0.2.0 release (#10)

awslabs · Mar 11, 2019 · e239dae · e239dae
1 parent 4bc19cd
commit e239dae
Show file tree

Hide file tree

Showing 47 changed files with 1,109 additions and 384 deletions.
diff --git a/Makefile b/Makefile
@@ -5,6 +5,7 @@ test:
 	# Run unit tests
 	pytest src/initial/ -vvv -s -c src/initial/pytest.ini
 	pytest src/bootstrap_repository/ -vvv -s -c src/bootstrap_repository/pytest.ini
+	pytest src/bootstrap_repository/deployment/lambda_codebase -vvv -s -c src/bootstrap_repository/pytest.ini
 	pytest src/pipelines_repository/ -vvv -s -c src/pipelines_repository/pytest.ini
 
 lint:

diff --git a/README.md b/README.md
@@ -8,20 +8,9 @@ ADF allows for staged, parallel, multi-account, cross-region deployments of appl
 
 ADF allows for clearly defined deployment and approval stages which are stored in a centralized configuration file. It also allows for account based bootstrapping, by which you define an [AWS CloudFormation](https://aws.amazon.com/cloudformation/) template and assign it to a specific Organization Unit (OU) within AWS Organizations. From there, any account you move into this OU will automatically apply this template as its baseline.
 
-## Pre-Requisites
-
-- [awscli](https://aws.amazon.com/cli/)
-- [git](https://git-scm.com/)
-- [AWS CloudTrail configured](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html) in the AWS Organizations Master account.
-
 ## Quick Start
 
 - Refer to the [Admin Guide](/docs/admin-guide.md) for Installation steps and Administration.
 - Refer to the [User Guide](/docs/user-guide.md) for using ADF once it is setup.
 - Refer to the [Samples Guide](/docs/samples-guide.md) for a detailed walk through of the provided samples.
 
-### Tenets
-
-- Everything as Code.
-- AWS Cloud native services first.
-- Streamline cross account/region deployments.
diff --git a/docs/admin-guide.md b/docs/admin-guide.md
diff --git a/docs/samples-guide.md b/docs/samples-guide.md
@@ -59,7 +59,6 @@ pipelines:
     type: cc-cloudformation
     params:
       - SourceAccountId: 111111111111
-      - NotificationEndpoint: [email protected] # You will receive a confirmation email
       - RestartExecutionOnUpdate: True
     targets:
       - path: /banking/testing
@@ -69,7 +68,7 @@ pipelines:
         regions: us-west-2
 ```
 
-The *SourceAccountId* will be the Account Id of the account we created in the `banking/source` OU and *NotificationEndpoint* will be an email address of the pipeline owner/team. In this pipeline we have specified we want to deploy to two different regions as part of the stages. If you wish to deploy to the *"default"* region *(the one your deployment account is setup globally in)* you can omit the region and path keys as you will see below with our ECR Repository deployment.
+The *SourceAccountId* will be the Account Id of the account we created in the `banking/source` OU. In this pipeline we have specified we want to deploy to two different regions as part of the stages. If you wish to deploy to the *"default"* region *(the one your deployment account is setup globally in)* you can omit the region and path keys as you will see below with our ECR Repository deployment.
 
 Once we have updated our deployment map we can push these changes to the `aws-deployment-framework-pipelines` repository in the Deployment Account.
 
@@ -127,7 +126,6 @@ We can extend our `deployment_map.yml` file to include the new pipeline, *(remeb
     type: cc-cloudformation
     params:
       - SourceAccountId: 111111111111
-      - NotificationEndpoint: [email protected]
     targets:
       - /deployment
 ```
@@ -159,7 +157,6 @@ Let's add in our ECS Cluster pipeline to our Deployment Map.
     type: cc-cloudformation
     params:
       - SourceAccountId: 111111111111
-      - NotificationEndpoint: [email protected]
     targets:
       - path: /banking/testing
         regions: eu-west-1
@@ -182,7 +179,6 @@ Let's add the pipeline we need into the map once more.
     type: cc-cloudformation
     params:
       - SourceAccountId: 111111111111
-      - NotificationEndpoint: [email protected]
       - Image: aws/codebuild/docker:18.09.0
     targets:
       - path: /banking/testing

diff --git a/docs/user-guide.md b/docs/user-guide.md
@@ -44,7 +44,7 @@ pipelines:
     regions: [ eu-west-1, eu-central-1 ]
     params:
       - SourceAccountId: 8888877777777
-      - NotificationEndpoint: [email protected]
+      - NotificationEndpoint: channel1
     targets:
       - ou-12341
       - 22222222222
@@ -54,6 +54,8 @@ In the above example we are creating two pipelines. The first one will deploy fr
 
 The second example is a simple example that deploys to an OU using its OU identifier number `ou-12341`. You can chose between a absolute path *(as in the first example)* in your AWS Organization or by specifying the OU ID. The second stage of this pipeline is simply an AWS Account ID. If you have a small amount of accounts or want to one of deploy to a specific account you can use an AWS Account Id if required.
 
+In this second example, we have defined a channel named `channel1` as the *NotificationEndpoint*. By doing this we will have events from this pipeline reported into the Slack channel named *channel`*. In order for this functionality to work as expected please see [Integrating Slack](./admin-guide/integrating-slack)
+
 If you decide you no longer require a specific pipeline you can remove it from the deployment_map.yml file and commit those changes back to the *aws-deployment-framework-pipelines* repository *(on the deployment account)* in order for it to be cleaned up. The resources that were created as outputs from this pipeline will **not** be removed by this process.
 
 ## adfconfig
@@ -95,7 +97,7 @@ The Regions specification plays an important role in how your Deployment Framewo
 
 Config has three components in `main-notification-endpoint`, `moves` and `protected`.
 
-- **main-notification-endpoint** is the main notification endpoint for the bootstrapping pipeline and deployment account pipeline creation pipeline. This value should be a valid email address that will receive updates to the CodeCommit repository and CodePipeline associated with bootstrapping and creation/updating of all pipelines throughout your organization.
+- **main-notification-endpoint** is the main notification endpoint for the bootstrapping pipeline and deployment account pipeline creation pipeline. This value should be a valid email address or [slack](./admin-guide/#integrating-slack) channel that will receive updates about the status *(Success/Failure)* of CodePipeline that is associated with bootstrapping and creation/updating of all pipelines throughout your organization.
 - **moves** is configuration related to moving accounts within your AWS Organization. Currently the only configuration options for `moves` is named *to-root* and allows either `safe` or `remove_base`. If you specify *safe* you are telling the framework that when an AWS Account is moved from whichever OU it currently is in, back into the root of the Organization it will not make any direct changes to the account. It will however update any AWS CodePipeline pipelines that the account belonged to so that it is no longer a valid target. If you specify `remove_base` for this option and move an account to the root of your organization it will attempt to the base CloudFormation stacks *(regional and global)* from the account and then update any associated pipeline.
 - **protected** is a configuration that allows you to specify a list of OUs that are not configured by the AWS Deployment Framework bootstrapping process. You can move accounts to the protected OUs which will skip the standard bootstrapping process. This is useful for migrating existing accounts into being managed by The ADF.
 

diff --git a/samples/sample-vpc/buildspec.yml b/samples/sample-vpc/buildspec.yml
@@ -5,7 +5,7 @@ phases:
     commands:
       - export PYTHONPATH=$PWD/adf-build/shared/python
       - aws s3 cp s3://$S3_BUCKET_NAME/adf-build/ adf-build/ --recursive --quiet
-      - pip install -r adf-build/requirements.txt
+      - pip install -r adf-build/requirements.txt -q
       - python adf-build/generate_params.py
 artifacts:
   files: '**/*'
diff --git a/src/bootstrap_repository/adf-build/config.py b/src/bootstrap_repository/adf-build/config.py
@@ -28,9 +28,12 @@ def __init__(self, parameter_store=None, config_path=None):
         self.config_path = config_path or './adfconfig.yml'
         self.organization_id = os.environ["ORGANIZATION_ID"]
         self.client_deployment_region = None
+        self.notification_type = None
+        self.notification_endpoint = None
         self.config_contents = None
         self.config = None
         self.deployment_account_region = None
+        self.notification_channel = None
         self.protected = None
         self.target_regions = None
         self.cross_account_access_role = None
@@ -75,6 +78,9 @@ def _validate(self):
             self.target_regions = [self.target_regions]
 
     def _load_config_file(self):
+        """
+        Loads the adfconfig.yml file and executes _parse_config
+        """
         with open(self.config_path) as config:
             self.config_contents = yaml.load(config, Loader=yaml.FullLoader)
             self._parse_config()
@@ -83,6 +89,7 @@ def _parse_config(self):
         """
         Parses the adfconfig.yml file and executes _validate
         """
+
         self.deployment_account_region = self.config_contents.get(
             'regions', None).get('deployment-account', None)
         self.target_regions = self.config_contents.get(
@@ -91,6 +98,11 @@ def _parse_config(self):
             'roles', None).get('cross-account-access', None)
         self.config = self.config_contents.get('config', None)
         self.protected = self.config.get('protected', [])
+        self.notification_type = 'lambda' if self.config.get(
+            'main-notification-endpoint')[0].get('type') == 'slack' else 'email'
+        self.notification_endpoint = self.config.get(
+            'main-notification-endpoint')[0].get('target')
+        self.notification_channel = None if self.notification_type == 'email' else self.notification_endpoint
 
         self._validate()
 
@@ -112,14 +124,17 @@ def _store_cross_region_config(self):
 
     def _store_config(self):
         """
-        Stores the configuration in Parameter Store on
+        Stores the required configuration in Parameter Store on
         The master account in us-east-1.
         """
         for key, value in self.__dict__.items():
             if key not in (
                     "client",
                     "client_deployment_region",
                     "parameters_client",
-                    "config_contents"
+                    "config_contents",
+                    "config_path",
+                    "notification_endpoint",
+                    "notification_type"
             ):
                 self.parameters_client.put_parameter(key, str(value))