cdk-factory 0.15.10__py3-none-any.whl → 0.18.9__py3-none-any.whl

cdk_factory/pipeline/pipeline_factory.py

@@ -5,6 +5,7 @@ Geek Cafe Pipeline
 import os
 from pathlib import Path
 from typing import List, Dict, Any
+import yaml
 
 import aws_cdk as cdk
 from aws_cdk import aws_codebuild as codebuild
@@ -84,6 +85,9 @@ class PipelineFactoryStack(IStack):
 
         self.deployment_waves: Dict[str, pipelines.Wave] = {}
 
+        # Cache created sources keyed by repo+branch to avoid duplicate node IDs
+        self._source_cache: Dict[str, pipelines.CodePipelineSource] = {}
+
     @property
     def aws_code_pipeline(self) -> pipelines.CodePipeline:
         """AWS Code Pipeline"""
@@ -114,7 +118,7 @@ class PipelineFactoryStack(IStack):
                     f"\t🚨 Deployment for Environment: {deployment.environment} "
                     f"is disabled."
                 )
-        if len(pipeline_deployments) == 0:
+        if not pipeline_deployments:
             print(f"\t⛔️ No Pipeline Deployments configured for {self.workload.name}.")
 
         return len(pipeline_deployments)
@@ -207,12 +211,12 @@ class PipelineFactoryStack(IStack):
                 stage_config=stage, pipeline_stage=pipeline_stage, deployment=deployment
             )
             # add the stacks to a wave or a regular
-            pre_steps = self._get_pre_steps(stage)
-            post_steps = self._get_post_steps(stage)
+            pre_steps = self._get_pre_steps(stage, deployment)
+            post_steps = self._get_post_steps(stage, deployment)
             wave_name = stage.wave_name
 
             # if we don't have any stacks we'll need to use the wave
-            if len(stage.stacks) == 0:
+            if not stage.stacks:
                 wave_name = stage.name
 
             if wave_name:
@@ -237,16 +241,16 @@ class PipelineFactoryStack(IStack):
                 )
 
     def _get_pre_steps(
-        self, stage_config: PipelineStageConfig
+        self, stage_config: PipelineStageConfig, deployment: DeploymentConfig
     ) -> List[pipelines.ShellStep]:
-        return self._get_steps("pre_steps", stage_config)
+        return self._get_steps("pre_steps", stage_config, deployment)
 
     def _get_post_steps(
-        self, stage_config: PipelineStageConfig
+        self, stage_config: PipelineStageConfig, deployment: DeploymentConfig
     ) -> List[pipelines.ShellStep]:
-        return self._get_steps("post_steps", stage_config)
+        return self._get_steps("post_steps", stage_config, deployment)
 
-    def _get_steps(self, key: str, stage_config: PipelineStageConfig):
+    def _get_steps(self, key: str, stage_config: PipelineStageConfig, deployment: DeploymentConfig):
         """
         Gets the build steps from the config.json.
 
@@ -255,29 +259,219 @@ class PipelineFactoryStack(IStack):
         - A single multi-line string (treated as a single script block)
 
         This allows support for complex shell constructs like if blocks, loops, etc.
+        
+        For builds with source/buildspec/environment, creates CodeBuildStep instead of ShellStep.
         """
-        shell_steps: List[pipelines.ShellStep] = []
+        shell_steps: List[pipelines.Step] = []
+
+        # Only process builds if this stage explicitly defines them
+        if not stage_config.dictionary.get("builds"):
+            return shell_steps
 
         for build in stage_config.builds:
             if str(build.get("enabled", "true")).lower() == "true":
-                steps = build.get(key, [])
-                step: Dict[str, Any]
-                for step in steps:
-                    step_id = step.get("id") or step.get("name")
-                    commands = step.get("commands", [])
-
-                    # Normalize commands to a list
-                    # If commands is a single string, wrap it in a list
-                    if isinstance(commands, str):
-                        commands = [commands]
-
-                    shell_step = pipelines.ShellStep(
-                        id=step_id,
-                        commands=commands,
-                    )
-                    shell_steps.append(shell_step)
+                # Check if this is a CodeBuild step (has source, buildspec, or environment)
+                if build.get("source") or build.get("buildspec") or build.get("environment"):
+                    # Create CodeBuildStep for external builds
+                    codebuild_step = self._create_codebuild_step(build, key, deployment, stage_config.name)
+                    if codebuild_step:
+                        shell_steps.append(codebuild_step)
+                else:
+                    # Create traditional ShellStep for inline commands
+                    steps = build.get(key, [])
+                    step: Dict[str, Any]
+                    for step in steps:
+                        step_id = step.get("id") or step.get("name")
+                        commands = step.get("commands", [])
+
+                        # Normalize commands to a list
+                        # If commands is a single string, wrap it in a list
+                        if isinstance(commands, str):
+                            commands = [commands]
+
+                        shell_step = pipelines.ShellStep(
+                            id=step_id,
+                            commands=commands,
+                        )
+                        shell_steps.append(shell_step)
 
         return shell_steps
+    
+    def _create_codebuild_step(self, build: Dict[str, Any], key: str, deployment: DeploymentConfig, stage_name: str) -> pipelines.CodeBuildStep:
+        """
+        Creates a CodeBuildStep for builds that specify source, buildspec, or environment.
+        
+        Supports:
+        - External GitHub repositories (public and private)
+        - Custom buildspec files
+        - Environment configuration (compute type, image, privileged mode)
+        - Environment variables
+        - GitHub authentication via CodeConnections
+        """
+        build_name = build.get("name", "custom-build")
+        
+        # Parse source configuration
+        source_config = build.get("source", {})
+        source_type = source_config.get("type", "GITHUB").upper()
+        source_location = source_config.get("location")
+        source_branch = source_config.get("branch", "main")
+        
+        # Determine if this is the right step type (pre or post)
+        # Only create the step if it's supposed to run at this point
+        # For now, assume CodeBuild steps run as pre_steps by default
+        if key != "pre_steps":
+            return None
+        
+        if not source_location:
+            logger.warning(f"Build '{build_name}' has no source location specified, skipping")
+            return None
+        
+        # Parse buildspec
+        # If a buildspec path is specified, try to load it locally and convert to from_object()
+        buildspec_path = build.get("buildspec")
+        buildspec = None
+
+        if buildspec_path:
+            try:
+                candidate = Path(buildspec_path)
+                if not candidate.is_file():
+                    # Try relative to cwd
+                    candidate = Path(os.getcwd()) / buildspec_path
+                if candidate.is_file():
+                    with candidate.open("r", encoding="utf-8") as f:
+                        yml = yaml.safe_load(f)
+                    if isinstance(yml, dict):
+                        buildspec = codebuild.BuildSpec.from_object(yml)
+                    else:
+                        raise ValueError("Parsed buildspec YAML is not a dictionary")
+                else:
+                    raise FileNotFoundError(f"Buildspec file not found: {buildspec_path}")
+            except Exception as exc:
+                raise RuntimeError(f"Failed to load buildspec from '{buildspec_path}': {exc}")
+        else:
+            # No buildspec specified - check for inline commands
+            inline_commands = build.get("commands", [])
+            if isinstance(inline_commands, str):
+                inline_commands = [inline_commands]
+            if inline_commands:
+                # Create inline buildspec from commands
+                buildspec = codebuild.BuildSpec.from_object({
+                    "version": "0.2",
+                    "phases": {
+                        "build": {
+                            "commands": inline_commands
+                        }
+                    }
+                })
+        
+        # Parse environment configuration
+        env_config = build.get("environment", {})
+        compute_type_str = env_config.get("compute_type", "BUILD_GENERAL1_SMALL")
+        
+        # Map string to CDK enum
+        compute_type_map = {
+            "BUILD_GENERAL1_SMALL": codebuild.ComputeType.SMALL,
+            "BUILD_GENERAL1_MEDIUM": codebuild.ComputeType.MEDIUM,
+            "BUILD_GENERAL1_LARGE": codebuild.ComputeType.LARGE,
+            "BUILD_GENERAL1_2XLARGE": codebuild.ComputeType.X2_LARGE,
+        }
+        compute_type = compute_type_map.get(compute_type_str, codebuild.ComputeType.SMALL)
+        
+        build_image_str = env_config.get("image", "aws/codebuild/standard:7.0")
+        privileged_mode = env_config.get("privileged_mode", False)
+        
+        # Parse build image
+        if build_image_str.startswith("aws/codebuild/standard:"):
+            version = build_image_str.split(":")[-1]
+            build_image = codebuild.LinuxBuildImage.from_code_build_image_id(f"aws/codebuild/standard:{version}")
+        else:
+            build_image = codebuild.LinuxBuildImage.from_code_build_image_id(build_image_str)
+        
+        # Parse environment variables
+        env_vars_list = build.get("environment_variables", [])
+        env_vars = {}
+        for env_var in env_vars_list:
+            var_name = env_var.get("name")
+            var_value = env_var.get("value")
+            var_type = env_var.get("type", "PLAINTEXT")
+            
+            if var_name and var_value is not None:
+                if var_type == "PLAINTEXT":
+                    env_vars[var_name] = codebuild.BuildEnvironmentVariable(value=str(var_value))
+                elif var_type == "PARAMETER_STORE":
+                    env_vars[var_name] = codebuild.BuildEnvironmentVariable(
+                        value=str(var_value),
+                        type=codebuild.BuildEnvironmentVariableType.PARAMETER_STORE
+                    )
+                elif var_type == "SECRETS_MANAGER":
+                    env_vars[var_name] = codebuild.BuildEnvironmentVariable(
+                        value=str(var_value),
+                        type=codebuild.BuildEnvironmentVariableType.SECRETS_MANAGER
+                    )
+        
+        # Create build environment
+        build_environment = codebuild.BuildEnvironment(
+            build_image=build_image,
+            compute_type=compute_type,
+            privileged=privileged_mode,
+            environment_variables=env_vars
+        )
+        
+        # Determine input source
+        if source_type == "GITHUB":
+            # GitHub source - supports both public and private repos
+            # For private repos, use the workload's code repository connection
+            repo_string = self._parse_github_repo_string(source_location)
+            cache_key = f"{repo_string}:{source_branch}"
+            input_source = self._source_cache.get(cache_key)
+            if not input_source:
+                input_source = pipelines.CodePipelineSource.connection(
+                    repo_string=repo_string,
+                    branch=source_branch,
+                    connection_arn=self.workload.devops.code_repository.connector_arn,
+                    action_name=f"{build_name}",
+                )
+                self._source_cache[cache_key] = input_source
+        else:
+            logger.warning(f"Unsupported source type '{source_type}' for build '{build_name}'")
+            return None
+        
+        # Create CodeBuildStep
+        logger.info(f"Creating CodeBuildStep '{build_name}' with source from {source_location}")
+        
+        # CodeBuildStep requires 'commands' param; when using a buildspec (repo or inline)
+        # we pass an empty list so only the buildspec runs
+        commands: List[str] = []
+        
+        codebuild_step = pipelines.CodeBuildStep(
+            id=f"{build_name}-{stage_name}",
+            input=input_source,
+            commands=commands,
+            build_environment=build_environment,
+            partial_build_spec=buildspec,
+        )
+        
+        return codebuild_step
+    
+    def _parse_github_repo_string(self, location: str) -> str:
+        """
+        Converts GitHub URL to org/repo format.
+        
+        Examples:
+        - https://github.com/geekcafe/myrepo.git -> geekcafe/myrepo
+        - https://github.com/geekcafe/myrepo -> geekcafe/myrepo
+        - geekcafe/myrepo -> geekcafe/myrepo
+        """
+        if location.startswith("https://github.com/"):
+            # Remove https://github.com/ prefix
+            repo_string = location.replace("https://github.com/", "")
+            # Remove .git suffix if present
+            if repo_string.endswith(".git"):
+                repo_string = repo_string[:-4]
+            return repo_string
+        else:
+            # Assume it's already in org/repo format
+            return location
 
     def __setup_stacks(
         self,
@@ -305,6 +499,7 @@ class PipelineFactoryStack(IStack):
                     scope=pipeline_stage,
                     id=stack_config.name,
                     deployment=deployment,
+                    stack_config=stack_config,
                     add_env_context=self.add_env_context,
                     **kwargs,
                 )
@@ -324,7 +519,7 @@ class PipelineFactoryStack(IStack):
                     f"\t\t ⚠️ Stack {stack_config.name} is disabled in stage: {stage_config.name}"
                 )
 
-        if len(cf_stacks) == 0:
+        if not cf_stacks:
             print(f"\t\t ⚠️ No stacks added to stage: {stage_config.name}")
             print(f"\t\t ⚠️ Internal Stack Count: {len(stage_config.stacks)}")
 

cdk_factory/stack/stack_factory.py

@@ -11,10 +11,28 @@ from cdk_factory.interfaces.istack import IStack
 from cdk_factory.stack.stack_module_loader import ModuleLoader
 from cdk_factory.stack.stack_module_registry import modules
 from cdk_factory.configurations.deployment import DeploymentConfig
+from cdk_factory.configurations.stack import StackConfig
 
 
 class StackFactory:
     """Stack Factory"""
+    
+    # Default descriptions by module type
+    DEFAULT_DESCRIPTIONS = {
+        "vpc_stack": "VPC infrastructure with public and private subnets across multiple availability zones",
+        "security_group_stack": "Security groups for network access control",
+        "security_group_full_stack": "Security groups for ALB, ECS, RDS, and monitoring",
+        "rds_stack": "Managed relational database instance with automated backups",
+        "s3_bucket_stack": "S3 bucket for object storage",
+        "media_bucket_stack": "S3 bucket for media asset storage with CDN integration",
+        "static_website_stack": "Static website hosted on S3 with CloudFront distribution",
+        "ecs_service_stack": "ECS service with auto-scaling and load balancing",
+        "lambda_stack": "Lambda function for serverless compute",
+        "api_gateway_stack": "API Gateway for REST API endpoints",
+        "cloudfront_stack": "CloudFront CDN distribution",
+        "monitoring_stack": "CloudWatch monitoring, alarms, and dashboards",
+        "ecr_stack": "Elastic Container Registry for Docker images",
+    }
 
     def __init__(self):
         ml: ModuleLoader = ModuleLoader()
@@ -27,6 +45,7 @@ class StackFactory:
         scope,
         id: str,  # pylint: disable=redefined-builtin
         deployment: Optional[DeploymentConfig] = None,
+        stack_config: Optional[StackConfig] = None,
         add_env_context: bool = True,
         **kwargs,
     ) -> IStack:
@@ -40,6 +59,12 @@ class StackFactory:
         if deployment and add_env_context:
             env_kwargs = self._get_environment_kwargs(deployment)
             kwargs.update(env_kwargs)
+        
+        # Add description if not already provided in kwargs
+        if "description" not in kwargs:
+            description = self._get_stack_description(module_name, stack_config)
+            if description:
+                kwargs["description"] = description
 
         module = stack_class(scope=scope, id=id, **kwargs)
 
@@ -52,3 +77,12 @@ class StackFactory:
             region=deployment.region
         )
         return {"env": env}
+    
+    def _get_stack_description(self, module_name: str, stack_config: Optional[StackConfig] = None) -> Optional[str]:
+        """Get stack description from config or default"""
+        # First check if stack_config has a description
+        if stack_config and stack_config.description:
+            return stack_config.description
+        
+        # Otherwise use default description based on module type
+        return self.DEFAULT_DESCRIPTIONS.get(module_name)

cdk_factory/stack_library/__init__.py

@@ -12,9 +12,10 @@ paths = []
 
 try:
     paths = __path__
-except:  # noqa: E722, pylint: disable=bare-except
+except (AttributeError, ImportError) as e:
+    # Fallback to using os.path if __path__ is not available
     import os
-
+    
     paths.append(os.path.dirname(__file__))
 
 

cdk_factory/stack_library/acm/__init__.py

@@ -0,0 +1,6 @@
+"""
+ACM Stack Module
+"""
+from .acm_stack import AcmStack
+
+__all__ = ["AcmStack"]

cdk_factory/stack_library/acm/acm_stack.py

@@ -0,0 +1,169 @@
+"""
+ACM (AWS Certificate Manager) Stack Pattern for CDK-Factory
+Maintainers: Eric Wilson
+MIT License. See Project Root for the license information.
+"""
+
+from typing import Dict, Any, List, Optional
+
+import aws_cdk as cdk
+from aws_cdk import aws_certificatemanager as acm
+from aws_cdk import aws_route53 as route53
+from aws_lambda_powertools import Logger
+from constructs import Construct
+
+from cdk_factory.configurations.deployment import DeploymentConfig
+from cdk_factory.configurations.stack import StackConfig
+from cdk_factory.configurations.resources.acm import AcmConfig
+from cdk_factory.interfaces.istack import IStack
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
+from cdk_factory.stack.stack_module_registry import register_stack
+from cdk_factory.workload.workload_factory import WorkloadConfig
+
+logger = Logger(service="AcmStack")
+
+
+@register_stack("acm_stack")
+@register_stack("certificate_stack")
+class AcmStack(IStack, StandardizedSsmMixin):
+    """
+    Reusable stack for AWS Certificate Manager.
+    Supports creating ACM certificates with DNS validation via Route53.
+    """
+
+    def __init__(self, scope: Construct, id: str, **kwargs) -> None:
+        super().__init__(scope, id, **kwargs)
+        self.acm_config = None
+        self.stack_config = None
+        self.deployment = None
+        self.workload = None
+        self.certificate = None
+        self.hosted_zone = None
+
+    def build(
+        self,
+        stack_config: StackConfig,
+        deployment: DeploymentConfig,
+        workload: WorkloadConfig,
+    ) -> None:
+        """Build the ACM Certificate stack"""
+        self._build(stack_config, deployment, workload)
+
+    def _build(
+        self,
+        stack_config: StackConfig,
+        deployment: DeploymentConfig,
+        workload: WorkloadConfig,
+    ) -> None:
+        """Internal build method for the ACM Certificate stack"""
+        self.stack_config = stack_config
+        self.deployment = deployment
+        self.workload = workload
+        self.acm_config = AcmConfig(
+            stack_config.dictionary.get("certificate", {}), deployment
+        )
+        
+        cert_name = deployment.build_resource_name(self.acm_config.name)
+
+        # Get or import hosted zone for DNS validation
+        if self.acm_config.hosted_zone_id:
+            self.hosted_zone = self._get_hosted_zone()
+        
+        # Create the certificate
+        self.certificate = self._create_certificate(cert_name)
+
+        # Export certificate ARN to SSM
+        self._export_certificate_arn(cert_name)
+
+        # Add outputs
+        self._add_outputs(cert_name)
+
+    def _get_hosted_zone(self) -> route53.IHostedZone:
+        """Get the Route53 hosted zone for DNS validation"""
+        if self.acm_config.hosted_zone_id:
+            return route53.HostedZone.from_hosted_zone_attributes(
+                self,
+                "HostedZone",
+                hosted_zone_id=self.acm_config.hosted_zone_id,
+                zone_name=self.acm_config.domain_name,
+            )
+        else:
+            raise ValueError(
+                "hosted_zone_id is required for DNS validation. "
+                "Provide it in the certificate configuration."
+            )
+
+    def _create_certificate(self, cert_name: str) -> acm.Certificate:
+        """Create an ACM certificate with DNS validation"""
+        
+        # Prepare certificate properties
+        cert_props = {
+            "domain_name": self.acm_config.domain_name,
+        }
+        
+        # Add DNS validation if hosted zone is available
+        if self.hosted_zone:
+            cert_props["validation"] = acm.CertificateValidation.from_dns(
+                self.hosted_zone
+            )
+        
+        # Add subject alternative names if provided
+        if self.acm_config.subject_alternative_names:
+            cert_props["subject_alternative_names"] = (
+                self.acm_config.subject_alternative_names
+            )
+
+        certificate = acm.Certificate(
+            self,
+            cert_name,
+            **cert_props
+        )
+
+        # Add tags
+        for key, value in self.acm_config.tags.items():
+            cdk.Tags.of(certificate).add(key, value)
+
+        logger.info(f"Created certificate for domain: {self.acm_config.domain_name}")
+        
+        return certificate
+
+    def _export_certificate_arn(self, cert_name: str) -> None:
+        """Export certificate ARN to SSM Parameter Store"""
+        ssm_exports = self.acm_config.ssm_exports
+        
+        if not ssm_exports:
+            logger.debug("No SSM exports configured for certificate")
+            return
+        
+        # Export certificate ARN
+        if "certificate_arn" in ssm_exports:
+            param_name = ssm_exports["certificate_arn"]
+            if not param_name.startswith("/"):
+                param_name = f"/{param_name}"
+            
+            self.export_ssm_parameter(
+                scope=self,
+                id=f"{cert_name}-cert-arn-param",
+                value=self.certificate.certificate_arn,
+                parameter_name=param_name,
+                description=f"Certificate ARN for {self.acm_config.domain_name}",
+            )
+            logger.info(f"Exported certificate ARN to SSM: {param_name}")
+
+    def _add_outputs(self, cert_name: str) -> None:
+        """Add CloudFormation outputs"""
+        cdk.CfnOutput(
+            self,
+            "CertificateArn",
+            value=self.certificate.certificate_arn,
+            description=f"Certificate ARN for {self.acm_config.domain_name}",
+            export_name=f"{cert_name}-arn",
+        )
+        
+        cdk.CfnOutput(
+            self,
+            "DomainName",
+            value=self.acm_config.domain_name,
+            description="Primary domain name for the certificate",
+            export_name=f"{cert_name}-domain",
+        )