Skip to content

Commit

Permalink
Update dependencies throughout codebase (#56)
Browse files Browse the repository at this point in the history 
* Update dependencies throughout codebase

* Lint
  • Loading branch information
@ryanjjung
ryanjjung authored Dec 2, 2024
1 parent 67a60fb commit e41b0c4
Show file tree
Hide file tree
Showing 8 changed files with 83 additions and 47 deletions.
10 changes: 5 additions & 5 deletions tb_pulumi/ci.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,12 @@ class AwsAutomationUser(tb_pulumi.ThunderbirdComponentResource):
:param fargate_clusters: When ``enable_fargate_deployments`` is True, permission will be granted to deploy to
this list of clusters. Defaults to None.
:type fargate_clusters: str, optional
:type fargate_clusters: list[str], optional
:param fargate_task_role_arns: When ``enable_fargate_deployments`` is True, permission will be granted for the
user to authenticate as this list of task roles. This should be a list of ARNs of task execution roles in
the clusters you wish to deploy to. Defaults to None.
:type fargate_task_role_arns: str, optional
:type fargate_task_role_arns: list[str], optional
:param enable_full_s3_access: When True, allows the user unrestricted access to select S3 buckets. Use this when
your CI needs to be able to run Pulumi executions. Those commands will need to run with access to the Pulumi
Expand Down Expand Up @@ -81,12 +81,12 @@ def __init__(
enable_ecr_image_push: bool = False,
ecr_repositories: list[str] = None,
enable_fargate_deployments: str = False,
fargate_clusters: str = None,
fargate_task_role_arns: str = None,
fargate_clusters: list[str] = None,
fargate_task_role_arns: list[str] = None,
enable_full_s3_access: bool = False,
s3_full_access_buckets: list = [],
enable_s3_bucket_upload: bool = False,
s3_upload_buckets: list = [],
s3_upload_buckets: list[str] = [],
opts: pulumi.ResourceOptions = None,
**kwargs,
):
Expand Down
7 changes: 4 additions & 3 deletions tb_pulumi/cloudfront.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ def __init__(
],
'owner': {'id': canonical_user},
},
opts=pulumi.ResourceOptions(parent=self, depends_on=[logging_bucket_ownership]),
opts=pulumi.ResourceOptions(parent=self, depends_on=[logging_bucket, logging_bucket_ownership]),
)

# Create an Origin Access Control to use when CloudFront talks to S3
Expand All @@ -125,10 +125,10 @@ def __init__(
signing_protocol='sigv4',
description=f'Serve {service_bucket_name} contents via CDN',
name=service_bucket_name,
opts=pulumi.ResourceOptions(parent=self, depends_on=[service_bucket]),
opts=pulumi.ResourceOptions(parent=self),
)

# Define the S3 DistributionOrigin and set up the distribution
# Define the S3 DistributionOrigin and set up the distribution.
# The `bucket_regional_domain_name` output does not actually seem to contain the region. This may be a bug in
# the AWS Pulumi provider. For now, we have to form this domain ourselves or it will be incorrect.
bucket_regional_domain_name = f'{service_bucket_name}.s3.{project.aws_region}.amazonaws.com'
Expand Down Expand Up @@ -170,6 +170,7 @@ def __init__(
tags=self.tags,
opts=pulumi.ResourceOptions(
parent=self,
depends_on=[logging_bucket, oac],
ignore_changes=['defaultCacheBehavior.functionAssociations'],
),
**distribution,
Expand Down
23 changes: 18 additions & 5 deletions tb_pulumi/cloudwatch.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ def __init__(
protocol='email',
endpoint=email,
topic=sns_topic.arn,
opts=pulumi.ResourceOptions(parent=self, depends_on=[sns_topic]),
)
)

Expand All @@ -71,7 +72,7 @@ def __init__(
project=self.project,
resource=res,
monitoring_group=self,
opts=pulumi.ResourceOptions(parent=self),
opts=pulumi.ResourceOptions(parent=self, depends_on=[res]),
)

self.finish(
Expand Down Expand Up @@ -131,12 +132,15 @@ def __init__(
lambda outputs: aws.cloudwatch.MetricAlarm(
f'{self.name}-5xx',
name=f'{self.project.name_prefix}-5xx',
alarm_actions=monitoring_group.resources['sns_topic'].arn,
comparison_operator='GreaterThanOrEqualToThreshold',
dimensions={'LoadBalancer': outputs['res_suffix']},
metric_name='HTTPCode_ELB_5XX_Count',
namespace='AWS/ApplicationELB',
alarm_description=f'Elevated 5xx errors on ALB {outputs['res_name']}',
opts=pulumi.ResourceOptions(parent=self, depends_on=[resource]),
opts=pulumi.ResourceOptions(
parent=self, depends_on=[resource, monitoring_group.resources['sns_topic']]
),
**fivexx_opts,
)
if fivexx_enabled
Expand All @@ -159,12 +163,15 @@ def __init__(
lambda outputs: aws.cloudwatch.MetricAlarm(
f'{self.name}-responsetime',
name=f'{self.project.name_prefix}-responsetime',
alarm_actions=monitoring_group.resources['sns_topic'].arn,
comparison_operator='GreaterThanOrEqualToThreshold',
dimensions={'LoadBalancer': outputs['res_suffix']},
metric_name='TargetResponseTime',
namespace='AWS/ApplicationELB',
alarm_description=f'Average response time is over {response_time_opts['threshold']} second(s) for {response_time_opts['period']} seconds', # noqa: E501
opts=pulumi.ResourceOptions(parent=self, depends_on=[resource]),
opts=pulumi.ResourceOptions(
parent=self, depends_on=[resource, monitoring_group.resources['sns_topic']]
),
**response_time_opts,
)
if response_time_enabled
Expand Down Expand Up @@ -232,6 +239,7 @@ def __init__(
lambda outputs: aws.cloudwatch.MetricAlarm(
f'{self.name}-cpu',
name=f'{self.project.name_prefix}-cpu',
alarm_actions=monitoring_group.resources['sns_topic'].arn,
comparison_operator='GreaterThanOrEqualToThreshold',
# There is no direct way to get the Cluster name from a Service, but we can get the ARN, which has the
# name as the final portion after the last slash.
Expand All @@ -240,7 +248,9 @@ def __init__(
namespace='AWS/ECS',
alarm_description=f'CPU utilization on the {outputs['res_name']} cluster exceeds '
f'{cpu_utilization_opts['threshold']}%',
opts=pulumi.ResourceOptions(parent=self, depends_on=[resource]),
opts=pulumi.ResourceOptions(
parent=self, depends_on=[resource, monitoring_group.resources['sns_topic']]
),
**cpu_utilization_opts,
)
if cpu_utilization_enabled
Expand All @@ -264,6 +274,7 @@ def __init__(
lambda outputs: aws.cloudwatch.MetricAlarm(
f'{self.name}-memory',
name=f'{self.project.name_prefix}-memory',
alarm_actions=monitoring_group.resources['sns_topic'].arn,
comparison_operator='GreaterThanOrEqualToThreshold',
# There is no direct way to get the Cluster name from a Service, but we can get the ARN, which has the
# name as the final portion after the last slash.
Expand All @@ -272,7 +283,9 @@ def __init__(
namespace='AWS/ECS',
alarm_description=f'Memory utilization on the {outputs['res_name']} cluster exceeds '
f'{memory_utilization_opts['threshold']}%',
opts=pulumi.ResourceOptions(parent=self, depends_on=[resource]),
opts=pulumi.ResourceOptions(
parent=self, depends_on=[resource, monitoring_group.resources['sns_topic']]
),
**memory_utilization_opts,
)
if memory_utilization_enabled
Expand Down
4 changes: 2 additions & 2 deletions tb_pulumi/ec2.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ def __init__(
target_type='ip',
vpc_id=subnets[0].vpc_id,
tags=self.tags,
opts=pulumi.ResourceOptions(parent=self, depends_on=[nlb]),
opts=pulumi.ResourceOptions(parent=self, depends_on=[nlb, subnets[0]]),
)

# Add targets to the target group
Expand Down Expand Up @@ -280,7 +280,7 @@ def __init__(
volume_tags=self.tags,
vpc_security_group_ids=sg_ids,
tags=instance_tags,
opts=pulumi.ResourceOptions(parent=self),
opts=pulumi.ResourceOptions(parent=self, depends_on=[keypair.resources['keypair']]),
)

self.finish(
Expand Down
38 changes: 25 additions & 13 deletions tb_pulumi/fargate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ def __init__(
arp = json.dumps(arp)

# IAM policy for shipping logs
doc = log_group.arn.apply(
log_doc = log_group.arn.apply(
lambda arn: json.dumps(
{
'Version': '2012-10-17',
Expand All @@ -153,12 +153,12 @@ def __init__(
f'{name}-policy-logs',
name=f'{name}-logging',
description='Allows Fargate tasks to log to their log group',
policy=doc,
policy=log_doc,
opts=pulumi.ResourceOptions(parent=self, depends_on=[log_group]),
)

# IAM policy for accessing container dependencies
doc = json.dumps(
container_doc = json.dumps(
{
'Version': '2012-10-17',
'Statement': [
Expand Down Expand Up @@ -197,7 +197,7 @@ def __init__(
f'{name}-policy-exec',
name=f'{name}-exec',
description=f'Allows {self.project.project} tasks access to resources they need to run',
policy=doc,
policy=container_doc,
opts=pulumi.ResourceOptions(parent=self),
)

Expand All @@ -213,13 +213,12 @@ def __init__(
policy_exec,
],
tags=self.tags,
opts=pulumi.ResourceOptions(parent=self),
opts=pulumi.ResourceOptions(parent=self, depends_on=[policy_exec, policy_log_sending]),
)

# Fargate Cluster
cluster = aws.ecs.Cluster(
f'{name}-cluster',
opts=pulumi.ResourceOptions(parent=self, depends_on=[log_key, log_group]),
name=name,
configuration={
'executeCommandConfiguration': {
Expand All @@ -233,6 +232,7 @@ def __init__(
},
settings=[{'name': 'containerInsights', 'value': 'enabled' if enable_container_insights else 'disabled'}],
tags=self.tags,
opts=pulumi.ResourceOptions(parent=self, depends_on=[log_key, log_group]),
)

# Prep the task definition
Expand All @@ -247,10 +247,13 @@ def __init__(
log_group_name=outputs[0],
aws_region=outputs[1],
task_role_arn=outputs[2],
dependencies=[log_group, task_role],
)
)

# Build ALBs and related resources to route traffic to our services
# Build ALBs and related resources to route traffic to our services. Perhaps unintuitively, the Service is
# dependent upon load balancers, not the other way around, since it must manipulate their configs to match the
# IP addresses of the running containers.
fsalb_name = f'{name}-fargateservicealb'
fargate_service_alb = FargateServiceAlb(
fsalb_name,
Expand Down Expand Up @@ -289,7 +292,7 @@ def __init__(
},
task_definition=task_definition_res,
tags=self.tags,
opts=pulumi.ResourceOptions(parent=self, depends_on=[cluster, task_definition_res]),
opts=pulumi.ResourceOptions(parent=self, depends_on=[cluster, fargate_service_alb, task_definition_res]),
)

self.finish(
Expand All @@ -311,7 +314,13 @@ def __init__(
)

def task_definition(
self, task_def: dict, family: str, log_group_name: str, aws_region: str, task_role_arn: str
self,
task_def: dict,
family: str,
log_group_name: str,
aws_region: str,
task_role_arn: str,
dependencies: list[pulumi.Resource] = [],
) -> aws.ecs.TaskDefinition:
"""Returns an ECS task definition resource.
Expand All @@ -330,6 +339,9 @@ def task_definition(
:param task_role_arn: ARN of the IAM role the task will run as.
:type task_role_arn: str
:param dependencies: List of Resources this task definition is dependent upon.
:type dependencies: list[pulumi.Resource]
:return: A TaskDefinition Resource
:rtype: aws.ecs.TaskDefinition
"""
Expand Down Expand Up @@ -361,7 +373,7 @@ def task_definition(

task_def_res = aws.ecs.TaskDefinition(
f'{family}-taskdef',
opts=pulumi.ResourceOptions(parent=self),
opts=pulumi.ResourceOptions(parent=self, depends_on=[*dependencies]),
**task_def,
)

Expand Down Expand Up @@ -463,7 +475,7 @@ def __init__(
security_groups=security_groups,
subnets=[subnet.id for subnet in subnets],
tags=self.tags,
opts=pulumi.ResourceOptions(parent=self),
opts=pulumi.ResourceOptions(parent=self, depends_on=[*subnets]),
)

# Build a target group
Expand All @@ -483,7 +495,7 @@ def __init__(
target_type='ip',
ip_address_type='ipv4',
tags=svc_tags,
opts=pulumi.ResourceOptions(parent=self),
opts=pulumi.ResourceOptions(parent=self, depends_on=[subnets[0]]),
)

# Build a listener for the target group
Expand All @@ -496,7 +508,7 @@ def __init__(
protocol=listener_proto,
ssl_policy=ssl_policy,
tags=svc_tags,
opts=pulumi.ResourceOptions(parent=self),
opts=pulumi.ResourceOptions(parent=self, depends_on=[albs[svc_name]]),
)

self.finish(outputs={}, resources={'albs': albs, 'listeners': listeners, 'target_groups': target_groups})
15 changes: 8 additions & 7 deletions tb_pulumi/network.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ def __init__(
f'{name}-subnetassoc-{idx}',
route_table_id=vpc.default_route_table_id,
subnet_id=subnet.id,
opts=pulumi.ResourceOptions(parent=self, depends_on=[subnet, vpc]),
)
)

Expand All @@ -135,7 +136,7 @@ def __init__(
f'{name}-ig',
vpc_id=vpc.id,
tags=ig_tags,
opts=pulumi.ResourceOptions(parent=self, depends_on=vpc),
opts=pulumi.ResourceOptions(parent=self, depends_on=[vpc]),
)
if egress_via_internet_gateway:
subnet_ig_route = aws.ec2.Route(
Expand All @@ -152,7 +153,7 @@ def __init__(
domain='vpc',
public_ipv4_pool='amazon',
network_border_group=self.project.aws_region,
opts=pulumi.ResourceOptions(parent=self, depends_on=vpc),
opts=pulumi.ResourceOptions(parent=self, depends_on=[vpc]),
)
ng_tags = {'Name': name}
ng_tags.update(self.tags)
Expand All @@ -161,7 +162,7 @@ def __init__(
allocation_id=nat_eip.allocation_id,
subnet_id=subnets[0].id,
tags=ng_tags,
opts=pulumi.ResourceOptions(parent=self, depends_on=nat_eip),
opts=pulumi.ResourceOptions(parent=self, depends_on=[nat_eip, subnets[0]]),
)
if egress_via_nat_gateway:
subnet_ng_route = aws.ec2.Route(
Expand Down Expand Up @@ -198,7 +199,7 @@ def __init__(
}
],
},
opts=pulumi.ResourceOptions(parent=self),
opts=pulumi.ResourceOptions(parent=self, depends_on=[vpc]),
tags=self.tags,
)

Expand All @@ -214,7 +215,7 @@ def __init__(
vpc_endpoint_type='Interface',
vpc_id=vpc.id,
tags=self.tags,
opts=pulumi.ResourceOptions(parent=self, depends_on=[*subnet_rs, endpoint_sg.resources['sg']]),
opts=pulumi.ResourceOptions(parent=self, depends_on=[vpc, *subnet_rs, endpoint_sg.resources['sg']]),
)
)

Expand All @@ -228,7 +229,7 @@ def __init__(
vpc_endpoint_type='Gateway',
vpc_id=vpc.id,
tags=self.tags,
opts=pulumi.ResourceOptions(parent=self, depends_on=[*subnet_rs, endpoint_sg.resources['sg']]),
opts=pulumi.ResourceOptions(parent=self, depends_on=[vpc, *subnet_rs, endpoint_sg.resources['sg']]),
)
)

Expand Down Expand Up @@ -305,11 +306,11 @@ def __init__(
# Build a security group in the provided VPC
sg = aws.ec2.SecurityGroup(
f'{name}-sg',
opts=pulumi.ResourceOptions(parent=self),
name=name,
description=f'Send Suite backend security group ({self.project.stack})',
vpc_id=vpc_id,
tags=self.tags,
opts=pulumi.ResourceOptions(parent=self),
)

# Set up security group rules for that SG
Expand Down
Loading

0 comments on commit e41b0c4

Please sign in to comment.