ -494,7 +518,7 @@ def test_image__share_list_filtered(partition, imagename, share_list_expected):
         instance.meta.partition = partition
         ctx = context.Context(curdir / "fixtures/config1.yaml", None)
         img = image.Image(ctx, imagename)
-        assert img._share_list_filtered(img.conf["share"]) == share_list_expected
+        assert img._share_list_filtered(img.conf["share"]) == (share_list_expected, volume_list_expected)
 
 
 @patch("awspub.s3.S3.bucket_region", return_value="region1")

{awspub-0.0.10.dist-info → awspub-0.0.13.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: awspub
-Version: 0.0.10
+Version: 0.0.13
 Summary: Publish images to AWS EC2
 License: GPL-3.0-or-later
 Keywords: AWS,EC2,publication

{awspub-0.0.10.dist-info → awspub-0.0.13.dist-info}/RECORD

@@ -1,11 +1,11 @@
 awspub/__init__.py,sha256=7hgLrq6k53yaJrjFe7X5Cm45z3SIc1Vxocb5k3G8xPc,124
 awspub/api.py,sha256=d1gx9LdqdYXRLf8yZ_spIz_93WhB2GNnCG_x3ABrMkI,6497
 awspub/cli/__init__.py,sha256=-zCBEbnt5zbvSZ8PxQALpPAy0CiQUf-qZnikJ7U4Sf0,5621
-awspub/common.py,sha256=RFNPfPAw_C0mtdEyBoWWMP6n6CyESdakXhzAvDoyAfQ,2340
-awspub/configmodels.py,sha256=_6I_-1YzfJiSY81QWK-T3afiQUMx810lQQ3EjoEVuNg,9396
+awspub/common.py,sha256=FbCngRJPdBc8EnZI9B9p7zQgxzHJkgvByV7i7W-6Srs,2650
+awspub/configmodels.py,sha256=OaU-Mn7HCnwkObO7VIPBJVQJjknJX_-Yh8_glqxb7no,10280
 awspub/context.py,sha256=LDkp9Sz5AqRxQq70ICgFIJn5g2qrc5qiVawTyS_rXZE,4064
 awspub/exceptions.py,sha256=edWb03Gv35nDv3eoQGwI7rvsX5FNZT1otkBV8ly3W1A,613
-awspub/image.py,sha256=RuJ8gOAHhnqGUBEBMT7WYSruI688r_1pOTf0nzzB3tU,27965
+awspub/image.py,sha256=hQPsYHSSGPuK3xyU0INCM1lfMbkcFtmEYvyDD6huwkI,28504
 awspub/image_marketplace.py,sha256=oiD7yNU5quG5CQG9Ql5Ut9hLWA1yewg6qVwTbyadGwc,5314
 awspub/s3.py,sha256=ivR8DuAkYilph73EjFkTgUelkXxU7pZfosnsHHyoZkQ,11274
 awspub/snapshot.py,sha256=V5e_07SnmCwEPjRmwZh43spWparhH8X4ugG16uQfGuo,10040
@@ -15,21 +15,21 @@ awspub/tests/fixtures/config-invalid-s3-extra.yaml,sha256=TdgqE-quxgueXS9L8ixsRu
 awspub/tests/fixtures/config-minimal.yaml,sha256=oHupXHYQXxmqgN2qFCAwvxzR7Bch-3yScrmMXeMIICE,176
 awspub/tests/fixtures/config-valid-nonawspub.yaml,sha256=Md-YINQQRo3kveikUxk8Co9BYIZfDftmPT2LmIqoTL4,330
 awspub/tests/fixtures/config1.vmdk,sha256=YlJHVAi5-e5kRSthHXBqB4gxqZsSPbadFE2HigSIoKg,65536
-awspub/tests/fixtures/config1.yaml,sha256=knkwwBiImVa8vIxurFbKP6hAB4-84_L2bXcxwdsraig,4609
+awspub/tests/fixtures/config1.yaml,sha256=i32F3LibNAlaus-DgSvlKbYwLEZPXW2msOS_LT9VI6Y,4767
 awspub/tests/fixtures/config2-mapping.yaml,sha256=lqJE0ej9DdGsE8O5dqG5PX7bOJrY4nMciXoOzMzV-so,31
 awspub/tests/fixtures/config2.yaml,sha256=m2v-n1T-XPGDHyrJXArC_rYV-ZPMr9cgzHkLXiSRuDs,1250
 awspub/tests/fixtures/config3-duplicate-keys.yaml,sha256=Cn0tTQawpEFocDNpWxDz1651uQa7aw88XjNyPcCG4iQ,324
 awspub/tests/test_api.py,sha256=eC8iqpGFgFygSbqlyWLiLjSW7TwZeEtngJ-g7CPQT7I,2603
 awspub/tests/test_cli.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-awspub/tests/test_common.py,sha256=K61eBmBt8NPqyME8co_dt6dr_yvlw3UZ54klcw7m2RA,1217
+awspub/tests/test_common.py,sha256=zK-JCdJIV7ZQGeef_J-T407Bs062O15gtY3Isgotr_M,2423
 awspub/tests/test_context.py,sha256=wMXQqj4vi2U3q5w1xPV-stB3mp3K6puUyXhsShJG4wA,3115
-awspub/tests/test_image.py,sha256=CNcy8_ySSlPmTl1CwBJncPm4p9TAopUNyjbaNEqemaE,22170
+awspub/tests/test_image.py,sha256=I89Og4inBW9XrX6waYGXDrHBJTKBptTx3os9RP2vnoo,22883
 awspub/tests/test_image_marketplace.py,sha256=JP7PrFjix1AyQg7eEaQ-wCROVoIOb873koseniOqGQQ,1456
 awspub/tests/test_s3.py,sha256=UJL8CQDEvhA42MwPGeSvSbQFj8h86c1LrLFDvcMcRws,2857
 awspub/tests/test_snapshot.py,sha256=8KPTqGVyzrpivWuq3HE7ZhgtLllcr3rA_3hZcxu2xjg,4123
 awspub/tests/test_sns.py,sha256=XdZh0ETwRHSp_77UFkot-07BlS8pKVMEJIs2HS9EdaQ,6622
-awspub-0.0.10.dist-info/LICENSE,sha256=9GbrzFQ3rWjVKj-IZnX1kGDsIGIdjc25KGRmAp03Jn0,35150
-awspub-0.0.10.dist-info/METADATA,sha256=PL0ruNu1TmqFxfyNyK8YrVEZKN5v6_-HkeW4MaeBo_4,1418
-awspub-0.0.10.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
-awspub-0.0.10.dist-info/entry_points.txt,sha256=hrQzy9P5yO58nj6W0UDPdQPUTqEkQLpMvuyDDRu7LRQ,42
-awspub-0.0.10.dist-info/RECORD,,
+awspub-0.0.13.dist-info/LICENSE,sha256=9GbrzFQ3rWjVKj-IZnX1kGDsIGIdjc25KGRmAp03Jn0,35150
+awspub-0.0.13.dist-info/METADATA,sha256=mAcD3dq3k0nCko-lHlYg9mwYalkyQ8n-nyMPuI4K-Wk,1418
+awspub-0.0.13.dist-info/WHEEL,sha256=XbeZDeTWKc1w7CSIyre5aMDU_-PohRwTQceYnisIYYY,88
+awspub-0.0.13.dist-info/entry_points.txt,sha256=hrQzy9P5yO58nj6W0UDPdQPUTqEkQLpMvuyDDRu7LRQ,42
+awspub-0.0.13.dist-info/RECORD,,

{awspub-0.0.10.dist-info → awspub-0.0.13.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: poetry-core 2.0.1
+Generator: poetry-core 2.1.1
 Root-Is-Purelib: true
 Tag: py3-none-any