dbt-platform-helper 10.10.0__py3-none-any.whl → 10.11.1__py3-none-any.whl

dbt_platform_helper/commands/environment.py

@@ -250,7 +250,7 @@ def get_cert_arn(session, application, env_name):
     return arn
 
 
-def get_env_ips(vpc: str, application_environment: Environment):
+def get_env_ips(vpc: str, application_environment: Environment) -> List[str]:
     account_name = f"{application_environment.session.profile_name}-vpc"
     vpc_name = vpc if vpc else account_name
     ssm_client = application_environment.session.client("ssm")
@@ -275,8 +275,6 @@ def generate(name, vpc_name):
         )
         raise click.Abort
 
-    session = get_aws_session_or_abort()
-
     try:
         conf = load_and_validate_platform_config()
     except SchemaError as ex:
@@ -284,6 +282,9 @@ def generate(name, vpc_name):
         raise click.Abort
 
     env_config = apply_environment_defaults(conf)["environments"][name]
+    profile_for_environment = env_config.get("accounts", {}).get("deploy", {}).get("name")
+    click.secho(f"Using {profile_for_environment} for this AWS session")
+    session = get_aws_session_or_abort(profile_for_environment)
 
     _generate_copilot_environment_manifests(name, conf["application"], env_config, session)
 
@@ -482,11 +483,8 @@ def delete_listener_rule(tag_descriptions: list, tag_name: str, lb_client: boto3
         tags = {t["Key"]: t["Value"] for t in description["Tags"]}
         if tags.get("name") == tag_name:
             current_rule_arn = description["ResourceArn"]
-
-    if not current_rule_arn:
-        return current_rule_arn
-
-    lb_client.delete_rule(RuleArn=current_rule_arn)
+            if current_rule_arn:
+                lb_client.delete_rule(RuleArn=current_rule_arn)
 
     return current_rule_arn
 
@@ -500,7 +498,7 @@ def remove_maintenance_page(session: boto3.Session, listener_arn: str):
         "TagDescriptions"
     ]
 
-    for name in ["MaintenancePage", "AllowedIps", "BypassIpFilter"]:
+    for name in ["MaintenancePage", "AllowedIps", "BypassIpFilter", "AllowedSourceIps"]:
         deleted = delete_listener_rule(tag_descriptions, name, lb_client)
 
         if name == "MaintenancePage" and not deleted:
@@ -520,15 +518,7 @@ def get_rules_tag_descriptions(rules: list, lb_client):
     return tag_descriptions
 
 
-def create_header_rule(
-    lb_client: boto3.client,
-    listener_arn: str,
-    target_group_arn: str,
-    header_name: str,
-    values: list,
-    rule_name: str,
-    priority: int,
-):
+def get_host_conditions(lb_client: boto3.client, listener_arn: str, target_group_arn: str):
     rules = lb_client.describe_rules(ListenerArn=listener_arn)["Rules"]
 
     # Get current set of forwarding conditions for the target group
@@ -549,6 +539,20 @@ def create_header_rule(
         v for v in conditions[0]["HostHeaderConfig"]["Values"]
     ]
 
+    return conditions
+
+
+def create_header_rule(
+    lb_client: boto3.client,
+    listener_arn: str,
+    target_group_arn: str,
+    header_name: str,
+    values: list,
+    rule_name: str,
+    priority: int,
+):
+    conditions = get_host_conditions(lb_client, listener_arn, target_group_arn)
+
     # add new condition to existing conditions
     combined_conditions = [
         {
@@ -573,6 +577,40 @@ def create_header_rule(
     )
 
 
+def create_source_ip_rule(
+    lb_client: boto3.client,
+    listener_arn: str,
+    target_group_arn: str,
+    values: list,
+    rule_name: str,
+    priority: int,
+):
+    conditions = get_host_conditions(lb_client, listener_arn, target_group_arn)
+
+    # add new condition to existing conditions
+    combined_conditions = [
+        {
+            "Field": "source-ip",
+            "SourceIpConfig": {"Values": [value + "/32" for value in values]},
+        }
+    ] + conditions
+
+    lb_client.create_rule(
+        ListenerArn=listener_arn,
+        Priority=priority,
+        Conditions=combined_conditions,
+        Actions=[{"Type": "forward", "TargetGroupArn": target_group_arn}],
+        Tags=[
+            {"Key": "name", "Value": rule_name},
+        ],
+    )
+
+    click.secho(
+        f"Creating listener rule {rule_name} for HTTPS Listener with arn {listener_arn}.\n\nIf request source ip matches one of the values {values}, the request will be forwarded to target group with arn {target_group_arn}.",
+        fg="green",
+    )
+
+
 def add_maintenance_page(
     session: boto3.Session,
     listener_arn: str,
@@ -608,6 +646,14 @@ def add_maintenance_page(
                 "AllowedIps",
                 forwarded_rule_priority,
             )
+            create_source_ip_rule(
+                lb_client,
+                listener_arn,
+                target_group_arn,
+                [ip],
+                "AllowedSourceIps",
+                forwarded_rule_priority + 1,
+            )
 
         bypass_rule_priority = service_number
         create_header_rule(

dbt_platform_helper/templates/addons/env/redis-cluster.yml

@@ -35,20 +35,6 @@ Mappings:
       CacheParameterGroupFamily: 'redis7.x'
     '6.2':
       CacheParameterGroupFamily: 'redis6.x'
-    '6.0':
-      CacheParameterGroupFamily: 'redis6.x'
-    '5.0.6':
-      CacheParameterGroupFamily: 'redis5.0'
-    '5.0.4':
-      CacheParameterGroupFamily: 'redis5.0'
-    '5.0.3':
-      CacheParameterGroupFamily: 'redis5.0'
-    '5.0.0':
-      CacheParameterGroupFamily: 'redis5.0'
-    '4.0.10':
-      CacheParameterGroupFamily: 'redis4.0'
-    '3.2.6':
-      CacheParameterGroupFamily: 'redis3.2'
 
 Conditions:
   {{ addon_config.prefix }}HasAutomaticFailoverEnabled: !Not [!Equals [!FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, NumReplicas], 0]]

dbt_platform_helper/templates/pipelines/codebase/overrides/stack.ts

@@ -84,7 +84,7 @@ export class TransformedStack extends cdk.Stack {
             envVars.push({name: 'ADDITIONAL_ECR_REPOSITORY', value: this.additionalEcrRepository()});
         }
 
-        new cdk.aws_codebuild.CfnProject(this, 'ImageBuildProject', {
+        const imageBuildProject: cdk.aws_codebuild.CfnProject = new cdk.aws_codebuild.CfnProject(this, 'ImageBuildProject', {
             name: `codebuild-${this.appName}-${this.pipelineManifest.name}`,
             description: `Publish images on push to ${this.codebaseConfiguration.repository}`,
             badgeEnabled: true,
@@ -122,6 +122,9 @@ export class TransformedStack extends cdk.Stack {
                 )),
             },
         });
+
+        imageBuildProject.node.addDependency(this.template.getResource("BuildProjectRole") as cdk.aws_iam.CfnRole);
+        imageBuildProject.node.addDependency(this.template.getResource("BuildProjectPolicy") as cdk.aws_iam.CfnPolicy);
     }
 
     private createECRRepository() {
@@ -403,7 +406,10 @@ export class TransformedStack extends cdk.Stack {
         const buildProjectPolicy = this.template.getResource("BuildProjectPolicy") as cdk.aws_iam.CfnPolicy;
         (buildProjectPolicy.policyDocument.Statement as Array<any>).push({
             Effect: 'Allow',
-            Action: ['codestar-connections:UseConnection'],
+            Action: [
+                'codestar-connections:GetConnectionToken',
+                'codestar-connections:UseConnection',
+            ],
             Resource: [this.codestarConnection.arn],
         });
     }

dbt_platform_helper/utils/validation.py

@@ -180,7 +180,7 @@ REDIS_PLANS = Or(
     "x-large-ha",
 )
 
-REDIS_ENGINE_VERSIONS = Or("4.0.10", "5.0.6", "6.0", "6.2", "7.0", "7.1")
+REDIS_ENGINE_VERSIONS = Or("6.2", "7.0", "7.1")
 
 REDIS_DEFINITION = {
     "type": "redis",

{dbt_platform_helper-10.10.0.dist-info → dbt_platform_helper-10.11.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dbt-platform-helper
-Version: 10.10.0
+Version: 10.11.1
 Summary: Set of tools to help transfer applications/services from GOV.UK PaaS to DBT PaaS augmenting AWS Copilot.
 License: MIT
 Author: Department for Business and Trade Platform Team

{dbt_platform_helper-10.10.0.dist-info → dbt_platform_helper-10.11.1.dist-info}/RECORD

@@ -12,7 +12,7 @@ dbt_platform_helper/commands/config.py,sha256=NOHea7OAjrl6XHlW6HMLn0m0T5lFPyNH3H
 dbt_platform_helper/commands/copilot.py,sha256=euid0FTlVtwKmBQ6vxt_HxtBdRYiVQvb-9CyrK1-MWc,16724
 dbt_platform_helper/commands/database.py,sha256=-DacXZ2LhwV3CRukG35urEU2TuNVZHppUA3EhbBNjUs,4840
 dbt_platform_helper/commands/dns.py,sha256=o7PkvHktZo0jmqbx0krJTL0R4GtWSf1rF2KDEWor8Ts,35211
-dbt_platform_helper/commands/environment.py,sha256=MJcqYBGxMl3oZIJqnbUNNBbwi5WCShLujMUFgGlmzy8,23147
+dbt_platform_helper/commands/environment.py,sha256=VNr7G1QstM8INGs8jOxL1jQRqDcWx2Q0jaaBXtbHhys,24819
 dbt_platform_helper/commands/generate.py,sha256=YLCPb-xcPapGcsLn-7d1Am7BpGp5l0iecIDTOdNGjHk,722
 dbt_platform_helper/commands/notify.py,sha256=kVJ0s78QMiaEWPVKu_bbMko4DW2uJy2fu8-HNJsglyk,3748
 dbt_platform_helper/commands/pipeline.py,sha256=jQGwCRpJ_hXK988XmLHzRBHDWmhFzZb37wa75KuSd0M,5945
@@ -38,7 +38,7 @@ dbt_platform_helper/templates/addons/env/aurora-postgres.yml,sha256=El0jTaWqWy5C
 dbt_platform_helper/templates/addons/env/monitoring.yml,sha256=ZjvKhrhg6hIoQ51n0jl94z5I8ue_XQp-sypsDVQLiwY,6085
 dbt_platform_helper/templates/addons/env/opensearch.yml,sha256=Ay0IAE8AWMEUjBRpMWyI4qLFmdwNkQwAN1ciTnuKb5c,10874
 dbt_platform_helper/templates/addons/env/rds-postgres.yml,sha256=uz7I9u8c-25ergwzNe1EQTT9TadlekeRyhgdpyNbCOo,25645
-dbt_platform_helper/templates/addons/env/redis-cluster.yml,sha256=dx6dYniLdhcX-hnSF6RKaO5ZWewAOYqHgX_MMhPkcjs,7634
+dbt_platform_helper/templates/addons/env/redis-cluster.yml,sha256=lUqoNgomx5FzoAplRcqT1BDMeXHTXZ16Or5Xd0Sz2eg,7236
 dbt_platform_helper/templates/addons/env/s3.yml,sha256=E0ikzN7ztk61rPjUXoKbAujgWcm6MRiDfHzShflBQPA,7758
 dbt_platform_helper/templates/addons/env/vpc.yml,sha256=Bi-RDr58u-X5J6VHRUxSKDCJ0ddbY79gec6kB69sz8w,3679
 dbt_platform_helper/templates/addons/svc/appconfig-ipfilter.yml,sha256=nBIXV4um4jIvXs3Q5QycHqVpJODK5yg_M-xJT6AOBKE,977
@@ -68,7 +68,7 @@ dbt_platform_helper/templates/pipelines/codebase/overrides/buildspec.image.yml,s
 dbt_platform_helper/templates/pipelines/codebase/overrides/cdk.json,sha256=ZbvoQdcj_k9k1GAD9qHUQcDfQPbMcBPjJwt2mu_S6ho,339
 dbt_platform_helper/templates/pipelines/codebase/overrides/package-lock.json,sha256=Is83o58QXbeg2SkHmR79ATt91aFhVbO7kb1VF0qXpY8,152671
 dbt_platform_helper/templates/pipelines/codebase/overrides/package.json,sha256=XB0Pf63NSsGyowkPGTl1Nki167nRDXJdnxLSN3S_lQg,536
-dbt_platform_helper/templates/pipelines/codebase/overrides/stack.ts,sha256=ugImQjc15sBCvQSbciOeHX2lnoTY_dkepjwFn5ueNNo,21117
+dbt_platform_helper/templates/pipelines/codebase/overrides/stack.ts,sha256=v9m6EziRgFnrhF7inbr1KtuOh75FeC054vaWMoAi-qg,21500
 dbt_platform_helper/templates/pipelines/codebase/overrides/tsconfig.json,sha256=k6KabP-WwhFNgA1AFHNuonTEAnES6eR74jUuYUJEGOM,651
 dbt_platform_helper/templates/pipelines/codebase/overrides/types.ts,sha256=8cp5xl_CIMH5TPvwlw9UBPKwfntcsu-lTAjbL5uylgw,1257
 dbt_platform_helper/templates/pipelines/environments/buildspec.yml,sha256=hTCUhSfrnTUMOpUo8EjQmvit2aX7J0cKNeqV2DChaA0,3365
@@ -93,11 +93,11 @@ dbt_platform_helper/utils/manifests.py,sha256=ji3UYHCxq9tTpkm4MlRa2y0-JOYYqq1pWZ
 dbt_platform_helper/utils/messages.py,sha256=aLx6s9utt__IqlDdeIYq4n82ERwludu2Zfqy0Q2t-x8,115
 dbt_platform_helper/utils/platform_config.py,sha256=dEGB6peHB1ywYSdS71JGxbWIuTFRaeQfWelksX9v6bQ,608
 dbt_platform_helper/utils/template.py,sha256=raRx4QUCVJtKfvJK08Egg6gwWcs3r3V4nPWcJW4xNhA,574
-dbt_platform_helper/utils/validation.py,sha256=_1bAnM4GG1MM2xXSGs0IQE2Vwaa-GkueROltIK6Wce8,23725
+dbt_platform_helper/utils/validation.py,sha256=2XMizmCGk4oTVU67q72cdc8eyOzL0wxhe7DframhQ8Q,23699
 dbt_platform_helper/utils/versioning.py,sha256=h3veQpFoiOjYY9dRVppcBDzVfgZerT0lXuE9QCTo5-c,10710
 platform_helper.py,sha256=zjsZKcbyrEQbKfERi0JG8JEL-MgG6EjxIMiWT66kCVg,2299
-dbt_platform_helper-10.10.0.dist-info/LICENSE,sha256=dP79lN73--7LMApnankTGLqDbImXg8iYFqWgnExGkGk,1090
-dbt_platform_helper-10.10.0.dist-info/METADATA,sha256=EmVJYENHMaKlcdGSzBcWke2zNzTgtV_O_L3DFrqSAIU,3127
-dbt_platform_helper-10.10.0.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-dbt_platform_helper-10.10.0.dist-info/entry_points.txt,sha256=QhbY8F434A-onsg0-FsdMd2U6HKh6Q7yCFFZrGUh5-M,67
-dbt_platform_helper-10.10.0.dist-info/RECORD,,
+dbt_platform_helper-10.11.1.dist-info/LICENSE,sha256=dP79lN73--7LMApnankTGLqDbImXg8iYFqWgnExGkGk,1090
+dbt_platform_helper-10.11.1.dist-info/METADATA,sha256=w_Z_ceQ6vEi6-lewix-jJzTAamSZN_cm2jrYf9JbUBg,3127
+dbt_platform_helper-10.11.1.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+dbt_platform_helper-10.11.1.dist-info/entry_points.txt,sha256=QhbY8F434A-onsg0-FsdMd2U6HKh6Q7yCFFZrGUh5-M,67
+dbt_platform_helper-10.11.1.dist-info/RECORD,,