Release: 1.10.4

aws-ia · Aug 10, 2023 · 6c0b356 · 6c0b356
1 parent 05992d6
commit 6c0b356
Show file tree

Hide file tree

Showing 43 changed files with 656 additions and 494 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.10.3
+1.10.4
diff --git a/modules/aft-account-provisioning-framework/versions.tf b/modules/aft-account-provisioning-framework/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.9.0"
+      version = ">= 4.27.0, < 5.0.0"
     }
   }
 }
diff --git a/modules/aft-code-repositories/versions.tf b/modules/aft-code-repositories/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.27.0"
+      version = ">= 4.27.0, < 5.0.0"
     }
   }
 }
diff --git a/modules/aft-customizations/versions.tf b/modules/aft-customizations/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.27.0"
+      version = ">= 4.27.0, < 5.0.0"
     }
   }
 }
diff --git a/modules/aft-iam-roles/admin-role/main.tf b/modules/aft-iam-roles/admin-role/main.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.27.0"
+      version = ">= 4.27.0, < 5.0.0"
     }
   }
 }
diff --git a/modules/aft-iam-roles/service-role/main.tf b/modules/aft-iam-roles/service-role/main.tf
@@ -6,7 +6,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.27.0"
+      version = ">= 4.27.0, < 5.0.0"
     }
   }
 }

diff --git a/modules/aft-lambda-layer/versions.tf b/modules/aft-lambda-layer/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.27.0"
+      version = ">= 4.27.0, < 5.0.0"
     }
   }
 }
diff --git a/modules/aft-ssm-parameters/versions.tf b/modules/aft-ssm-parameters/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.27.0"
+      version = ">= 4.27.0, < 5.0.0"
     }
   }
 }
diff --git a/sources/aft-customizations-common/templates/customizations_pipeline/versions.tf b/sources/aft-customizations-common/templates/customizations_pipeline/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.27.0"
+      version = ">= 4.27.0, < 5.0.0"
     }
   }
 }
diff --git a/...es/aft-customizations-repos/aft-account-provisioning-customizations/terraform/versions.tf b/...es/aft-customizations-repos/aft-account-provisioning-customizations/terraform/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.15"
+      version = ">= 3.15, < 5.0.0"
     }
   }
 }
diff --git a/...ustomizations-repos/aft-account-request/terraform/modules/aft-account-request/versions.tf b/...ustomizations-repos/aft-account-request/terraform/modules/aft-account-request/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.15"
+      version = ">= 3.15, < 5.0.0"
     }
   }
 }
diff --git a/sources/aft-lambda-layer/aft_common/account_provisioning_framework.py b/sources/aft-lambda-layer/aft_common/account_provisioning_framework.py
@@ -5,9 +5,11 @@
 import logging
 import time
 from datetime import datetime, timedelta
-from typing import TYPE_CHECKING, Any, Dict, List, Sequence
+from typing import TYPE_CHECKING, Any, Dict, List
 
 import aft_common.aft_utils as utils
+import aft_common.constants
+import aft_common.ssm
 from aft_common import ddb
 from aft_common.auth import AuthClient
 from aft_common.organizations import OrganizationsAgent
@@ -31,8 +33,6 @@
 
 AFT_EXEC_ROLE = "AWSAFTExecution"
 
-SSM_PARAMETER_PATH = "/aft/account-request/custom-fields/"
-
 
 class ProvisionRoles:
 
@@ -227,6 +227,9 @@ def deploy_aws_aft_roles(self) -> None:
             self._ensure_role_can_be_assumed(role_name=role_name)
             logger.info(f"Can assume {role_name} role")
 
+        # Guard for IAM eventual consistency
+        time.sleep(65)
+
 
 # From persist-metadata Lambda
 def persist_metadata(
@@ -237,8 +240,8 @@ def persist_metadata(
     account_customizations_name = payload["account_request"][
         "account_customizations_name"
     ]
-    metadata_table_name = utils.get_ssm_parameter_value(
-        session, utils.SSM_PARAM_AFT_DDB_META_TABLE
+    metadata_table_name = aft_common.ssm.get_ssm_parameter_value(
+        session, aft_common.constants.SSM_PARAM_AFT_DDB_META_TABLE
     )
 
     item = {
@@ -263,38 +266,6 @@ def persist_metadata(
     return response
 
 
-def get_ssm_parameters_names_by_path(session: Session, path: str) -> List[str]:
-
-    client = session.client("ssm")
-    paginator = client.get_paginator("get_parameters_by_path")
-    pages = paginator.paginate(Path=path, Recursive=True)
-
-    parameter_names = []
-    for page in pages:
-        parameter_names.extend([param["Name"] for param in page["Parameters"]])
-
-    return parameter_names
-
-
-def delete_ssm_parameters(session: Session, parameters: Sequence[str]) -> None:
-    batches = utils.yield_batches_from_list(
-        parameters, batch_size=10
-    )  # Max batch size for API
-    for batched_names in batches:
-        client = session.client("ssm")
-        response = client.delete_parameters(Names=batched_names)
-
-
-def put_ssm_parameters(session: Session, parameters: Dict[str, str]) -> None:
-
-    client = session.client("ssm")
-
-    for key, value in parameters.items():
-        response = client.put_parameter(
-            Name=SSM_PARAMETER_PATH + key, Value=value, Type="String", Overwrite=True
-        )
-
-
 def tag_account(
     payload: Dict[str, Any],
     account_info: Dict[str, str],