Add CICD Pipeline scripts and onboard SNOWFLAKE::DATABASE::DATABASE

Author: joshuadeanhall

Snowflake-Database-Database/cleanup.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+#
+# This script runs in the buildspec after testing

Snowflake-Database-Database/example_inputs/inputs_1_create.json

@@ -1,12 +1,6 @@
 {
-    "TPSCode": "...",
-    "Title": "...",
-    "CoverSheetIncluded": "...",
-    "DueDate": "...",
-    "ApprovalDate": "...",
-    "Memo": "...",
-    "SecondCopyOfMemo": "...",
-    "TestCode": "...",
-    "Authors": "...",
-    "Tags": "..."
+    "Name": "EXAMPLENAME",
+    "DataRetentionTimeInDays": 90,
+    "MaxDataExtensionTimeInDays": 10,
+    "DefaultDdlCollation": "en-ci"
 }

Snowflake-Database-Database/example_inputs/inputs_1_update.json

@@ -1,12 +1,6 @@
 {
-    "TPSCode": "...",
-    "Title": "...",
-    "CoverSheetIncluded": "...",
-    "DueDate": "...",
-    "ApprovalDate": "...",
-    "Memo": "...",
-    "SecondCopyOfMemo": "...",
-    "TestCode": "...",
-    "Authors": "...",
-    "Tags": "..."
+    "Name": "EXAMPLENAME",
+    "DataRetentionTimeInDays": 90,
+    "MaxDataExtensionTimeInDays": 10,
+    "DefaultDdlCollation": "en-ci"
 }

Snowflake-Database-Database/inputs/inputs_1_create.json

@@ -1,5 +1,5 @@
 {
-    "Name": "ExampleName",
+    "Name": "EXAMPLENAME",
     "DataRetentionTimeInDays": 90,
     "MaxDataExtensionTimeInDays": 10,
     "DefaultDdlCollation": "en-ci"

Snowflake-Database-Database/inputs/inputs_1_invalid.json

@@ -1,12 +1,6 @@
 {
-    "TPSCode": "...",
-    "Title": "...",
-    "CoverSheetIncluded": "...",
-    "DueDate": "...",
-    "ApprovalDate": "...",
-    "Memo": "...",
-    "SecondCopyOfMemo": "...",
-    "TestCode": "...",
-    "Authors": "...",
-    "Tags": "..."
+    "Name": "DoesNotExists",
+    "DataRetentionTimeInDays": 1,
+    "MaxDataExtensionTimeInDays": 3,
+    "DefaultDdlCollation": "en-ci"
 }

Snowflake-Database-Database/inputs/inputs_1_update.json

@@ -1,5 +1,5 @@
 {
-    "Name": "ExampleName",
+    "Name": "EXAMPLENAME",
     "DataRetentionTimeInDays": 90,
     "MaxDataExtensionTimeInDays": 10,
     "DefaultDdlCollation": "en-ci"

Snowflake-Database-Database/overrides.json

@@ -0,0 +1,31 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: >
+  This CloudFormation template creates a role assumed by CloudFormation
+  during CRUDL operations to mutate resources on behalf of the customer.
+
+Resources:
+  ExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      MaxSessionDuration: 8400
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: resources.cloudformation.amazonaws.com
+            Action: sts:AssumeRole
+      Path: "/"
+      Policies:
+        - PolicyName: ResourceTypePolicy
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Deny
+                Action:
+                  - "*"
+                Resource: "*"
+Outputs:
+  ExecutionRoleArn:
+    Value:
+      Fn::GetAtt: ExecutionRole.Arn

Snowflake-Database-Database/resource-role-prod.yaml

@@ -0,0 +1,4 @@
+#!/bin/bash
+#
+# This script runs in the buildspec before testing
+

Snowflake-Database-Database/setup.sh

@@ -0,0 +1,8 @@
+Resources:
+  TestSnowflakeDatabaseDatabase:
+    Type: Snowflake::Database::Database
+    Properties:
+      Name: "TESTSNOWFLAKEDB"
+      DataRetentionTimeInDays: 90
+      MaxDataExtensionTimeInDays: 10
+      DefaultDdlCollation: "en-ci"

Snowflake-Database-Database/test/integ.yml

@@ -0,0 +1,48 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      python: 3.7
+    commands:
+      - echo Entered the install phase...
+      - echo About to build $RESOURCE_PATH
+      - export PATH="/usr/local/bin:$PATH"
+      - /usr/local/bin/dockerd-entrypoint.sh
+      - cat /var/log/docker.log
+      - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.2/install.sh | bash
+      - export NVM_DIR="$HOME/.nvm"
+      - echo "Loading nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" && nvm install 14 && nvm install-latest-npm
+      - npm --version
+      - node --version
+      - pwd
+      - ls
+
+  build:
+    commands:
+      - echo Entered the build phase...
+      - npm install && npm run build
+      - cd $RESOURCE_PATH
+      - TYPE_NAME=$(cat .rpdk-config | jq -r .typeName)
+      - echo "TYPE_NAME is $TYPE_NAME"
+      - if test -x ./setup.sh; then ./setup.sh; fi
+      - cfn validate
+      - cfn generate
+      - if test -e ./test/setup.yml; then SETUP_STACK_NAME="setup-$(echo $RESOURCE_PATH | sed s/_/-/g)"; fi
+      - if test -e ./test/setup.yml; then aws cloudformation create-stack --stack-name $SETUP_STACK_NAME --template-body file://test/setup.yml; fi
+      - if test -e ./test/setup.yml; then aws cloudformation wait stack-create-complete --stack-name $SETUP_STACK_NAME; fi
+      - npm install && npm run build
+      - python ../get_type_configuration.py
+      - cfn submit --dry-run
+      - nohup sam local start-lambda --log-file sam_output.log &>/dev/null &
+      - sleep 10
+      - if ! cfn test --region $AWS_REGION -- -o log_cli=True -o log_cli_level=WARN -o console_output_style=count; then cat sam_output.log && exit 1; fi
+    finally:
+      - cat rpdk.log
+      - if test -e ./test/setup.yml; then aws cloudformation delete-stack --stack-name $SETUP_STACK_NAME; fi
+      - if test -x ./cleanup.sh; then ./cleanup.sh; fi
+artifacts:
+  files:
+    - $BUILD_FILE_NAME
+  name: extensions-build
+

alpha-buildspec.yml

@@ -0,0 +1,45 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      python: 3.7
+    commands:
+      - echo Entered the install phase...
+      - echo About to build $RESOURCE_PATH
+      - export PATH="/usr/local/bin:$PATH"
+      - /usr/local/bin/dockerd-entrypoint.sh
+      - cat /var/log/docker.log
+      - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.2/install.sh | bash
+      - export NVM_DIR="$HOME/.nvm"
+      - echo "Loading nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" && nvm install 14 && nvm install-latest-npm
+      - npm --version
+      - node --version
+      - pwd
+      - ls
+
+  build:
+    commands:
+      - echo Entered the build phase...
+      - npm install && npm run build
+      - cd $RESOURCE_PATH
+      - TYPE_NAME=$(cat .rpdk-config | jq -r .typeName)
+      - if test -x ./setup.sh; then ./setup.sh; fi
+      - cfn validate
+      - cfn generate
+      - npm install && npm run build
+      - cfn submit --region $AWS_REGION --set-default
+      - python ../get_type_configuration.py
+      - aws cloudformation set-type-configuration --type RESOURCE --type-name $TYPE_NAME --configuration-alias default --configuration $(cat /root/.cfn-cli/typeConfiguration.json| jq -c "")
+      - INTEG_STACK_NAME="integ-$(echo $RESOURCE_PATH | tr '[:upper:]' '[:lower:]')"
+      - aws cloudformation create-stack --stack-name $INTEG_STACK_NAME --template-body file://test/integ.yml
+      - aws cloudformation wait stack-create-complete --stack-name $INTEG_STACK_NAME
+    finally:
+      - cat rpdk.log
+      - aws cloudformation delete-stack --stack-name $INTEG_STACK_NAME
+      - if test -x ./cleanup.sh; then ./cleanup.sh; fi
+artifacts:
+  files:
+    - $BUILD_FILE_NAME
+  name: extensions-build
+

beta-buildspec.yml

@@ -0,0 +1,23 @@
+#!/bin/bash
+#
+# Deregister all private versions of a resource in a region.
+#
+# Does not un-publish any published versions.
+#
+# Run this from the resource directory, for example `Snowflake-Database-Database/`
+#
+# Args
+#
+#   $1 Region
+
+AWS_REGION=$1
+
+TYPE_NAME=$(cat .rpdk-config | jq -r .typeName)
+
+echo "About to deregister all private versions in $AWS_REGION for $TYPE_NAME"
+
+# Iterate over all versions and deregister them
+aws cloudformation --region $AWS_REGION list-type-versions --type RESOURCE --type-name $TYPE_NAME | jq '.TypeVersionSummaries[] | .Arn' | xargs -n1 aws cloudformation --region $AWS_REGION deregister-type --arn
+
+# The above will fail for the default version
+aws cloudformation --region $AWS_REGION deregister-type --type RESOURCE --type-name $TYPE_NAME || true

deregister-all.sh

@@ -0,0 +1,38 @@
+"Get the Snowflake secret from secrets manager and write it to ~/.cfn-cli/typeConfiguration.json. .rpdk-config files indicates what type configuration the contract tests are looking for"
+
+import boto3
+import base64
+import os
+import pathlib
+from botocore.exceptions import ClientError
+
+def get_secret():
+    "Get the secret from secrets manager"
+
+    secret_name = "snowflake-type-configuration"
+    region_name = "us-east-1"
+    session = boto3.session.Session()
+    client = session.client(
+        service_name="secretsmanager",
+        region_name=region_name
+    )
+    get_secret_value_response = client.get_secret_value(
+        SecretId=secret_name
+    )
+    secret = get_secret_value_response["SecretString"]
+    home_dir = pathlib.Path.home()
+    config_dir = os.path.join(home_dir, ".cfn-cli")
+
+    if not os.path.exists(config_dir):
+        os.makedirs(config_dir)
+
+    full_path = os.path.join(config_dir, "typeConfiguration.json")
+    with open(full_path, "w") as f:
+        f.write(secret)
+
+    print(full_path)
+
+
+if __name__ == "__main__":
+    get_secret()
+

get_type_configuration.py

@@ -0,0 +1,31 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      python: 3.7
+    commands:
+      - echo Entered the install phase...
+      - echo About to build $RESOURCE_PATH
+      - export PATH="/usr/local/bin:$PATH"
+      - /usr/local/bin/dockerd-entrypoint.sh
+      - cat /var/log/docker.log
+      - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.2/install.sh | bash
+      - export NVM_DIR="$HOME/.nvm"
+      - echo "Loading nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" && nvm install 14 && nvm install-latest-npm
+      - npm --version
+      - node --version
+      - pwd
+      - ls
+
+  build:
+    commands:
+      - echo Entered the build phase...
+      - npm install && npm run build
+      - cd $RESOURCE_PATH
+      - pwd
+      - ls -l
+      - ../publish-resource-regions.sh
+    finally:
+      - cat rpdk.log
+      - ./cleanup.sh

prod-buildspec.yml

@@ -0,0 +1,72 @@
+#!/bin/bash
+#
+# Publish a resource to all regions
+#
+# Run this from the resource folder
+
+regions_to_publish=(us-east-1 af-south-1 ap-east-1 ap-northeast-1 ap-northeast-2 ap-northeast-3 ap-south-1 ap-southeast-1 ap-southeast-2 ap-southeast-3 ca-central-1 eu-central-1 eu-north-1 eu-south-1 eu-west-1 eu-west-2 eu-west-3 me-central-1 me-south-1 sa-east-1 us-east-2 us-west-1 us-west-2 eu-central-2 eu-south-2 ap-south-2)
+
+# Use this to test succeed-fail locally
+#regions_to_publish=(us-east-1 us-west-2 seattle)
+
+successes=()
+failures=()
+
+cfn validate
+cfn generate
+
+# Create the package
+echo "About to run cfn submit --dry-run to create the package"
+echo ""
+cfn submit --dry-run
+echo ""
+
+TYPE_NAME=$(cat .rpdk-config | jq -r .typeName)
+TYPE_NAME_LOWER="$(echo $TYPE_NAME | sed s/::/-/g | tr '[:upper:]' '[:lower:]')"
+# For example, awscommunity-s3-deletebucketcontents
+echo "TYPE_NAME_LOWER is $TYPE_NAME_LOWER"
+
+ZIPFILE="${TYPE_NAME_LOWER}.zip"
+echo "ZIPFILE is $ZIPFILE"
+
+ACCOUNT_ID=$(aws sts get-caller-identity|jq -r .Account)
+echo "ACCOUNT_ID is $ACCOUNT_ID"
+
+HANDLER_BUCKET="cep-handler-${ACCOUNT_ID}"
+
+# We only need to copy the handler zip once, since it's not regional
+# We use this bucket for logs also. The only drawback is if there are
+# failures, it can be hard to sort out which log file belongs to which region.
+
+echo "Copying schema package handler to $HANDLER_BUCKET"
+aws s3 cp $ZIPFILE s3://$HANDLER_BUCKET/$ZIPFILE
+
+for region in ${regions_to_publish[@]}
+do
+    echo "About to start publishing to $region"
+
+    ../deregister-all.sh $region RESOURCE
+    ../publish-resource.sh $region
+
+    if [ "$?" -eq 0 ]
+    then
+        echo "Publishing to $region succeeded"
+        successes+=($region)
+    else
+        echo "Publishing to $region failed"
+        failures+=($region)
+    fi
+
+done
+
+echo "The following regions succeeded:"
+for s in "${successes[@]}"
+do
+    echo $s
+done
+
+echo "The following regions failed:"
+for f in "${failures[@]}"
+do
+    echo $f
+done