Error when deploying with git_release equals true #617
Labels
type: bug
Something isn't working
Comments
This was referenced Aug 2, 2023
dlpzx
added a commit
that referenced
this issue
Aug 8, 2023
### Feature or Bugfix - Bugfix ### Detail - Remove small bug on the way we define the git release role - managed policies are attached after role creation - NOTE: The fix is already included in the `modularization-main` branch ### Relates - #617 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
dlpzx
added a commit
that referenced
this issue
Feb 13, 2024
### Feature or Bugfix - Bugfix ### Detail Deprecate `git_release` functionality. It is a feature that results in errors and unnecessary CICD pipeline executions. We could fix it, but we are not aware of any customer using it. In case needed it could be re-added. Depending on the outcome of this PR I will open a PR to update the docs ### Relates - #617 ### Security Please answer the questions below briefly where applicable, or write `N/A`. Based on [OWASP 10](https://owasp.org/Top10/en/). - Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)? - Is the input sanitized? - What precautions are you taking before deserializing the data you consume? - Is injection prevented by parametrizing queries? - Have you ensured no `eval` or similar functions are used? - Does this PR introduce any functionality or component that requires authorization? - How have you ensured it respects the existing AuthN/AuthZ mechanisms? - Are you logging failed auth attempts? - Are you using or adding any cryptographic features? - Do you use a standard proven implementations? - Are the used keys controlled by the customer? Where are they stored? - Are you introducing any new policies/roles/users? - Have you used the least-privilege principle? How? By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
noah-paige
added a commit
that referenced
this issue
Jun 25, 2024
commit df87bb5a
Author: Noah Paige <noahpaig@amazon.com>
Date: Wed Aug 09 2023 13:50:41 GMT-0400 (Eastern Daylight Time)
Merge branch 'test2' into origin/open-source
commit 554d74e
Author: Noah Paige <noahpaig@amazon.com>
Date: Wed Aug 09 2023 12:42:19 GMT-0400 (Eastern Daylight Time)
Cosmetic Changes to Linking Env Frontend Steps
commit b91b157
Author: Noah Paige <noahpaig@amazon.com>
Date: Wed Aug 09 2023 13:40:45 GMT-0400 (Eastern Daylight Time)
Linting
commit 9b2a85b
Author: Noah Paige <noahpaig@amazon.com>
Date: Wed Aug 09 2023 11:10:12 GMT-0400 (Eastern Daylight Time)
Resolve S3 Permissions Nested Stack CDK Exec Role
commit e567eab
Author: Noah Paige <noahpaig@amazon.com>
Date: Wed Aug 09 2023 13:37:05 GMT-0400 (Eastern Daylight Time)
Glue Profiling Job Fixes
commit c678e67
Author: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Date: Fri Aug 04 2023 13:27:53 GMT-0400 (Eastern Daylight Time)
Allow restricted nacls backend VPC (#626)
### Feature or Bugfix
- Feature
### Detail
- Extend the restricted NACLs parameter to allow for both the tooling
VPC and the backend VPC
By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
commit f235c19
Author: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Date: Tue Aug 08 2023 11:04:05 GMT-0400 (Eastern Daylight Time)
Handle External ID SSM v1.6.1> (#630)
### Feature or Bugfix
<!-- please choose -->
- Bugfix
### Detail
- As part of v1.6 Data.All moved away from storing the externalID as a
rotated secret in Secret Manager and instead placed the external ID in
SSM Parameter Store.
- In the current implementation in v1.6.1 we check if the secret exists
and the ssm parameter does not and if these conditions are met the
secret value is retrieved and a new ssm parameter is set with the same
externalID
- The problem with the above is CDK uses dynamic references to resolve
the secret value (meaning in the first upgrade deployment we set ssm
parameter as ref to secret value and delete secret, in 2nd and so one
deployments it will fail with `Secrets Manager can't find the specified
secret.`)
- Alternatively we can not use the CDK bootstrap role, such as the look
up role, and boto3 SDK commands to retrieve the secret value during
`synth` because IAM permissions out of the box do not allow said actions
- This would theoretically be a way to overcome the dynamic reference
issue mentioned above
- This PR reverts to a more straightforward approach where we create a
new SSM Parameter if one does not exist already for the external ID and
does not reference the previously created secret externalID
- NOTE: In order to keep the same externalID and prevent additional
manual work to update the pivotRole's using this value one would have to
- retain the current externalID in Secret Manager (named
`dataall-externalId-{envname}`) from version <= 1.5X
- Run the upgrade to v1.6.1
- Replace the newly created SSM (parameter named
`/dataall/{envname}/pivotRole/externalId"`) with the original value for
external ID
By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
commit f0a932f
Author: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Tue Aug 08 2023 03:30:40 GMT-0400 (Eastern Daylight Time)
get prefix list ids for dbmigration for infra region (#624)
### Feature or Bugfix
- Bugfix
### Detail
- get the prefix id list for S3 from the infra region. We need the
prefix id to connect the dbmigration stage with the S3 bucket containing
the migration scripts (add it in the security groups)
### Relates
- #618
By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
commit 8900ebf
Author: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Tue Aug 08 2023 03:30:06 GMT-0400 (Eastern Daylight Time)
resolve unnecessary dependency in git_release role (#623)
### Feature or Bugfix
- Bugfix
### Detail
- Remove small bug on the way we define the git release role - managed
policies are attached after role creation
- NOTE: The fix is already included in the `modularization-main` branch
### Relates
- #617
By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
File "/Users/dlpzx/Projects/gitv16/aws-dataall/deploy/stacks/pipeline.py", line 334, in set_codebuild_iam_roles
managed_policies=[self.baseline_codebuild_policy, self.git_release_policy, self.expanded_codebuild_policy]
AttributeError: 'PipelineStack' object has no attribute 'git_release_policy'
when setting
"git_release": true,in the cdk.jsonHow to Reproduce
Expected behavior
No response
Your project
No response
Screenshots
No response
OS
na
Python version
na
AWS data.all version
v1.6.1
Additional context
No response
The text was updated successfully, but these errors were encountered: