dbt-platform-helper 15.9.0__py3-none-any.whl → 15.11.0__py3-none-any.whl

dbt_platform_helper/COMMANDS.md

@@ -27,8 +27,6 @@
     - [platform-helper secrets](#platform-helper-secrets)
         - [platform-helper secrets copy](#platform-helper-secrets-copy)
         - [platform-helper secrets list](#platform-helper-secrets-list)
-    - [platform-helper service](#platform-helper-service)
-        - [platform-helper service generate](#platform-helper-service-generate)
     - [platform-helper notify](#platform-helper-notify)
         - [platform-helper notify environment-progress](#platform-helper-notify-environment-progress)
         - [platform-helper notify post-message](#platform-helper-notify-post-message)
@@ -65,10 +63,10 @@ platform-helper <command> [--version]
 - [`database` ↪](#platform-helper-database)
 - [`environment` ↪](#platform-helper-environment)
 - [`generate` ↪](#platform-helper-generate)
+- [`internal` ↪](#platform-helper-internal)
 - [`notify` ↪](#platform-helper-notify)
 - [`pipeline` ↪](#platform-helper-pipeline)
 - [`secrets` ↪](#platform-helper-secrets)
-- [`service` ↪](#platform-helper-service)
 - [`version` ↪](#platform-helper-version)
 
 # platform-helper application
@@ -663,54 +661,6 @@ platform-helper secrets list <application> <environment>
 - `--help <boolean>` _Defaults to False._
   - Show this message and exit.
 
-# platform-helper service
-
-[↩ Parent](#platform-helper)
-
-    Commands affecting services.
-
-## Usage
-
-```
-platform-helper service generate 
-```
-
-## Options
-
-- `--help <boolean>` _Defaults to False._
-  - Show this message and exit.
-
-## Commands
-
-- [`generate` ↪](#platform-helper-service-generate)
-
-# platform-helper service generate
-
-[↩ Parent](#platform-helper-service)
-
-    Generate terraform manifest for the specified service(s).
-
-## Usage
-
-```
-platform-helper service generate [--name <name>] [--environment <environment>] 
-                                 [--image-tag <image_tag>] 
-```
-
-## Options
-
-- `--name
--n <text>`
-  - The name of the service to generate a manifest for. Multiple values accepted.
-- `--environment
--e <text>`
-  - The name of the environment to generate service manifests for. Multiple values accepted.
-- `--image-tag
--i <text>`
-  - Docker image tag to deploy for the service. Overrides the $IMAGE_TAG environment variable.
-- `--help <boolean>` _Defaults to False._
-  - Show this message and exit.
-
 # platform-helper notify
 
 [↩ Parent](#platform-helper)

dbt_platform_helper/commands/internal.py

@@ -0,0 +1,134 @@
+import click
+
+from dbt_platform_helper.domain.service import ServiceManager
+from dbt_platform_helper.domain.update_alb_rules import UpdateALBRules
+from dbt_platform_helper.domain.versioning import PlatformHelperVersioning
+from dbt_platform_helper.platform_exception import PlatformException
+from dbt_platform_helper.providers.config import ConfigProvider
+from dbt_platform_helper.providers.config_validator import ConfigValidator
+from dbt_platform_helper.providers.ecs import ECS
+from dbt_platform_helper.providers.io import ClickIOProvider
+from dbt_platform_helper.providers.logs import LogsProvider
+from dbt_platform_helper.providers.s3 import S3Provider
+from dbt_platform_helper.utils.application import load_application
+from dbt_platform_helper.utils.aws import get_aws_session_or_abort
+from dbt_platform_helper.utils.click import ClickDocOptGroup
+
+
+@click.group(cls=ClickDocOptGroup)
+def internal():
+    """Internal commands for use within pipelines or by Platform Team."""
+
+
+@internal.command()
+def migrate_service_manifests():
+    """Migrate copilot manifests to service manifests."""
+    click_io = ClickIOProvider()
+
+    try:
+        service_manager = ServiceManager()
+        service_manager.migrate_copilot_manifests()
+    except PlatformException as error:
+        click_io.abort_with_error(str(error))
+
+
+@internal.group(cls=ClickDocOptGroup)
+def service():
+    """Subgroup for 'internal service' commands."""
+
+
+@service.command(help="Trigger an ECS deployment.")
+@click.option("--name", required=True, help="The name of the ECS service to create or update.")
+@click.option(
+    "--env",
+    required=True,
+    help="The name of the environment where the ECS service will be created or updated.",
+)
+@click.option(
+    "--image-tag",
+    required=True,
+    help="Image tag to deploy for the service(s). Takes precedence over the $IMAGE_TAG environment variable.",
+)
+def deploy(name, env, image_tag):
+    """Register a new ECS task definition from an S3 JSON template, update the
+    ECS service, and tail CloudWatch logs until the ECS rollout is complete."""
+    click_io = ClickIOProvider()
+
+    try:
+
+        config = ConfigProvider(ConfigValidator()).get_enriched_config()
+        application_name = config.get("application", "")
+        application = load_application(app=application_name, env=env)
+
+        ecs_client = application.environments[env].session.client("ecs")
+        ssm_client = application.environments[env].session.client("ssm")
+        s3_client = application.environments[env].session.client("s3")
+        logs_client = application.environments[env].session.client("logs")
+
+        ecs_provider = ECS(
+            ecs_client=ecs_client,
+            ssm_client=ssm_client,
+            application_name=application.name,
+            env=env,
+        )
+        s3_provider = S3Provider(client=s3_client)
+        logs_provider = LogsProvider(client=logs_client)
+
+        service_manager = ServiceManager(
+            ecs_provider=ecs_provider, s3_provider=s3_provider, logs_provider=logs_provider
+        )
+        service_manager.deploy(
+            service=name,
+            environment=env,
+            application=application.name,
+            image_tag=image_tag,
+        )
+    except PlatformException as error:
+        click_io.abort_with_error(str(error))
+
+
+@service.command(help="Generate Terraform manifest for the specified service(s).")
+@click.option(
+    "--name",
+    required=False,
+    help="The name of the service(s) to generate service manifest(s) for.",
+    multiple=True,
+)
+@click.option(
+    "--env",
+    required=True,
+    help="The name of the environment to generate service manifests for.",
+)
+def generate(name, env):
+    """Validates the service-config.yml format, applies the environment-specific
+    overrides, and generates a Terraform manifest at
+    /terraform/services/<environment>/<service>/main.tf.json."""
+
+    services = list(name)
+    click_io = ClickIOProvider()
+
+    try:
+        service_manager = ServiceManager()
+        service_manager.generate(environment=env, services=services)
+
+    except PlatformException as err:
+        click_io.abort_with_error(str(err))
+
+
+@internal.group(cls=ClickDocOptGroup)
+def alb():
+    """Load Balancer related commands."""
+    PlatformHelperVersioning().check_if_needs_update()
+
+
+@alb.command()
+@click.option("--env", type=str, required=True)
+def update_rules(env: str):
+    """Update alb rules based on service-deployment-mode for a given
+    environment."""
+    try:
+        session = get_aws_session_or_abort()
+        update_aws = UpdateALBRules(session)
+        update_aws.update_alb_rules(environment=env)
+    except PlatformException as err:
+        ClickIOProvider().abort_with_error(str(err))

dbt_platform_helper/constants.py

@@ -45,3 +45,17 @@ SERVICE_NAME_SUFFIX = f"Service-{COPILOT_IDENTIFIER}"
 REFRESH_TOKEN_MESSAGE = (
     "To refresh this SSO session run `aws sso login` with the corresponding profile"
 )
+COPILOT_RULE_PRIORITY = 48000
+PLATFORM_RULE_STARTING_PRIORITY = 10000
+RULE_PRIORITY_INCREMENT = 100
+DUMMY_RULE_REASON = "DummyRule"
+MAINTENANCE_PAGE_TAGS = ["MaintenancePage", "AllowedIps", "BypassIpFilter", "AllowedSourceIps"]
+MAINTENANCE_PAGE_REASON = "MaintenancePage"
+MANAGED_BY_PLATFORM = "DBT Platform"
+MANAGED_BY_SERVICE_TERRAFORM = "DBT Platform - Service Terraform"
+MANAGED_BY_PLATFORM_TERRAFORM = "DBT Platform - Terraform"
+STANDARD_PLATFORM_SSO_ROLES = [
+    "AdministratorAccess",
+    "DBTPlatformDeveloperWrite",
+    "DBTPlatformDeveloperRead",
+]

dbt_platform_helper/domain/conduit.py

@@ -326,7 +326,7 @@ class Conduit:
         data_context = strategy.get_data()
 
         data_context["task_arns"] = self.ecs_provider.get_ecs_task_arns(
-            data_context["cluster_arn"], data_context["task_def_family"]
+            cluster=data_context["cluster_arn"], task_def_family=data_context["task_def_family"]
         )
 
         info_log = (

dbt_platform_helper/domain/config.py

@@ -7,6 +7,7 @@ from typing import Dict
 from prettytable import PrettyTable
 
 from dbt_platform_helper.constants import PLATFORM_CONFIG_FILE
+from dbt_platform_helper.constants import STANDARD_PLATFORM_SSO_ROLES
 from dbt_platform_helper.domain.versioning import AWSVersioning
 from dbt_platform_helper.domain.versioning import CopilotVersioning
 from dbt_platform_helper.domain.versioning import PlatformHelperVersioning
@@ -140,6 +141,10 @@ class Config:
         if self.io.confirm(
             f"This command is destructive and will overwrite file contents at {file_path}. Are you sure you want to continue?"
         ):
+            self.io.info(
+                "Fetching credentials... this may take longer if you have access to many accounts."
+            )
+
             with open(aws_config_path, "w") as config_file:
                 config_file.write(AWS_CONFIG)
 
@@ -147,7 +152,9 @@ class Config:
                     config_file.write(f"[profile {account['accountName']}]\n")
                     config_file.write("sso_session = uktrade\n")
                     config_file.write(f"sso_account_id = {account['accountId']}\n")
-                    config_file.write("sso_role_name = AdministratorAccess\n")
+                    config_file.write(
+                        f"sso_role_name = {self._retrieve_role_for_aws_account(aws_sso_token=access_token, account_id=account['accountId'])}\n"
+                    )
                     config_file.write("region = eu-west-2\n")
                     config_file.write("output = json\n")
                     config_file.write("\n")
@@ -177,6 +184,28 @@ class Config:
         )
         return accounts_list
 
+    def _retrieve_role_for_aws_account(self, aws_sso_token, account_id):
+        """
+        Selects the most appropriate IAM role for a given AWS account.
+
+        Roles listed in STANDARD_PLATFORM_SSO_ROLES are preferred if available.
+        If none are found, the first available role returned by
+        sso.list_account_roles is used.
+        """
+
+        role_list = self.sso.list_account_roles(
+            access_token=aws_sso_token,
+            account_id=account_id,
+            max_results=100,
+        )
+
+        roles_retrieved = [r["roleName"] for r in role_list]
+
+        for role in STANDARD_PLATFORM_SSO_ROLES:
+            if role in roles_retrieved:
+                return role
+        return role_list[0]["roleName"]
+
     def _add_version_status_row(
         self, table: PrettyTable, header: str, version_status: VersionStatus
     ):

dbt_platform_helper/domain/maintenance_page.py

@@ -10,6 +10,8 @@ from typing import Union
 
 import click
 
+from dbt_platform_helper.constants import MAINTENANCE_PAGE_REASON
+from dbt_platform_helper.constants import MANAGED_BY_PLATFORM
 from dbt_platform_helper.platform_exception import PlatformException
 from dbt_platform_helper.providers.io import ClickIOProvider
 from dbt_platform_helper.providers.load_balancers import ListenerRuleNotFoundException
@@ -202,8 +204,8 @@ class MaintenancePage:
                         [
                             {"Key": "application", "Value": app},
                             {"Key": "environment", "Value": env},
-                            {"Key": "reason", "Value": "MaintenancePage"},
-                            {"Key": "managed-by", "Value": "DBT Platform"},
+                            {"Key": "reason", "Value": MAINTENANCE_PAGE_REASON},
+                            {"Key": "managed-by", "Value": MANAGED_BY_PLATFORM},
                             {"Key": "service", "Value": svc.name},
                         ],
                     )
@@ -217,8 +219,8 @@ class MaintenancePage:
                         [
                             {"Key": "application", "Value": app},
                             {"Key": "environment", "Value": env},
-                            {"Key": "reason", "Value": "MaintenancePage"},
-                            {"Key": "managed-by", "Value": "DBT Platform"},
+                            {"Key": "reason", "Value": MAINTENANCE_PAGE_REASON},
+                            {"Key": "managed-by", "Value": MANAGED_BY_PLATFORM},
                             {"Key": "service", "Value": svc.name},
                         ],
                     )
@@ -234,8 +236,8 @@ class MaintenancePage:
                     [
                         {"Key": "application", "Value": app},
                         {"Key": "environment", "Value": env},
-                        {"Key": "reason", "Value": "MaintenancePage"},
-                        {"Key": "managed-by", "Value": "DBT Platform"},
+                        {"Key": "reason", "Value": MAINTENANCE_PAGE_REASON},
+                        {"Key": "managed-by", "Value": MANAGED_BY_PLATFORM},
                         {"Key": "service", "Value": svc.name},
                     ],
                 )
@@ -287,10 +289,10 @@ class MaintenancePage:
                     tags=[
                         {"Key": "application", "Value": app},
                         {"Key": "environment", "Value": env},
-                        {"Key": "reason", "Value": "MaintenancePage"},
+                        {"Key": "reason", "Value": MAINTENANCE_PAGE_REASON},
                         {"Key": "name", "Value": "MaintenancePage"},
                         {"Key": "type", "Value": template},
-                        {"Key": "managed-by", "Value": "DBT Platform"},
+                        {"Key": "managed-by", "Value": MANAGED_BY_PLATFORM},
                     ],
                 )
         except Exception as e: