[BUG] Bootstrap toolchain allows no trusted principals

awslabs / seed-farmer

Seed-Farmer is an orchestration tool that works with AWS CodeSeeder and acts as an orchestration tool modeled after GitOps deployments. It has a CommandLine Interface based in Python, leverages modular code deployments defined by declarative manifests, and includes change detection and deployment optimization.

https://seed-farmer.readthedocs.io/en/latest/

Apache License 2.0

43 stars 14 forks source link

[BUG] Bootstrap toolchain allows no trusted principals #604

Open dgraeber opened 1 month ago

dgraeber commented 1 month ago

The CLI command seedfarmer bootstrap toolchain allows the user to not pass in a trusted principal ARN, causing the toolchain template to fail. There should be a trusted-principal ARN that is valid as a required field when making this call.

dgraeber commented 1 month ago

This validation should occur in the seed-farmer/seedfarmer/commands/_bootstrap_commands.py::bootstrap_toolchain_account to be sure that the ARN is a valid format.

Are there times where this command is called w/o a principal passed in b/c the toolchain role is created and unchanged, but the deployment role needs to be deployed (and the user is using the --as-target flag)?? This needs to be investigated