From 905a40fa895d0a9d3f5b9069d1203b514bd892fc Mon Sep 17 00:00:00 2001
From: Justin Field <fieldju@gmail.com>
Date: Tue, 6 Feb 2018 11:54:40 -0800
Subject: [PATCH] allow cms to use athena so we can automatically add
 partitions

---
 gradle.properties                                        | 2 +-
 .../EnableAuditLoggingForExistingEnvironmentCommand.java | 1 +
 .../audit/CreateAuditAthenaDbAndTableOperation.java      | 9 ---------
 ...nableAuditLoggingForExistingEnvironmentOperation.java | 8 ++++++++
 src/main/resources/cloudformation/iam-roles.yaml         | 2 ++
 5 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/gradle.properties b/gradle.properties
index 0209d420..d79aefc3 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -16,4 +16,4 @@
 
 group=com.nike
 artifactId=cerberus-lifecycle-cli
-version=4.1.0
+version=4.2.0
diff --git a/src/main/java/com/nike/cerberus/command/audit/EnableAuditLoggingForExistingEnvironmentCommand.java b/src/main/java/com/nike/cerberus/command/audit/EnableAuditLoggingForExistingEnvironmentCommand.java
index 3e83f7ad..b16b01d5 100644
--- a/src/main/java/com/nike/cerberus/command/audit/EnableAuditLoggingForExistingEnvironmentCommand.java
+++ b/src/main/java/com/nike/cerberus/command/audit/EnableAuditLoggingForExistingEnvironmentCommand.java
@@ -17,6 +17,7 @@ public class EnableAuditLoggingForExistingEnvironmentCommand implements Command
     public static final String COMMAND_NAME = "enable-audit-logging-for-existing-environment";
     public static final String COMMAND_DESCRIPTION =
             "A Composite command that will will execute the following commands in order: "
+                    + "update-stack --stack-name iam-roles --overwrite-template, "
                     + "create-audit-logging-stack, "
                     + "create-audit-log-athena-db-and-table, "
                     + "enable-audit-logging, "
diff --git a/src/main/java/com/nike/cerberus/operation/audit/CreateAuditAthenaDbAndTableOperation.java b/src/main/java/com/nike/cerberus/operation/audit/CreateAuditAthenaDbAndTableOperation.java
index 67827d9d..9d4f3ff0 100644
--- a/src/main/java/com/nike/cerberus/operation/audit/CreateAuditAthenaDbAndTableOperation.java
+++ b/src/main/java/com/nike/cerberus/operation/audit/CreateAuditAthenaDbAndTableOperation.java
@@ -75,15 +75,6 @@ public void run(CreateAuditAthenaDbAndTableCommand command) {
             throw new RuntimeException("failed to load create athena table template", e);
         }
         log.info(executeAthenaQuery(createAuditTable, bucketName).toString());
-
-        String msg = Chalk.on("ATTENTION: ").red().bold().toString() +
-                "Table creation complete, please note that before you execute queries against '" + tableName + "'\n" +
-                "You will have to run the following query '" + Chalk.on("MSCK REPAIR TABLE " + tableName).green().bold().toString() + "'\n" +
-                "CMS will uploads logs every 5 minutes and creates partition folders for every hour.\n" +
-                "You can automate that query to run every hour or run it before you query audit data.\n" +
-                "That query is free and scans the S3 folders in the audit bucket and add the new partitions (The hour folders)";
-
-        log.info(msg);
     }
 
     @Override
diff --git a/src/main/java/com/nike/cerberus/operation/audit/EnableAuditLoggingForExistingEnvironmentOperation.java b/src/main/java/com/nike/cerberus/operation/audit/EnableAuditLoggingForExistingEnvironmentOperation.java
index 53626ca6..2cb0a939 100644
--- a/src/main/java/com/nike/cerberus/operation/audit/EnableAuditLoggingForExistingEnvironmentOperation.java
+++ b/src/main/java/com/nike/cerberus/operation/audit/EnableAuditLoggingForExistingEnvironmentOperation.java
@@ -8,6 +8,7 @@
 import com.nike.cerberus.command.audit.EnableAuditLoggingForExistingEnvironmentCommand;
 import com.nike.cerberus.command.cms.UpdateCmsConfigCommand;
 import com.nike.cerberus.command.core.RebootCmsCommand;
+import com.nike.cerberus.command.core.UpdateStackCommand;
 import com.nike.cerberus.domain.cloudformation.ConfigParameters;
 import com.nike.cerberus.domain.environment.Stack;
 import com.nike.cerberus.operation.composite.ChainableCommand;
@@ -49,10 +50,17 @@ protected List<ChainableCommand> getCompositeCommandChain(EnableAuditLoggingForE
                 ConfigParameters.class).getAccountAdminArn();
 
         return ImmutableList.of(
+                ChainableCommand.Builder.create()
+                        .withCommand(new UpdateStackCommand())
+                        .withOption(UpdateStackCommand.STACK_NAME_LONG_ARG, Stack.IAM_ROLES.getName())
+                        .withAdditionalArg(UpdateStackCommand.OVERWRITE_TEMPLATE_LONG_ARG)
+                        .build(),
+
                 ChainableCommand.Builder.create()
                         .withCommand(new CreateAuditLoggingStackCommand())
                         .withOption(CreateAuditLoggingStackCommand.ADMIN_ROLE_ARN_LONG_ARG, adminArn)
                         .build(),
+
                 new ChainableCommand(new CreateAuditAthenaDbAndTableCommand()),
                 new ChainableCommand(new EnableAuditLoggingCommand()),
                 new ChainableCommand(new UpdateCmsConfigCommand()),
diff --git a/src/main/resources/cloudformation/iam-roles.yaml b/src/main/resources/cloudformation/iam-roles.yaml
index 7eacff2a..9c46710f 100644
--- a/src/main/resources/cloudformation/iam-roles.yaml
+++ b/src/main/resources/cloudformation/iam-roles.yaml
@@ -12,6 +12,8 @@ Outputs:
 Resources:
   CmsIamRole:
     Properties:
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/AmazonAthenaFullAccess
       AssumeRolePolicyDocument:
         Statement:
           - Action: