remove paris exception and add fixes to test it (#849)

aws-samples · Jun 26, 2024 · 733e76b · 733e76b
1 parent b42b5a3
commit 733e76b
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 19 deletions.
diff --git a/cfn-templates/cid-admin-policies.yaml b/cfn-templates/cid-admin-policies.yaml
@@ -458,6 +458,7 @@ Resources:
           Effect: Allow
           Resource:
           - !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:cid-CID-Analytics
+          - !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:cid-CID-CURCreator
 
         - Sid: S3
           Action:

diff --git a/cfn-templates/cid-cfn.yml b/cfn-templates/cid-cfn.yml
@@ -252,7 +252,6 @@ Conditions:
     Fn::And:
       - !Condition NeedDataBucketsKms
       - !Condition NeedCURTable
-  NeedDatasource: !Not [ !Equals [ !Ref "AWS::Region", "eu-west-3" ] ] # In eu-west-3 CFN QS Dataset resource is not available yet.
   NeedLakeFormationEnabled:
     Fn::And:
       - !Equals [ !Ref LakeFormationEnabled, "yes" ]
@@ -265,14 +264,8 @@ Conditions:
     Fn::And:
       - !Equals [ !Ref LakeFormationEnabled, "yes" ]
       - !Condition NeedCURTable
-  UseQuickSightDataSourceRole:
-    Fn::And:
-      - !Condition NeedDatasource
-      - !Not [!Equals [ !Ref QuickSightDataSourceRoleName, "" ]]
-  NeedQuickSightDataSourceRole:
-    Fn::And:
-      - !Condition NeedDatasource
-      - !Equals [ !Ref QuickSightDataSourceRoleName, "CidQuickSightDataSourceRole" ]
+  UseQuickSightDataSourceRole: !Not [!Equals [ !Ref QuickSightDataSourceRoleName, "" ]]
+  NeedQuickSightDataSourceRole: !Equals [ !Ref QuickSightDataSourceRoleName, "CidQuickSightDataSourceRole" ]
   NeedQuickSightDataSourceRoleAndCUR:
     Fn::And:
       - !Condition NeedQuickSightDataSourceRole
@@ -1258,7 +1251,6 @@ Resources:
 
   CidAthenaDataSource:
     Type: AWS::QuickSight::DataSource
-    Condition: NeedDatasource
     Properties:
       AwsAccountId: !Sub '${AWS::AccountId}'
       Type: ATHENA
@@ -1634,7 +1626,7 @@ Resources:
       Dashboard:
         dashboard-id: cost_intelligence_dashboard
         athena-workgroup: !If [ NeedAthenaWorkgroup, !Ref MyAthenaWorkGroup, !Ref AthenaWorkgroup ]
-        quicksight-datasource-id: !If [ NeedDatasource, !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]], 'CID-Athena-1']
+        quicksight-datasource-id: !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]]
         quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
         athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
         glue-data-catalog: !Ref GlueDataCatalog
@@ -1654,7 +1646,7 @@ Resources:
       Dashboard:
         dashboard-id: cudos
         athena-workgroup: !If [ NeedAthenaWorkgroup, !Ref MyAthenaWorkGroup, !Ref AthenaWorkgroup ]
-        quicksight-datasource-id: !If [ NeedDatasource, !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]], 'CID-Athena-1']
+        quicksight-datasource-id: !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]]
         quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
         athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
         glue-data-catalog: !Ref GlueDataCatalog
@@ -1676,7 +1668,7 @@ Resources:
       Dashboard:
         dashboard-id: cudos-v5
         athena-workgroup: !If [ NeedAthenaWorkgroup, !Ref MyAthenaWorkGroup, !Ref AthenaWorkgroup ]
-        quicksight-datasource-id: !If [ NeedDatasource, !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]], 'CID-Athena-1']
+        quicksight-datasource-id: !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]]
         quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
         athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
         glue-data-catalog: !Ref GlueDataCatalog
@@ -1698,7 +1690,7 @@ Resources:
       Dashboard:
         dashboard-id: kpi_dashboard
         athena-workgroup: !If [ NeedAthenaWorkgroup, !Ref MyAthenaWorkGroup, !Ref AthenaWorkgroup ]
-        quicksight-datasource-id: !If [ NeedDatasource, !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]], 'CID-Athena-1']
+        quicksight-datasource-id: !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]]
         quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
         athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
         glue-data-catalog: !Ref GlueDataCatalog
@@ -1723,7 +1715,7 @@ Resources:
       Dashboard:
         dashboard-id: ta-organizational-view
         athena-workgroup: !If [ NeedAthenaWorkgroup, !Ref MyAthenaWorkGroup, !Ref AthenaWorkgroup ]
-        quicksight-datasource-id: !If [ NeedDatasource, !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]], 'CID-Athena-1']
+        quicksight-datasource-id: !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]]
         quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
         athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
         glue-data-catalog: !Ref GlueDataCatalog
@@ -1743,7 +1735,7 @@ Resources:
       Dashboard:
         dashboard-id: compute-optimizer-dashboard
         athena-workgroup: !If [ NeedAthenaWorkgroup, !Ref MyAthenaWorkGroup, !Ref AthenaWorkgroup ]
-        quicksight-datasource-id: !If [ NeedDatasource, !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]], 'CID-Athena-1']
+        quicksight-datasource-id: !Select [ 1, !Split [ '/', !GetAtt CidAthenaDataSource.Arn]]
         quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
         athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
         glue-data-catalog: !Ref GlueDataCatalog

diff --git a/cfn-templates/tests/test_deploy_with_permissions.py b/cfn-templates/tests/test_deploy_with_permissions.py
@@ -65,8 +65,8 @@ def upload_to_s3(filename, path=None): # move to tools
     s3c = boto3.client('s3')
     bucket = TMP_BUCKET
     try:
-        s3c.create_bucket(Bucket=bucket)
-    except s3c.exceptions.BucketAlreadyExists:
+        s3c.create_bucket(Bucket=bucket, CreateBucketConfiguration={'LocationConstraint': region})
+    except (s3c.exceptions.BucketAlreadyExists, s3c.exceptions.BucketAlreadyOwnedByYou):
         pass
     s3c.upload_file(filename, bucket, path)
     return f'https://{bucket}.s3.amazonaws.com/{path}'
@@ -127,7 +127,14 @@ def watch_stacks(cloudformation, stacks=None): # move to tools
 def get_qs_user(): # move to tools
     """ get any valid qs user """
     qs_ = boto3.client('quicksight')
-    users = qs_.list_users(AwsAccountId=account_id, Namespace='default')['UserList']
+    try:
+        users = qs_.list_users(AwsAccountId=account_id, Namespace='default')['UserList']
+    except qs_.exceptions.AccessDeniedException as exc:
+        if 'your identity region is ' in str(exc):
+            id_region = str(exc).split('your identity region is ')[1].split('.')[0]
+            users = boto3.client('quicksight', region_name=id_region).list_users(AwsAccountId=account_id, Namespace='default')['UserList']
+        else:
+            raise
     assert users, 'No QS users, pleas create one.' # nosec B101:assert_used
     return users[0]['UserName']