chore: updating prod template to remove resources and abstract ones #354

josecorella · 2021-09-28T19:25:39Z

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

texastony · 2021-09-29T16:30:37Z

cfn/prod-release.yml

@@ -212,8 +209,8 @@ Resources:
            {
              "Effect": "Allow",
              "Resource": [
-                "arn:aws:kms:*:658956600833:key/*",
-                "arn:aws:kms:*:658956600833:alias/*"
+                "arn:aws:kms:*:${AWS::AccountId}:key/*",


Nope! 658956600833 has the keys you need to pass the tests.
This statement grants the CodeBuild resource permission to call the key.

texastony · 2021-09-29T16:33:27Z

cfn/prod-release.yml

-                "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-test-release",
-                "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-test-release:*",


Are you going to make another template for test-release?
There would be much repeated code... I would favor 1 template/stack having both projects as compared to a stack per project.
Then the projects can share policy documents. Otherwise, you would have to repeat your policy documents.

We discussed this offline, but just to document it here. The plan is to have just one project for both test-release and prod-release called release-prod.

texastony

Revert Line 176 and you are good.

texastony · 2021-09-29T22:16:14Z

cfn/prod-release.yml

-      Name: /CodeBuild/AccountId
+      Name: /CodeBuild/Account


These need to match this:

aws-encryption-sdk-java/codebuild/release/validate-staging.yml

Line 9 in ad9a05c

ACCOUNT: /CodeBuild/AccountId

which is /CodeBuild/AccountId

That's a little weird, shouldn't this have been caught in the stack creation process? or would this be a case where it would detect a drift. I'll go ahead and change it so they match. The name was causing it to not create the stack, and changing it to Account successfully created the stack.

Ohh... then nevermind. The name already exists, right? Because we have been using it.
So... you have a choice... you can figure out where it is defined else where, and remove it, or you can leave it there, and correct the one here.

The only thing is that while /CodeBuild/AccountId is undefined, our release automation will be broken.
Will this effect our CI? Do we use this in our CI? Yes, we do

Here, we have a problem where the CI and release automation (RA) share a resource.

Ok. So... now I have more questions that I hope will lead us to the best outcome.

Do the CI and RA share other resources?

If so, should the CI and RA be created by the same stack?

What creates the CI stack right now?

Finally, is this a case where other libraries also share this resource?

I am sorry to say that I do not know the answer these questions.

texastony

Left a suggestion, but otherwise it is brilliant!

texastony · 2021-10-04T14:56:04Z

cfn/ci_cd.yml

+          EncryptionDisabled: false
  CodeBuildProjectRelease:


Suggested change

EncryptionDisabled: false

CodeBuildProjectRelease:

EncryptionDisabled: false

CodeBuildProjectRelease:

nit: new line b/w resources

## [2.4.0](v2.3.3...v2.4.0) (2022-03-09) ### Features * AWS SDK v2 support ([006cdc4](006cdc4)) ### Maintenance * Add back removed CiphertextHeaders.deserialize method ([#382](#382)) ([c1f3e63](c1f3e63)) * add build to support uploading artifacts ([#379](#379)) ([69e7914](69e7914)) * Add CODEOWNERS file ([#406](#406)) ([b9adf9f](b9adf9f)) * add javadoc update to batch build ([#376](#376)) ([d88190b](d88190b)) * Adding semantic release config file ([#346](#346)) ([6201c1a](6201c1a)) * **deps-dev:** bump junit-jupiter-api from 5.7.2 to 5.8.0 ([#339](#339)) ([6dfaef9](6dfaef9)) * **deps-dev:** bump junit-jupiter-api from 5.8.0 to 5.8.1 ([#347](#347)) ([7d3bb0a](7d3bb0a)) * **deps-dev:** bump junit-jupiter-api from 5.8.1 to 5.8.2 ([#427](#427)) ([7de569a](7de569a)) * **deps-dev:** bump junit-vintage-engine from 5.7.2 to 5.8.0 ([#337](#337)) ([2338b92](2338b92)) * **deps-dev:** bump junit-vintage-engine from 5.8.0 to 5.8.1 ([#348](#348)) ([d0221cf](d0221cf)) * **deps-dev:** bump junit-vintage-engine from 5.8.1 to 5.8.2 ([#426](#426)) ([065ab94](065ab94)) * **deps-dev:** bump mockito-core from 3.12.3 to 3.12.4 ([#323](#323)) ([0208d0d](0208d0d)) * **deps-dev:** bump mockito-core from 4.0.0 to 4.1.0 ([#441](#441)) ([8dfda1a](8dfda1a)) * **deps-dev:** bump mockito-core from 4.1.0 to 4.2.0 ([#458](#458)) ([a1b1885](a1b1885)) * **deps-dev:** bump mockito-core from 4.2.0 to 4.3.1 ([#500](#500)) ([a709e69](a709e69)) * **deps:** bump aws-java-sdk from 1.12.102 to 1.12.105 ([#404](#404)) ([b87d8c6](b87d8c6)) * **deps:** bump aws-java-sdk from 1.12.105 to 1.12.106 ([#405](#405)) ([dd633c0](dd633c0)) * **deps:** bump aws-java-sdk from 1.12.106 to 1.12.127 ([#436](#436)) ([91f6ffc](91f6ffc)) * **deps:** bump aws-java-sdk from 1.12.127 to 1.12.128 ([#437](#437)) ([37078ec](37078ec)) * **deps:** bump aws-java-sdk from 1.12.128 to 1.12.129 ([#447](#447)) ([6872c63](6872c63)) * **deps:** bump aws-java-sdk from 1.12.129 to 1.12.131 ([#463](#463)) ([a98a321](a98a321)) * **deps:** bump aws-java-sdk from 1.12.131 to 1.12.150 ([#508](#508)) ([433dc1b](433dc1b)) * **deps:** bump aws-java-sdk from 1.12.150 to 1.12.151 ([#510](#510)) ([70257a5](70257a5)) * **deps:** bump aws-java-sdk from 1.12.151 to 1.12.162 ([#541](#541)) ([22abc6c](22abc6c)) * **deps:** bump aws-java-sdk from 1.12.54 to 1.12.68 ([#341](#341)) ([291be0a](291be0a)) * **deps:** bump aws-java-sdk from 1.12.68 to 1.12.73 ([#350](#350)) ([153a0b3](153a0b3)) * **deps:** bump aws-java-sdk from 1.12.73 to 1.12.74 ([#351](#351)) ([e5f3962](e5f3962)) * **deps:** bump aws-java-sdk from 1.12.74 to 1.12.75 ([#353](#353)) ([3339c20](3339c20)) * **deps:** bump aws-java-sdk from 1.12.75 to 1.12.102 ([#400](#400)) ([98b079c](98b079c)) * **deps:** bump bcprov-ext-jdk15on from 1.69 to 1.70 ([#439](#439)) ([969852a](969852a)) * **deps:** bump build-helper-maven-plugin from 3.2.0 to 3.3.0 ([#473](#473)) ([4f7d08c](4f7d08c)) * **deps:** bump fmt-maven-plugin from 2.12 to 2.13 ([#429](#429)) ([e5d8c32](e5d8c32)) * **deps:** bump maven-compiler-plugin from 3.8.1 to 3.9.0 ([#481](#481)) ([369a049](369a049)) * **deps:** bump maven-javadoc-plugin from 3.3.0 to 3.3.1 ([#333](#333)) ([693e43f](693e43f)) * **deps:** bump nexus-staging-maven-plugin from 1.6.8 to 1.6.11 ([#535](#535)) ([0ab1db0](0ab1db0)) * **docs:** update README get started example ([#423](#423)) ([da0fe89](da0fe89)) * **docs:** updating broken javadoc link ([#366](#366)) ([487be4b](487be4b)) * moving and renaming buildspec.yml ([#360](#360)) ([e259caf](e259caf)) * release updates ([#369](#369)) ([4b9d932](4b9d932)) * source controlling cfn templates that will be used for our release process ([#345](#345)) ([456dda0](456dda0)) * update dependabot to update mainline-1.x ([#440](#440)) ([960f3e5](960f3e5)) * update gh token ([#412](#412)) ([f8ada9b](f8ada9b)) * update release process ([#396](#396)) ([c0ff093](c0ff093)) * update releaserc to include pom.xml file ([#357](#357)) ([63e2f05](63e2f05)) * update token name and timeout ([#411](#411)) ([c0d5a0e](c0d5a0e)) * updating prod template to remove resources and abstract ones ([#354](#354)) ([ecc17a6](ecc17a6)) * Upgrade mockito to 4.0.0 ([#438](#438)) ([629dbfd](629dbfd))

## [2.4.0](v2.3.3...v2.4.0) (2022-03-09) ### Features * AWS SDK v2 support ([006cdc4](006cdc4)) ### Maintenance * Add back removed CiphertextHeaders.deserialize method ([#382](#382)) ([c1f3e63](c1f3e63)) * add build to support uploading artifacts ([#379](#379)) ([69e7914](69e7914)) * Add CODEOWNERS file ([#406](#406)) ([b9adf9f](b9adf9f)) * add javadoc update to batch build ([#376](#376)) ([d88190b](d88190b)) * Adding semantic release config file ([#346](#346)) ([6201c1a](6201c1a)) * **deps-dev:** bump junit-jupiter-api from 5.7.2 to 5.8.0 ([#339](#339)) ([6dfaef9](6dfaef9)) * **deps-dev:** bump junit-jupiter-api from 5.8.0 to 5.8.1 ([#347](#347)) ([7d3bb0a](7d3bb0a)) * **deps-dev:** bump junit-jupiter-api from 5.8.1 to 5.8.2 ([#427](#427)) ([7de569a](7de569a)) * **deps-dev:** bump junit-vintage-engine from 5.7.2 to 5.8.0 ([#337](#337)) ([2338b92](2338b92)) * **deps-dev:** bump junit-vintage-engine from 5.8.0 to 5.8.1 ([#348](#348)) ([d0221cf](d0221cf)) * **deps-dev:** bump junit-vintage-engine from 5.8.1 to 5.8.2 ([#426](#426)) ([065ab94](065ab94)) * **deps-dev:** bump mockito-core from 3.12.3 to 3.12.4 ([#323](#323)) ([0208d0d](0208d0d)) * **deps-dev:** bump mockito-core from 4.0.0 to 4.1.0 ([#441](#441)) ([8dfda1a](8dfda1a)) * **deps-dev:** bump mockito-core from 4.1.0 to 4.2.0 ([#458](#458)) ([a1b1885](a1b1885)) * **deps-dev:** bump mockito-core from 4.2.0 to 4.3.1 ([#500](#500)) ([a709e69](a709e69)) * **deps:** bump aws-java-sdk from 1.12.102 to 1.12.105 ([#404](#404)) ([b87d8c6](b87d8c6)) * **deps:** bump aws-java-sdk from 1.12.105 to 1.12.106 ([#405](#405)) ([dd633c0](dd633c0)) * **deps:** bump aws-java-sdk from 1.12.106 to 1.12.127 ([#436](#436)) ([91f6ffc](91f6ffc)) * **deps:** bump aws-java-sdk from 1.12.127 to 1.12.128 ([#437](#437)) ([37078ec](37078ec)) * **deps:** bump aws-java-sdk from 1.12.128 to 1.12.129 ([#447](#447)) ([6872c63](6872c63)) * **deps:** bump aws-java-sdk from 1.12.129 to 1.12.131 ([#463](#463)) ([a98a321](a98a321)) * **deps:** bump aws-java-sdk from 1.12.131 to 1.12.150 ([#508](#508)) ([433dc1b](433dc1b)) * **deps:** bump aws-java-sdk from 1.12.150 to 1.12.151 ([#510](#510)) ([70257a5](70257a5)) * **deps:** bump aws-java-sdk from 1.12.151 to 1.12.162 ([#541](#541)) ([22abc6c](22abc6c)) * **deps:** bump aws-java-sdk from 1.12.54 to 1.12.68 ([#341](#341)) ([291be0a](291be0a)) * **deps:** bump aws-java-sdk from 1.12.68 to 1.12.73 ([#350](#350)) ([153a0b3](153a0b3)) * **deps:** bump aws-java-sdk from 1.12.73 to 1.12.74 ([#351](#351)) ([e5f3962](e5f3962)) * **deps:** bump aws-java-sdk from 1.12.74 to 1.12.75 ([#353](#353)) ([3339c20](3339c20)) * **deps:** bump aws-java-sdk from 1.12.75 to 1.12.102 ([#400](#400)) ([98b079c](98b079c)) * **deps:** bump bcprov-ext-jdk15on from 1.69 to 1.70 ([#439](#439)) ([969852a](969852a)) * **deps:** bump build-helper-maven-plugin from 3.2.0 to 3.3.0 ([#473](#473)) ([4f7d08c](4f7d08c)) * **deps:** bump fmt-maven-plugin from 2.12 to 2.13 ([#429](#429)) ([e5d8c32](e5d8c32)) * **deps:** bump maven-compiler-plugin from 3.8.1 to 3.9.0 ([#481](#481)) ([369a049](369a049)) * **deps:** bump maven-javadoc-plugin from 3.3.0 to 3.3.1 ([#333](#333)) ([693e43f](693e43f)) * **deps:** bump nexus-staging-maven-plugin from 1.6.11 to 1.6.12 ([#546](#546)) ([6fa782b](6fa782b)) * **deps:** bump nexus-staging-maven-plugin from 1.6.8 to 1.6.11 ([#535](#535)) ([0ab1db0](0ab1db0)) * **docs:** update README get started example ([#423](#423)) ([da0fe89](da0fe89)) * **docs:** updating broken javadoc link ([#366](#366)) ([487be4b](487be4b)) * moving and renaming buildspec.yml ([#360](#360)) ([e259caf](e259caf)) * release updates ([#369](#369)) ([4b9d932](4b9d932)) * source controlling cfn templates that will be used for our release process ([#345](#345)) ([456dda0](456dda0)) * update dependabot to update mainline-1.x ([#440](#440)) ([960f3e5](960f3e5)) * update gh token ([#412](#412)) ([f8ada9b](f8ada9b)) * update release process ([#396](#396)) ([c0ff093](c0ff093)) * update releaserc to include pom.xml file ([#357](#357)) ([63e2f05](63e2f05)) * update token name and timeout ([#411](#411)) ([c0d5a0e](c0d5a0e)) * updating prod template to remove resources and abstract ones ([#354](#354)) ([ecc17a6](ecc17a6)) * Upgrade mockito to 4.0.0 ([#438](#438)) ([629dbfd](629dbfd))

## [2.4.0](v2.3.3...v2.4.0) (2022-03-09) ### Features * AWS SDK v2 support ([006cdc4](006cdc4)) ### Fixes * Revert "AWS Encryption SDK 2.4.0 Release -- $(date +%Y-%m-%d)" ([7563a95](7563a95)) ### Maintenance * Add back removed CiphertextHeaders.deserialize method ([#382](#382)) ([c1f3e63](c1f3e63)) * add build to support uploading artifacts ([#379](#379)) ([69e7914](69e7914)) * Add CODEOWNERS file ([#406](#406)) ([b9adf9f](b9adf9f)) * add javadoc update to batch build ([#376](#376)) ([d88190b](d88190b)) * Adding semantic release config file ([#346](#346)) ([6201c1a](6201c1a)) * **ci:** change release vars ([#578](#578)) ([de99b56](de99b56)) * **deps-dev:** bump junit-jupiter-api from 5.7.2 to 5.8.0 ([#339](#339)) ([6dfaef9](6dfaef9)) * **deps-dev:** bump junit-jupiter-api from 5.8.0 to 5.8.1 ([#347](#347)) ([7d3bb0a](7d3bb0a)) * **deps-dev:** bump junit-jupiter-api from 5.8.1 to 5.8.2 ([#427](#427)) ([7de569a](7de569a)) * **deps-dev:** bump junit-vintage-engine from 5.7.2 to 5.8.0 ([#337](#337)) ([2338b92](2338b92)) * **deps-dev:** bump junit-vintage-engine from 5.8.0 to 5.8.1 ([#348](#348)) ([d0221cf](d0221cf)) * **deps-dev:** bump junit-vintage-engine from 5.8.1 to 5.8.2 ([#426](#426)) ([065ab94](065ab94)) * **deps-dev:** bump mockito-core from 3.12.3 to 3.12.4 ([#323](#323)) ([0208d0d](0208d0d)) * **deps-dev:** bump mockito-core from 4.0.0 to 4.1.0 ([#441](#441)) ([8dfda1a](8dfda1a)) * **deps-dev:** bump mockito-core from 4.1.0 to 4.2.0 ([#458](#458)) ([a1b1885](a1b1885)) * **deps-dev:** bump mockito-core from 4.2.0 to 4.3.1 ([#500](#500)) ([a709e69](a709e69)) * **deps:** bump aws-java-sdk from 1.12.102 to 1.12.105 ([#404](#404)) ([b87d8c6](b87d8c6)) * **deps:** bump aws-java-sdk from 1.12.105 to 1.12.106 ([#405](#405)) ([dd633c0](dd633c0)) * **deps:** bump aws-java-sdk from 1.12.106 to 1.12.127 ([#436](#436)) ([91f6ffc](91f6ffc)) * **deps:** bump aws-java-sdk from 1.12.127 to 1.12.128 ([#437](#437)) ([37078ec](37078ec)) * **deps:** bump aws-java-sdk from 1.12.128 to 1.12.129 ([#447](#447)) ([6872c63](6872c63)) * **deps:** bump aws-java-sdk from 1.12.129 to 1.12.131 ([#463](#463)) ([a98a321](a98a321)) * **deps:** bump aws-java-sdk from 1.12.131 to 1.12.150 ([#508](#508)) ([433dc1b](433dc1b)) * **deps:** bump aws-java-sdk from 1.12.150 to 1.12.151 ([#510](#510)) ([70257a5](70257a5)) * **deps:** bump aws-java-sdk from 1.12.151 to 1.12.162 ([#541](#541)) ([22abc6c](22abc6c)) * **deps:** bump aws-java-sdk from 1.12.54 to 1.12.68 ([#341](#341)) ([291be0a](291be0a)) * **deps:** bump aws-java-sdk from 1.12.68 to 1.12.73 ([#350](#350)) ([153a0b3](153a0b3)) * **deps:** bump aws-java-sdk from 1.12.73 to 1.12.74 ([#351](#351)) ([e5f3962](e5f3962)) * **deps:** bump aws-java-sdk from 1.12.74 to 1.12.75 ([#353](#353)) ([3339c20](3339c20)) * **deps:** bump aws-java-sdk from 1.12.75 to 1.12.102 ([#400](#400)) ([98b079c](98b079c)) * **deps:** bump bcprov-ext-jdk15on from 1.69 to 1.70 ([#439](#439)) ([969852a](969852a)) * **deps:** bump build-helper-maven-plugin from 3.2.0 to 3.3.0 ([#473](#473)) ([4f7d08c](4f7d08c)) * **deps:** bump fmt-maven-plugin from 2.12 to 2.13 ([#429](#429)) ([e5d8c32](e5d8c32)) * **deps:** bump maven-compiler-plugin from 3.8.1 to 3.9.0 ([#481](#481)) ([369a049](369a049)) * **deps:** bump maven-javadoc-plugin from 3.3.0 to 3.3.1 ([#333](#333)) ([693e43f](693e43f)) * **deps:** bump nexus-staging-maven-plugin from 1.6.11 to 1.6.12 ([#546](#546)) ([6fa782b](6fa782b)) * **deps:** bump nexus-staging-maven-plugin from 1.6.8 to 1.6.11 ([#535](#535)) ([0ab1db0](0ab1db0)) * **docs:** update README get started example ([#423](#423)) ([da0fe89](da0fe89)) * **docs:** updating broken javadoc link ([#366](#366)) ([487be4b](487be4b)) * moving and renaming buildspec.yml ([#360](#360)) ([e259caf](e259caf)) * release updates ([#369](#369)) ([4b9d932](4b9d932)) * source controlling cfn templates that will be used for our release process ([#345](#345)) ([456dda0](456dda0)) * update dependabot to update mainline-1.x ([#440](#440)) ([960f3e5](960f3e5)) * update gh token ([#412](#412)) ([f8ada9b](f8ada9b)) * update release process ([#396](#396)) ([c0ff093](c0ff093)) * update releaserc to include pom.xml file ([#357](#357)) ([63e2f05](63e2f05)) * update token name and timeout ([#411](#411)) ([c0d5a0e](c0d5a0e)) * updating prod template to remove resources and abstract ones ([#354](#354)) ([ecc17a6](ecc17a6)) * Upgrade mockito to 4.0.0 ([#438](#438)) ([629dbfd](629dbfd))

josecorella added 2 commits September 28, 2021 11:51

chore: removing extra log p[olicy that is not needed for prod-release

524842a

chore: adding aws account id subsitution

746ee3e

josecorella requested a review from texastony September 28, 2021 19:25

josecorella marked this pull request as ready for review September 28, 2021 20:00

texastony requested changes Sep 29, 2021

View reviewed changes

josecorella added 2 commits September 29, 2021 13:19

chore: adding accountid back to managepolicy

83fb8fd

chore: correctly formatting secrets policy

fc2ae56

josecorella requested a review from texastony September 29, 2021 21:37

texastony requested changes Sep 29, 2021

View reviewed changes

josecorella added 2 commits September 30, 2021 12:13

chore: rename file and adding cfn template for our CI project

87be1ad

chore: format json

35b1b7d

josecorella requested a review from texastony September 30, 2021 19:25

texastony previously approved these changes Oct 4, 2021

View reviewed changes

style: add new line between resources

b49aad9

josecorella dismissed texastony’s stale review via b49aad9 October 4, 2021 16:39

texastony approved these changes Oct 4, 2021

View reviewed changes

josecorella merged commit ecc17a6 into aws:master Oct 4, 2021

josecorella deleted the code-build branch October 4, 2021 17:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: updating prod template to remove resources and abstract ones #354

chore: updating prod template to remove resources and abstract ones #354

josecorella commented Sep 28, 2021

texastony Sep 29, 2021

texastony Sep 29, 2021

josecorella Sep 29, 2021

texastony left a comment

texastony Sep 29, 2021

josecorella Sep 29, 2021

texastony Sep 30, 2021 •

edited

Loading

texastony left a comment

texastony Oct 4, 2021

		"arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-test-release",
		"arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-test-release:*",

chore: updating prod template to remove resources and abstract ones #354

chore: updating prod template to remove resources and abstract ones #354

Conversation

josecorella commented Sep 28, 2021

Check any applicable:

texastony Sep 29, 2021

Choose a reason for hiding this comment

texastony Sep 29, 2021

Choose a reason for hiding this comment

josecorella Sep 29, 2021

Choose a reason for hiding this comment

texastony left a comment

Choose a reason for hiding this comment

texastony Sep 29, 2021

Choose a reason for hiding this comment

josecorella Sep 29, 2021

Choose a reason for hiding this comment

texastony Sep 30, 2021 • edited Loading

Choose a reason for hiding this comment

texastony left a comment

Choose a reason for hiding this comment

texastony Oct 4, 2021

Choose a reason for hiding this comment

texastony Sep 30, 2021 •

edited

Loading