dbt-platform-helper 11.4.0__py3-none-any.whl → 12.0.1__py3-none-any.whl

dbt_platform_helper/templates/addons/env/redis-cluster.yml

@@ -1,171 +0,0 @@
-# {% extra_header %}
-# {% version_info %}
-
-Parameters:
-  # Copilot required Parameters...
-  App:
-    Type: String
-    Description: Your application's name.
-  Env:
-    Type: String
-    Description: The environment name your service, job, or workflow is being deployed to.
-
-  # Parameters from the parent stack brought in via addons.parameters.yml...
-  EnvironmentSecurityGroup:
-    Type: String
-  PrivateSubnets:
-    Type: String
-  VpcId:
-    Type: String
-
-Mappings:
-  {{ addon_config.prefix }}EnvironmentConfigMap:
-{%- for env_name, config in addon_config.environments.items() %}
-    {{ env_name }}:
-      EngineVersion: '{{ config.engine }}'
-      CacheNodeType: '{{ config.instance }}'
-      NumReplicas: {{ config.replicas }}
-      DeletionPolicy: {{ config.deletion_policy }}
-{%- endfor %}
-
-  {{ addon_config.prefix }}EngineVersionMap:
-    '7.1':
-      CacheParameterGroupFamily: 'redis7.x'
-    '7.0':
-      CacheParameterGroupFamily: 'redis7.x'
-    '6.2':
-      CacheParameterGroupFamily: 'redis6.x'
-
-Conditions:
-  {{ addon_config.prefix }}HasAutomaticFailoverEnabled: !Not [!Equals [!FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, NumReplicas], 0]]
-  {{ addon_config.prefix }}CreateProdSubFilter: !Or [!Equals [!Ref Env, prod], !Equals [!Ref Env, production], !Equals [!Ref Env, PROD], !Equals [!Ref Env, PRODUCTION]]
-
-Resources:
-
-  {{ addon_config.prefix }}CacheParameterGroup:
-    Type: 'AWS::ElastiCache::ParameterGroup'
-    DeletionPolicy: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, DeletionPolicy]
-    UpdateReplacePolicy: Retain
-    Properties:
-      CacheParameterGroupFamily: !FindInMap
-        - {{ addon_config.prefix }}EngineVersionMap
-        - !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, EngineVersion]
-        - CacheParameterGroupFamily
-      Description: !Ref 'AWS::StackName'
-      Properties: {}
-
-  {{ addon_config.prefix }}CacheSubnetGroupName:
-    Type: 'AWS::ElastiCache::SubnetGroup'
-    DeletionPolicy: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, DeletionPolicy]
-    UpdateReplacePolicy: Retain
-    Properties:
-      Description: !Ref 'AWS::StackName'
-      SubnetIds: !Split [ ",", !Ref PrivateSubnets ]
-
-  {{ addon_config.prefix }}SecurityGroup:
-    Type: 'AWS::EC2::SecurityGroup'
-    DeletionPolicy: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, DeletionPolicy]
-    UpdateReplacePolicy: Retain
-    Properties:
-      GroupDescription: !Ref 'AWS::StackName'
-      VpcId: !Ref VpcId
-      SecurityGroupIngress:
-      - IpProtocol: tcp
-        FromPort: 6379
-        ToPort: 6379
-        SourceSecurityGroupId: !Ref EnvironmentSecurityGroup
-      Tags:
-        - Key: Name
-          Value: !Sub 'copilot-${App}-${Env}-{{ addon_config.name }}-Redis-SecurityGroup'
-
-  {{ addon_config.prefix }}ReplicationGroup:
-    Type: 'AWS::ElastiCache::ReplicationGroup'
-    DeletionPolicy: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, DeletionPolicy]
-    UpdateReplacePolicy: Retain
-    Properties:
-      ReplicationGroupDescription: !Ref 'AWS::StackName'
-      AtRestEncryptionEnabled: true
-      AutomaticFailoverEnabled: !If [{{ addon_config.prefix }}HasAutomaticFailoverEnabled, true, false]
-      MultiAZEnabled: !If [{{ addon_config.prefix }}HasAutomaticFailoverEnabled, true, false]
-      CacheNodeType: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, CacheNodeType]
-      CacheParameterGroupName: !Ref {{ addon_config.prefix }}CacheParameterGroup
-      CacheSubnetGroupName: !Ref {{ addon_config.prefix }}CacheSubnetGroupName
-      Engine: redis
-      EngineVersion: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, EngineVersion]
-      NumNodeGroups: 1   # run in non clustered mode with 1 master and 0-5 replicas
-      ReplicasPerNodeGroup: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, NumReplicas]
-      PreferredMaintenanceWindow: 'sat:07:00-sat:08:00'
-      LogDeliveryConfigurations:
-        - DestinationDetails:
-            CloudWatchLogsDetails:
-              LogGroup: !Sub '/aws/elasticache/${App}/${Env}/{{ addon_config.prefix }}/slow'
-          DestinationType: cloudwatch-logs
-          LogFormat: json
-          LogType: slow-log
-        - DestinationDetails:
-            CloudWatchLogsDetails:
-              LogGroup: !Sub '/aws/elasticache/${App}/${Env}/{{ addon_config.prefix }}/engine'
-          DestinationType: cloudwatch-logs
-          LogFormat: json
-          LogType: engine-log
-      SecurityGroupIds:
-      - !Ref {{ addon_config.prefix }}SecurityGroup
-
-      TransitEncryptionEnabled: true
-      # UpdatePolicy:
-      #   UseOnlineResharding: true
-
-  {{ addon_config.prefix }}RedisSlowLogGroup:
-    Type: AWS::Logs::LogGroup
-    Properties:
-      LogGroupName: !Sub '/aws/elasticache/${App}/${Env}/{{ addon_config.prefix }}/slow'
-      RetentionInDays: 7
-      Tags:
-        - Key: 'Copilot-Application'
-          Value: !Sub ${App}
-        - Key: 'Copilot-Environment'
-          Value: !Sub ${Env}
-
-  {{ addon_config.prefix }}RedisEngineLogGroup:
-    Type: AWS::Logs::LogGroup
-    Properties:
-      LogGroupName: !Sub '/aws/elasticache/${App}/${Env}/{{ addon_config.prefix }}/engine'
-      RetentionInDays: 7
-      Tags:
-        - Key: 'Copilot-Application'
-          Value: !Sub ${App}
-        - Key: 'Copilot-Environment'
-          Value: !Sub ${Env}
-
-  # Redis endpoint stored in SSM so that other `services` can retrieve the endpoint.
-  {{ addon_config.prefix }}EndpointAddressParam:
-    Type: AWS::SSM::Parameter
-    Properties:
-      Name: !Sub '/copilot/${App}/${Env}/secrets/{{ addon_config.secret_name }}'   # Other services can retrieve the endpoint from this path.
-      Type: String
-      Value: !Sub
-        - 'rediss://${url}:${port}'
-        - url: !GetAtt '{{ addon_config.prefix }}ReplicationGroup.PrimaryEndPoint.Address'
-          port: !GetAtt '{{ addon_config.prefix }}ReplicationGroup.PrimaryEndPoint.Port'
-
-  {{ addon_config.prefix }}SubscriptionFilterEngine:
-    Type: AWS::Logs::SubscriptionFilter
-    DependsOn:
-      - {{ addon_config.prefix }}RedisEngineLogGroup
-    Properties:
-      RoleArn: !Sub 'arn:aws:iam::${AWS::AccountId}:role/CWLtoSubscriptionFilterRole'
-      LogGroupName: !Sub '/aws/elasticache/${App}/${Env}/{{ addon_config.prefix }}/engine'
-      FilterName: !Sub '/aws/elasticache/${App}/${Env}/${{ '{' }}{{ addon_config.prefix }}ReplicationGroup}/engine'
-      FilterPattern: ''
-      DestinationArn: !If [{{ addon_config.prefix }}CreateProdSubFilter, '{{ log_destination.prod }}', '{{ log_destination.dev }}']
-
-  {{ addon_config.prefix }}SubscriptionFilterSlow:
-    Type: AWS::Logs::SubscriptionFilter
-    DependsOn:
-      - {{ addon_config.prefix }}RedisSlowLogGroup
-    Properties:
-      RoleArn: !Sub 'arn:aws:iam::${AWS::AccountId}:role/CWLtoSubscriptionFilterRole'
-      LogGroupName: !Sub '/aws/elasticache/${App}/${Env}/{{ addon_config.prefix }}/slow'
-      FilterName: !Sub '/aws/elasticache/${App}/${Env}/${{ '{' }}{{ addon_config.prefix }}ReplicationGroup}/slow'
-      FilterPattern: ''
-      DestinationArn: !If [{{ addon_config.prefix }}CreateProdSubFilter, '{{ log_destination.prod }}', '{{ log_destination.dev }}']

dbt_platform_helper/templates/addons/env/s3.yml

@@ -1,219 +0,0 @@
-# {% extra_header %}
-# {% version_info %}
-Transform: AWS::LanguageExtensions
-
-Parameters:
-  # Copilot required Parameters...
-  App:
-    Type: String
-    Description: Your application's name.
-  Env:
-    Type: String
-    Description: The environment name your service, job, or workflow is being deployed to.
-
-Mappings:
-  {{ addon_config.prefix }}EnvironmentConfigMap:
-    # Create an entry for each environment
-{% for env_name, config in addon_config.environments.items() %}
-    {{ env_name }}:
-      BucketName: '{{ config.bucket_name }}'
-      DeletionPolicy: {{ config.deletion_policy }}
-  {%- if config.retention_policy %}
-      RetentionMode: {{ config.retention_policy.mode }}
-    {%- if config.retention_policy.days %}
-      RetentionDurationType: Days
-      RetentionDuration: {{ config.retention_policy.days }}
-    {%- else %}
-      RetentionDurationType: Years
-      RetentionDuration: {{ config.retention_policy.years }}
-    {%- endif %}
-  {%- endif %}
-{%- endfor %}
-
-Conditions:
-  {{ addon_config.prefix }}ApplyRetentionPolicy: !Not
-    - !Equals
-      - !FindInMap
-        - {{ addon_config.prefix }}EnvironmentConfigMap
-        - !Ref Env
-        - RetentionMode
-        - DefaultValue: No retention
-      - No retention
-  {{ addon_config.prefix }}RetentionPolicyDurationIsInDays: !Equals
-    - !FindInMap
-      - {{ addon_config.prefix }}EnvironmentConfigMap
-      - !Ref Env
-      - RetentionDurationType
-      - DefaultValue: Days
-    - Days
-
-Resources:
-  {{ addon_config.prefix }}KMSKey:
-    Type: "AWS::KMS::Key"
-    DeletionPolicy: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, DeletionPolicy]
-    UpdateReplacePolicy: Retain
-    Properties:
-      Description: "KMS Key for RDS encryption"
-      KeyPolicy:
-        Version: '2012-10-17'
-        Id: !Sub '${App}-${Env}-{{ addon_config.prefix }}-key'
-        Statement:
-        - Sid: Enable IAM User Permissions
-          Effect: Allow
-          Principal:
-            AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
-          Action: kms:*
-          Resource: '*'
-
-  {{ addon_config.prefix }}KeyAlias:
-    Type: 'AWS::KMS::Alias'
-    DeletionPolicy: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, DeletionPolicy]
-    UpdateReplacePolicy: Retain
-    Properties:
-      AliasName: !Sub 'alias/${App}-${Env}-{{ addon_config.prefix }}-key'
-      TargetKeyId: !Ref {{ addon_config.prefix }}KMSKey
-
-  {{ addon_config.prefix }}Bucket:
-    Metadata:
-      'aws:copilot:description': 'An Amazon S3 bucket to store and retrieve objects for {{ addon_config.prefix }}'
-    Type: AWS::S3::Bucket
-    DeletionPolicy: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, DeletionPolicy]
-    UpdateReplacePolicy: Retain
-    Properties:
-      BucketName: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, BucketName]
-      AccessControl: Private
-      BucketEncryption:
-        ServerSideEncryptionConfiguration:
-        - ServerSideEncryptionByDefault:
-            SSEAlgorithm: aws:kms
-            KMSMasterKeyID: !Ref {{ addon_config.prefix }}KMSKey
-      ObjectLockConfiguration:
-        !If
-        - {{ addon_config.prefix }}ApplyRetentionPolicy
-        - ObjectLockEnabled: Enabled
-          Rule:
-            DefaultRetention: !If
-              - {{ addon_config.prefix }}RetentionPolicyDurationIsInDays
-              - Mode: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, RetentionMode]
-                Days: !FindInMap
-                  - {{ addon_config.prefix }}EnvironmentConfigMap
-                  - !Ref Env
-                  - RetentionDuration
-              - Mode: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, RetentionMode]
-                Years: !FindInMap
-                  - {{ addon_config.prefix }}EnvironmentConfigMap
-                  - !Ref Env
-                  - RetentionDuration
-        - !Ref AWS::NoValue
-      VersioningConfiguration:
-        Status: Enabled
-      PublicAccessBlockConfiguration:
-        BlockPublicAcls: true
-        BlockPublicPolicy: true
-        IgnorePublicAcls: true
-        RestrictPublicBuckets: true
-      Tags:
-        - Key: Copilot-application
-          Value: !Ref App
-        - Key: Copilot-environment
-          Value: !Ref Env
-        - Key: Copilot-deletion-policy
-          Value: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, DeletionPolicy]
-
-  {{ addon_config.prefix }}BucketPolicy:
-    Metadata:
-      'aws:copilot:description': 'A bucket policy to deny unencrypted access to the bucket and its contents'
-    Type: AWS::S3::BucketPolicy
-    DeletionPolicy: !FindInMap [{{ addon_config.prefix }}EnvironmentConfigMap, !Ref Env, DeletionPolicy]
-    UpdateReplacePolicy: Retain
-    Properties:
-      PolicyDocument:
-        Version: '2012-10-17'
-        Statement:
-          - Sid: ForceHTTPS
-            Effect: Deny
-            Principal: '*'
-            Action: 's3:*'
-            Resource:
-              - !Sub ${ {{ addon_config.prefix }}Bucket.Arn}/*
-              - !Sub ${ {{ addon_config.prefix }}Bucket.Arn}
-            Condition:
-              Bool:
-                "aws:SecureTransport": false
-      Bucket: !Ref {{ addon_config.prefix }}Bucket
-
-{% if 'objects' in addon_config %}
-  {{ addon_config.prefix }}S3ObjectUploader:
-    Type: AWS::Lambda::Function
-    Properties:
-      FunctionName: !Sub "${App}-${Env}-object-uploader"
-      Handler: index.handler
-      Runtime: python3.11
-      MemorySize: 128
-      Timeout: 10
-      Role: !GetAtt {{ addon_config.prefix }}S3ObjectUploaderRole.Arn
-      Code:
-        ZipFile: |
-{{ addon_config.custom_resources.s3_object(10) }}
-
-  {{ addon_config.prefix }}S3ObjectUploaderRole:
-    Type: AWS::IAM::Role
-    Properties:
-      RoleName: !Sub "${App}-${Env}-object-uploader-role"
-      AssumeRolePolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          - Effect: Allow
-            Action:
-              - 'sts:AssumeRole'
-            Principal:
-              Service:
-                - lambda.amazonaws.com
-      Policies:
-        - PolicyName: !Sub "${App}-${Env}-object-uploader-policy"
-          PolicyDocument:
-            Version: '2012-10-17'
-            Statement:
-              - Effect: Allow
-                Action:
-                  - 's3:PutObject'
-                  - 's3:DeleteObject'
-                Resource:
-                  - !Sub ${ {{ addon_config.prefix }}Bucket.Arn }/*
-              - Effect: Allow
-                Action:
-                  - 'logs:CreateLogGroup'
-                  - 'logs:CreateLogStream'
-                  - 'logs:PutLogEvents'
-                Resource: 'arn:aws:logs:*:*:*'
-              - Effect: Allow
-                Action:
-                  - 'kms:GenerateDataKey'
-                Resource: !GetAtt {{ addon_config.prefix }}KMSKey.Arn
-
-{% for s3object in addon_config.objects %}
-  {{ addon_config.prefix }}S3Object{{ loop.index0 }}:
-    Type: 'Custom::S3ObjectUploader'
-    Properties:
-      ServiceToken: !GetAtt {{ addon_config.prefix }}S3ObjectUploader.Arn
-      CopilotApplication: !Sub "${App}"
-      CopilotEnvironment: !Sub "${Env}"
-      S3Bucket: !Ref {{ addon_config.prefix }}Bucket
-      S3ObjectKey: {{ s3object.key }}
-      S3ObjectBody: {{ s3object.body }}
-      {% if s3object.content_type %} 
-      S3ObjectContentType: {{ s3object.content_type }}
-      {% endif %}
-{% endfor %}
-{% endif %}
-
-Outputs:
-  {{ addon_config.prefix }}Name:
-    Description: "The name of a user-defined bucket."
-    Value: !Ref {{ addon_config.prefix }}Bucket
-
-  {{ addon_config.prefix }}KMSKeyARN:
-    Description: "ARN of the KMS Key"
-    Value: !GetAtt {{ addon_config.prefix }}KMSKey.Arn
-    Export:
-      Name: !Sub "${App}-${Env}-{{ addon_config.prefix }}-KMSKeyARN"

dbt_platform_helper/templates/addons/env/vpc.yml

@@ -1,120 +0,0 @@
-# {% extra_header %}
-# {% version_info %}
-
-Parameters:
-  App:
-    Type: String
-    Description: Your application's name.
-  Env:
-    Type: String
-    Description: The environment name your service, job, or workflow is being deployed to.
-
-  EnvironmentSecurityGroup:
-    Type: String
-  PrivateSubnets:
-    Type: String
-  PublicSubnets:
-    Type: String
-  VpcId:
-    Type: String
-
-Resources:
-  # Secrets Manager VPC endpoint
-  VpcEndpoint:
-    Type: AWS::EC2::VPCEndpoint
-    # Resource based metadata block to ignore reference to resources in other addon templates. Do not remove.
-    Metadata:
-      cfn-lint:
-        config:
-          ignore_checks:
-            # https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/rules.md
-            - E1010
-    Properties:
-      PrivateDnsEnabled: true
-      SecurityGroupIds:
-    {%- for addon, config in addons -%}
-      {%- set prefix = addon.split('-')|first|lower ~ addon.split('-')[1:]|map('capitalize')|join -%}
-      {%- if config.type == "aurora-postgres" %}
-        - !GetAtt {{ prefix }}DBClusterSecurityGroup.GroupId
-      {%- endif -%}
-      {%- if config.type == "postgres" %}
-        - !GetAtt {{ prefix }}SecurityGroup.GroupId
-      {%- endif -%}
-    {%- endfor %}
-        - !Ref EnvironmentSecurityGroup
-      ServiceName: 'com.amazonaws.eu-west-2.secretsmanager'
-      SubnetIds: !Split [ ",", !Ref PrivateSubnets ]
-      VpcEndpointType: Interface
-      VpcId: !Ref VpcId
-
-  AdditionalNatGatewayAttachment1:
-    Metadata:
-      'aws:copilot:description': 'An Elastic IP for an additional NAT Gateway 1'
-    Type: AWS::EC2::EIP
-    Properties:
-      Domain: vpc
-
-  AdditionalNatGatewayAttachment2:
-    Metadata:
-      'aws:copilot:description': 'An Elastic IP for an additional NAT Gateway 2'
-    Type: AWS::EC2::EIP
-    Properties:
-      Domain: vpc
-
-  AdditionalNatGateway1:
-    Metadata:
-      'aws:copilot:description': 'Additional NAT Gateway 1'
-    Type: AWS::EC2::NatGateway
-    Properties:
-      AllocationId: !GetAtt AdditionalNatGatewayAttachment1.AllocationId
-      SubnetId: !Select [ 0, !Split [ ",", !Ref PublicSubnets ] ]
-      Tags:
-        - Key: Name
-          Value: !Sub 'copilot-${App}-${Env}-Additional-NAT-Gateway-1'
-
-  AdditionalNatGateway2:
-    Metadata:
-      'aws:copilot:description': 'Additional NAT Gateway 2'
-    Type: AWS::EC2::NatGateway
-    Properties:
-      AllocationId: !GetAtt AdditionalNatGatewayAttachment2.AllocationId
-      SubnetId: !Select [ 1, !Split [ ",", !Ref PublicSubnets ] ]
-      Tags:
-        - Key: Name
-          Value: !Sub 'copilot-${App}-${Env}-Additional-NAT-Gateway-2'
-
-  AdditionalPrivateRouteTable1:
-    Type: AWS::EC2::RouteTable
-    Properties:
-      VpcId: !Ref VpcId
-
-  AdditionalPrivateRouteTable2:
-    Type: AWS::EC2::RouteTable
-    Properties:
-      VpcId: !Ref VpcId
-
-  AdditionalPrivateRoute1:
-    Type: AWS::EC2::Route
-    Properties:
-      RouteTableId: !Ref AdditionalPrivateRouteTable1
-      DestinationCidrBlock: 0.0.0.0/0
-      NatGatewayId: !Ref AdditionalNatGateway1
-
-  AdditionalPrivateRoute2:
-    Type: AWS::EC2::Route
-    Properties:
-      RouteTableId: !Ref AdditionalPrivateRouteTable2
-      DestinationCidrBlock: 0.0.0.0/0
-      NatGatewayId: !Ref AdditionalNatGateway2
-
-  AdditionalPrivateRouteTable1Association:
-    Type: AWS::EC2::SubnetRouteTableAssociation
-    Properties:
-      RouteTableId: !Ref AdditionalPrivateRouteTable1
-      SubnetId: !Select [ 0, !Split [ ",", !Ref PrivateSubnets ] ]
-
-  AdditionalPrivateRouteTable2Association:
-    Type: AWS::EC2::SubnetRouteTableAssociation
-    Properties:
-      RouteTableId: !Ref AdditionalPrivateRouteTable2
-      SubnetId: !Select [ 1, !Split [ ",", !Ref PrivateSubnets ] ]

dbt_platform_helper/utils/cloudformation.py

@@ -1,34 +0,0 @@
-import glob
-from subprocess import run
-
-import click
-
-
-def get_lint_result(path: str, ignore_path: str = None, ignore_checks: str = None):
-    command = ["cfn-lint", path]
-    if ignore_path:
-        command.extend(["--ignore-templates", ignore_path])
-    if ignore_checks:
-        command.extend(["--ignore-checks", ignore_checks])
-
-    click.secho(f"\n>>> Running lint check", fg="yellow")
-    click.secho(f"""    {" ".join(command)}\n""", fg="yellow")
-
-    return run(command, capture_output=True)
-
-
-def get_check_security_result(path: str, ignore_path: str = None):
-    matching_files = glob.glob(path)
-    command = ["checkov", "--quiet", "--framework", "cloudformation"]
-
-    for file in matching_files:
-        command.extend(["--file", file])
-
-    if ignore_path:
-        for ignored_file in glob.glob(ignore_path):
-            command.extend(["--skip-path", ignore_path])
-
-    click.secho(f"\n>>> Running security check", fg="yellow")
-    click.secho(f"""    {" ".join(command)}\n""", fg="yellow")
-
-    return run(command, capture_output=True)