first iteration eks deployment

ContainerCraft · Dec 3, 2024 · 143d0d5 · 143d0d5
1 parent 35bff5d
commit 143d0d5
Show file tree

Hide file tree

Showing 14 changed files with 747 additions and 308 deletions.
diff --git a/docs/stack_outputs.json b/docs/stack_outputs.json
@@ -39,8 +39,8 @@
                 "ato": {
                     "id": "1234-ATO",
                     "authorized": "2025-03-27T00:00:00Z",
-                    "review": "2028-03-27T00:00:00Z",
-                    "renew": "2026-03-27T00:00:00Z"
+                    "eol": "2028-03-27T00:00:00Z",
+                    "last_touch": "2026-03-27T00:00:00Z"
                 }
             },
             "nist": {

diff --git a/modules/aws/config.py b/modules/aws/config.py
@@ -35,9 +35,22 @@
     "aws:ec2/instance:Instance",
     "aws:iam/role:Role",
     "aws:rds/instance:Instance",
-    # Add other AWS resource types that support tagging
 ]
 
+DEFAULT_MODULE_CONFIG = {
+    "enabled": True,
+    "version": "latest",
+    "config": {"region": "us-east-1"},
+    "compliance": {
+        "fisma": {
+            "enabled": False,
+            "level": "low",
+            "mode": "strict",
+            "ato": {"id": None, "authorized": None, "eol": None},
+        }
+    },
+}
+
 
 def validate_config(raw_config: dict) -> AWSModuleConfig:
     try:
@@ -58,9 +71,7 @@ def initialize_aws_provider(config: AWSConfig) -> Provider:
     """
     aws_config = pulumi.Config("aws")
     aws_access_key = os.getenv("AWS_ACCESS_KEY_ID") or aws_config.get("access_key_id")
-    aws_secret_key = os.getenv("AWS_SECRET_ACCESS_KEY") or aws_config.get(
-        "secret_access_key"
-    )
+    aws_secret_key = os.getenv("AWS_SECRET_ACCESS_KEY") or aws_config.get("secret_access_key")
     profile = os.getenv("AWS_PROFILE") or config.profile
 
     return Provider(
@@ -103,9 +114,7 @@ def global_transform(
     pulumi.runtime.register_stack_transformation(global_transform)
 
 
-def generate_tags(
-    config: AWSConfig, compliance_config: ComplianceConfig, git_info: Dict[str, str]
-) -> Dict[str, str]:
+def generate_tags(config: AWSConfig, compliance_config: ComplianceConfig, git_info: Dict[str, str]) -> Dict[str, str]:
     """
     Generates tags for AWS resources, including compliance and Git metadata.
 
@@ -181,16 +190,12 @@ def load_tenant_account_configs() -> Dict[str, TenantAccountConfig]:
             tenant_config = TenantAccountConfig(**tenant)
             tenant_accounts[tenant_config.name] = tenant_config
         except Exception as e:
-            log.warn(
-                f"Invalid tenant account configuration for '{tenant.get('name', 'unknown')}': {e}"
-            )
+            log.warn(f"Invalid tenant account configuration for '{tenant.get('name', 'unknown')}': {e}")
 
     return tenant_accounts
 
 
-def merge_configurations(
-    base_config: Dict[str, Any], override_config: Dict[str, Any]
-) -> Dict[str, Any]:
+def merge_configurations(base_config: Dict[str, Any], override_config: Dict[str, Any]) -> Dict[str, Any]:
     """
     Merges two configuration dictionaries with override taking precedence.
 
@@ -306,9 +311,7 @@ def generate_compliance_labels(compliance_config: ComplianceConfig) -> Dict[str,
     if compliance_config.nist.enabled:
         labels["compliance.nist.enabled"] = "true"
         if compliance_config.nist.controls:
-            labels["compliance.nist.controls"] = ",".join(
-                compliance_config.nist.controls
-            )
+            labels["compliance.nist.controls"] = ",".join(compliance_config.nist.controls)
 
     return labels
 

diff --git a/modules/aws/deployment.py b/modules/aws/deployment.py
@@ -10,6 +10,8 @@
 from .provider import AWSProvider
 from .types import AWSConfig
 from modules.core.stack_outputs import collect_global_metadata, collect_module_metadata
+from modules.core.compliance_types import ComplianceConfig
+from .eks import EksManager
 
 
 class AwsModule(ModuleInterface):
@@ -64,7 +66,24 @@ def deploy(self, config: Dict[str, Any]) -> ModuleDeploymentResult:
             log.info(f"Successfully authenticated as: {caller_identity.arn}")
             log.info(f"AWS Account ID: {caller_identity.account_id}")
 
+            # Deploy EKS if enabled
+            if aws_config.eks and aws_config.eks.enabled:
+                log.info(f"Deploying EKS cluster: {aws_config.eks.name}")
+                eks_manager = EksManager(provider)
+                eks_resources = eks_manager.deploy_cluster(
+                    name=aws_config.eks.name,
+                    version=aws_config.eks.version,
+                    instance_types=aws_config.eks.node_groups[0].instance_types if aws_config.eks.node_groups else None,
+                    scaling_config=aws_config.eks.node_groups[0].scaling_config if aws_config.eks.node_groups else None,
+                )
+
+                # Export EKS outputs
+                pulumi.export("eks_cluster_name", eks_resources["cluster"].name)
+                pulumi.export("eks_cluster_endpoint", eks_resources["cluster"].endpoint)
+                pulumi.export("eks_cluster_vpc_id", eks_resources["vpc"].id)
+
             # Get Git info as dictionary
+            # this is required code for initializing the git info, do not remove
             git_info = init_config.git_info.model_dump()
 
             # Collect metadata for resource tagging
@@ -122,16 +141,29 @@ def deploy(self, config: Dict[str, Any]) -> ModuleDeploymentResult:
             provider_urn = str(provider.provider.urn)
             bucket_name = str(s3_bucket.id)
 
+            # Update metadata to include EKS info if deployed
+            if aws_config.eks and aws_config.eks.enabled:
+                aws_metadata["eks_cluster_name"] = aws_config.eks.name
+
+            # Parse compliance config
+            compliance_config = ComplianceConfig.model_validate(config.get("compliance", {}))
+
+            # Return deployment result without version
             # Return deployment result without version
             return ModuleDeploymentResult(
                 success=True,
-                version="",  # Empty string since AWS module doesn't use versions
+                version="0.0.1",
                 resources=[provider_urn, bucket_name],
-                metadata=aws_metadata,
+                metadata={
+                    "compliance": compliance_config.model_dump(),
+                    "aws_account_id": caller_identity.account_id,
+                    "aws_user_id": caller_identity.user_id,
+                    "aws_arn": caller_identity.arn,
+                    **aws_metadata,
+                },
             )
 
         except Exception as e:
-            log.error(f"AWS deployment failed: {str(e)}")
             return ModuleDeploymentResult(
                 success=False, version="", errors=[str(e)]  # Empty string since AWS module doesn't use versions
             )