From af93cc26c0002d7cb925c06bd49ac2c7b0b99700 Mon Sep 17 00:00:00 2001
From: Webster Mudge <wmudge@cloudera.com>
Date: Mon, 9 May 2022 13:41:06 -0400
Subject: [PATCH] Support configurable AWS ARN partition for policies

Signed-off-by: Webster Mudge <wmudge@cloudera.com>
---
 docs/configuration.yml                    | 17 +++++++++++++++++
 roles/platform/defaults/main.yml          |  3 ++-
 roles/platform/tasks/aws_policy_regex.yml |  6 ++++--
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/docs/configuration.yml b/docs/configuration.yml
index e8d0274d..73572b76 100644
--- a/docs/configuration.yml
+++ b/docs/configuration.yml
@@ -1,3 +1,19 @@
+---
+
+# Copyright 2022 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 datahub:
   compute:
     aws:
@@ -69,6 +85,7 @@ dw:
   suffix:
 env:
   aws:
+    arn_partition: aws | aws-cn | aws-us-gov (See https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
     policy:
       name:
         bucket_access:
diff --git a/roles/platform/defaults/main.yml b/roles/platform/defaults/main.yml
index 2e241ec4..cd2b8ab6 100644
--- a/roles/platform/defaults/main.yml
+++ b/roles/platform/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 
-# Copyright 2021 Cloudera, Inc. All Rights Reserved.
+# Copyright 2022 Cloudera, Inc. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -106,6 +106,7 @@ plat__cdp_xaccount_account_id:                "{{ env.cdp.cross_account.account_
 
 # AWS
 plat__aws_profile:                            "{{ common__aws_profile }}"
+plat__aws_arn_partition:                      "{{ env.aws.arn_partition | default('aws') }}"
 plat__aws_vpc_id:                             "{{ common__aws_vpc_id }}"
 plat__aws_public_subnet_ids:                  "{{ common__aws_public_subnet_ids }}"
 plat__aws_private_subnet_ids:                 "{{ common__aws_private_subnet_ids }}"
diff --git a/roles/platform/tasks/aws_policy_regex.yml b/roles/platform/tasks/aws_policy_regex.yml
index 56969f5c..dce342fe 100644
--- a/roles/platform/tasks/aws_policy_regex.yml
+++ b/roles/platform/tasks/aws_policy_regex.yml
@@ -1,6 +1,6 @@
 ---
 
-# Copyright 2021 Cloudera, Inc. All Rights Reserved.
+# Copyright 2022 Cloudera, Inc. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -35,4 +35,6 @@
     - regexp: '\${STORAGE_LOCATION_BASE}'
       replace: "{{ plat__storage_name }}"
     - regexp: '\${DATALAKE_BUCKET}'
-      replace: "{{ plat__storage_name }}"
\ No newline at end of file
+      replace: "{{ plat__storage_name }}"
+    - regexp: '\${ARN_PARTITION}'
+      replace: "{{ plat__aws_arn_partition }}"
\ No newline at end of file