zalando-stups / sevenseconds

THIS PROJECT IS NOT LONGER ACTIVELY MAINTAINED

https://pypi.python.org/pypi/stups-sevenseconds

Other

66 stars 17 forks source link

add kms key creation to the flow #65

Closed ideahitme closed 7 years ago

ideahitme commented 7 years ago

This PR adds kms key for each account if specified in the configuration. It also allows to update the policy when key_alias already there. See our configuration for the pattern we will use:

  kms:
    my_key_alias:
      Description: "my-description"
      Enabled: true
      EnableKeyRotation: false
      KeyUsage: "ENCRYPT_DECRYPT"
      KeyPolicy:
        Version: "2012-10-17"
        Id: "key-policy"
        Statement:
          - Sid: "Allow access for Key Administrators"
            Effect: "Allow"
            Resource: "*"
            Principal:
              AWS: "arn:aws:iam::{account_id}:root"
            Action:
              - "kms:ReEncrypt*"

/cc @tuxlife @szuecs

szuecs commented 7 years ago

@tuxlife I already reviewed, maybe you want to at it, too. :+1:

coveralls commented 7 years ago

Coverage decreased (-0.2%) to 24.423% when pulling 496d5c22057a79ab66fbe32bdf15e4f630f5a3f6 on feature/create-deployment-kms-key into 8a3c760e1f630ae4cdb7bf7b0d523e9698d3cd14 on master.

codecov-io commented 7 years ago

Codecov Report

Merging #65 into master will decrease coverage by 2.06%. The diff coverage is 12.12%.

@@            Coverage Diff             @@
##           master      #65      +/-   ##
==========================================
- Coverage    24.5%   22.44%   -2.07%     
==========================================
  Files          23       24       +1     
  Lines        2179     2139      -40     
==========================================
- Hits          534      480      -54     
- Misses       1645     1659      +14

Impacted Files	Coverage Δ
sevenseconds/config/__init__.py	`29.91% <50%> (+0.34%)`	:arrow_up:
sevenseconds/config/kms.py	`9.67% <9.67%> (ø)`
sevenseconds/helper/__init__.py	`100% <0%> (+19.73%)`	:arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 8a3c760...1967682. Read the comment docs.

ideahitme commented 7 years ago

@tuxlife I made quite a few changes, please take a look again (change the configuration.yaml as well)

coveralls commented 7 years ago

Coverage decreased (-0.2%) to 24.424% when pulling b263c0de010cc8359508435072a34fcb99d7c1de on feature/create-deployment-kms-key into 8a3c760e1f630ae4cdb7bf7b0d523e9698d3cd14 on master.

tuxlife commented 7 years ago

:+1:

coveralls commented 7 years ago

Coverage decreased (-0.2%) to 24.424% when pulling 196768278fe1eda287b03af475fe232ec82672fb on feature/create-deployment-kms-key into 8a3c760e1f630ae4cdb7bf7b0d523e9698d3cd14 on master.

ideahitme commented 7 years ago

@tuxlife please take a look again

tuxlife commented 7 years ago

:+1:

tuxlife commented 7 years ago

Please use squash merge

ideahitme commented 7 years ago

👍