Fix spam on ICA rotator (and general upgrade) #411
Conversation
Upgrade to CDKv2
| @@ -1,9 +1,6 @@ | |||
| [mypy] | |||
| strict = True | |||
|
|
|||
| [mypy-aws_cdk.*] | |||
| ignore_missing_imports = True | |||
|
|
|||
There was a problem hiding this comment.
this was only here because cdk used to be missing these
Make slack messaging only happen first day of the week
| @@ -1,13 +1,12 @@ | |||
| import os | |||
|
|
|||
| from aws_cdk import core as cdk | |||
| from aws_cdk import App, Environment | |||
There was a problem hiding this comment.
these are all the v1 -> v2 migration
| env=cdk.Environment( | ||
| account=os.environ["CDK_DEFAULT_ACCOUNT"], | ||
| region=os.environ["CDK_DEFAULT_REGION"], | ||
| ), |
There was a problem hiding this comment.
I took out the ability for these to be deployed account agnostic - because I don't know the use case for that?
| @@ -44,9 +45,9 @@ def __init__( | |||
| data_project, | |||
| workflow_projects, | |||
| ica_base_url, | |||
| "cron(0 4/12 * * ? *)", | |||
There was a problem hiding this comment.
Using cron expressions to give more certainty to timings
| assumed_by=iam.FederatedPrincipal( | ||
| "arn:aws:iam::" | ||
| + Stack.of(self).account | ||
| + ":oidc-provider/token.actions.githubusercontent.com", |
There was a problem hiding this comment.
This is better because we shouldn't need to pass in the account - the Stack already knows where it is being installed
| # obviously the rotation cron schedules must in some way match up so that this window is used | ||
| if n.isoweekday() == 1: | ||
| if n.hour < 12: | ||
| send_secrets_event_to_slack(ev, slack_host_ssm_name, slack_webhook_ssm_name) |
There was a problem hiding this comment.
Some crappy logic but we can work on this as we want down the track
|
will review soon... |
|
no rush - is deployed to dev now so will see it do its thing over the next week anyhow |
|
I'm a bit proud of my Makefile btw. It does some fancy stuff. |
| typecheck: | ||
| . .venv/bin/activate; mypy lambdas/notify_slack_lambda/app | ||
| . .venv/bin/activate; mypy lambdas/jwt_producer_lambda/app | ||
| . .venv/bin/activate; mypy cdk |
There was a problem hiding this comment.
I will try this typechecker soon - https://github.com/python/mypy
It looks promising.
There was a problem hiding this comment.
100% - Python without mypy is like writing straight javascript
| env=cdk.Environment( | ||
| account=os.environ["CDK_DEFAULT_ACCOUNT"], | ||
| region=os.environ["CDK_DEFAULT_REGION"], | ||
| ), |
|
Somewhat related to #401 |
|
Hi @andrewpatto happy to merge this whenever you ready. |
|
Didn't this all get replaced by a different stack @alexiswl ? |
New stack only supports ICAv2, not ICAv1 |
Upgrade to CDKv2
Modernise build (use uv and Makefile)