in samcli/lib/pipeline/bootstrap/stage.py [0:0]
def bootstrap(self, confirm_changeset: bool = True) -> bool:
"""
Deploys the CFN template(./stage_resources.yaml) which deploys:
* Pipeline IAM User or IAM OIDC Identity Provider
* Pipeline execution IAM role
* CloudFormation execution IAM role
* Artifacts' S3 Bucket
* ECR image repository
to the AWS account associated with the given environment. It will not redeploy the stack if already exists.
This CFN template accepts the ARNs of the resources as parameters and will not create a resource if already
provided, this way we can conditionally create a resource only if the user didn't provide it
THIS METHOD UPDATES THE STATE OF THE CALLING INSTANCE(self) IT WILL SET THE VALUES OF THE RESOURCES ATTRIBUTES
Parameters
----------
confirm_changeset: bool
if set to false, the stage_resources.yaml CFN template will directly be deployed, otherwise,
the user will be prompted for confirmation
Returns True if bootstrapped, otherwise False
"""
if self.did_user_provide_all_required_resources():
click.secho(
self.color.yellow(
f"\nAll required resources for the {self.name} configuration exist, skipping creation."
)
)
return True
missing_resources_msg: str = self._get_non_user_provided_resources_msg()
click.echo(
f"This will create the following required resources for the '{self.name}' configuration: \n"
f"{missing_resources_msg}"
)
if confirm_changeset:
confirmed: bool = click.confirm("Should we proceed with the creation?")
if not confirmed:
click.secho(self.color.red("Canceling pipeline bootstrap creation."))
return False
stack_name = self._get_stack_name()
if self.use_oidc_provider:
self.create_new_oidc_provider = self._should_create_new_provider(stack_name)
if self.create_new_oidc_provider:
self.oidc_provider.thumbprint = self.generate_thumbprint(self.oidc_provider.provider_url)
environment_resources_template_body = Stage._read_template(STAGE_RESOURCES_CFN_TEMPLATE)
output: StackOutput = update_stack(
stack_name=stack_name,
region=self.aws_region,
profile=self.aws_profile,
template_body=environment_resources_template_body,
parameter_overrides={
"PipelineUserArn": self.pipeline_user.arn or "",
"PipelineExecutionRoleArn": self.pipeline_execution_role.arn or "",
"CloudFormationExecutionRoleArn": self.cloudformation_execution_role.arn or "",
"ArtifactsBucketArn": self.artifacts_bucket.arn or "",
"CreateImageRepository": "true" if self.create_image_repository else "false",
"ImageRepositoryArn": self.image_repository.arn or "",
"IdentityProviderThumbprint": self.oidc_provider.thumbprint or "",
"OidcClientId": self.oidc_provider.client_id or "",
"OidcProviderUrl": self.oidc_provider.provider_url or "",
"UseOidcProvider": "true" if self.use_oidc_provider else "false",
"SubjectClaim": self.subject_claim or "",
"CreateNewOidcProvider": "true" if self.create_new_oidc_provider else "false",
},
)
if not self.use_oidc_provider:
pipeline_user_secret_sm_id = output.get("PipelineUserSecretKey")
self.pipeline_user.arn = output.get("PipelineUser")
if pipeline_user_secret_sm_id:
(
self.pipeline_user.access_key_id,
self.pipeline_user.secret_access_key,
) = Stage._get_pipeline_user_secret_pair(pipeline_user_secret_sm_id, self.aws_profile, self.aws_region)
self.pipeline_execution_role.arn = output.get("PipelineExecutionRole")
self.cloudformation_execution_role.arn = output.get("CloudFormationExecutionRole")
self.artifacts_bucket.arn = output.get("ArtifactsBucket")
self.image_repository.arn = output.get("ImageRepository")
return True