Using the SDK

Note

This was added in 0.18.0

Service Catalog Puppet includes a published SDK. You can make use of the python functions available:

from servicecatalog_puppet import sdk

The functions available are:

Functions

servicecatalog_puppet.sdk.add_to_accounts(account_or_ou)

Add the parameter to the account list of the manifest file

Parameters

account_or_ou – A dict describing the the account or the ou to be added

servicecatalog_puppet.sdk.add_to_launches(launch_name, launch)

Add the given launch to the launches section using the given launch_name

Parameters

• launch_name – The launch name to use when adding the launch to the manifest launches

• launch – The dict to add to the launches

servicecatalog_puppet.sdk.bootstrap(with_manual_approvals, puppet_account_id, puppet_code_pipeline_role_permission_boundary='arn:aws:iam::aws:policy/AdministratorAccess', source_role_permissions_boundary='arn:aws:iam::aws:policy/AdministratorAccess', puppet_generate_role_permission_boundary='arn:aws:iam::aws:policy/AdministratorAccess', puppet_deploy_role_permission_boundary='arn:aws:iam::aws:policy/AdministratorAccess', puppet_provisioning_role_permissions_boundary='arn:aws:iam::aws:policy/AdministratorAccess', cloud_formation_deploy_role_permissions_boundary='arn:aws:iam::aws:policy/AdministratorAccess', deploy_environment_compute_type='BUILD_GENERAL1_SMALL', deploy_num_workers=10)

Bootstrap the puppet account. This will create the AWS CodeCommit repo containing the config and it will also create the AWS CodePipeline that will run the solution.

Parameters

• with_manual_approvals – Boolean to specify whether there should be manual approvals before provisioning occurs

• puppet_account_id – AWS Account Id for your puppet account

• puppet_code_pipeline_role_permission_boundary – IAM Boundary to apply to the role: PuppetCodePipelineRole

• source_role_permissions_boundary – IAM Boundary to apply to the role: SourceRole

• puppet_generate_role_permission_boundary – IAM Boundary to apply to the role: PuppetGenerateRole

• puppet_deploy_role_permission_boundary – IAM Boundary to apply to the role: PuppetDeployRole

• puppet_provisioning_role_permissions_boundary – IAM Boundary to apply to the role: PuppetProvisioningRole

• cloud_formation_deploy_role_permissions_boundary – IAM Boundary to apply to the role: CloudFormationDeployRole

• deploy_environment_compute_type – The AWS CodeBuild Environment Compute Type

• deploy_num_workers – Number of workers that should be used when running a deploy

servicecatalog_puppet.sdk.bootstrap_spoke(puppet_account_id, permission_boundary)

Bootstrap a spoke so that is can be used by the puppet account to share portfolios and provision products. This must be run in the spoke account.

Parameters

• puppet_account_id – this is the account id where you have installed aws-service-catalog-puppet

• permission_boundary – the iam boundary to apply to the puppetrole in the spoke account

servicecatalog_puppet.sdk.bootstrap_spoke_as(puppet_account_id, iam_role_arns, permission_boundary, puppet_role_name='PuppetRole', puppet_role_path='/servicecatalog-puppet/', tag=[])

Bootstrap a spoke so that it can be used by the puppet account to share portfolios and provision products. This must be run in an account where you can assume the first ARN in the iam_role_arns list.

Parameters

• puppet_account_id – this is the account id where you have installed aws-service-catalog-puppet

• iam_role_arns – this is a list of ARNs the function will assume (in order) before bootstrapping. The final ARN in the list should be the ARN of the spoke you want to bootstrap.

• permission_boundary – the iam boundary to apply to the puppetrole in the spoke account

servicecatalog_puppet.sdk.bootstrap_spokes_in_ou(ou_path_or_id, role_name, iam_role_arns, permission_boundary, num_workers=10, puppet_role_name='PuppetRole', puppet_role_path='/servicecatalog-puppet/', tag=[])

Bootstrap each spoke in the given path or id

Parameters

• ou_path_or_id – This is the ou path /example or the ou id for which you want each account bootstrapped

• role_name – This is the name (not ARN) of the IAM role to assume in each account when bootstrapping

• iam_role_arns – this is a list of ARNs the function will assume (in order) before bootstrapping. The final ARN in the list should be the ARN of account that can assume the role_name in the accounts to bootstrap.

• permission_boundary – the iam boundary to apply to the puppetrole in the spoke account

servicecatalog_puppet.sdk.release_spoke(puppet_account_id)

Delete the resources created during the bootstrap spoke process

Parameters

puppet_account_id – AWS Account Id for your puppet account

servicecatalog_puppet.sdk.remove_from_accounts(account_id_or_ou_id_or_ou_path)

remove the given account_id_or_ou_id_or_ou_path from the account list

Parameters

account_id_or_ou_id_or_ou_path – the value can be an account_id, ou_id or an ou_path. It should be present in the accounts list within the manifest file or an error is generated

servicecatalog_puppet.sdk.remove_from_launches(launch_name)

remove the given launch_name from the launches list

Parameters

launch_name – The name of the launch to be removed from the launches section of the manifest file

servicecatalog_puppet.sdk.run(what='puppet', wait_for_completion=False)

Run something

Parameters

• what – what should be run. The only parameter that will work is puppet

• wait_for_completion – Whether the command should wait for the completion of the pipeline before it returns

servicecatalog_puppet.sdk.uninstall(puppet_account_id)

Delete the resources created during the bootstrap process. AWS Service Catalog portfolios and their configurations are not modified during this call

Parameters

puppet_account_id – AWS Account Id for your puppet account

servicecatalog_puppet.sdk.upload_config(config)

This function allows you to upload your configuration for puppet. At the moment this should be a dict with an attribute named regions: regions: [

‘eu-west-3’, ‘sa-east-1’,

]

Parameters

config – The dict containing the configuration used for puppet