This is kind of a big one.
This change combines all of the various python scripts into one builder script and uses argparse subcommands to handle dispatch to the other commands. It also removes a lot of hand-rolled command line manipulation in favor of using argparse. It also tries to be resilient to path locations but always finding the git root before operating on paths. The rationale behind the major refactor is that we need to share logic between a bunch of the scripts now and that's easier to do if they're all in one file. That also seemed easier than making an importable python library for less than 700 lines of code.
make-amis script was converted from shell to python. In the process identity broker integration was added so authentication happens in the region the build is happening, which is passed through to packer. This should eliminate needing to export credentials from the identity broker directly. Building will still require exporting
IDENTITY_BROKER_API_KEY (which is available on the identity broker home page). In the future I hope to be able to use GitHub actions to do the builds and releases so we don't have to run them by hand, this will be a lot easier with the new python implementation.
There's a new identity broker client that can handle multi-regional credentials and provides a list of all regions, including the ability to get a credential for regions that are opted-in for an account. Any region iteration logic should use the broker going forwards instead of the EC2
describe_regions function from boto3 (the broker uses similar logic behind the scenes but with more checks).
The runtime services (
svcs) was remodelled to use a nested map in the profiles. I think this is a little easier to read through at a glance and it greatly simplified the transform of that structure into a flat list.
resolve-profiles script was very heavily modified. The goal was to make the logic as declarative as possible and eliminate some of the unused code there. I think that was accomplished and it made adding some new key transforms pretty easy.
Additionally I removed all region manipulation logic. There will be a PR forthcoming after the ARM release that adds a release tool that handles AMI replication and permission updates to make them public. This will also handle the opt-in regions case. I'll link that work to #53 (closed)
The rest of the scripts remain largely unchanged, just shuffled around to fit into classes.
The final major change I hope to make to this tooling is an update to the
prune-amis subcommand to resolve #23 (closed) but we can talk about that over there.