Replaced path in AWS bucket by jinja variable and renamed to ai-lab

exasol · Jan 30, 2024 · c25fbc6 · c25fbc6
1 parent 80c5427
commit c25fbc6
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 6 deletions.
diff --git a/exasol/ds/sandbox/lib/setup_release_codebuild/release_codebuild.py b/exasol/ds/sandbox/lib/setup_release_codebuild/release_codebuild.py
@@ -2,6 +2,7 @@
 from exasol.ds.sandbox.lib.logging import get_status_logger, LogType
 from exasol.ds.sandbox.lib.render_template import render_template
 from exasol.ds.sandbox.lib.vm_bucket.vm_dss_bucket import find_vm_bucket
+from exasol.ds.sandbox.lib.asset_id import AssetId
 
 RELEASE_CODE_BUILD_STACK_NAME = "DATA-SCIENCE-SANDBOX-RELEASE-CODEBUILD"
 
@@ -13,6 +14,7 @@ def run_setup_release_codebuild(aws_access: AwsAccess) -> None:
     yml = render_template(
         "release_code_build.jinja.yaml",
         vm_bucket=find_vm_bucket(aws_access),
+        path_in_bucket=AssetId.BUCKET_PREFIX,
         dockerhub_secret_arn=secret_arn,
     )
     aws_access.upload_cloudformation_stack(yml, RELEASE_CODE_BUILD_STACK_NAME)

diff --git a/exasol/ds/sandbox/lib/vm_bucket/vm_dss_bucket.py b/exasol/ds/sandbox/lib/vm_bucket/vm_dss_bucket.py
@@ -1,10 +1,11 @@
+from enum import Enum
+
 from exasol.ds.sandbox.lib.aws_access.aws_access import AwsAccess
 from exasol.ds.sandbox.lib.config import ConfigObject
 from exasol.ds.sandbox.lib.logging import get_status_logger, LogType
 from exasol.ds.sandbox.lib.render_template import render_template
-from enum import Enum
-
 from exasol.ds.sandbox.lib.vm_bucket.vm_dss_bucket_waf import find_acl_arn
+from exasol.ds.sandbox.lib.asset_id import AssetId
 
 STACK_NAME = "DATA-SCIENCE-SANDBOX-VM-Bucket"
 
@@ -21,10 +22,15 @@ class OutputKey(Enum):
 
 def create_vm_bucket_cf_template(waf_webacl_arn: str) -> str:
     # All output keys (class OutputKey) are parameters in the vm_bucket_cloudformation.jinja.yaml
-    # Simply map the output key enums values to them self and pass them to jinja.
+    # Simply map the output key enums values to themselves and pass them to jinja.
     # Thus, we ensure that the output keys in the cloudformation match with the values in class OutputKey
     output_keys_dict = {output_key.value: output_key.value for output_key in OutputKey}
-    return render_template("vm_bucket_cloudformation.jinja.yaml", acl_arn=waf_webacl_arn, **output_keys_dict)
+    return render_template(
+        "vm_bucket_cloudformation.jinja.yaml",
+        acl_arn=waf_webacl_arn,
+        path_in_bucket=AssetId.BUCKET_PREFIX,
+        **output_keys_dict,
+    )
 
 
 def _find_vm_bucket_stack_output(aws_access: AwsAccess, output_key: OutputKey):

diff --git a/exasol/ds/sandbox/templates/release_code_build.jinja.yaml b/exasol/ds/sandbox/templates/release_code_build.jinja.yaml
@@ -70,7 +70,7 @@ Resources:
                 - s3:PutObject
                 - s3:GetObject
                 - s3:DeleteObject
-                Resource: arn:aws:s3:::{{vm_bucket}}/data_science_sandbox/*
+                Resource: arn:aws:s3:::{{vm_bucket}}/{{path_in_bucket}}/*
                 Effect: Allow
               - Action:
                 - secretsmanager:GetSecretValue

diff --git a/exasol/ds/sandbox/templates/vm_bucket_cloudformation.jinja.yaml b/exasol/ds/sandbox/templates/vm_bucket_cloudformation.jinja.yaml
@@ -57,7 +57,7 @@ Resources:
             Principal:
               Service: "cloudfront.amazonaws.com"
             Resource:
-              - !Sub "arn:aws:s3:::${ VMBucket }/data_science_sandbox/*"
+              - !Sub "arn:aws:s3:::${ VMBucket }/{{path_in_bucket}}/*"
             Condition:
               StringEquals:
                 'AWS:SourceArn': !Sub "arn:aws:cloudfront::${AWS::AccountId}:distribution/${CfDistribution}"