From f49782ff7037b8bb3e8e6c249b83c369a76f18c7 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 20 Feb 2026 16:01:00 -0500 Subject: [PATCH] Update documentation: fix outdated product names, remove hardcoded IDs, add SC test docs - Updated Service Catalog product name to eks-terragrunt-eks-repo-creator - Updated portfolio name to eks-terragrunt-eks-portfolio - Removed hardcoded product/portfolio IDs (generated by Terraform) - Updated CLI examples to use --product-name instead of --product-id - Updated artifact version references from v1.0 to v2.0 - Fixed ECR image reference in PACKER_UPDATES.md ASCII diagram - Added test_service_catalog.py to scripts listing and testing docs - Updated launch role name to eks-terragrunt-sc-launch-role --- CLOUDFORMATION_CUSTOM_RESOURCE_GUIDE.md | 10 ++++---- DEPLOYMENT.md | 33 ++++++++++++++++--------- PACKER_UPDATES.md | 2 +- README.md | 30 +++++++++++++++++++++- docs/SERVICE_CATALOG_RESOLUTION.md | 16 ++++++------ 5 files changed, 64 insertions(+), 27 deletions(-) diff --git a/CLOUDFORMATION_CUSTOM_RESOURCE_GUIDE.md b/CLOUDFORMATION_CUSTOM_RESOURCE_GUIDE.md index c0895c9..f4f1194 100644 --- a/CLOUDFORMATION_CUSTOM_RESOURCE_GUIDE.md +++ b/CLOUDFORMATION_CUSTOM_RESOURCE_GUIDE.md @@ -119,10 +119,10 @@ terraform apply ``` This creates: -1. **Portfolio** — `github-automation-github-automation` -2. **Product** — `github-automation-github-repo-creator` with template from `service-catalog/product-template.yaml` +1. **Portfolio** — `eks-terragrunt-eks-portfolio` +2. **Product** — `eks-terragrunt-eks-repo-creator` with template from `service-catalog/product-template.yaml` 3. **S3 Upload** — template uploaded with `servicecatalog:provisioning = true` tag (required by SCPs) -4. **Launch Constraint** — `github-automation-sc-launch-role` assumed by CloudFormation +4. **Launch Constraint** — launch role assumed by CloudFormation 5. **Template Constraint** — locks `LambdaFunctionArn` to the deployed function 6. **Principal Association** — grants specified IAM roles access to provision @@ -146,8 +146,8 @@ This creates: ```bash aws servicecatalog provision-product \ - --product-id prod-w3uvfaxmeblxe \ - --provisioning-artifact-name "v1.0" \ + --product-name "eks-terragrunt-eks-repo-creator" \ + --provisioning-artifact-name "v2.0" \ --provisioned-product-name "my-eks-cluster" \ --provisioning-parameters \ Key=ProjectName,Value=my-eks-cluster \ diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md index 693ce4f..9c73e58 100644 --- a/DEPLOYMENT.md +++ b/DEPLOYMENT.md @@ -139,8 +139,8 @@ This creates: - ✅ Lambda permission for CloudFormation to invoke as Custom Resource - ✅ API Gateway HTTP endpoint (alternative invocation method) - ✅ CloudWatch Log Group (`/aws/lambda/eks-terragrunt-repo-gen-template-automation`) -- ✅ **Service Catalog Portfolio** — `github-automation-github-automation` -- ✅ **Service Catalog Product** — `github-automation-github-repo-creator` +- ✅ **Service Catalog Portfolio** — `eks-terragrunt-eks-portfolio` +- ✅ **Service Catalog Product** — `eks-terragrunt-eks-repo-creator` - ✅ **Launch Constraint** — role assumed by CloudFormation when launching the product - ✅ **Template Constraint** — locks `LambdaFunctionArn` to prevent users from changing it - ✅ S3 upload of `product-template.yaml` with `servicecatalog:provisioning = true` tag @@ -148,8 +148,6 @@ This creates: Note the outputs: ``` lambda_function_arn = "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation" -service_catalog_product_id = "prod-w3uvfaxmeblxe" -service_catalog_provisioning_url = "https://console.amazonaws-us-gov.com/servicecatalog/home?region=us-gov-west-1#/products/prod-w3uvfaxmeblxe" ``` ## Step 4: Launch the Product in Service Catalog @@ -157,7 +155,7 @@ service_catalog_provisioning_url = "https://console.amazonaws-us-gov.com/service ### Via AWS Console 1. Navigate to **AWS Service Catalog** → **Products** -2. Find **github-automation-github-repo-creator** +2. Find **eks-terragrunt-eks-repo-creator** 3. Click **Launch product** 4. Enter a **Provisioned product name** (e.g., `my-eks-cluster-repo`) 5. Fill in the EKS parameters: @@ -181,8 +179,8 @@ service_catalog_provisioning_url = "https://console.amazonaws-us-gov.com/service ```bash aws servicecatalog provision-product \ - --product-id prod-w3uvfaxmeblxe \ - --provisioning-artifact-name "v1.0" \ + --product-name "eks-terragrunt-eks-repo-creator" \ + --provisioning-artifact-name "v2.0" \ --provisioned-product-name "my-eks-test" \ --provisioning-parameters \ Key=ProjectName,Value=my-eks-test \ @@ -194,20 +192,33 @@ aws servicecatalog provision-product \ --region us-gov-west-1 ``` -## Step 5: Validate with Test Script +## Step 5: Validate with Test Scripts -Instead of Service Catalog, you can test the Lambda directly using the test script: +### Direct Lambda Test (bypasses Service Catalog) ```bash -# EKS deployment test (recommended) cd /path/to/lambda-template-repo-generator + +# EKS deployment test (recommended) python scripts/test_workflow.py --eks # Generic (non-EKS) test python scripts/test_workflow.py ``` -This bypasses Service Catalog and directly invokes the Lambda with a synthetic CloudFormation event. See [README.md](README.md#testing) for full details. +This bypasses Service Catalog and directly invokes the Lambda with a synthetic CloudFormation event. + +### Full Service Catalog Test + +```bash +# Tests the complete SC → CFN → Lambda → GitHub path +python scripts/test_service_catalog.py + +# Keep provisioned product after test +python scripts/test_service_catalog.py --no-cleanup +``` + +See [README.md](README.md#testing) for full details. ## Monitoring and Troubleshooting diff --git a/PACKER_UPDATES.md b/PACKER_UPDATES.md index 3704596..19ed622 100644 --- a/PACKER_UPDATES.md +++ b/PACKER_UPDATES.md @@ -10,7 +10,7 @@ The Packer configuration builds the Lambda container image that processes **Clou config_packer.hcl packer.pkr.hcl ECR ───────────────── ─────────────── ─── CodeBuild project name Base: lambda/python:3.11 229685449397.dkr.ecr.us-gov-west-1. - S3 bucket / key prefix + requirements.txt amazonaws.com/service-catalog-repo- + S3 bucket / key prefix + requirements.txt amazonaws.com/eks-terragrunt-repo- VPC / compute settings + template_automation/ generator/lambda:latest Exclude dirs + Census Root CA cert + pip config diff --git a/README.md b/README.md index 97a5899..683f2f6 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ lambda-template-repo-generator/ │ └── README.md.j2 ├── scripts/ # Operational / test scripts │ ├── test_workflow.py # End-to-end Lambda workflow tester +│ ├── test_service_catalog.py # End-to-end Service Catalog product tester │ ├── check_github_permissions.py# GitHub PAT permissions audit (11 checks) │ ├── cleanup_test_repos.py # Delete temp-test-repo-* repos from GHE │ ├── validate_github_token.py # Token retrieval + validation @@ -78,7 +79,7 @@ lambda-template-repo-generator/ 1. Sign in to the **AWS GovCloud Console** → navigate to **Service Catalog** 2. Click **Products** in the left sidebar -3. Find **github-automation-github-repo-creator** and click **Launch product** +3. Find **eks-terragrunt-eks-repo-creator** and click **Launch product** 4. Fill in the parameters: | Parameter | Required | Example | Description | @@ -229,6 +230,33 @@ The script runs 6 sequential checks: Output includes a Rich-formatted summary table and pass/fail panel with repo and PR URLs. +### Service Catalog Test Script (`scripts/test_service_catalog.py`) + +Tests the **complete** Service Catalog → CloudFormation → Lambda → GitHub path: + +```bash +# Full SC product test (auto-named sc-test-, auto-cleanup) +python scripts/test_service_catalog.py + +# Custom repo name, no cleanup +python scripts/test_service_catalog.py --no-cleanup my-sc-test + +# Terminate an existing provisioned product +python scripts/test_service_catalog.py --terminate my-sc-test + +# Longer timeout (default is 600s) +python scripts/test_service_catalog.py --timeout 900 +``` + +| Step | What It Does | +|------|-------------| +| 1. AWS Credentials | Validates STS identity and account | +| 2. SC Product Lookup | Finds product and provisioning artifact by name | +| 3. Provision Product | Launches the SC product with all 15 EKS parameters | +| 4. Poll CFN Stack | Streams CloudFormation events until terminal state | +| 5. GitHub Verification | Confirms the repository exists and has an open PR | +| 6. Cleanup | Terminates the provisioned product (skippable with `--no-cleanup`) | + ### GitHub Permissions Checker Validates that the PAT has all required scopes before deployment: diff --git a/docs/SERVICE_CATALOG_RESOLUTION.md b/docs/SERVICE_CATALOG_RESOLUTION.md index a04376a..854c20e 100644 --- a/docs/SERVICE_CATALOG_RESOLUTION.md +++ b/docs/SERVICE_CATALOG_RESOLUTION.md @@ -85,24 +85,22 @@ After applying the changes: 2. ✅ Service Catalog can read the template: ```bash aws servicecatalog describe-provisioning-parameters \ - --product-id prod-w3uvfaxmeblxe \ - --provisioning-artifact-name "v1.0" \ - --path-id "lpv3-uchiqj7m3d57k" \ + --product-name "eks-terragrunt-eks-repo-creator" \ + --provisioning-artifact-name "v2.0" \ --region us-gov-west-1 ``` Returns all CloudFormation parameters successfully. 3. ✅ Launch constraints properly configured: - - LAUNCH constraint: Uses `github-automation-sc-launch-role` + - LAUNCH constraint: Uses `eks-terragrunt-sc-launch-role` - TEMPLATE constraint: Locks Lambda ARN to deployed function ## Product Details -- **Product ID:** `prod-w3uvfaxmeblxe` -- **Portfolio ID:** `port-uchiqj7m3d57k` -- **Template Location:** `s3://servicecatalog-product-artifacts-20250904021619588100000003/github-repo-creator/v1.0/product-template.yaml` -- **Template URL:** `https://servicecatalog-product-artifacts-20250904021619588100000003.s3.us-gov-west-1.amazonaws.com/github-repo-creator/v1.0/product-template.yaml` -- **Console URL:** https://console.amazonaws-us-gov.com/servicecatalog/home?region=us-gov-west-1#/products/prod-w3uvfaxmeblxe +- **Product Name:** `eks-terragrunt-eks-repo-creator` +- **Portfolio Name:** `eks-terragrunt-eks-portfolio` +- **Template Location:** Managed by Terraform — uploaded to the enterprise artifacts S3 bucket +- **Console URL:** Navigate to Service Catalog → Products → `eks-terragrunt-eks-repo-creator` ## Parameters Available