udondan / cfn-teleport Goto Github PK

Currently, we get a wall of error code. Instead we should have a brief error message

When we import resources, we are forced to set a DeletionPolicy. The value should be the docuented default: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html

• Snapshot for AWS::RDS::DBCluster
• Snapshot for AWS::RDS::DBInstance that doesn't have a DBClusterIdentifier
• Delete for everything else

• md5
• sha256

Currently we only have support for AWS::S3::Bucket.

In the function create_changeset the resource identifier key is hardcoded to BucketName.

It is preferred, that we don't hardoced a mapping in the tool, but find a way how to get the key dynamically.

Renaming is implemented but commented out in the code.

Currently renaming is too dangerous, as have have not implemented checking for references to the renamed resource. In case the resource is renamed, all references need to be updated.

Artifacts for linux, mac and windows should be available on github for download.

^

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Location: renovate.json
Error type: The renovate configuration file contains some invalid settings
Message: Invalid configuration option: packageFileRules

Hello,

First of all this tools looks really useful and could solve our hands a lot.
I'm trying to implement a simple POC of this tool but I'm stuck having an ambiguous error.

I have created the 2 following simple CF Stacks
Stack1:

AWSTemplateFormatVersion: 2010-09-09
Description: "Creates an S3 bucket to store logs."

Resources:
  MyBucket1:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: mybucket-123-logs-1-eu-west-1

  SecondBucket1:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: mybucket-123-logs-eu-west-1-second-bucket

Stack2:

AWSTemplateFormatVersion: 2010-09-09
Description: "Creates an S3 bucket to store logs."

Resources:
  MyBucket2:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: mybucket-456-logs-2-eu-west-1

  SecondBucket2:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: mybucket-456-logs-eu-west-1-second-bucket

I want to to a transfer of MyBucket1 from Stack1 to Stack2.

But when I run the following command:
cfn-teleport --source Stack1 --target Stack2 --resource MyBucket1 --yes

I get the output:

The following resources will be moved from stack Stack1 to Stack2:
  AWS::S3::Bucket    MyBucket1    mybucket-123-logs-1-eu-west-1
Error: Error("expected value", line: 1, column: 1)

Notes:
I run cfn-teleport version 0.4.0.
cfn-teleport is installed via cargo on ubuntu 20.04 LTS
cfn-teleport can communicate successfully with my AWS Account because when I don't provide the flags for Stacks and Resources I can find them and select them using the CLI wizard.

Am I missing something?

App should be signed with a developer certificate.

Requirement: Developer Certificate 😸

In case the import fails, we should save the template to disk, so the user can inspect the tempalte and use it for manual import.

We then also can implement a --retry option, which will take the template and proceed.

First of all, thank you very much for writing this tool. If it works as advertised, it will be an absolute life-saver for us.

I am unfortunately not versed in Rust (Java/TS background) otherwise I would've probably been able to debug this myself

We are seeing the following error:

cfn-teleport --source reconciliation-dev-tables --target reconciliation-dev-reconciliation-service --resource ReconciliatonDetailsTable --resource SettlementDetailsTable --yes
The following resources will be moved from stack reconciliation-dev-tables to reconciliation-dev-reconciliation-service:
  AWS::DynamoDB::Table    ReconciliatonDetailsTable    reconciliation-dev-details
  AWS::DynamoDB::Table    SettlementDetailsTable       reconciliation-dev-settlement-details
Error: "Unable to proceed, because the template is invalid: unhandled error"

Using AWS_REGION and AWS_PROFILE to guide the aws credentials chain. The profile is using AWS SSO (not sure this is relevant because I don't suspect a permissions issue here)

How can I convince cfn-teleport to share moar debugging information with me?
Can this be related to dependencies between resources within the source stack?

Edit: thinking about this some more and reading through the code, it might be that having exports in the source stack can cause the new template to be invalid after cfn-teleport attempts to remove the resources from the source stack. I don't see any code that looks up the exports to remove them together with the resource

When we import resources, we have to add a DeletionPolicy to all imported resources.

After importing, we should remove the DeletionPolicy. For this to happen, we have to store the resources where we added the DeletionPolicy during import, since we don't want to remove DeletionPolicies which have been already set before importing.

I'm on the road with no access to a keyboard until April 24. I might be able to look at issues but won't be able to fix anything until then.

🌴

Application details not set in windows exe. When running Get-Command cfn-teleport, the output is

 Path               : C:\ProgramData\Chocolatey\bin\cfn-teleport.exe
Extension          : .exe
Definition         : C:\ProgramData\Chocolatey\bin\cfn-teleport.exe
Source             : C:\ProgramData\Chocolatey\bin\cfn-teleport.exe
Version            : 1.0.0.0
Visibility         : Public
OutputType         : {System.String}
Name               : cfn-teleport.exe
CommandType        : Application
ModuleName         : 
Module             : 
RemotingCapability : PowerShell
Parameters         : 
ParameterSets      : 
HelpUri            : 
FileVersionInfo    : File:             C:\ProgramData\Chocolatey\bin\cfn-teleport.exe
                     InternalName:     cfn-teleport.exe
                     OriginalFilename: cfn-teleport.exe
                     FileVersion:      1.0.0.0
                     FileDescription:  ShimGen generated shim - Chocolatey Shim
                     Product:          ShimGen generated shim - Chocolatey Shim
                     ProductVersion:   1.0.0
                     Debug:            False
                     Patched:          False
                     PreRelease:       False
                     PrivateBuild:     False
                     SpecialBuild:     False
                     Language:         Language Neutral

At very least the version should be correct.

See:

• https://stackoverflow.com/questions/74509880/add-exe-file-details-to-binary-of-compiled-rust-code
• https://users.rust-lang.org/t/does-exe-file-contain-version-information/85096/5

Should have a test target in Makefile.

In test/cdk we have a cdk app which will deploy two stacks. Stack A has two buckets, stack B is empty.

The test target should:

• deploy the CDK app
• run the tool and migrate both buckets from A to B
• cdk diff should report changes
• migrate both resources back from stack B to A
• cdk diff should report no changes
• cdk DESTROY

The supported resource types are available in the AWS documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html

We should have a github job which periodically checks for updates on this site and generates the file src/supported_resource_types.rs

Currently the tool can only work interactively, the user has to provide input at runtime.

The tool should also support command line args, e.g.

cdn-resource-mirator \
  --source A \
  --target B \
  -y \
  --resource Bucket182C536A1 \
  --resource Bucket21D68F7E8

Installation should be possible vie chocolatey

Installation should be possible vie brew

When a new ID is provided, the program panics:

thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', src/main.rs:561:75

Probably with a spinnder, e.g. https://github.com/console-rs/indicatif