Support Code Commit source actions

cumulus/chain/chain.py

@@ -1,4 +1,3 @@
-import chaincontext  # noqa
 from termcolor import colored
 
 

cumulus/policies/codebuild.py

@@ -36,6 +36,7 @@ def get_policy_code_build_general_access(policy_name):
                         awacs.aws.Action("lambda", "*"),
                         awacs.aws.Action("sqs", "*"),
                         awacs.aws.Action("events", "*"),
+                        awacs.aws.Action("logs", "*"),
                         awacs.ecr.GetDownloadUrlForLayer,
                         awacs.ecr.BatchGetImage,
                         awacs.ecr.BatchCheckLayerAvailability,

cumulus/steps/dev_tools/code_build_action.py

@@ -48,10 +48,11 @@ def __init__(self,
 
     def handle(self, chain_context):
 
-        print("Adding action %stage." % self.action_name)
+        print("Adding action %s Stage." % self.action_name)
+        suffix = "%s%s" %(self.stage_name_to_add, self.action_name)
 
-        policy_name = "CodeBuildPolicy%stage" % chain_context.instance_name
-        role_name = "CodeBuildRole%stage" % self.action_name
+        policy_name = "CodeBuildPolicy%s" % chain_context.instance_name
+        role_name = "CodeBuildRole%s" % suffix
 
         codebuild_role = iam.Role(
             role_name,
@@ -90,7 +91,7 @@ def handle(self, chain_context):
             chain_context=chain_context,
             codebuild_role=codebuild_role,
             codebuild_environment=self.environment,
-            name=self.action_name,
+            name=self.action_name + suffix,
         )
 
         code_build_action = cumulus.types.codebuild.buildaction.CodeBuildAction(

cumulus/steps/dev_tools/pipeline.py

@@ -8,6 +8,7 @@
 import awacs.logs
 import awacs.ec2
 import awacs.iam
+import awacs.codecommit
 
 from cumulus.chain import step
 import cumulus.steps.dev_tools
@@ -142,6 +143,17 @@ def handle(self, chain_context):
                         # TODO: restrict more accurately
                         Resource=["*"]
                     ),
+                    awacs.aws.Statement(
+                        Effect=awacs.aws.Allow,
+                        Action=[
+                            awacs.codecommit.GetBranch,
+                            awacs.codecommit.GetCommit,
+                            awacs.codecommit.UploadArchive,
+                            awacs.codecommit.GetUploadArchiveStatus,
+                            awacs.codecommit.CancelUploadArchive
+                        ],
+                        Resource=["*"]
+                    ),
                 ],
             )
         )
@@ -166,8 +178,10 @@ def handle(self, chain_context):
             ]
         )
 
+
         generic_pipeline = codepipeline.Pipeline(
-            "AppPipeline",
+            "Pipeline",
+            Name=chain_context.instance_name,
             RoleArn=troposphere.GetAtt(pipeline_service_role, "Arn"),
             Stages=[],
             ArtifactStore=codepipeline.ArtifactStore(

cumulus/steps/dev_tools/pipeline_source_action_code_commit.py

@@ -0,0 +1,97 @@
+import awacs
+import awacs.aws
+import awacs.ec2
+import awacs.iam
+import awacs.logs
+import awacs.s3
+import awacs.sts
+from troposphere import iam, \
+    codepipeline, Ref
+
+import cumulus.policies
+import cumulus.policies.codebuild
+from cumulus.chain import step
+from cumulus.steps.dev_tools import META_PIPELINE_BUCKET_POLICY_REF
+from cumulus.types.codebuild.buildaction import SourceS3Action, SourceCodeCommitAction
+from cumulus.util.tropo import TemplateQuery
+
+
+class SourceActionCodeCommit(step.Step):
+
+    def __init__(self,
+                 action_name,
+                 output_artifact_name,
+                 ):
+        """
+        :type s3_object_key: basestring Path of the artifact in the bucket.
+        :type s3_bucket_name: basestring or troposphere.Ref Object of the bucket name.
+        :type input_artifact_name: basestring The artifact name in the pipeline.
+              (should contain buildspec.yml. You can override that name in a codebuild action)
+        :type action_name: basestring Displayed on the console
+        :type environment: troposphere.codebuild.Environment Optional if you need ENV vars or a different build.
+        :type vpc_config.Vpc_Config: Only required if the codebuild step requires access to the VPC
+        """
+        step.Step.__init__(self)
+        self.output_artifact_name = output_artifact_name
+        self.action_name = action_name
+
+    def handle(self, chain_context):
+        print("Adding source action %s." % self.action_name)
+
+        policy_name = "CodeBuildPolicy%s" % chain_context.instance_name
+        codebuild_policy = cumulus.policies.codebuild.get_policy_code_build_general_access(policy_name)
+
+        role_name = "PipelineSourceRole%s" % self.action_name
+        codebuild_role = iam.Role(
+            role_name,
+            Path="/",
+            AssumeRolePolicyDocument=awacs.aws.Policy(
+                Statement=[
+                    awacs.aws.Statement(
+                        Effect=awacs.aws.Allow,
+                        Action=[awacs.sts.AssumeRole],
+                        Principal=awacs.aws.Principal(
+                            'Service',
+                            "codebuild.amazonaws.com"
+                        )
+                    )]
+            ),
+            Policies=[
+                codebuild_policy
+            ],
+            ManagedPolicyArns=[
+                chain_context.metadata[META_PIPELINE_BUCKET_POLICY_REF]
+            ]
+        )
+
+        source_action = SourceCodeCommitAction(
+            Name=self.action_name,
+            OutputArtifacts=[
+                codepipeline.OutputArtifacts(
+                    Name=self.output_artifact_name
+                )
+            ],
+            # TODO: when parameters are figured out, inject tehm into the template here.
+            Configuration={
+                "RepositoryName": Ref("RepositoryName"),
+                "BranchName": Ref("RepositoryBranch"),
+            },
+        )
+
+        chain_context.template.add_resource(codebuild_role)
+
+        found_pipelines = TemplateQuery.get_resource_by_type(
+            template=chain_context.template,
+            type_to_find=codepipeline.Pipeline)
+        pipeline = found_pipelines[0]
+
+        # Alternate way to get this
+        # dummy = TemplateQuery.get_resource_by_title(chain_context.template, 'AppPipeline')
+
+        stages = pipeline.Stages  # type: list
+
+        # TODO: find stage by name
+        first_stage = stages[0]
+
+        # TODO accept a parallel action to the previous action, and don't +1 here.
+        first_stage.Actions.append(source_action)

cumulus/steps/dev_tools/pipeline_stage.py

@@ -30,4 +30,4 @@ def handle(self, chain_context):
 
         stages.append(pipeline_stage)
 
-        print("Added stage to pipeline %s" % stages.count(stages))
+        print("Added stage '%s' to pipeline %s" % (self.stage_name, stages.count(stages)))

cumulus/types/codebuild/buildaction.py

@@ -17,6 +17,22 @@ def __init__(self, **kwargs):
         self.RunOrder = "1"
 
 
+class SourceCodeCommitAction(troposphere.codepipeline.Actions):
+    """
+        This class doesn't do much except set the ActionType to reduce code clutter
+    """
+    def __init__(self, **kwargs):
+        super(SourceCodeCommitAction, self).__init__(**kwargs)
+
+        self.ActionTypeId = troposphere.codepipeline.ActionTypeId(
+                Category="Source",
+                Owner="AWS",
+                Version="1",
+                Provider="CodeCommit",
+            )
+        self.RunOrder = "1"
+
+
 class CodeBuildAction(troposphere.codepipeline.Actions):
     """
         This class doesn't do much except set the ActionType to reduce code clutter