Github Action environment secret can't be access - deployment

I want to do deployments with Github Action into 2 different AKS Cluster. I have set up repository level secrets and a prod environment level secret.
I have nested workflows:
name: Production Deployment
on:
workflow_dispatch:
push:
tags:
- prod/v.**
jobs:
deploy-prod-environment:
// HERE I CAN'T USE THE environment:prod, error from github
name: Production deployment
uses: XXXX/.github/workflows/step_deployment.yaml#master
with:
environment: prod
kubernetes_namespace: XXX
secrets:
REGISTRY_GITHUB_TOKEN: ${{ secrets.REGISTRY_GITHUB_TOKEN }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
SUBSCRIPTION_ID: ${{ secrets.SUBSCRIPTION_ID }}
TENANT_ID: ${{ secrets.TENANT_ID }}
CLUSTER_NAME: ${{ secrets.CLUSTER_NAME }}
RESOURCE_GROUP: ${{ secrets.RESOURCE_GROUP }}
GITHUB_ACTOR: ${{ github.actor }}
REGISTRY: ${{ secrets.REGISTRY }}
This is then the step_deployment.yaml
name: Deploy to a specific environment
on:
workflow_call:
inputs:
environment:
type: string
required: true
...
secrets:
REGISTRY_GITHUB_TOKEN:
required: true
CLIENT_ID:
required: true
CLIENT_SECRET:
required: true
SUBSCRIPTION_ID:
required: true
TENANT_ID:
required: true
GITHUB_ACTOR:
required: true
CLUSTER_NAME:
required: true
RESOURCE_GROUP:
required: true
REGISTRY:
required: true
jobs:
....
building the docker images
....
release:
name: 🚀Release
uses: XXX/.github/workflows/step_release.yaml#master
needs: [docker-image-builds ]
with:
environment: ${{ inputs.environment }}
sha: ${{ github.sha }}
kubernetes_namespace: ${{ inputs.kubernetes_namespace }}
secrets:
GITHUB_ACTOR: ${{ github.actor }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
SUBSCRIPTION_ID: ${{ secrets.SUBSCRIPTION_ID }}
TENANT_ID: ${{ secrets.TENANT_ID }}
CLUSTER_NAME: ${{ secrets.CLUSTER_NAME }}
RESOURCE_GROUP: ${{ secrets.RESOURCE_GROUP }}
and this is the step_release.yaml
name: Release
on:
workflow_call:
inputs:
environment:
required: true
type: string
sha:
required: true
type: string
kubernetes_namespace:
required: true
type: string
secrets:
CLIENT_ID:
required: true
CLIENT_SECRET:
required: true
SUBSCRIPTION_ID:
required: true
TENANT_ID:
required: true
GITHUB_ACTOR:
required: true
CLUSTER_NAME:
required: true
RESOURCE_GROUP:
required: true
jobs:
log-in-to-azure-and-deploy:
name: Login into Azure cluster and set the right context
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
steps:
- uses: actions/checkout#v3
- name: Azure login
id: login
uses: azure/login#v1.4.3
with:
creds: '{"clientId":"${{ secrets.CLIENT_ID }}","clientSecret":"${{ secrets.CLIENT_SECRET }}","subscriptionId":"${{ secrets.SUBSCRIPTION_ID }}","tenantId":"${{ secrets.TENANT_ID }}"}'
........
In the step_release.yaml I was able to specify on job level the environment and the protection works - it asks for a confirmation before deployment, this is perfect - but I can't get the secrets for PROD env, github says always, that I have no access to it inside the steps and in the main workflow it's always the repository level env vars.
How can I access there already the prod environment secrets?

Related

create postgresql users with ansible sub nested-list

I am trying to find the best YAML structure to maintain databases & roles/users) for Postgres using ansible, one of the structures I tested is:
---
- databases:
- name: database1
owner: postrgres
users:
- name: user1
pass: secret
priv: CONNECT,REPLICATION
- name: user2
pass: secret
priv: CONNECT
- name: database2
owner: postgres
users:
- name: user3
pass: secret
priv: CONNECT
- name: user2 <--- user previously created needs to either create users first implies
pass: secret
priv: CONNECT
But how could I loop and get only a list of users so that I could use them in:
- name: Create users
postgresql_user:
name: '{{ item.name }}'
password: '{{ item.pass }}'
I may split the YAML and have something like:
---
- postgres_users:
- user: user1
pass: secret
- name: user2
pass: secret
- postgres_databases:
- name: db1
owner: <user> | default('postgres')
users:
- user: user1
priv: XXX.YYY
- user: user2
- name: db2
owner: <user> | default('postgres')
users:
- user: user1
priv: ZZZ
- user: user2
priv: XXX
But still wondering how to use in the loop postgres_databases and from there only use users.
Any ideas/tips?

Given the first structure -- and assuming that there's a typo and that databases is not actually a member of a list -- you could write:
- name: create users
postgresql_user:
name: "{{ item.1.name }}"
password: "{{ item.1.pass }}"
loop: "{{ databases|subelements('users') }}"
loop_control:
label: "{{ item.1.name }}"
Here's a complete reproducer; I've wrapped the postgres_user call in a debug task so that I can run it locally:
- hosts: localhost
gather_facts: false
vars:
databases:
- name: database1
owner: postrgres
users:
- name: user1
pass: secret
priv: CONNECT,REPLICATION
- name: user2
pass: secret
priv: CONNECT
- name: database2
owner: postgres
users:
- name: user3
pass: secret
priv: CONNECT
- name: user2
pass: secret
priv: CONNECT
tasks:
- name: create users
debug:
msg:
postgresql_user:
name: "{{ item.1.name }}"
password: "{{ item.1.pass }}"
loop: "{{ databases|subelements('users') }}"
loop_control:
label: "{{ item.1.name }}"
This outputs:
TASK [create users] *********************************************************************************
ok: [localhost] => (item=user1) => {
"msg": {
"postgresql_user": {
"name": "user1",
"password": "secret"
}
}
}
ok: [localhost] => (item=user2) => {
"msg": {
"postgresql_user": {
"name": "user2",
"password": "secret"
}
}
}
ok: [localhost] => (item=user3) => {
"msg": {
"postgresql_user": {
"name": "user3",
"password": "secret"
}
}
}
ok: [localhost] => (item=user2) => {
"msg": {
"postgresql_user": {
"name": "user2",
"password": "secret"
}
}
}
The above will attempt to create user2 twice, but that should be okay; the second attempt won't make any changes because the user already exists. If you wanted a unique list of users you could do something like this:
- name: get unique list of users
set_fact:
all_users: "{{ databases|json_query('[].users[]')|unique }}"
- name: create users
debug:
msg:
postgresql_user:
name: "{{ item.name }}"
password: "{{ item.pass }}"
loop: "{{ all_users }}"
loop_control:
label: "{{ item.name }}"

Sidekiq failing to connect to postgresql database

I am attempting to deploy sidekiq as a sidecar container alongside Discourse and I am receiving the following error
2022-05-31T02:57:01.242Z pid=1 tid=cd1 WARN:
ActiveRecord::ConnectionNotEstablished: could not connect to server:
No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Both Sidekiq and Discourse uses the same bitnami docker image with the only difference is the Sidekiq container has a run file thats ran to start sidekiq. The postgreql server I am connecting to is an existing server and Discourse itself doesn't seem to have any issues connecting to it. I have looked at the run file for sidekiq and I don't think it's pulling the env variables properly. I have tried various different variable notations thinking it was a syntax issue. Below is the deployment I am using, Any insight would be greatly appreciated
containers:
- name: discourse
image: bitnami/discourse
livenessProbe:
tcpSocket:
port: 3000
initialDelaySeconds: 90
periodSeconds: 90
env:
- name: DISCOURSE_HOST
value: "xxx"
- name: DISCOURSE_DATABASE_HOST
value: "my-release-postgresql.default"
- name: DISCOURSE_DATABASE_PORT_NUMBER
value: "5432"
- name: DISCOURSE_DATABASE_USER
value: "postgres"
- name: DISCOURSE_DATABASE_PASSWORD
value: "xxx"
- name: DISCOURSE_DATABASE_NAME
value: "bitnami_discourse"
- name: DISCOURSE_REDIS_HOST
value: "redis.redis"
- name: DISCOURSE_REDIS_PORT_NUMER
value: "6379"
- name: POSTGRESQL_CLIENT_DATABASE_HOST
value: "my-release-postgresql.default"
- name: POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER
value: "5432"
- name: POSTGRESQL_CLIENT_POSTGRES_USER
value: "postgres"
- name: POSTGRESQL_CLIENT_POSTGRES_PASSWORD
value: "xxx"
- name: POSTGRESQL_CLIENT_CREATE_DATABASE_NAME
value: "bitnami_discourse"
- name: POSTGRESQL_HOST
value: "my-release-postgresql.default"
- name: POSTGRESQL_PORT_NUMBER
value: "5432"
- name: DISCOURSE_POSTGRESQL_USERNAME
value: "postgres"
- name: DISCOURSE_POSTGRESQL_PASSWORD
value: "xxx"
- name: DISCOURSE_POSTGRESQL_NAME
value: "bitnami_discourse"
- name: DISCOURSE_SMTP_HOST
value: "smtp.mailgun.com"
- name: DISCOURSE_SMTP_PORT
value: "587"
- name: DISCOURSE_SMTP_USER
value: "xxx"
- name: DISCOURSE_SMTP_PASSWORD
value: "xxx"
- name: DISCOURSE_SMTP_PROTOCOL
value: "tls"
ports:
- name: portone
containerPort: 3000
- name: porttwo
containerPort: 5432
- name: portthree
containerPort: 6379
volumeMounts:
- mountPath: "/bitnami/discourse"
name: discourse
- name: sidekiq
image: docker.io/bitnami/discourse
command: ["/opt/bitnami/scripts/discourse-sidekiq/run.sh"]
env:
- name: DISCOURSE_HOST
value: "xxx"
- name: DISCOURSE_DATABASE_HOST
value: "my-release-postgresql.default"
- name: DISCOURSE_DATABASE_PORT_NUMBER
value: "5432"
- name: DISCOURSE_DATABASE_USER
value: "postgres"
- name: DISCOURSE_DATABASE_PASSWORD
value: "xxx"
- name: DISCOURSE_DATABASE_NAME
value: "bitnami_discourse"
- name: DISCOURSE_REDIS_HOST
value: "redis.redis"
- name: DISCOURSE_REDIS_PORT_NUMER
value: "6379"
- name: DISCOURSE_SMTP_HOST
value: "smtp.mailgun.com"
- name: DISCOURSE_SMTP_PORT
value: "587"
- name: DISCOURSE_SMTP_USER
value: "xxx"
- name: DISCOURSE_SMTP_PASSWORD
value: "xxx"
- name: DISCOURSE_SMTP_PROTOCOL
value: "tls"
- name: POSTGRESQL_HOST
value: "my-release-postgresql.default"
- name: POSTGRESQL_PORT_NUMBER
value: "5432"
- name: DISCOURSE_POSTGRESQL_USERNAME
value: "postgres"
- name: DISCOURSE_POSTGRESQL_PASSWORD
value: "xxx"
- name: DISCOURSE_POSTGRESQL_NAME
value: "bitnami_discourse"
- name: POSTGRESQL_CLIENT_DATABASE_HOST
value: "my-release-postgresql.default"
- name: POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER
value: "5432"
- name: POSTGRESQL_CLIENT_POSTGRES_USER
value: "postgres"
- name: POSTGRESQL_CLIENT_POSTGRES_PASSWORD
value: "xxx"

Hello you need to add one more command ./opt/bitnami/scripts/discourse-sidekiq/setup.sh in sidekiq container command.
e.g
containers:
- name: discourse
image: bitnami/discourse
livenessProbe:
tcpSocket:
port: 3000
initialDelaySeconds: 90
periodSeconds: 90
env:
- name: DISCOURSE_HOST
value: "xxx"
- name: DISCOURSE_DATABASE_HOST
value: "my-release-postgresql.default"
- name: DISCOURSE_DATABASE_PORT_NUMBER
value: "5432"
- name: DISCOURSE_DATABASE_USER
value: "postgres"
- name: DISCOURSE_DATABASE_PASSWORD
value: "xxx"
- name: DISCOURSE_DATABASE_NAME
value: "bitnami_discourse"
- name: DISCOURSE_REDIS_HOST
value: "redis.redis"
- name: DISCOURSE_REDIS_PORT_NUMER
value: "6379"
- name: POSTGRESQL_CLIENT_DATABASE_HOST
value: "my-release-postgresql.default"
- name: POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER
value: "5432"
- name: POSTGRESQL_CLIENT_POSTGRES_USER
value: "postgres"
- name: POSTGRESQL_CLIENT_POSTGRES_PASSWORD
value: "xxx"
- name: POSTGRESQL_CLIENT_CREATE_DATABASE_NAME
value: "bitnami_discourse"
- name: POSTGRESQL_HOST
value: "my-release-postgresql.default"
- name: POSTGRESQL_PORT_NUMBER
value: "5432"
- name: DISCOURSE_POSTGRESQL_USERNAME
value: "postgres"
- name: DISCOURSE_POSTGRESQL_PASSWORD
value: "xxx"
- name: DISCOURSE_POSTGRESQL_NAME
value: "bitnami_discourse"
- name: DISCOURSE_SMTP_HOST
value: "smtp.mailgun.com"
- name: DISCOURSE_SMTP_PORT
value: "587"
- name: DISCOURSE_SMTP_USER
value: "xxx"
- name: DISCOURSE_SMTP_PASSWORD
value: "xxx"
- name: DISCOURSE_SMTP_PROTOCOL
value: "tls"
ports:
- name: portone
containerPort: 3000
- name: porttwo
containerPort: 5432
- name: portthree
containerPort: 6379
volumeMounts:
- mountPath: "/bitnami/discourse"
name: discourse
- name: sidekiq
image: docker.io/bitnami/discourse
command:
- bash
- -c
- |
./opt/bitnami/scripts/discourse-sidekiq/setup.sh
./opt/bitnami/scripts/discourse-sidekiq/run.sh
env:
- name: DISCOURSE_HOST
value: "xxx"
- name: DISCOURSE_DATABASE_HOST
value: "my-release-postgresql.default"
- name: DISCOURSE_DATABASE_PORT_NUMBER
value: "5432"
- name: DISCOURSE_DATABASE_USER
value: "postgres"
- name: DISCOURSE_DATABASE_PASSWORD
value: "xxx"
- name: DISCOURSE_DATABASE_NAME
value: "bitnami_discourse"
- name: DISCOURSE_REDIS_HOST
value: "redis.redis"
- name: DISCOURSE_REDIS_PORT_NUMER
value: "6379"
- name: DISCOURSE_SMTP_HOST
value: "smtp.mailgun.com"
- name: DISCOURSE_SMTP_PORT
value: "587"
- name: DISCOURSE_SMTP_USER
value: "xxx"
- name: DISCOURSE_SMTP_PASSWORD
value: "xxx"
- name: DISCOURSE_SMTP_PROTOCOL
value: "tls"
- name: POSTGRESQL_HOST
value: "my-release-postgresql.default"
- name: POSTGRESQL_PORT_NUMBER
value: "5432"
- name: DISCOURSE_POSTGRESQL_USERNAME
value: "postgres"
- name: DISCOURSE_POSTGRESQL_PASSWORD
value: "xxx"
- name: DISCOURSE_POSTGRESQL_NAME
value: "bitnami_discourse"
- name: POSTGRESQL_CLIENT_DATABASE_HOST
value: "my-release-postgresql.default"
- name: POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER
value: "5432"
- name: POSTGRESQL_CLIENT_POSTGRES_USER
value: "postgres"
- name: POSTGRESQL_CLIENT_POSTGRES_PASSWORD
value: "xxx"

cloudformation - apigateway stages to multiple lambda alias and version

How can I deploy APIGateway stages for already lambda alias and version to specific stage, means I dont want to update lambda again, but I want to do mapping to the new stage or update the existing stage with specific lambda alias
i.e I have myFunction version 2,3 and alias dev, test and stage.
want to map stage of /dev to $LATEST, /test to alias test with version 2, /stage to alias with version 3.
How to achieve this.
I have tried with ${!stageVariables.lambdaAlias} on Method Integration but I get internal server with log says Invalid permission
apiGateway:
Type: "AWS::ApiGateway::RestApi"
Properties:
Name: "StacksampleapidevNewPOC"
Description: "SAMPLE New Template API"
apiGatewayResource:
Type: "AWS::ApiGateway::Resource"
Properties:
ParentId: !GetAtt
- apiGateway
- RootResourceId
PathPart: "MyFunction"
RestApiId: !Ref "apiGateway"
ApiAuthorizer:
Type: "AWS::ApiGateway::Authorizer"
Properties:
AuthorizerResultTtlInSeconds: 300
IdentitySource: method.request.header.Authorization
Name: CognitoDefaultUserPoolAuthorizer
ProviderARNs:
- arn:aws:cognito-idp:ap-south-1:accountid:userpool/poolid
RestApiId: !Ref apiGateway
Type: "COGNITO_USER_POOLS"
apiGatewayStage:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: sampledev
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_dev
UserMaster: UserMaster_dev
RedisCacheEndpoint: !Ref RedisCacheEndpoint
UserClientMapping: UserClientMapping_dev
lambdaAlias: dev
apiGatewayStage1:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: sampletest
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_dev
UserMaster: UserMaster_dev
RedisCacheEndpoint: !Ref RedisCacheEndpoint
UserClientMapping: UserClientMapping_dev
lambdaAlias: test
apiGatewayStage2:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: samplestage
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_dev
UserMaster: UserMaster_dev
RedisCacheEndpoint: !Ref RedisCacheEndpoint
UserClientMapping: UserClientMapping_dev
lambdaAlias: stage
apiGatewayRootMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
AuthorizationType: "COGNITO_USER_POOLS"
AuthorizerId: !Ref ApiAuthorizer
HttpMethod: POST
Integration:
Type: "AWS_PROXY"
IntegrationHttpMethod: POST
Uri: !Sub
- "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}:${!stageVariables.lambdaAlias}/invocations"
- lambdaArn: !GetAtt "MyFunction.Arn"
IntegrationResponses:
- StatusCode: 200
ResponseTemplates:
application/json: ''
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Methods: "'POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
RequestTemplates:
application/json: $input.json('$')
RequestParameters:
method.request.querystring.name: false
ResourceId: !Ref "apiGatewayResource"
RestApiId: !Ref apiGateway
MethodResponses:
- ResponseModels:
application/json: Empty
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
StatusCode: '200'
apiGatewayCORSOptionMethod:
Type: "AWS::ApiGateway::Method"
Properties:
ResourceId: !Ref apiGatewayResource
RestApiId: !Ref apiGateway
AuthorizationType: NONE
HttpMethod: OPTIONS
Integration:
Type: MOCK
IntegrationResponses:
- ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Methods: "'POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
ResponseTemplates:
application/json: ''
StatusCode: '200'
PassthroughBehavior: WHEN_NO_MATCH
RequestTemplates:
application/json: '{"statusCode": 200}'
MethodResponses:
- ResponseModels:
application/json: Empty
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
StatusCode: '200'
apiGatewayDeployment:
Type: "AWS::ApiGateway::Deployment"
DependsOn: apiGatewayRootMethod
# DependsOn: [
# apiGatewayRootMethod,
# GetRightMenuapiGatewayRootMethod,
# GetAreaapiGatewayRootMethod,
# ResetRedisCacheapiGatewayRootMethod,
# # GetChartsByUseCaseIDapiGatewayRootMethod,
# ShowUserClientMappingsapiGatewayRootMethod,
# GetChartKPIValuesapiGatewayRootMethod,
# GetChartUseCaseMappingsapiGatewayRootMethod]
Properties:
RestApiId: !Ref "apiGateway"
# StageName: !Ref "apiGatewayStageName"
MyFunction:
Type: "AWS::Lambda::Function"
Properties:
Handler: PwC.SAMPLE.Lambda::PwC.SAMPLE.Lambda.Functions.Common.MyFunction::Run
FunctionName: MyFunction_LambdaName
Runtime: dotnetcore2.1
Code:
S3Bucket: "s3-sample-api-dev"
S3Key: !Ref "CodeZip"
MemorySize: 512
Timeout: 30
Role:
Ref: Role
VpcConfig:
SecurityGroupIds:
Ref: SecurityGroupIds
SubnetIds:
Ref: SubnetIds
MyFunctionVersion:
DeletionPolicy: Retain
Type: AWS::Lambda::Version
Properties:
FunctionName:
Ref: MyFunction
MyFunctionAliasDev:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion: devversion
Name: dev
# MyFunctionAliasDev:
# Type: AWS::Lambda::Alias
# Properties:
# FunctionName:
# Ref: MyFunction
# FunctionVersion:
# Fn::GetAtt:
# - MyFunctionVersion
# - Version
# Name: dev
MyFunctionAliasTest:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion: testversion
Name: test
MyFunctionAliasStage:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion: stageversion
Name: stage
MyFunctionlambdaApiGatewayInvoke:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !GetAtt "MyFunction.Arn"
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGateway}/*/POST/MyFunction"```

I have achieved this with following changes on cloudformation template by calling Lambda permission by each alias created.
Now I can see each lambda alias and version has permission to APIGateway call Lambda function
Here is the sample yaml code I used to fix this issue.
AWSTemplateFormatVersion: "2010-09-09"
Description: "My API Gateway and Lambda function"
Parameters:
apiGatewayStageName:
Type: "String"
AllowedPattern: "^[a-z0-9]+$"
Default: "samplesample"
Role:
Type: String
Default: arn:aws:iam::accountid:role/Fincockpit_AuroraServerless
Description: ''
SecurityGroupIds:
Default: "sgid"
Description: ""
Type: CommaDelimitedList
SubnetIds:
Default: "subnet"
Description: ""
Type: CommaDelimitedList
Policies:
Type: CommaDelimitedList
Default: AWSLambdaFullAccess,AmazonRDSFullAccess,AmazonEC2FullAccess,AmazonDynamoDBFullAccess,AmazonVPCFullAccess
Description: ''
CodeZip:
Type: String
Description: SAMPLE API Build Package
RedisCacheEndpoint:
Type: String
Default: 'redisendpoint'
Environment:
Type: String
Default: sample
S3Bucket:
Type: String
Default: s3-changeme-api-sample
# AliasName:
# Type: String
# Default: stagename
FunctionVersion:
Type: String
Default: commitid
Resources:
apiGateway:
Type: "AWS::ApiGateway::RestApi"
Properties:
Name: "StackchangemeapisampleNewPOC"
Description: "SAMPLE New Template API"
apiGatewayResource:
Type: "AWS::ApiGateway::Resource"
Properties:
ParentId: !GetAtt
- apiGateway
- RootResourceId
PathPart: "MyFunction"
RestApiId: !Ref "apiGateway"
ApiAuthorizer:
Type: "AWS::ApiGateway::Authorizer"
Properties:
AuthorizerResultTtlInSeconds: 300
IdentitySource: method.request.header.Authorization
Name: CognitoDefaultUserPoolAuthorizer
ProviderARNs:
- arn:aws:cognito-idp:ap-south-1:accountid:userpool/poolid
RestApiId: !Ref apiGateway
Type: "COGNITO_USER_POOLS"
apiGatewayStage:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: changemesample
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_sample
UserMaster: UserMaster_sample
RedisCacheEndpoint: !Ref RedisCacheEndpoint
UserClientMapping: UserClientMapping_sample
lambdaAlias: sample
apiGatewayStage1:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: changemetest
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_test
UserMaster: UserMaster_ctest
RedisCacheEndpoint: "sample-redis-test.hreh1d.ng.0001.aps1.cache.amazonaws.com:6379"
UserClientMapping: UserClientMapping_test
lambdaAlias: test
apiGatewayStage2:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: samplestage
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_stage
UserMaster: UserMaster_stage
RedisCacheEndpoint: "sample-redis-stage.hreh1d.ng.0001.aps1.cache.amazonaws.com:6379"
UserClientMapping: UserClientMapping_stage
lambdaAlias: stage
apiGatewayRootMethod:
DependsOn: [
MyFunctionlambdaApiGatewayInvokeDev,
MyFunctionlambdaApiGatewayInvokeTest,
MyFunctionlambdaApiGatewayInvokeStage]
Type: 'AWS::ApiGateway::Method'
Properties:
AuthorizationType: "COGNITO_USER_POOLS"
AuthorizerId: !Ref ApiAuthorizer
HttpMethod: POST
Integration:
Type: "AWS_PROXY"
IntegrationHttpMethod: POST
Uri: !Sub
- "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}:${!stageVariables.lambdaAlias}/invocations"
- lambdaArn: !GetAtt "MyFunction.Arn"
IntegrationResponses:
- StatusCode: 200
ResponseTemplates:
application/json: ''
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Methods: "'POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
RequestTemplates:
application/json: $input.json('$')
RequestParameters:
method.request.querystring.name: false
ResourceId: !Ref "apiGatewayResource"
RestApiId: !Ref apiGateway
MethodResponses:
- ResponseModels:
application/json: Empty
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
StatusCode: '200'
apiGatewayCORSOptionMethod:
Type: "AWS::ApiGateway::Method"
Properties:
ResourceId: !Ref apiGatewayResource
RestApiId: !Ref apiGateway
AuthorizationType: NONE
HttpMethod: OPTIONS
Integration:
Type: MOCK
IntegrationResponses:
- ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Methods: "'POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
ResponseTemplates:
application/json: ''
StatusCode: '200'
PassthroughBehavior: WHEN_NO_MATCH
RequestTemplates:
application/json: '{"statusCode": 200}'
MethodResponses:
- ResponseModels:
application/json: Empty
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
StatusCode: '200'
apiGatewayDeployment:
Type: "AWS::ApiGateway::Deployment"
DependsOn: apiGatewayRootMethod
# DependsOn: [
# apiGatewayRootMethod,
# GetRightMenuapiGatewayRootMethod,
# GetAreaapiGatewayRootMethod,
# ResetRedisCacheapiGatewayRootMethod,
# # GetChartsByUseCaseIDapiGatewayRootMethod,
# ShowUserClientMappingsapiGatewayRootMethod,
# GetChartKPIValuesapiGatewayRootMethod,
# GetChartUseCaseMappingsapiGatewayRootMethod]
Properties:
RestApiId: !Ref "apiGateway"
# StageName: !Ref "apiGatewayStageName"
MyFunction:
Type: "AWS::Lambda::Function"
Properties:
Handler: PwC.SAMPLE.Lambda::PwC.SAMPLE.Lambda.Functions.Common.MyFunction::Run
FunctionName: MyFunction_LambdaName
Runtime: dotnetcore2.1
Code:
S3Bucket: "s3-sample-api-sample"
S3Key: !Ref "CodeZip"
MemorySize: 512
Timeout: 30
Role:
Ref: Role
VpcConfig:
SecurityGroupIds:
Ref: SecurityGroupIds
SubnetIds:
Ref: SubnetIds
MyFunctionVersion:
DeletionPolicy: Retain
Type: AWS::Lambda::Version
Properties:
FunctionName:
Ref: MyFunction
MyFunctionAliasDev:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion:
Fn::GetAtt:
- MyFunctionVersion
- Version
Name: dev
MyFunctionAliasTest:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion: testversion
Name: test
MyFunctionAliasStage:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion: stageversion
Name: stage
MyFunctionlambdaApiGatewayInvokeDev:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !Ref "MyFunctionAliasDev"
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGateway}/*/POST/MyFunction"
MyFunctionlambdaApiGatewayInvokeTest:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !Ref "MyFunctionAliasTest"
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGateway}/*/POST/MyFunction"
MyFunctionlambdaApiGatewayInvokeStage:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !Ref "MyFunctionAliasStage"
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGateway}/*/POST/MyFunction"

How to get kubernetes node name and IP address as dictionary in ansible?

I need to get node name and IP address of each node and then create dictionary object. I am able to get Kubernetes node list using below command
- hosts: k8s
tasks:
- name: get cluster nodes
shell: "kubectl get nodes -o wide --no-headers | awk '{ print $1 ,$7}'"
register: nodes
- debug: var=nodes
- set_fact:
node_data: {}
- name: display node name
debug:
msg: "name is {{item.split(' ').0}}"
with_items: "{{nodes.stdout_lines}}"
- set_fact:
node_data: "{{ node_data | combine ( item.split(' ').0 : { 'name': item.split(' ').0 , 'ip' : item.split(' ').1 }, recursive=True) }}"
with_items: "{{ nodes.stdout_lines }}"
- debug: var=node_data
I got below error:
FAILED! => {"msg": "template error while templating string: expected
token ',', got ':'. String: {{ node_data | combine ( item.split(' ').0
: { 'name':item.split(' ').0 , 'ip': item.split(' ').1 },
recursive=True) }}"}
Output of kubectl command given below
kubectl get nodes -o wide --no-headers | awk '{ print $1 ,$7}'
is as follows
> ip-192-168-17-93.ec2.internal 55.175.171.80
> ip-192-168-29-91.ec2.internal 3.23.224.95
> ip-192-168-83-37.ec2.internal 54.196.19.195
> ip-192-168-62-241.ec2.internal 107.23.129.142
How to get the nodename and ip address into dictionary object in ansible?

The first argument to the combine filter must be a dictionary. You're calling:
- set_fact:
node_data: "{{ node_data | combine ( item.split(' ').0 : { 'name': item.split(' ').0 , 'ip' : item.split(' ').1 }, recursive=True) }}"
with_items: "{{ nodes.stdout_lines }}"
You need to make that:
- set_fact:
node_data: "{{ node_data | combine ({item.split(' ').0 : { 'name': item.split(' ').0 , 'ip' : item.split(' ').1 }}, recursive=True) }}"
with_items: "{{ nodes.stdout_lines }}"
Note the new {...} around your first argument to combine. You might want to consider reformatting this task for clarity, which might make this sort of issue more obvious:
- set_fact:
node_data: >-
{{ node_data | combine ({
item.split(' ').0: {
'name': item.split(' ').0,
'ip': item.split(' ').1
},
}, recursive=True) }}
with_items: "{{ nodes.stdout_lines }}"
You could even make it a little more clear by moving the calls to item.split into a vars section, like this:
- set_fact:
node_data: >-
{{ node_data | combine ({
name: {
'name': name,
'ip': ip
},
}, recursive=True) }}
vars:
name: "{{ item.split(' ').0 }}"
ip: "{{ item.split(' ').1 }}"
with_items: "{{ nodes.stdout_lines }}"

FOSUserBundle Login do nothing

I got Symfony2 2.7.3 running on my localhost and FOSUserBundle ~2.0#dev
When I submit the login form, the view resets, without lastUsername, errors or something like this. Just the form.
I saw the logs of symfony and php and it don't show some info about that.
This is my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SWITCH_ROLES: ROLE_SWITCH_ROLES
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager
use_referer: true
logout:
path: /logout
success_handler: authentication_handler
anonymous: true
remember_me:
key: "%secret%"
lifetime: 31536000
path: /
domain: "%domain%"
name: "REMEMEMBERME"
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
My config.yml configuration to fos_user:
# FOSUserBundle Configuration
fos_user:
db_driver: orm
firewall_name: main
user_class: AcmeBundle\UserBundle\Entity\User
service:
mailer: fos_user.mailer.twig_swift
registration:
confirmation:
enabled: true
template: UserBundle:Email:registration.email.html.twig
form:
type: fos_user_registration
name: fos_user_registration_form
validation_groups: [Registration, Default]
resetting:
email:
template: UserBundle:Email:resetting.email.html.twig
from_email:
address: %mailer_user%
sender_name: Lucas
profile:
form:
type: lucas_user_profile