Merge pull request #279 from 4dn-dcic/iam

iam inheritable
4dn-dcic · May 5, 2020 · f192ea0 · f192ea0
2 parents 5a6bf3f + efc9134
commit f192ea0
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/tibanna/_version.py b/tibanna/_version.py
@@ -1,4 +1,4 @@
 """Version information."""
 
 # The following line *must* be the last in the module, exactly as formatted:
-__version__ = "0.17.1"
+__version__ = "0.17.2"
diff --git a/tibanna/core.py b/tibanna/core.py
@@ -52,7 +52,6 @@
     upload_workflow_to_s3
 )
 # from botocore.errorfactory import ExecutionAlreadyExists
-from .iam_utils import IAM
 from .stepfunction import StepFunctionUnicorn
 from .awsem import AwsemRunJson, AwsemPostRunJson
 from .exceptions import (
@@ -112,6 +111,11 @@ def TibannaResource(self):
         from .cw_utils import TibannaResource
         return TibannaResource
 
+    @property
+    def IAM(self):
+        from .iam_utils import IAM
+        return IAM
+
     def __init__(self):
         pass
 
@@ -724,7 +728,7 @@ def deploy_lambda(self, name, suffix, usergroup=''):
         envs = self.env_list(name)
         if envs:
             extra_config['Environment'] = {'Variables': envs}
-        tibanna_iam = IAM(usergroup)
+        tibanna_iam = self.IAM(usergroup)
         if name == self.run_task_lambda:
             if usergroup:
                 extra_config['Environment']['Variables']['AWS_S3_ROLE_NAME'] \
@@ -805,7 +809,7 @@ def setup_tibanna_env(self, buckets='', usergroup_tag='default', no_randomize=Fa
             for b in bucket_names:
                 printlog("Deleting public access block for bucket %s" % b)
                 response = client.delete_public_access_block(Bucket=b)
-        tibanna_iam = IAM(usergroup_tag, bucket_names, no_randomize=no_randomize)
+        tibanna_iam = self.IAM(usergroup_tag, bucket_names, no_randomize=no_randomize)
         tibanna_iam.create_tibanna_iam(verbose=verbose)
         print("Tibanna usergroup %s has been created on AWS." % tibanna_iam.user_group_name)
         return tibanna_iam.user_group_name
@@ -1142,7 +1146,7 @@ def handle_error(errmsg):
         if not do_not_remove_iam_group:
             if verbose:
                 printlog("deleting IAM permissions %s" % sfn)
-            iam = IAM(user_group_name)
+            iam = self.IAM(user_group_name)
             iam.delete_tibanna_iam(verbose=verbose, ignore_errors=ignore_errors)
         if purge_history:
             if verbose:

diff --git a/tibanna/stepfunction.py b/tibanna/stepfunction.py
@@ -1,5 +1,4 @@
 from .vars import AWS_REGION, AWS_ACCOUNT_NUMBER
-from .iam_utils import IAM
 
 
 class StepFunctionUnicorn(object):
@@ -77,14 +76,19 @@ def lambda_arn_prefix(self):
     def sfn_name(self):
         return 'tibanna_unicorn' + self.lambda_suffix
 
+    @property
+    def iam(self):
+        from .iam_utils import IAM
+        return IAM(self.usergroup)
+
     @property
     def sfn_role_arn(self):
         if not self.usergroup:  # 4dn
             sfn_role_arn = "arn:aws:iam::" + self.aws_acc + \
                            ":role/service-role/StatesExecutionRole-" + self.region_name
         else:
             sfn_role_arn = "arn:aws:iam::" + self.aws_acc + ":role/" + \
-                IAM(self.usergroup).role_name('stepfunction')
+                           self.iam.role_name('stepfunction')
         return sfn_role_arn
 
     @property