---
AWSTemplateFormatVersion: "2010-09-09"
Description: >-
  (WWPS-GLS-WF-ORCHESTRATOR-SFN) Creates container images, AWS Batch Job Definitions, 
  and an AWS Step Functions State Machine for a genomics workflow.

Mappings:
  TagMap:
    default:
      architecture: "genomics-workflows"
      solution: "step-functions"
      tags:
        - Key: "architecture"
          Value: "genomics-workflows"
        - Key: "solution"
          Value: "step-functions"

Metadata:
  AWS::Cloudformation::Interface:
    ParameterGroups:
      - Label:
          default: "Required"
        Parameters:
          - Namespace
          - GWFCoreNamespace
      - Label:
          default: "Distribution Configuration"
        Parameters:
          - TemplateRootUrl

Parameters:
  Namespace:
    Type: String
    Description: Namespace (e.g. project name) to use to label resources.
  
  GWFCoreNamespace:
    Type: String
    Description: >-
      Namespace of the GWFCore deployment to use.
  
  TemplateRootUrl:
    Type: String
    Description: >-
      Root URL for where nested templates are stored
    Default: https://aws-genomics-workflows.s3.amazonaws.com/templates  # dist: pin_version
    ConstraintDescription: >-
      Must be a valid S3 HTTP URL
    AllowedPattern: "https://[a-z0-9-./]{0,}s3([a-z0-9-.]+)*\\.amazonaws\\.com/[a-z0-9-./]{3,}"

Conditions:
  NoNamespace: !Equals [ !Ref Namespace, "" ]

Resources:
  ContainerSource:
    Type: "AWS::CodeCommit::Repository"
    Properties:
      RepositoryName: !Sub containers-${AWS::StackName}
      RepositoryDescription: >-
        Source code for workflow tooling containers
      Code:
        S3:
          Bucket: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/bucket:1}}'
          Key: !Sub 
            - ${Prefix}/containers.zip
            - Prefix: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/prefix:1}}'
      Tags:
        - Key: architecture
          Value: !FindInMap ["TagMap", "default", "architecture"]
  
  ContainerBuildBwa:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: !Sub ${TemplateRootUrl}/_common/container-build.template.yaml
      Parameters:
        ImageName: bwa
        ImageTag: "0.7.17"
        GitRepoType: CODECOMMIT
        GitCloneUrlHttp: !GetAtt ContainerSource.CloneUrlHttp
        ProjectPath: ./bwa
        ProjectBuildSpecFile: ./buildspec-workflow-tool.yml
        CreateBatchJobDefinition: "Yes"
        BatchJobDefinitionName: !Sub "bwa-${AWS::StackName}"
        ArtifactBucketName: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/bucket:1}}'
        ArtifactBucketPrefix: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/prefix:1}}'
      Tags: !FindInMap ["TagMap", "default", "tags"]
  
  ContainerBuildSamtools:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: !Sub ${TemplateRootUrl}/_common/container-build.template.yaml
      Parameters:
        ImageName: samtools
        ImageTag: "1.9"
        GitRepoType: CODECOMMIT
        GitCloneUrlHttp: !GetAtt ContainerSource.CloneUrlHttp
        ProjectPath: ./samtools
        ProjectBuildSpecFile: ./buildspec-workflow-tool.yml
        CreateBatchJobDefinition: "Yes"
        BatchJobDefinitionName: !Sub "samtools-${AWS::StackName}"
        ArtifactBucketName: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/bucket:1}}'
        ArtifactBucketPrefix: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/prefix:1}}'
      Tags: !FindInMap ["TagMap", "default", "tags"]
  
  ContainerBuildBcftools:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: !Sub ${TemplateRootUrl}/_common/container-build.template.yaml
      Parameters:
        ImageName: bcftools
        ImageTag: "1.9"
        GitRepoType: CODECOMMIT
        GitCloneUrlHttp: !GetAtt ContainerSource.CloneUrlHttp
        ProjectPath: ./bcftools
        ProjectBuildSpecFile: ./buildspec-workflow-tool.yml
        CreateBatchJobDefinition: "Yes"
        BatchJobDefinitionName: !Sub "bcftools-${AWS::StackName}"
        ArtifactBucketName: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/bucket:1}}'
        ArtifactBucketPrefix: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/prefix:1}}'
      Tags: !FindInMap ["TagMap", "default", "tags"]
  
  IAMStepFunctionsExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      Description: !Sub stepfunctions-service-role-${AWS::StackName}-${AWS::Region} 
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: states.amazonaws.com
            Action: "sts:AssumeRole"
      Policies:
        - PolicyName: !Sub states-access-policy-${AWS::Region}
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              # Service integration permissions.  For more details see:
              # https://docs.aws.amazon.com/step-functions/latest/dg/service-integration-iam-templates.html
              
              # enable calling lambda functions
              - Effect: Allow
                Action:
                  - lambda:InvokeFunction
                Resource: "*"  # this can be scope to specific functions if needed

              # enable calling other step functions
              - Effect: Allow
                Action:
                  - states:StartExecution
                Resource: "*"  # this can be scoped to specific state machines if needed
              
              # enable submitting batch jobs (synchronous)
              - Effect: Allow
                Action:
                  - "batch:SubmitJob"
                  - "batch:DescribeJobs"
                  - "batch:TerminateJob"
                Resource: "*"  # this can be scoped to specific job queues if needed
              - Effect: Allow
                Action:
                  - "events:PutTargets"
                  - "events:PutRule"
                  - "events:DescribeRule"
                Resource:
                  - !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForBatchJobsRule"
  
  StateMachine:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: !Sub ${TemplateRootUrl}/step-functions/sfn-resources-state-machine.template.yaml
      Parameters:
        Namespace:
          Fn::If:
              - NoNamespace
              - !Sub ${AWS::StackName}
              - !Ref Namespace
        S3BucketName: !Sub "{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/s3-bucket:1}}"
        IAMStepFunctionsExecutionRole: !GetAtt IAMStepFunctionsExecutionRole.Arn
        BatchJobQueue: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/job-queue/default:1}}'
        BatchJobDefinitionBwa: !GetAtt ContainerBuildBwa.Outputs.JobDefinition
        BatchJobDefinitionSamtools: !GetAtt ContainerBuildSamtools.Outputs.JobDefinition
        BatchJobDefinitionBcftools: !GetAtt ContainerBuildBcftools.Outputs.JobDefinition
      Tags: !FindInMap ["TagMap", "default", "tags"]

Outputs:
  StateMachine:
    Value: !GetAtt StateMachine.Outputs.StateMachine
    Description: >
      AWS Step Functions State Machine that demonstrates a simple genomics workflow
  
  StateMachineInput:
    Value: !GetAtt StateMachine.Outputs.StateMachineInput
    Description: >
      Example input for the state machine.  Use this when executing your workflow.
  
  StepFunctionsExecutionRole:
    Value: !GetAtt IAMStepFunctionsExecutionRole.Arn
    Description: IAM role used by AWS Step Functions to execute the state machine

...