qontract-reconcile 0.10.2.dev334__py3-none-any.whl → 0.10.2.dev439__py3-none-any.whl

reconcile/statuspage/page.py

@@ -19,19 +19,17 @@ from reconcile.statuspage.status import (
 PROVIDER_NAME = "statuspage"
 
 
-class StatusComponent(BaseModel):
+class StatusComponent(BaseModel, arbitrary_types_allowed=True):
     """
     Represents a status page component from the desired state.
     """
 
     name: str
     display_name: str
-    description: str | None
-    group_name: str | None
+    description: str | None = None
+    group_name: str | None = None
+    # Status provider configs hold different ways for a component to determine its status
     status_provider_configs: list[StatusProvider]
-    """
-    Status provider configs hold different ways for a component to determine its status
-    """
 
     def status_management_enabled(self) -> bool:
         """
@@ -49,9 +47,6 @@ class StatusComponent(BaseModel):
             return "operational"
         return None
 
-    class Config:
-        arbitrary_types_allowed = True
-
     def __eq__(self, other: object) -> bool:
         if not isinstance(other, StatusComponent):
             raise NotImplementedError("Cannot compare to non StatusComponent objects.")

reconcile/statuspage/status.py

@@ -2,18 +2,15 @@ from abc import (
     ABC,
     abstractmethod,
 )
-from datetime import (
-    UTC,
-    datetime,
-)
+from datetime import datetime
 
-from dateutil.parser import isoparse
 from pydantic import BaseModel
 
 from reconcile.gql_definitions.statuspage.statuspages import (
     ManualStatusProviderV1,
     StatusProviderV1,
 )
+from reconcile.utils.datetime_util import from_utc_iso_format, utc_now
 
 # This module defines the interface for status providers for components on status
 # pages. A status provider is responsible for determining the status of a component.
@@ -70,7 +67,7 @@ class ManualStatusProvider(StatusProvider, BaseModel):
             raise ValueError(
                 "manual component status time window is invalid: end before start"
             )
-        now = datetime.now(UTC)
+        now = utc_now()
         if self.start and now < self.start:
             return False
         return not (self.end and self.end < now)
@@ -84,8 +81,8 @@ def build_status_provider_config(
     provider specific implementation that provides the status resolution logic.
     """
     if isinstance(cfg, ManualStatusProviderV1):
-        start = isoparse(cfg.manual.q_from) if cfg.manual.q_from else None
-        end = isoparse(cfg.manual.until) if cfg.manual.until else None
+        start = from_utc_iso_format(cfg.manual.q_from) if cfg.manual.q_from else None
+        end = from_utc_iso_format(cfg.manual.until) if cfg.manual.until else None
         return ManualStatusProvider(
             component_status=cfg.manual.component_status,
             start=start,

reconcile/templates/rosa-classic-cluster-creation.sh.j2

@@ -47,7 +47,7 @@ rosa create cluster -y --cluster-name={{ cluster_name }} \
     --service-cidr {{ cluster.network.service }} \
     --pod-cidr {{ cluster.network.pod }} \
     --host-prefix 23 \
-    --replicas {{ cluster.machine_pools | length }} \
+    --replicas 3 \
     --compute-machine-type {{ cluster.machine_pools[0].instance_type }} \
     {% if cluster.spec.disable_user_workload_monitoring -%}
     --disable-workload-monitoring \
@@ -55,4 +55,8 @@ rosa create cluster -y --cluster-name={{ cluster_name }} \
     {% if cluster.spec.provision_shard_id -%}
     --properties provision_shard_id:{{ cluster.spec.provision_shard_id }} \
     {% endif -%}
+    {% if cluster.spec.fips -%}
+    --fips \
+    {% endif -%}
     --channel-group {{ cluster.spec.channel }}
+

reconcile/templates/rosa-hcp-cluster-creation.sh.j2

@@ -47,7 +47,7 @@ rosa create cluster --cluster-name={{ cluster_name }} \
     --service-cidr {{ cluster.network.service }} \
     --pod-cidr {{ cluster.network.pod }} \
     --host-prefix 23 \
-    --replicas {{ cluster.machine_pools | length }} \
+    --replicas 3 \
     --compute-machine-type {{ cluster.machine_pools[0].instance_type }} \
     {% if cluster.spec.private -%}
     --private \
@@ -59,4 +59,7 @@ rosa create cluster --cluster-name={{ cluster_name }} \
     {% if cluster.spec.provision_shard_id -%}
     --properties provision_shard_id:{{ cluster.spec.provision_shard_id }} \
     {% endif -%}
+    {% if cluster.spec.fips -%}
+    --fips \
+    {% endif -%}
     --channel-group {{ cluster.spec.channel }}

reconcile/templating/lib/merge_request_manager.py

@@ -108,14 +108,14 @@ class TemplateRenderingMR(MergeRequestBase):
             if content.is_new:
                 gitlab_cli.create_file(
                     branch_name=self.branch,
-                    file_path=f"data{content.path}",
+                    file_path=content.path.lstrip("/"),
                     commit_message="termplate rendering output",
                     content=content.content,
                 )
             else:
                 gitlab_cli.update_file(
                     branch_name=self.branch,
-                    file_path=f"data{content.path}",
+                    file_path=content.path.lstrip("/"),
                     commit_message="termplate rendering output",
                     content=content.content,
                 )

reconcile/templating/lib/rendering.py

@@ -18,7 +18,7 @@ from reconcile.utils.secret_reader import SecretReaderBase
 
 class TemplateData(BaseModel):
     variables: dict[str, Any]
-    current: dict[str, Any] | None
+    current: dict[str, Any] | None = None
     current_with_explicit_start: bool | None = False
 
 
@@ -26,7 +26,7 @@ class TemplatePatch(Protocol):
     path: str
     identifier: str | None
 
-    def dict(self) -> dict[str, str]: ...
+    def model_dump(self) -> dict[str, str]: ...
 
 
 class Template(Protocol):
@@ -36,7 +36,7 @@ class Template(Protocol):
     template: str
     overwrite: bool | None
 
-    def dict(self) -> dict[str, str]: ...
+    def model_dump(self) -> dict[str, str]: ...
 
     @property
     def patch(self) -> TemplatePatch | None:

reconcile/templating/renderer.py

@@ -33,6 +33,7 @@ from reconcile.utils import gql
 from reconcile.utils.git import checkout, clone
 from reconcile.utils.gql import GqlApi
 from reconcile.utils.jinja2.utils import TemplateRenderOptions, process_jinja2_template
+from reconcile.utils.json import json_dumps
 from reconcile.utils.ruamel import create_ruamel_instance
 from reconcile.utils.runtime.integration import (
     PydanticRunParams,
@@ -95,18 +96,16 @@ class LocalFilePersistence(FilePersistence):
     This class provides a simple file persistence implementation for local files.
     """
 
-    def __init__(self, dry_run: bool, app_interface_data_path: str) -> None:
+    def __init__(self, dry_run: bool, app_interface_root_path: str) -> None:
         super().__init__(dry_run)
-        if not app_interface_data_path.endswith("/data"):
-            raise ValueError("app_interface_data_path should end with /data")
-        self.app_interface_data_path = app_interface_data_path
+        self.app_interface_root_path = app_interface_root_path
 
     def read(self, path: str) -> str | None:
-        return self._read_local_file(join_path(self.app_interface_data_path, path))
+        return self._read_local_file(join_path(self.app_interface_root_path, path))
 
     def flush(self) -> None:
         for output in self.outputs:
-            filepath = Path(join_path(self.app_interface_data_path, output.path))
+            filepath = Path(join_path(self.app_interface_root_path, output.path))
             filepath.parent.mkdir(parents=True, exist_ok=True)
             filepath.write_text(output.content, encoding="utf-8")
 
@@ -159,7 +158,7 @@ class ClonedRepoGitlabPersistence(FilePersistence):
         self, dry_run: bool, local_path: str, vcs: VCS, mr_manager: MergeRequestManager
     ):
         super().__init__(dry_run)
-        self.local_path = join_path(local_path, "data")
+        self.local_path = local_path
         self.vcs = vcs
         self.mr_manager = mr_manager
 
@@ -217,7 +216,7 @@ def unpack_static_variables(
     each: dict[str, Any],
 ) -> dict:
     return {
-        k: json.loads(process_jinja2_template(body=json.dumps(v), vars={"each": each}))
+        k: json.loads(process_jinja2_template(body=json_dumps(v), vars={"each": each}))
         for k, v in (collection_variables.static or {}).items()
     }
 
@@ -240,8 +239,8 @@ def unpack_dynamic_variables(
 
 class TemplateRendererIntegrationParams(PydanticRunParams):
     clone_repo: bool = False
-    app_interface_data_path: str | None
-    template_collection_name: str | None
+    app_interface_root_path: str | None = None
+    template_collection_name: str | None = None
 
 
 def join_path(base: str, sub: str) -> str:
@@ -367,10 +366,10 @@ class TemplateRendererIntegration(QontractReconcileIntegration):
         persistence: FilePersistence
         ruaml_instance = create_ruamel_instance(explicit_start=True)
 
-        if not self.params.clone_repo and self.params.app_interface_data_path:
+        if not self.params.clone_repo and self.params.app_interface_root_path:
             persistence = LocalFilePersistence(
                 dry_run=dry_run,
-                app_interface_data_path=self.params.app_interface_data_path,
+                app_interface_root_path=self.params.app_interface_root_path,
             )
             self.reconcile(persistence, ruaml_instance)
 
@@ -411,4 +410,4 @@ class TemplateRendererIntegration(QontractReconcileIntegration):
                 self.reconcile(persistence, ruaml_instance)
 
         else:
-            raise ValueError("App-interface-data-path must be set")
+            raise ValueError("App-interface-root-path must be set")

reconcile/terraform_aws_route53.py

@@ -9,6 +9,7 @@ from typing import Any
 
 from reconcile import queries
 from reconcile.status import ExitCodes
+from reconcile.typed_queries.external_resources import get_settings
 from reconcile.utils import dnsutils
 from reconcile.utils.aws_api import AWSApi
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
@@ -227,13 +228,18 @@ def run(
             f"No participating AWS accounts found, consider disabling this integration, account name: {account_name}"
         )
         return
-
+    try:
+        default_tags = get_settings().default_tags
+    except ValueError:
+        # no external resources settings found
+        default_tags = None
     ts = Terrascript(
         QONTRACT_INTEGRATION,
         "",
         thread_pool_size,
         participating_accounts,
         settings=settings,
+        default_tags=default_tags,
     )
 
     desired_state = build_desired_state(zones, all_accounts, settings)

reconcile/terraform_cloudflare_dns.py

@@ -155,7 +155,7 @@ class TerraformCloudflareDNSIntegration(
 
         accts_per_zone = []
         for zone in query_zones.zones or []:
-            acct = zone.account.dict(by_alias=True)
+            acct = zone.account.model_dump(by_alias=True)
             acct["name"] = f"{zone.account.name}-{zone.identifier}"
             accts_per_zone.append(acct)
 
@@ -369,11 +369,11 @@ def cloudflare_dns_zone_to_external_resource(
             provision_provider=DEFAULT_PROVISIONER_PROVIDER,
             provisioner={"name": f"{zone.account.name}-{zone.identifier}"},
             namespace=DEFAULT_NAMESPACE,
-            resource=zone.dict(by_alias=True, exclude=DEFAULT_EXCLUDE_KEY),
+            resource=zone.model_dump(by_alias=True, exclude=DEFAULT_EXCLUDE_KEY),
         )
         external_resource_spec.resource["provider"] = DEFAULT_PROVIDER
         external_resource_spec.resource["records"] = [
-            record.dict(by_alias=True) for record in zone.records or []
+            record.model_dump(by_alias=True) for record in zone.records or []
         ]
         external_resource_specs.append(external_resource_spec)
     return external_resource_specs

reconcile/terraform_cloudflare_resources.py

@@ -168,7 +168,7 @@ def _build_oc_resources(
         internal=internal,
     )
 
-    namespace_mapping = [ns.dict() for ns in cloudflare_namespaces]
+    namespace_mapping = [ns.model_dump() for ns in cloudflare_namespaces]
 
     state_specs = init_specs_to_fetch(
         ri, oc_map, namespaces=namespace_mapping, override_managed_types=["Secret"]
@@ -338,7 +338,7 @@ def run(
     )
 
     if not cloudflare_namespaces:
-        logging.info("No cloudflare namespaces were detected, nothing to do.")
+        logging.debug("No cloudflare namespaces were detected, nothing to do.")
         sys.exit(ExitCodes.SUCCESS)
 
     # Build Cloudflare clients
@@ -351,7 +351,7 @@ def run(
         spec
         for namespace in query_resources.namespaces
         for spec in get_external_resource_specs(
-            namespace.dict(by_alias=True), PROVIDER_CLOUDFLARE
+            namespace.model_dump(by_alias=True), PROVIDER_CLOUDFLARE
         )
         if not selected_account or spec.provisioner_name == selected_account
     ]
@@ -383,7 +383,7 @@ def run(
         QONTRACT_INTEGRATION_VERSION,
         QONTRACT_TF_PREFIX,
         [
-            acct.dict(by_alias=True)  # convert CloudflareAccountV1 to dict
+            acct.model_dump(by_alias=True)  # convert CloudflareAccountV1 to dict
             for acct in query_accounts.accounts or []
             if acct.name in cf_clients.dump()  # use only if it is a registered client
         ],
@@ -442,4 +442,4 @@ def _get_cloudflare_desired_state() -> tuple[
 def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
     desired_state = _get_cloudflare_desired_state()
 
-    return {state.__repr_name__(): state.dict() for state in desired_state}
+    return {str(state): state.model_dump() for state in desired_state}

reconcile/terraform_cloudflare_users.py

@@ -88,7 +88,7 @@ class TerraformCloudflareUsers(
         if not settings.settings:
             raise RuntimeError("App interface setting not defined")
 
-        early_exit_desired_state = cloudflare_roles.dict()
+        early_exit_desired_state = cloudflare_roles.model_dump()
         early_exit_desired_state.update({
             CLOUDFLARE_EMAIL_DOMAIN_ALLOW_LIST_KEY: settings.settings
         })
@@ -149,7 +149,8 @@ class TerraformCloudflareUsers(
         }
 
         accounts = [
-            acct.dict(by_alias=True) for _, acct in account_names_to_account.items()
+            acct.model_dump(by_alias=True)
+            for _, acct in account_names_to_account.items()
         ]
 
         self._run_terraform(

reconcile/terraform_init/integration.py

@@ -1,6 +1,5 @@
 import logging
 from collections.abc import Callable
-from datetime import UTC, datetime
 from typing import Any
 
 import jinja2
@@ -12,12 +11,16 @@ from reconcile.gql_definitions.terraform_init.aws_accounts import (
 from reconcile.terraform_init.merge_request import Renderer, create_parser
 from reconcile.terraform_init.merge_request_manager import MergeRequestManager, MrData
 from reconcile.typed_queries.app_interface_repo_url import get_app_interface_repo_url
+from reconcile.typed_queries.aws_account_tags import get_aws_account_tags
+from reconcile.typed_queries.external_resources import get_settings
 from reconcile.typed_queries.github_orgs import get_github_orgs
 from reconcile.typed_queries.gitlab_instances import get_gitlab_instances
 from reconcile.utils import gql
 from reconcile.utils.aws_api_typed.api import AWSApi, AWSStaticCredentials
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.defer import defer
 from reconcile.utils.disabled_integrations import integration_is_enabled
+from reconcile.utils.gql import GqlApi
 from reconcile.utils.runtime.integration import (
     PydanticRunParams,
     QontractReconcileIntegration,
@@ -31,10 +34,16 @@ QONTRACT_INTEGRATION_VERSION = make_semver(1, 0, 0)
 
 
 class TerraformInitIntegrationParams(PydanticRunParams):
-    account_name: str | None
+    account_name: str | None = None
     # To avoid the accidental deletion of the resource file, explicitly set the
     # qontract.cli option in the integration extraArgs!
     state_tmpl_resource: str = "/terraform-init/terraform-state.yml"
+    cloudformation_template_resource: str = (
+        "/terraform-init/terraform-state-s3-bucket.yaml"
+    )
+    cloudformation_import_template_resource: str = (
+        "/terraform-init/terraform-state-s3-bucket-import.yaml"
+    )
     template_collection_root_path: str = "data/templating/collections/terraform-init"
 
 
@@ -55,25 +64,35 @@ class TerraformInitIntegration(
             query_func = gql.get_api().query
         return {
             "accounts": [
-                account.dict() for account in self.get_aws_accounts(query_func)
+                account.model_dump() for account in self.get_aws_accounts(query_func)
             ],
         }
 
     def get_aws_accounts(
         self, query_func: Callable, account_name: str | None = None
     ) -> list[AWSAccountV1]:
-        """Return all AWS accounts with terraform username but no terraform state set."""
+        """Return all AWS accounts with terraform username."""
         return [
             account
             for account in aws_accounts_query(query_func).accounts or []
             if integration_is_enabled(self.name, account)
             and (not account_name or account.name == account_name)
             and account.terraform_username
-            and not account.terraform_state
         ]
 
+    @staticmethod
+    def get_default_tags(gql_api: GqlApi) -> dict[str, str]:
+        try:
+            return get_settings(gql_api.query).default_tags
+        except ValueError:
+            # no settings found
+            return {}
+
+    @staticmethod
     def render_state_collection(
-        self, template: str, bucket_name: str, account: AWSAccountV1
+        template: str,
+        bucket_name: str,
+        account: AWSAccountV1,
     ) -> str:
         return jinja2.Template(
             template,
@@ -85,24 +104,114 @@ class TerraformInitIntegration(
             "account_name": account.name,
             "bucket_name": bucket_name,
             "region": account.resources_default_region,
-            "timestamp": int(datetime.now(tz=UTC).timestamp()),
+            "timestamp": int(utc_now().timestamp()),
         })
 
     def reconcile_account(
         self,
-        account_aws_api: AWSApi,
+        aws_api: AWSApi,
+        merge_request_manager: MergeRequestManager,
+        dry_run: bool,
+        account: AWSAccountV1,
+        state_template: str,
+        cloudformation_template: str,
+        cloudformation_import_template: str,
+        default_tags: dict[str, str],
+    ) -> None:
+        """
+        Reconcile the terraform state for a given account.
+
+        Create S3 bucket via CloudFormation and Merge Request to update template file on init.
+        Import existing bucket if it exists but not managed by CloudFormation.
+        Update CloudFormation stack if tags or template body differ.
+
+        CloudFormation stack name and bucket name is `terraform-<account_name>`.
+        `cloudformation_import_template` should be minimal template with identifier fields only.
+        `cloudformation_template` should be the full template.
+        Use import template to import then update stack to match full template.
+        This will ensure imported resources match CloudFormation template.
+        And all desired changes in full template are applied.
+        Both templates must have BucketName in Parameters.
+
+        Args:
+            aws_api: AWSApi: AWS API client for the target account.
+            merge_request_manager: MergeRequestManager: Manager to handle merge requests.
+            dry_run: bool: If True, do not make any changes.
+            account: AWSAccountV1: The AWS account to reconcile.
+            state_template: str: Jinja2 template for the Terraform state configuration.
+            cloudformation_template: str: CloudFormation template to create the S3 bucket.
+            cloudformation_import_template: str: CloudFormation template to import existing S3 bucket.
+            default_tags: dict[str, str]: Default tags to apply to the CloudFormation stack.
+
+        Returns:
+            None
+        """
+        bucket_name = (
+            account.terraform_state.bucket
+            if account.terraform_state
+            else f"terraform-{account.name}"
+        )
+
+        tags = default_tags | get_aws_account_tags(account.organization)
+
+        if account.terraform_state is None:
+            return self._provision_terraform_state(
+                aws_api=aws_api,
+                merge_request_manager=merge_request_manager,
+                dry_run=dry_run,
+                account=account,
+                bucket_name=bucket_name,
+                cloudformation_template=cloudformation_template,
+                state_template=state_template,
+                tags=tags,
+            )
+
+        stack = aws_api.cloudformation.get_stack(stack_name=bucket_name)
+
+        if stack is None:
+            return self._import_cloudformation_stack(
+                aws_api=aws_api,
+                dry_run=dry_run,
+                bucket_name=bucket_name,
+                cloudformation_import_template=cloudformation_import_template,
+                cloudformation_template=cloudformation_template,
+                tags=tags,
+            )
+
+        return self._reconcile_cloudformation_stack(
+            aws_api=aws_api,
+            dry_run=dry_run,
+            bucket_name=bucket_name,
+            cloudformation_template=cloudformation_template,
+            tags=tags,
+            current_tags={tag["Key"]: tag["Value"] for tag in stack.get("Tags", [])},
+        )
+
+    def _provision_terraform_state(
+        self,
+        aws_api: AWSApi,
         merge_request_manager: MergeRequestManager,
         dry_run: bool,
-        state_collection: str,
-        bucket_name: str,
         account: AWSAccountV1,
+        bucket_name: str,
+        cloudformation_template: str,
+        state_template: str,
+        tags: dict[str, str],
     ) -> None:
         logging.info("Creating bucket '%s' for account '%s'", bucket_name, account.name)
         if not dry_run:
-            # the creation of the bucket is idempotent
-            account_aws_api.s3.create_bucket(
-                name=bucket_name, region=account.resources_default_region
+            aws_api.cloudformation.create_stack(
+                stack_name=bucket_name,
+                change_set_name=f"create-{bucket_name}",
+                template_body=cloudformation_template,
+                parameters={"BucketName": bucket_name},
+                tags=tags,
             )
+        state_collection = self.render_state_collection(
+            template=state_template,
+            bucket_name=bucket_name,
+            account=account,
+        )
         merge_request_manager.create_merge_request(
             data=MrData(
                 account=account.name,
@@ -111,6 +220,55 @@ class TerraformInitIntegration(
             )
         )
 
+    @staticmethod
+    def _import_cloudformation_stack(
+        aws_api: AWSApi,
+        dry_run: bool,
+        bucket_name: str,
+        cloudformation_import_template: str,
+        cloudformation_template: str,
+        tags: dict[str, str],
+    ) -> None:
+        logging.info("Importing existing bucket %s", bucket_name)
+        if not dry_run:
+            aws_api.cloudformation.create_stack(
+                stack_name=bucket_name,
+                change_set_name=f"import-{bucket_name}",
+                template_body=cloudformation_import_template,
+                parameters={"BucketName": bucket_name},
+                tags=tags,
+            )
+            logging.info("Syncing stack %s after import", bucket_name)
+            aws_api.cloudformation.update_stack(
+                stack_name=bucket_name,
+                template_body=cloudformation_template,
+                parameters={"BucketName": bucket_name},
+                tags=tags,
+            )
+
+    @staticmethod
+    def _reconcile_cloudformation_stack(
+        aws_api: AWSApi,
+        dry_run: bool,
+        bucket_name: str,
+        cloudformation_template: str,
+        tags: dict[str, str],
+        current_tags: dict[str, str],
+    ) -> None:
+        if (
+            current_tags != tags
+            or aws_api.cloudformation.get_template_body(stack_name=bucket_name)
+            != cloudformation_template
+        ):
+            logging.info("Updating stack %s", bucket_name)
+            if not dry_run:
+                aws_api.cloudformation.update_stack(
+                    stack_name=bucket_name,
+                    template_body=cloudformation_template,
+                    parameters={"BucketName": bucket_name},
+                    tags=tags,
+                )
+
     @defer
     def run(self, dry_run: bool, defer: Callable | None = None) -> None:
         """Run the integration."""
@@ -144,6 +302,14 @@ class TerraformInitIntegration(
         state_template = gql_api.get_resource(path=self.params.state_tmpl_resource)[
             "content"
         ]
+        cloudformation_template = gql_api.get_resource(
+            path=self.params.cloudformation_template_resource
+        )["content"]
+        cloudformation_import_template = gql_api.get_resource(
+            path=self.params.cloudformation_import_template_resource
+        )["content"]
+        default_tags = self.get_default_tags(gql_api)
+
         for account in accounts:
             secret = self.secret_reader.read_all_secret(account.automation_token)
             with AWSApi(
@@ -153,15 +319,13 @@ class TerraformInitIntegration(
                     region=account.resources_default_region,
                 )
             ) as account_aws_api:
-                bucket_name = f"terraform-{account.name}"
-                state_collection = self.render_state_collection(
-                    state_template, bucket_name, account
-                )
                 self.reconcile_account(
-                    account_aws_api,
-                    merge_request_manager,
-                    dry_run,
-                    state_collection,
-                    bucket_name,
-                    account,
+                    aws_api=account_aws_api,
+                    merge_request_manager=merge_request_manager,
+                    dry_run=dry_run,
+                    account=account,
+                    state_template=state_template,
+                    cloudformation_template=cloudformation_template,
+                    cloudformation_import_template=cloudformation_import_template,
+                    default_tags=default_tags,
                 )