def update(event, _):
old_properties = validate_properties(old_resource_properties(event))
properties = validate_properties(resource_properties(event))
parameter_name = cfn.physical_resource_id(event)
releases = cssm.fetch_json_parameter(ssm, parameter_name)
current_release_prefix = properties.current_release_prefix
if len(releases) > 1 \
and releases[0] == old_properties.current_release_prefix \
and releases[1] == current_release_prefix \
and cfn.is_stack_rollback_complete_cleanup_in_progress(cf, event):
# in the case of a stack rollback and swap of the 2 first releases, we just assume
# that it is update to rollback the resource itself.
releases.pop(0)
else:
# 1. we need to put the release into the list; if the release is already inside, we remove it. in any case,
# we put the release in front of the list.
try:
releases.remove(current_release_prefix)
except ValueError:
pass
releases.insert(0, current_release_prefix)
# 2. we cleanup old releases if we have gone over the parameterised count
while len(releases) > properties.release_count_number:
old_release_prefix = releases.pop()
delete_objects(properties.bucket, old_release_prefix)
put_json_parameter(parameter_name, releases)
return parameter_name
def check_certificate(event, round_index):
try:
if event['RequestType'] == 'Delete':
cfn.send_success(event)
return True
certificate_arn = cfn.physical_resource_id(event)
if round_index >= MAX_ROUND_COUNT:
cfn.send_failed(
event,
"certificate {} did not stablise".format(certificate_arn))
return True
acm = acm_service(certificate_arn)
certificate = acm.describe_certificate(CertificateArn=certificate_arn)
certificate_status = certificate['Certificate']['Status']
if certificate_status == 'ISSUED':
cfn.send_success(event)
return True
elif certificate_status == 'PENDING_VALIDATION':
return False
else:
cfn.send_failed(
event, 'the certificate {} is in invalid status {}.'.format(
certificate_arn, certificate_status))
return True
except Exception as e:
cfn.send_failed(event, "exception during checking: {}".format(str(e)))
return True
def properties(event):
try:
p = Properties(physical_resource_id=physical_resource_id(event),
logical_resource_id=event['LogicalResourceId'],
stack_id=event['StackId'],
ordinal=resource_properties(event)['Ordinal'])
except KeyError as e:
raise ValueError('cloudformation event not valid') from e
if not p.ordinal:
raise ValueError('Ordinal is obligatory')
return p
def delete_certificate(event):
certificate_arn = cfn.physical_resource_id(event)
log.msg('deleting certificate', certificate_arn=certificate_arn)
# We delete only if the certificate has been properly created before.
if c.is_certificate_arn(certificate_arn):
properties = validate_properties(resource_properties(event))
cert_proc = CertificateProcessor(certificate_arn=certificate_arn,
properties=properties)
if not cfn.is_being_replaced(cf, event):
# This resource may create DNS Records that should be deleted as well. Also there is an SNS parameter
# to ensure that the resource is created only once (to handle possible SNS delivery duplication)
# these are deleted only if the resource is being deleted (the update function takes care of the DNS
# records if the resource is being replaced).
cert_proc.delete_record_set_group()
delete_sns_message_ssm_parameter(event)
cert_proc.delete_certificate()
cfn.send_success(event)
def update_certificate(sns_message_id, event):
if should_skip_message(sns_message_id, event):
return
new_properties = validate_properties(resource_properties(event))
old_properties = validate_properties(cfn.old_resource_properties(event))
certificate_arn = cfn.physical_resource_id(event)
if needs_new(event, old_properties, new_properties):
log.msg('new certificate needed',
stack_arn=cfn.stack_id(event),
logical_resource_id=cfn.logical_resource_id(event))
log.msg('delete old dns record', old_properties=old_properties)
cert_proc = CertificateProcessor(certificate_arn, old_properties)
cert_proc.delete_record_set_group()
create_certificate(sns_message_id, event)
else:
cert_proc = CertificateProcessor(certificate_arn, new_properties)
if safe_set(old_properties.tags) != safe_set(new_properties.tags):
cert_proc.update_tags()
if old_properties.with_caa != new_properties.with_caa:
if new_properties.with_caa:
cert_proc.create_caa_records()
else:
cert_proc.delete_caa_records()
cfn.send_success(event)
def silent_delete_parameter_from_event(ssm, event):
parameter_name = cfn.physical_resource_id(event)
return silent_delete_parameter(ssm, parameter_name)
def delete(event, _):
return physical_resource_id(event)
def has_valid_physical_resource_id(event, properties):
return cfn.physical_resource_id(event) == physical_resource_id(
event, properties)
def delete(event, _):
properties = validate_properties(resource_properties(event))
if has_valid_physical_resource_id(
event, properties) and cfn.is_stack_delete_in_progress(cf, event):
delete_all_images(properties)
return cfn.physical_resource_id(event)
def delete(event, _):
properties = validate_properties(resource_properties(event))
if cfn.is_being_replaced(cf, event):
swap_rules(properties)
return cfn.physical_resource_id(event)
def delete(event, _):
properties = validate_properties(resource_properties(event))
if has_valid_physical_resource_id(event, properties) and should_delete(event):
delete_objects(properties)
return cfn.physical_resource_id(event)
def delete(event, _):
properties = validate_properties(resource_properties(event))
delete_user_pool_domain(properties)
return physical_resource_id(event)