From 6c2a16c75a7595fde8c422bec5f2bb96073f73b5 Mon Sep 17 00:00:00 2001 From: Will Gibson <8738245+WillGibson@users.noreply.github.com> Date: Thu, 20 Feb 2025 13:58:42 +0000 Subject: [PATCH] DBTP-1700 Deprecatecross_enviroment_service_access application property --- .../providers/platform_config_schema.py | 4 +- .../domain/test_copilot_environment.py | 6 --- .../utils/fixtures/addons_files/s3_addons.yml | 5 +- .../addons_files/s3_addons_bad_data.yml | 46 +++++-------------- .../platform_helper/utils/test_validation.py | 1 - 5 files changed, 17 insertions(+), 45 deletions(-) diff --git a/dbt_platform_helper/providers/platform_config_schema.py b/dbt_platform_helper/providers/platform_config_schema.py index 141635693..18032cd46 100644 --- a/dbt_platform_helper/providers/platform_config_schema.py +++ b/dbt_platform_helper/providers/platform_config_schema.py @@ -506,7 +506,9 @@ def _valid_s3_bucket_arn(key): }, Optional("cross_environment_service_access"): { PlatformConfigSchema.__valid_schema_key(): { - "application": str, + # Deprecated: We didn't implement cross application access, no service teams are asking for it. + # application should be removed once we can confirm that no-one is using it. + Optional("application"): str, "environment": PlatformConfigSchema.__valid_environment_name(), "account": str, "service": str, diff --git a/tests/platform_helper/domain/test_copilot_environment.py b/tests/platform_helper/domain/test_copilot_environment.py index 9efb2932c..c25709aca 100644 --- a/tests/platform_helper/domain/test_copilot_environment.py +++ b/tests/platform_helper/domain/test_copilot_environment.py @@ -113,7 +113,6 @@ def s3_xenv_extensions(self): "bucket_name": "x-acc-bucket", "cross_environment_service_access": { "test_access": { - "application": "app2", "environment": "staging", "account": "123456789010", "service": "test_svc", @@ -137,7 +136,6 @@ def s3_xenv_multiple_extensions(self): "bucket_name": "x-acc-bucket-1", "cross_environment_service_access": { "test_access_1": { - "application": "app1", "environment": "staging", "account": "123456789010", "service": "other_svc_1", @@ -146,7 +144,6 @@ def s3_xenv_multiple_extensions(self): "cyber_sign_off_by": "user1@example.com", }, "test_access_2": { - "application": "app2", "environment": "dev", "account": "123456789010", "service": "other_svc_2", @@ -166,7 +163,6 @@ def s3_xenv_multiple_extensions(self): "bucket_name": "x-acc-bucket-2", "cross_environment_service_access": { "test_access_3": { - "application": "app2", "environment": "hotfix", "account": "987654321010", "service": "other_svc_2", @@ -180,7 +176,6 @@ def s3_xenv_multiple_extensions(self): "bucket_name": "x-acc-bucket-3", "cross_environment_service_access": { "test_access_4": { - "application": "app2", "environment": "staging", "account": "123456789010", "service": "other_svc_3", @@ -194,7 +189,6 @@ def s3_xenv_multiple_extensions(self): "bucket_name": "x-acc-bucket-4", "cross_environment_service_access": { "test_access_5": { - "application": "app2", "environment": "staging", "account": "123456789010", "service": "other_svc_4", diff --git a/tests/platform_helper/utils/fixtures/addons_files/s3_addons.yml b/tests/platform_helper/utils/fixtures/addons_files/s3_addons.yml index 5c5750490..564ab288e 100644 --- a/tests/platform_helper/utils/fixtures/addons_files/s3_addons.yml +++ b/tests/platform_helper/utils/fixtures/addons_files/s3_addons.yml @@ -55,11 +55,11 @@ my-s3-bucket-with-data-migration: bucket_name: s3-data-migration versioning: false data_migration: - import: + import: source_bucket_arn: arn:aws:s3:::test-app source_kms_key_arn: arn:aws:kms::123456789012:key/test-key worker_role_arn: arn:aws:iam::123456789012:role/test-role - + my-s3-bucket-with-data-migration-import-sources: type: s3 environments: @@ -91,7 +91,6 @@ my-s3-cross-environment-service-access-bucket: bucket_name: mandatory cross_environment_service_access: demodjango-hotfix: - application: test-app environment: prod account: test-account service: web diff --git a/tests/platform_helper/utils/fixtures/addons_files/s3_addons_bad_data.yml b/tests/platform_helper/utils/fixtures/addons_files/s3_addons_bad_data.yml index 0270b0fc4..d8b58bd39 100644 --- a/tests/platform_helper/utils/fixtures/addons_files/s3_addons_bad_data.yml +++ b/tests/platform_helper/utils/fixtures/addons_files/s3_addons_bad_data.yml @@ -130,7 +130,7 @@ my-s3-bucket-data-migration-source-bucket-invalid-arn: import: source_bucket_arn: 1234abc source_kms_key_arn: arn:aws:kms::123456789012:key/test-key - worker_role_arn: arn:aws:iam::123456789012:role/test-role + worker_role_arn: arn:aws:iam::123456789012:role/test-role my-s3-bucket-data-migration-source-kms-key-invalid-arn: type: s3 @@ -141,7 +141,7 @@ my-s3-bucket-data-migration-source-kms-key-invalid-arn: import: source_bucket_arn: arn:aws:s3:::test-app source_kms_key_arn: 1234abc - worker_role_arn: arn:aws:iam::123456789012:role/test-role + worker_role_arn: arn:aws:iam::123456789012:role/test-role my-s3-bucket-data-migration-worker-role-invalid-arn: type: s3 @@ -153,7 +153,7 @@ my-s3-bucket-data-migration-worker-role-invalid-arn: source_bucket_arn: arn:aws:s3:::test-app source_kms_key_arn: arn:aws:kms::123456789012:key/test-key worker_role_arn: 1234abc - + my-s3-bucket-data-migration-import-sources-source-bucket-2-invalid-arn: type: s3 environments: @@ -167,7 +167,7 @@ my-s3-bucket-data-migration-import-sources-source-bucket-2-invalid-arn: - source_bucket_arn: arn:aws:s3:::valid-source-bucket-2 source_kms_key_arn: arn:aws:kms::123456789012:key/test-key-3 worker_role_arn: arn:aws:iam::123456789012:role/test-role-3 - + my-s3-bucket-data-migration-import-cannot-have-both-import-and-import-sources: type: s3 environments: @@ -195,7 +195,7 @@ my-s3-bucket-data-migration-import-sources-source-bucket-3-invalid-arn: import: source_bucket_arn: arn:aws:s3:::test-app source_kms_key_arn: arn:aws:kms::123456789012:key/test-key - worker_role_arn: arn:aws:iam::123456789012:role/test-role + worker_role_arn: arn:aws:iam::123456789012:role/test-role import_sources: - source_bucket_arn: arn:aws:s3:::valid-source-bucket-2 source_kms_key_arn: arn:aws:kms::123456789012:key/test-key-2 @@ -213,7 +213,7 @@ my-s3-bucket-data-migration-import-sources-kms-key-invalid-arn: import: source_bucket_arn: arn:aws:s3:::test-app source_kms_key_arn: arn:aws:kms::123456789012:key/test-key - worker_role_arn: arn:aws:iam::123456789012:role/test-role + worker_role_arn: arn:aws:iam::123456789012:role/test-role import_sources: - source_bucket_arn: arn:aws:s3:::test-app-2 source_kms_key_arn: 1234abc @@ -228,7 +228,7 @@ my-s3-bucket-data-migration-import-sources-worker-role-invalid-arn: import: source_bucket_arn: arn:aws:s3:::test-app source_kms_key_arn: arn:aws:kms::123456789012:key/test-key - worker_role_arn: arn:aws:iam::123456789012:role/test-role + worker_role_arn: arn:aws:iam::123456789012:role/test-role import_sources: - source_bucket_arn: arn:aws:s3:::test-app-2 source_kms_key_arn: arn:aws:kms::123456789012:key/test-key-2 @@ -243,7 +243,7 @@ my-s3-bucket-data-migration-import-sources-empty: import: source_bucket_arn: arn:aws:s3:::test-app source_kms_key_arn: arn:aws:kms::123456789012:key/test-key - worker_role_arn: arn:aws:iam::123456789012:role/test-role + worker_role_arn: arn:aws:iam::123456789012:role/test-role import_sources: [] my-s3-bucket-data-migration-import-sources-missing-bucket-arn: @@ -255,11 +255,11 @@ my-s3-bucket-data-migration-import-sources-missing-bucket-arn: import: source_bucket_arn: arn:aws:s3:::test-app source_kms_key_arn: arn:aws:kms::123456789012:key/test-key - worker_role_arn: arn:aws:iam::123456789012:role/test-role + worker_role_arn: arn:aws:iam::123456789012:role/test-role import_sources: - source_kms_key_arn: arn:aws:kms::123456789012:key/test-key-2 worker_role_arn: arn:aws:iam::123456789012:role/test-role-2 - + my-s3-bucket-data-migration-import-sources-missing-worker-role-arn: type: s3 environments: @@ -269,10 +269,10 @@ my-s3-bucket-data-migration-import-sources-missing-worker-role-arn: import: source_bucket_arn: arn:aws:s3:::test-app source_kms_key_arn: arn:aws:kms::123456789012:key/test-key - worker_role_arn: arn:aws:iam::123456789012:role/test-role + worker_role_arn: arn:aws:iam::123456789012:role/test-role import_sources: - source_kms_key_arn: arn:aws:kms::123456789012:key/test-key-2 - source_bucket_arn: arn:aws:s3:::test-app-2 + source_bucket_arn: arn:aws:s3:::test-app-2 my-s3-external-access-bucket-invalid-arn: type: s3 @@ -305,7 +305,6 @@ my-s3-cross-environment-service-access-bucket-invalid-environment: bucket_name: mandatory cross_environment_service_access: demodjango-hotfix: - application: test-app environment: hyphen-not-allowed-in-environment account: test-account service: web @@ -320,7 +319,6 @@ my-s3-cross-environment-service-access-bucket-invalid-email: bucket_name: mandatory cross_environment_service_access: demodjango-hotfix: - application: test-app environment: anotherenvironment account: test-account service: web @@ -328,20 +326,6 @@ my-s3-cross-environment-service-access-bucket-invalid-email: read: True cyber_sign_off_by: noone-signed-this-off -my-s3-cross-environment-service-access-bucket-missing-application: - type: s3 - environments: - dev: - bucket_name: mandatory - cross_environment_service_access: - demodjango-hotfix: - environment: anotherenvironment - account: test-account - service: web - write: True - read: True - cyber_sign_off_by: somebody@businessandtrade.gov.uk - my-s3-cross-environment-service-access-bucket-missing-environment: type: s3 environments: @@ -349,7 +333,6 @@ my-s3-cross-environment-service-access-bucket-missing-environment: bucket_name: mandatory cross_environment_service_access: demodjango-hotfix: - application: test-app account: test-account service: web write: True @@ -363,7 +346,6 @@ my-s3-cross-environment-service-access-bucket-missing-account: bucket_name: mandatory cross_environment_service_access: demodjango-hotfix: - application: test-app environment: anotherenvironment service: web write: True @@ -377,7 +359,6 @@ my-s3-cross-environment-service-access-bucket-missing-service: bucket_name: mandatory cross_environment_service_access: demodjango-hotfix: - application: test-app environment: anotherenvironment account: test-account write: True @@ -391,7 +372,6 @@ my-s3-cross-environment-service-access-bucket-invalid-write: bucket_name: mandatory cross_environment_service_access: demodjango-hotfix: - application: test-app environment: anotherenvironment account: test-account service: web @@ -406,7 +386,6 @@ my-s3-cross-environment-service-access-bucket-invalid-read: bucket_name: mandatory cross_environment_service_access: demodjango-hotfix: - application: test-app environment: anotherenvironment account: test-account service: web @@ -421,7 +400,6 @@ my-s3-cross-environment-service-access-bucket-missing-cyber-sign-off: bucket_name: mandatory cross_environment_service_access: demodjango-hotfix: - application: test-app environment: anotherenvironment account: test-account service: web diff --git a/tests/platform_helper/utils/test_validation.py b/tests/platform_helper/utils/test_validation.py index b3aefcb6d..f2e240315 100644 --- a/tests/platform_helper/utils/test_validation.py +++ b/tests/platform_helper/utils/test_validation.py @@ -95,7 +95,6 @@ def test_validate_addons_success(addons_file): "my-s3-external-access-bucket-invalid-email": r"cyber_sign_off_by must contain a valid DBT email address", "my-s3-cross-environment-service-access-bucket-invalid-environment": r"Environment name hyphen-not-allowed-in-environment is invalid", "my-s3-cross-environment-service-access-bucket-invalid-email": r"cyber_sign_off_by must contain a valid DBT email address", - "my-s3-cross-environment-service-access-bucket-missing-application": r"Missing key: 'application'", "my-s3-cross-environment-service-access-bucket-missing-environment": r"Missing key: 'environment'", "my-s3-cross-environment-service-access-bucket-missing-account": r"Missing key: 'account'", "my-s3-cross-environment-service-access-bucket-missing-service": r"Missing key: 'service'",