Misc builder script fixes & refactors (#31)

- Consolidate requirements to top-level
- Add sts:GetParametersByPath to CircleCIExecutionRole
- Minor refactor of config builder
- Moved builder into 'scripts' subdirectory with its own requirements.txt

Author: palpatim

CHANGELOG.md

@@ -0,0 +1,9 @@
+# Amplify CI support scripts - CHANGELOG
+
+Scripts and tools for managing Amplify projects in continuous integration
+environments, and for local developer setup of integration test environments.
+
+## 0.1.0
+
+Initial release
+

requirements.txt

@@ -1 +1,13 @@
+aws_cdk.aws_apigateway
+aws_cdk.aws_cognito
+aws_cdk.aws_iam
+aws_cdk.aws_kinesisfirehose
+aws_cdk.aws_kms
+aws_cdk.aws_logs
+aws_cdk.aws_pinpoint
+aws-cdk.aws_s3
+aws_cdk.aws_ssm
+aws_cdk.core
 black
+boto3
+isort

src/integ_test_resources/android/sdk/integration/cdk/requirements.txt

@@ -22,6 +22,13 @@ def __init__(self,
                                                assumed_by=aws_iam.AccountPrincipal(self.account),
                                                max_session_duration=core.Duration.hours(4))
 
+        policy_to_add = aws_iam.PolicyStatement(effect=aws_iam.Effect.ALLOW,
+                                                actions=[
+                                                    "ssm:GetParameter", "ssm:GetParametersByPath"
+                                                ],
+                                                resources=["*"])
+        circleci_execution_role.add_to_policy(policy_to_add)
+
         self._circleci_execution_role = circleci_execution_role
         self._supported_in_region = True
         self._cognito_support_in_region = self.is_cognito_supported_in_region()

src/integ_test_resources/common/common_stack.py

@@ -87,7 +87,7 @@ def get_parameters_with_prefix(self, parameter_prefix: str, ssm) -> dict:
             for parameter in page['Parameters']:
                 parameters.append(parameter)
         return parameters
-    
+
     def ssm_client(self, aws_config: AWSConfig):
         """
         Builds an SSM client using the provided Config.
@@ -99,21 +99,21 @@ def ssm_client(self, aws_config: AWSConfig):
             region_name=aws_config.defaultRegion
         )
         return session.client('ssm')
-    
+
     def aws_config_from_environment(self) -> AWSConfig:
         """
         Inpsects the environment for four well-known AWS environment
         variables, and populates their value into an Config bundle.
-    
+
         These credentials are used for two purposes:
           1. To call get-parameters-by-path against SSM, to understand
              the resource outputs of the various CDK scripts;
           2. For the execution of the test suites themselves, on the device.
-       
+
         As a consequence, these credentials must have permissions
         sufficient to read data out of SSM Parameter Store, as well as
         to execute all of the various test suites, both.
-    
+
         The default region is used only while talking to SSM. The
         provided region should be the same as what was used while
         running the CDK scripts.
@@ -124,7 +124,24 @@ def aws_config_from_environment(self) -> AWSConfig:
             os.environ['AWS_SESSION_TOKEN'],
             os.environ['AWS_DEFAULT_REGION']
        )
-    
+
+    def get_package_data(self) -> dict:
+        aws_config = self.aws_config_from_environment()
+        parameter_prefix = self.STACK_PREFIX_BASE + '/' + self.platform
+        ssm = self.ssm_client(aws_config)
+        parameters = self.get_parameters_with_prefix(parameter_prefix, ssm)
+        package_data = self.build_package_data(parameter_prefix, parameters)
+        return package_data
+
+    def get_credentials_data(self) -> dict:
+        aws_config = self.aws_config_from_environment()
+        credentials_data = {
+            'accessKey': aws_config.accessKey,
+            'secretKey': aws_config.secretKey,
+            'sessionToken': aws_config.sessionToken
+        }
+        return credentials_data
+
     def print_device_config(self) -> None:
         """
         Obtains credentials from the environment (only). Builds a Simple
@@ -136,17 +153,10 @@ def print_device_config(self) -> None:
         device running the SDK integration tests. The output of this
         function may be piped to a file.
         """
-        aws_config = self.aws_config_from_environment()
-        parameter_prefix = self.STACK_PREFIX_BASE + '/' + self.platform
-        ssm = self.ssm_client(aws_config)
-        parameters = self.get_parameters_with_prefix(parameter_prefix, ssm)
-        package_data = self.build_package_data(parameter_prefix, parameters)
+        package_data = self.get_package_data()
+        credentials_data = self.get_credentials_data()
         print(json.dumps({
-            'credentials': {
-                'accessKey': aws_config.accessKey,
-                'secretKey': aws_config.secretKey,
-                'sessionToken': aws_config.sessionToken
-            },
+            'credentials': credentials_data,
             'packages': package_data
         }, indent=2))
 

src/integ_test_resources/common/scripts/__init__.py

@@ -0,0 +1 @@
+boto3

src/integ_test_resources/common/device_config_builder.py src/integ_test_resources/common/scripts/device_config_builder.py

@@ -68,6 +68,26 @@ def test_build_package_data_with_nesting(self):
         )
 
 
+    def test_get_credential_data(self):
+        environment_variables = {
+            'AWS_ACCESS_KEY_ID': 'accessKey',
+            'AWS_SECRET_ACCESS_KEY': 'secretKey',
+            'AWS_SESSION_TOKEN': 'sessionToken'
+        }
+        for key, value in environment_variables.items():
+            os.environ[key] = value
+
+        credentials_data = self.underTest.get_credentials_data()
+
+        self.assertEqual(
+            {
+                'accessKey': 'accessKey',
+                'secretKey': 'secretKey',
+                'sessionToken': 'sessionToken'
+            },
+            credentials_data
+        )
+
     def test_aws_config_from_environment(self):
         environment_variables = {
             'AWS_ACCESS_KEY_ID': 'accessKey',