From 310c9db8f4d25315e519a089ac82b1a07c9db7e6 Mon Sep 17 00:00:00 2001 From: Aparna Date: Tue, 3 Sep 2024 13:33:52 +0530 Subject: [PATCH] adding-variables --- aws-auth-patch.yml | 14 ++++---- ci-cd-codepipeline.cfn.yml | 21 +++++------ main.py | 74 ++++++++++++++++++++------------------ trust.json | 20 +++++------ 4 files changed, 64 insertions(+), 65 deletions(-) diff --git a/aws-auth-patch.yml b/aws-auth-patch.yml index 4c3b0e0f26..f535ef8411 100644 --- a/aws-auth-patch.yml +++ b/aws-auth-patch.yml @@ -1,21 +1,19 @@ -# This is a sample aws-auth-patch.yml file. -# Actual aws-auth-patch.yml will be created at /System/Volumes/Data/private/tmp/aws-auth-patch.yml path. - apiVersion: v1 data: mapRoles: | - groups: - system:bootstrappers - system:nodes - rolearn: arn:aws:iam::519002666132:role/eksctl-simple-jwt-api-nodegroup-n-NodeInstanceRole-1DBHED9TMYRZZ + rolearn: arn:aws:iam::391733008457:role/eksctl-simple-jwt-api-nodegroup-ng-NodeInstanceRole-3NrAWtBKUgyV username: system:node:{{EC2PrivateDNSName}} + - groups: - system:masters - rolearn: arn:aws:iam::519002666132:role/UdacityFlaskDeployCBKubectlRole + rolearn: arn:aws:iam::391733008457:role/UdacityFlaskDeployCBKubectlRole username: build kind: ConfigMap metadata: - creationTimestamp: "2022-05-11T11:16:26Z" + creationTimestamp: "2024-09-03T06:38:52Z" name: aws-auth namespace: kube-system - resourceVersion: "1631" - uid: 86402a4e-a9ff-4721-8c24-f0c4258f7440 + resourceVersion: "1372" + uid: f63a7f5b-f7ff-4271-be54-aedd93ce93fd diff --git a/ci-cd-codepipeline.cfn.yml b/ci-cd-codepipeline.cfn.yml index fe24d6140a..0998de40fe 100755 --- a/ci-cd-codepipeline.cfn.yml +++ b/ci-cd-codepipeline.cfn.yml @@ -3,9 +3,7 @@ AWSTemplateFormatVersion: 2010-09-09 Description: EKSWSV1 - Parameters: - EksClusterName: Type: String Description: The name of the EKS cluster created @@ -17,7 +15,7 @@ Parameters: GitSourceRepo: Type: String Description: GitHub source repository - must contain a Dockerfile and buildspec.yml in the base - Default: cd0157-Server-Deployment-and-Containerization + Default: Server-Deployment-and-Containerization MinLength: 1 MaxLength: 100 ConstraintDescription: You must enter a GitHub repository name @@ -40,7 +38,7 @@ Parameters: GitHubUser: Type: String - Default: SudKul + Default: aparna67 Description: GitHub username or organization MinLength: 3 MaxLength: 100 @@ -62,7 +60,6 @@ Parameters: MaxLength: 100 ConstraintDescription: You must enter a kubectl IAM role - Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -101,9 +98,7 @@ Metadata: EksClusterName: default: EKS cluster name - Resources: - EcrDockerRepository: Type: AWS::ECR::Repository DeletionPolicy: Retain @@ -130,7 +125,7 @@ Resources: 'LogicalResourceId': event['LogicalResourceId'], 'Data': {"Message": "Resource creation successful!"}, } - + http = urllib3.PoolManager() client = boto3.client('iam') try: @@ -260,25 +255,25 @@ Resources: Effect: Allow Action: - sts:AssumeRole - - Resource: '*' + - Resource: "*" Effect: Allow Action: - eks:Describe* - - Resource: '*' + - Resource: "*" Effect: Allow Action: - ssm:GetParameters - - Resource: '*' + - Resource: "*" Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents - - Resource: '*' + - Resource: "*" Effect: Allow Action: - ecr:GetAuthorizationToken - - Resource: '*' + - Resource: "*" Effect: Allow Action: - ec2:CreateNetworkInterface diff --git a/main.py b/main.py index f6c8219f37..e6b6ad5e37 100755 --- a/main.py +++ b/main.py @@ -12,17 +12,19 @@ from flask import Flask, jsonify, request, abort -JWT_SECRET = os.environ.get('JWT_SECRET', 'abc123abc1234') -LOG_LEVEL = os.environ.get('LOG_LEVEL', 'INFO') +JWT_SECRET = os.environ.get("JWT_SECRET", "abc123abc1234") +LOG_LEVEL = os.environ.get("LOG_LEVEL", "INFO") def _logger(): - ''' + """ Setup logger format, level, and handler. RETURNS: log object - ''' - formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s') + """ + formatter = logging.Formatter( + "%(asctime)s - %(name)s - %(levelname)s - %(message)s" + ) log = logging.getLogger(__name__) log.setLevel(LOG_LEVEL) @@ -35,81 +37,85 @@ def _logger(): LOG = _logger() -LOG.debug("Starting with log level: %s" % LOG_LEVEL ) +LOG.debug("Starting with log level: %s" % LOG_LEVEL) APP = Flask(__name__) + def require_jwt(function): """ Decorator to check valid jwt is present. """ + @functools.wraps(function) def decorated_function(*args, **kws): - if not 'Authorization' in request.headers: + if not "Authorization" in request.headers: abort(401) - data = request.headers['Authorization'] - token = str.replace(str(data), 'Bearer ', '') + data = request.headers["Authorization"] + token = str.replace(str(data), "Bearer ", "") try: - jwt.decode(token, JWT_SECRET, algorithms=['HS256']) - except: # pylint: disable=bare-except + jwt.decode(token, JWT_SECRET, algorithms=["HS256"]) + except: # pylint: disable=bare-except abort(401) return function(*args, **kws) + return decorated_function -@APP.route('/', methods=['POST', 'GET']) +@APP.route("/", methods=["POST", "GET"]) def health(): - return jsonify("Healthy") + # return jsonify("Healthy")/ + return jsonify({"status": "Healthy"}) -@APP.route('/auth', methods=['POST']) +@APP.route("/auth", methods=["POST"]) def auth(): """ Create JWT token based on email. """ request_data = request.get_json() - email = request_data.get('email') - password = request_data.get('password') + email = request_data.get("email") + password = request_data.get("password") if not email: LOG.error("No email provided") return jsonify({"message": "Missing parameter: email"}, 400) if not password: LOG.error("No password provided") return jsonify({"message": "Missing parameter: password"}, 400) - body = {'email': email, 'password': password} + body = {"email": email, "password": password} user_data = body - return jsonify(token=_get_jwt(user_data).decode('utf-8')) + return jsonify(token=_get_jwt(user_data).decode("utf-8")) -@APP.route('/contents', methods=['GET']) +@APP.route("/contents", methods=["GET"]) def decode_jwt(): """ Check user token and return non-secret data """ - if not 'Authorization' in request.headers: + if not "Authorization" in request.headers: abort(401) - data = request.headers['Authorization'] - token = str.replace(str(data), 'Bearer ', '') + data = request.headers["Authorization"] + token = str.replace(str(data), "Bearer ", "") try: - data = jwt.decode(token, JWT_SECRET, algorithms=['HS256']) - except: # pylint: disable=bare-except + data = jwt.decode(token, JWT_SECRET, algorithms=["HS256"]) + except: # pylint: disable=bare-except abort(401) - - response = {'email': data['email'], - 'exp': data['exp'], - 'nbf': data['nbf'] } + response = {"email": data["email"], "exp": data["exp"], "nbf": data["nbf"]} return jsonify(**response) def _get_jwt(user_data): exp_time = datetime.datetime.utcnow() + datetime.timedelta(weeks=2) - payload = {'exp': exp_time, - 'nbf': datetime.datetime.utcnow(), - 'email': user_data['email']} - return jwt.encode(payload, JWT_SECRET, algorithm='HS256') + payload = { + "exp": exp_time, + "nbf": datetime.datetime.utcnow(), + "email": user_data["email"], + } + return jwt.encode(payload, JWT_SECRET, algorithm="HS256") + -if __name__ == '__main__': - APP.run(host='127.0.0.1', port=8080, debug=True) +if __name__ == "__main__": + APP.run(host="127.0.0.1", port=8080, debug=True) diff --git a/trust.json b/trust.json index f934cf3a3f..1b209e4910 100644 --- a/trust.json +++ b/trust.json @@ -1,12 +1,12 @@ { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::519002666132:root" - }, - "Action": "sts:AssumeRole" - } - ] + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::391733008457:root" + }, + "Action": "sts:AssumeRole" + } + ] }