Fix generate_params.py to rely on pipeline input definitions instead

src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/global.yml

@@ -287,10 +287,17 @@ Resources:
             Resource:
               - !Sub arn:${AWS::Partition}:s3:::${PipelineBucket}
               - !Sub arn:${AWS::Partition}:s3:::${PipelineBucket}/*
+          - Effect: Allow
+            Sid: "S3ReadOnly"
+            Action:
+              - s3:Get*
+              - s3:GetBucketPolicy
+              - s3:List*
+            Resource:
               - !Sub arn:${AWS::Partition}:s3:::${SharedModulesBucket}
               - !Sub arn:${AWS::Partition}:s3:::${SharedModulesBucket}/*
-              - !Sub arn:${AWS::Partition}:s3:::${PipelineManagementApplication.Outputs.Bucket}
-              - !Sub arn:${AWS::Partition}:s3:::${PipelineManagementApplication.Outputs.Bucket}/*
+              - !Sub arn:${AWS::Partition}:s3:::${PipelineManagementApplication.Outputs.DefinitionBucket}
+              - !Sub arn:${AWS::Partition}:s3:::${PipelineManagementApplication.Outputs.DefinitionBucket}/*
           - Effect: Allow
             Sid: "KMS"
             Action:
@@ -383,10 +390,17 @@ Resources:
             Resource:
               - !Sub arn:${AWS::Partition}:s3:::${PipelineBucket}
               - !Sub arn:${AWS::Partition}:s3:::${PipelineBucket}/*
-              - !Sub arn:${AWS::Partition}:s3:::${SharedModulesBucket}
-              - !Sub arn:${AWS::Partition}:s3:::${SharedModulesBucket}/*
               - !Sub arn:${AWS::Partition}:s3:::${PipelineManagementApplication.Outputs.Bucket}
               - !Sub arn:${AWS::Partition}:s3:::${PipelineManagementApplication.Outputs.Bucket}/*
+          - Effect: Allow
+            Sid: "S3ReadOnly"
+            Action:
+              - s3:Get*
+              - s3:GetBucketPolicy
+              - s3:List*
+            Resource:
+              - !Sub arn:${AWS::Partition}:s3:::${SharedModulesBucket}
+              - !Sub arn:${AWS::Partition}:s3:::${SharedModulesBucket}/*
           - Effect: Allow
             Sid: "KMS"
             Action:

src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/lambda_codebase/pipeline_management/create_or_update_rule.py

@@ -37,22 +37,20 @@ def lambda_handler(pipeline, _):
 
     LOGGER.info(pipeline)
 
-    _source_account_id = (
+    source_account_id = (
         pipeline.get("default_providers", {})
         .get("source", {})
         .get("properties", {})
         .get("account_id", {})
     )
     if (
-        _source_account_id
-        and int(_source_account_id) != int(DEPLOYMENT_ACCOUNT_ID)
-        and not _cache.check(_source_account_id)
+        source_account_id
+        and int(source_account_id) != int(DEPLOYMENT_ACCOUNT_ID)
+        and not _cache.exists(source_account_id)
     ):
-        rule = Rule(pipeline["default_providers"]["source"]["properties"]["account_id"])
+        rule = Rule(source_account_id)
         rule.create_update()
-        _cache.add(
-            pipeline["default_providers"]["source"]["properties"]["account_id"], True
-        )
+        _cache.add(source_account_id, True)
         METRICS.put_metric_data(
             {"MetricName": "CreateOrUpdate", "Value": 1, "Unit": "Count"}
         )

src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/pipeline_management.yml

@@ -986,6 +986,13 @@ Resources:
         IgnorePublicAcls: true
         RestrictPublicBuckets: true
 
+  DefinitionBucketParameter:
+    Type: "AWS::SSM::Parameter"
+    Properties:
+      Name: "/adf/pipeline_definition_bucket"
+      Type: "String"
+      Value: !Ref ADFDefinitionBucket
+
   ADFPipelineBucket:
     Type: "AWS::S3::Bucket"
     DeletionPolicy: Retain
@@ -1024,6 +1031,9 @@ Outputs:
   Bucket:
     Value: !Ref ADFPipelineBucket
 
+  DefinitionBucket:
+    Value: !Ref ADFDefinitionBucket
+
   CreateOrUpdateRuleLambdaRoleArn:
     Value: !GetAtt CreateOrUpdateRuleLambdaRole.Arn
 

src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/base_resolver.py

@@ -0,0 +1,57 @@
+# Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: MIT-0
+
+"""
+BaseResolver abstract class used for resolver implementations
+to inherit from so they use the same interface
+"""
+from abc import ABC, abstractmethod
+from cache import Cache
+
+
+class BaseResolver(ABC):
+    """
+    The abstract BaseResolver class ensures that the interface
+    of the methods for resolvers are defined and common code is stored here.
+    """
+
+    def __init__(self):
+        self.cache = Cache()
+
+    @abstractmethod
+    def resolve(self, lookup_str: str, random_filename: str) -> str:
+        """
+        Assumes that the lookup_str is supported.
+
+        This function will perform the intrinsic function to
+        resolve the value as requested.
+
+        Args:
+            lookup_str (str): The lookup string that contains the lookup
+                syntax.
+            random_filename (str): The random filename, used to ensure
+                unique uploads when required.
+
+        Returns:
+            str: The value as looked up using the intrinsic function.
+        """
+        pass
+
+    @abstractmethod
+    def supports(self, lookup_str: str) -> bool:
+        """
+        Check if this resolver supports the lookup_str syntax.
+
+        Args:
+            lookup_str (str): The lookup string that might have the lookup
+                syntax or not.
+
+        Returns:
+            bool: True if this resolver supports the lookup_str syntax.
+                False if not.
+        """
+        pass
+
+    @staticmethod
+    def _is_optional(value: str) -> bool:
+        return value.endswith('?')

src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/generate_pipeline_inputs.py

@@ -209,7 +209,7 @@ def main():
         need_to_create_rules = (
             source_account_id
             and int(source_account_id) != int(DEPLOYMENT_ACCOUNT_ID)
-            and not cache.check(source_account_id)
+            and not cache.exists(source_account_id)
         )
         if need_to_create_rules:
             rule = Rule(source_account_id)