def detach_from(ctx, iface, resource_config, **_):
'''Detaches an IAM User from something else'''
if utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.Group'):
resource_config['UserName'] = iface.resource_id
IAMGroup(ctx.target.node,
logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).detach_user(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.LoginProfile'):
iface.delete_login_profile(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.AccessKey'):
resource_config['AccessKeyId'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.delete_access_key(resource_config)
elif utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.Policy'):
resource_config['PolicyArn'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.detach_policy(resource_config)
def test_is_node_type(self):
node = MagicMock()
node.type_hierarchy = ['cloudify.nodes.Root', 'cloudify.nodes.Network']
self.assertTrue(utils.is_node_type(node, 'cloudify.nodes.Root'))
self.assertFalse(utils.is_node_type(node, 'cloudify.nodes.Compute'))
def attach_to(ctx, iface, resource_config, **_):
'''Attaches an IAM User to something else'''
if utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.Group'):
resource_config['UserName'] = iface.resource_id
IAMGroup(ctx.target.node,
logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).attach_user(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.LoginProfile'):
iface.create_login_profile(
resource_config
or ctx.target.instance.runtime_properties.get('resource_config'))
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.AccessKey'):
resp = iface.create_access_key(
resource_config
or ctx.target.instance.runtime_properties.get('resource_config'))
utils.update_resource_id(ctx.target.instance, resp['AccessKeyId'])
ctx.target.instance.runtime_properties['SecretAccessKey'] = \
resp['SecretAccessKey']
elif utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.Policy'):
resource_config['PolicyArn'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.attach_policy(resource_config)
def detach_from(ctx, iface, resource_config, **_):
'''Detaches an IAM Group from something else'''
if utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.User'):
resource_config['UserName'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.detach_user(resource_config)
elif utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.Policy'):
resource_config['PolicyArn'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.detach_policy(resource_config)
def detach_from(ctx, iface, resource_config, **_):
'''Detaches an RDS OptionGroup from something else'''
if utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.rds.Option'):
iface.remove_option(
utils.get_resource_id(node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True))
def attach_to(ctx, iface, resource_config, **_):
'''Attaches an IAM Role to something else'''
if utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.Policy'):
resource_config['PolicyArn'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.attach_policy(resource_config)
def prepare_assoc(ctx, iface, resource_config, **inputs):
'''Prepares to associate an RDS Instance to something else'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.rds.SubnetGroup'):
ctx.source.instance.runtime_properties['resource_config'][
'DBSubnetGroupName'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.rds.OptionGroup'):
ctx.source.instance.runtime_properties['resource_config'][
'OptionGroupName'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.rds.ParameterGroup'):
ctx.source.instance.runtime_properties['resource_config'][
'DBParameterGroupName'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
elif utils.is_node_type(ctx.target.node,
'cloudify.aws.nodes.SecurityGroup'):
security_groups = ctx.source.instance.runtime_properties[
'resource_config'].get('VpcSecurityGroupIds', list())
security_groups.append(
utils.get_resource_id(node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True))
ctx.source.instance.runtime_properties['resource_config'][
'VpcSecurityGroupIds'] = security_groups
elif utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.Role'):
if not inputs.get('iam_role_type_key') or \
not inputs.get('iam_role_id_key'):
raise NonRecoverableError(
'Missing required relationship inputs "iam_role_type_key" '
'and/or "iam_role_id_key".')
ctx.source.instance.runtime_properties[
'resource_config'][inputs['iam_role_type_key']] = \
utils.get_resource_string(
node=ctx.target.node,
instance=ctx.target.instance,
attribute_key=inputs['iam_role_id_key'])
def prepare_assoc(ctx, iface, resource_config, **_):
'''Prepares to associate an Lambda Permission to something else'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.lambda.Function'):
ctx.source.instance.runtime_properties['resource_config'][
'FunctionName'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
def prepare_assoc(ctx, **_):
'''Prepares to associate an Route53 Resource Record Set to something'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.route53.HostedZone'):
zone_id = utils.get_resource_id(node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
utils.update_resource_id(ctx.source.instance, zone_id)
ctx.source.instance.runtime_properties['resource_config'].update(
dict(HostedZoneId=zone_id))
def detach_from(ctx, resource_config, **_):
'''Detaches an IAM Login Profile from something else'''
if utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.User'):
IAMUser(
ctx.target.node,
logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).delete_login_profile(resource_config)
def attach_to(ctx, iface, resource_config, **_):
'''Attaches an RDS OptionGroup to something else'''
rtprops = ctx.target.instance.runtime_properties
params = resource_config or rtprops.get('resource_config') or dict()
if utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.rds.Option'):
params['OptionName'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.include_option(params)
def prepare_assoc(ctx, iface, resource_config, **_):
'''Prepares to associate an RDS SubnetGroup to something else'''
if utils.is_node_type(ctx.target.node, 'cloudify.aws.nodes.Subnet'):
subnet_ids = ctx.source.instance.runtime_properties[
'resource_config'].get('SubnetIds', list())
subnet_ids.append(
utils.get_resource_id(node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True))
ctx.source.instance.runtime_properties['resource_config'][
'SubnetIds'] = subnet_ids
def attach_to(ctx, resource_config, **_):
'''Attaches an IAM Login Profile to something else'''
rtprops = ctx.source.instance.runtime_properties
params = resource_config or rtprops.get('resource_config') or dict()
if utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.User'):
IAMUser(ctx.target.node,
logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).create_login_profile(params)
def attach_to(ctx, resource_config, **_):
'''Attaches an Lambda Invoke to something else'''
rtprops = ctx.source.instance.runtime_properties
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.lambda.Function'):
ctx.source.instance.runtime_properties['output'] = LambdaFunction(
ctx.target.node, logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).invoke(
resource_config or rtprops.get('resource_config'))
def detach_from(ctx, resource_config, **_):
'''Detaches an IAM Access Key from something else'''
if utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.User'):
resource_config['AccessKeyId'] = utils.get_resource_id(
node=ctx.source.node,
instance=ctx.source.instance,
raise_on_missing=True)
IAMUser(ctx.target.node,
logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).delete_access_key(resource_config)
def prepare_assoc(ctx, iface, resource_config, **inputs):
'''Prepares to associate an RDS Instance Read Replica to something else'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.rds.SubnetGroup'):
ctx.source.instance.runtime_properties[
'resource_config']['DBSubnetGroupName'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.rds.OptionGroup'):
ctx.source.instance.runtime_properties[
'resource_config']['OptionGroupName'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.rds.Instance'):
ctx.source.instance.runtime_properties[
'resource_config']['SourceDBInstanceIdentifier'] = \
utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.Role'):
if not inputs.get('iam_role_type_key') or \
not inputs.get('iam_role_id_key'):
raise NonRecoverableError(
'Missing required relationship inputs "iam_role_type_key" '
'and/or "iam_role_id_key".')
ctx.source.instance.runtime_properties[
'resource_config'][inputs['iam_role_type_key']] = \
utils.get_resource_string(
node=ctx.target.node,
instance=ctx.target.instance,
attribute_key=inputs['iam_role_id_key'])
def attach_to(ctx, resource_config, **_):
'''Attaches an IAM Access Key to something else'''
rtprops = ctx.source.instance.runtime_properties
if utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.User'):
resp = IAMUser(ctx.target.node,
logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).create_access_key(
resource_config
or rtprops.get('resource_config'))
utils.update_resource_id(ctx.source.instance, resp['AccessKeyId'])
ctx.source.instance.runtime_properties['SecretAccessKey'] = \
resp['SecretAccessKey']
def prepare_assoc(ctx, iface, resource_config, **inputs):
'''Prepares to associate an Route53 Hosted Zone to something else'''
if utils.is_node_type(ctx.target.node, 'cloudify.aws.nodes.VPC'):
vpc_id = utils.get_resource_id(node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
# Update VPC configuration
vpccfg = ctx.source.instance.runtime_properties['resource_config'].get(
'VPC', dict())
vpccfg['VPCId'] = vpc_id
if not vpccfg.get('VPCRegion'):
vpccfg['VPCRegion'] = detect_vpc_region(
Boto3Connection(ctx.source.node).client('ec2'), vpc_id)
ctx.source.instance.runtime_properties['resource_config'][
'VPC'] = vpccfg
def attach_to(ctx, resource_config, **_):
'''Attaches an RDS Parameter to something else'''
rtprops = ctx.source.instance.runtime_properties
params = resource_config or rtprops.get('resource_config') or dict()
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.rds.ParameterGroup'):
params['ParameterName'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
ParameterGroup(ctx.target.node,
logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).update_parameter(params)
