Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature createorganizationalunit #693

Open
wants to merge 25 commits into
base: master
Choose a base branch
from
Open

Feature createorganizationalunit #693

wants to merge 25 commits into from

Conversation

ethanBaird
Copy link

Why?

In our existing Account Creation workflow, we are required to create new organizational units via the Organizations console in our master account. This requires us to sign in to our master account with heightened priveleges for every new account (that has a new path)

We run a multi account strategy so this happens reasonably often.

We'd prefer for this to be automated. This change will programmatically create any new Organizational Units if a new path is defined in the adf-accounts configuration.

Response to Issue: (#263)

What?

Description of changes:

  • Updated permissions on adf-codebuild-role in master account
  • Added a new method Organizations.create_ou()
  • Refactored existing method Organizations.get_ou_id()
    • refactor while loop to for loop
    • refactor logic in for/else to create OU if not found as defined by the path
  • stubbed tests for both methods

By submitting this pull request, I confirm that you can use, modify, copy, and
redistribute this contribution, under the terms of your choice.

@ethanBaird
adds permission to adf-codebuild-role
cd74d54 
this is the service role for aws-deployment-framework-base-templates

this is the codebuild project where the provisioner runs which will be responsible for creating the new OUs
@ethanBaird
add tests and stubs
b940f39 
test for new method create_ou
test for ammended get_ou_id for/else
@ethanBaird
adds method for create_ou
96d503d
@ethanBaird
ammends get_ou_id
b8dfec6 
refactors while loop to for loop
changes logic in for/else to create ou if not found
@ethanBaird ethanBaird marked this pull request as ready for review March 14, 2024 15:22
@ethanBaird ethanBaird mentioned this pull request Mar 14, 2024
Open
StewartW
StewartW requested changes Mar 15, 2024
View reviewed changes
Copy link
Contributor

@StewartW StewartW left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for contributing. A few nits and comments but otherwise a great addition.

The only question I have is if there should be a flag around this functionality to let customers keep the existing behavior.

...lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organizations.py Outdated Show resolved Hide resolved
...lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organizations.py Outdated Show resolved Hide resolved
...lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organizations.py Outdated Show resolved Hide resolved
...lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organizations.py Outdated Show resolved Hide resolved
...lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organizations.py Outdated Show resolved Hide resolved
@javydekoning
Copy link
Contributor

@ethanBaird , can you please fix these linter findings?

  src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organizations.py:
  	493: Trailing whitespace
  	497: Trailing whitespace
  	500: Trailing whitespace
  src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/tests/stubs/stub_organizations.py:
  	Wrong line endings or no final newline

ethan-baird and others added 11 commits April 10, 2024 17:06
fix linting errors
4798b26
@ethanBaird
Merge branch 'feature-createorganizationalunit' of github.com:ethanBa…
955d3e4 
…ird/aws-deployment-framework into feature-createorganizationalunit
@ethanBaird @StewartW
adds permission to adf-codebuild-role
cf23377 
this is the service role for aws-deployment-framework-base-templates

this is the codebuild project where the provisioner runs which will be responsible for creating the new OUs
@ethanBaird @StewartW
add tests and stubs
67db323 
test for new method create_ou
test for ammended get_ou_id for/else
@ethanBaird @StewartW
adds method for create_ou
d66b571
@ethanBaird @StewartW
ammends get_ou_id
9242803 
refactors while loop to for loop
changes logic in for/else to create ou if not found
@ethanBaird @StewartW
whitespace fixes
911aeef
@ethanBaird @StewartW
newline
2cf545c
@ethanBaird @StewartW
raise organizations excpetion
2bc03c9
@ethanBaird @StewartW
logger.exception
e93c3e7
@StewartW
fix linting errors
8a59606
@StewartW StewartW force-pushed the feature-createorganizationalunit branch from 955d3e4 to 8a59606 Compare April 19, 2024 09:25
@ethanBaird
Copy link
Author

Hey @StewartW 👋

Sorry, been a while since I've looked at this, but I have updated the create_ou method to throw an Organizations exception when encountering a boto ClientError and tested the method for this. 🚀

Regarding making this an optional flag in the adf_config.yml. I'm not sure what the best way to do this is.

I understand that we have the SSM Parameter config which we can read in. But should we be passing an ssm_client to every Organizations() object in order to read this?

Something like... in organizations.py

self.config = ssm_client.get_parameter('config')

Or I see we use the ParameterStore class in a few instances. Is it better to pass this to the Org Class and so something more like

self.config = parameter_store.fetch_parameter('config')

Let me know what you think.

@StewartW
Copy link
Contributor

self.config = parameter_store.fetch_parameter('config')

This is the better approach yeah.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StewartW StewartW StewartW requested changes

@javydekoning javydekoning javydekoning requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ethanBaird @javydekoning @StewartW