class Attributes(Resource):
resource_name = "attributes"
dot_ignore = True
idle_timeout = argument.Integer(
default=30,
field="ConnectionSettings",
serializer=serializers.Dict(IdleTimeout=serializers.Identity(), ),
)
connection_draining = argument.Integer(
default=0,
field="ConnectionDraining",
serializer=serializers.Dict(
Enabled=serializers.Expression(lambda runner, object: object > 0),
Timeout=serializers.Identity(),
))
cross_zone_load_balancing = argument.Boolean(
default=True,
field="CrossZoneLoadBalancing",
serializer=serializers.Dict(Enabled=serializers.Identity(), ))
access_log = argument.Resource(
Bucket,
field="AccessLog",
serializer=serializers.Dict(
Enabled=serializers.Expression(
lambda runner, object: object is not None),
S3BucketName=serializers.Identifier(),
))
class ErrorResponse(Resource):
resource_name = "error_response"
dot_ignore = True
error_code = argument.Integer(field="ErrorCode")
response_page_path = argument.String(field="ResponsePagePath")
response_code = argument.Integer(field="ResponseCode")
min_ttl = argument.Integer(field="ErrorCachingMinTTL")
class HealthCheck(Resource):
resource_name = "health_check"
dot_ignore = True
interval = argument.Integer(field="Interval")
check = argument.String(field="Target")
healthy_threshold = argument.Integer(field="HealthyThreshold")
unhealthy_threshold = argument.Integer(field="UnhealthyThreshold")
timeout = argument.Integer(field="Timeout")
class Listener(Resource):
resource_name = "listener"
protocol = argument.String(field="Protocol")
port = argument.Integer(field="LoadBalancerPort")
instance_protocol = argument.String(field="InstanceProtocol")
instance_port = argument.Integer(field="InstancePort")
ssl_certificate = argument.Resource(
ServerCertificate,
field="SSLCertificiateId",
serializer=serializers.Property("Arn"),
)
class Connection(resource.Resource):
resource_name = "ssh_connection"
username = argument.String(default="root", field="username")
password = argument.String(field="password")
private_key = argument.String(field="pkey",
serializer=serializers.Identity())
hostname = argument.String(field="hostname")
instance = argument.Resource(Instance,
field="hostname",
serializer=serializers.Resource())
port = argument.Integer(field="port", default=22)
proxy = argument.Resource("touchdown.ssh.Connection")
root = argument.Resource(workspace.Workspace)
def clean_private_key(self, private_key):
if private_key:
for cls in (paramiko.RSAKey, paramiko.ECDSAKey, paramiko.DSSKey):
try:
key = cls.from_private_key(six.BytesIO(private_key))
except paramiko.SSHException:
continue
return key
raise errors.InvalidParameter("Invalid SSH private key")
class Redis(zone.Zone):
resource_name = "redis"
prefix = argument.Integer(default=28)
def get_property(self, name):
return Property(name, serializers.Const(self))
class Database(Resource):
resource_name = "database"
name = argument.String(field="DBInstanceIdentifier")
db_name = argument.String(field="DBName")
allocated_storage = argument.Integer(min=5,
max=3072,
field="AllocatedStorage")
iops = argument.Integer(field="Iops")
instance_class = argument.String(field="DBInstanceClass")
engine = argument.String(default='postgres',
field="Engine",
aws_update=False)
engine_version = argument.String(field="EngineVersion")
license_model = argument.String()
master_username = argument.String(field="MasterUsername")
master_password = argument.String(field="MasterUserPassword")
security_groups = argument.ResourceList(SecurityGroup,
field="VpcSecurityGroupIds")
publically_accessible = argument.Boolean(field="PubliclyAccessible",
aws_update=False)
availability_zone = argument.String(field="AvailabilityZone")
subnet_group = argument.Resource(SubnetGroup,
field="DBSubnetGroupName",
aws_update=False)
preferred_maintenance_window = argument.String(
field="PreferredMaintenanceWindow")
multi_az = argument.Boolean(field="MultiAZ")
storage_type = argument.String(field="StorageType")
allow_major_version_upgrade = argument.Boolean(
field="AllowMajorVersionUpgrade")
auto_minor_version_upgrade = argument.Boolean(
field="AutoMinorVersionUpgrade")
character_set_name = argument.String(field="CharacterSetName")
backup_retention_period = argument.Integer(field="BackupRetentionPeriod")
preferred_backup_window = argument.String(field="PreferredBackupWindow")
license_model = argument.String(field="LicenseModel")
port = argument.Integer(min=1, max=32768, field="Port")
# paramter_group = argument.Resource(ParameterGroup, field="DBParameterGroupName")
# option_group = argument.Resource(OptionGroup, field="OptionGroupName")
apply_immediately = argument.Boolean(field="ApplyImmediately",
aws_create=False)
# tags = argument.Dict()
account = argument.Resource(Account)
class CustomOrigin(Resource):
resource_name = "custom_origin"
dot_ignore = True
extra_serializers = {
"CustomOriginConfig":
serializers.Dict(
HTTPPort=serializers.Argument("http_port"),
HTTPSPort=serializers.Argument("https_port"),
OriginProtocolPolicy=serializers.Argument("origin_protocol"),
)
}
name = argument.String(field='Id')
domain_name = argument.String(field='DomainName')
http_port = argument.Integer(default=80)
https_port = argument.Integer(default=443)
origin_protocol = argument.String(choices=['http-only', 'match-viewer'],
default='match-viewer')
class CustomerGateway(Resource):
resource_name = "customer_gateway"
name = argument.String()
type = argument.String(default="ipsec.1",
choices=["ipsec.1"],
field="GatewayType")
public_ip = argument.IPAddress(field="PublicIp")
bgp_asn = argument.Integer(default=65000, field="BgpAsn")
tags = argument.Dict()
vpc = argument.Resource(VPC)
class AutoScalingGroup(Resource):
resource_name = "auto_scaling_group"
name = argument.String(field="AutoScalingGroupName")
launch_configuration = argument.Resource(LaunchConfiguration,
field="LaunchConfigurationName")
min_size = argument.Integer(field="MinSize")
max_size = argument.Integer(field="MaxSize")
desired_capacity = argument.Integer(field="DesiredCapacity")
default_cooldown = argument.Integer(default=300, field="DefaultCooldown")
availability_zones = argument.List(
field="AvailabilityZones",
serializer=serializers.List(skip_empty=True))
subnets = argument.ResourceList(
Subnet,
field="VPCZoneIdentifier",
serializer=serializers.CommaSeperatedList(
serializers.List(serializers.Identifier())),
)
load_balancers = argument.ResourceList(LoadBalancer,
field="LoadBalancerNames",
aws_update=False)
health_check_type = argument.String(
max=32,
default=lambda instance: "ELB" if instance.load_balancers else None,
field="HealthCheckType",
)
health_check_grace_period = argument.Integer(
default=lambda instance: 480 if instance.load_balancers else None,
field="HealthCheckGracePeriod",
)
placement_group = argument.String(max=255, field="PlacementGroup")
termination_policies = argument.List(default=lambda i: ["Default"],
field="TerminationPolicies")
replacement_policy = argument.String(choices=['singleton', 'graceful'],
default='graceful')
account = argument.Resource(BaseAccount)
class Record(Resource):
resource_name = "record"
name = argument.String(field="Name")
type = argument.String(field="Type")
values = argument.List(field="ResourceRecords",
serializer=serializers.List(serializers.Dict(
Value=serializers.Identity(), ),
skip_empty=True))
ttl = argument.Integer(min=0, field="TTL")
set_identifier = argument.Integer(min=1, max=128, field="SetIdentifier")
alias = argument.Resource(
AliasTarget,
field="AliasTarget",
serializer=serializers.Resource(),
)
def clean_name(self, name):
return _normalize(name)
class Rule(Resource):
resource_name = "rule"
dot_ignore = True
network = argument.IPNetwork(field="CidrBlock")
protocol = argument.String(default='tcp',
choices=['tcp', 'udp', 'icmp'],
field="Protocol")
port = argument.Integer(min=-1, max=65535)
from_port = argument.Integer(default=lambda r: r.port
if r.port != -1 else 1,
min=-1,
max=65535)
to_port = argument.Integer(default=lambda r: r.port
if r.port != -1 else 65535,
min=-1,
max=65535)
action = argument.String(default="allow",
choices=["allow", "deny"],
field="RuleAction")
extra_serializers = {
"PortRange":
serializers.Dict(
From=serializers.Integer(serializers.Argument("from_port")),
To=serializers.Integer(serializers.Argument("to_port")),
),
}
def __str__(self):
name = super(Rule, self).__str__()
if self.from_port == self.to_port:
ports = "port {}".format(self.from_port)
else:
ports = "ports {} to {}".format(self.from_port, self.to_port)
return "{}: {} {} from {}".format(name, self.protocol, ports,
self.network)
class ReplicationGroup(BaseCacheCluster, Resource):
resource_name = "replication_group"
name = argument.String(regex=r"[a-z1-9\-]{1,20}",
field="ReplicationGroupId")
description = argument.String(default=lambda resource: resource.name,
field="ReplicationGroupDescription")
primary_cluster = argument.Resource(
"touchdown.aws.elasticache.cache.CacheCluster",
field="PrimaryClusterId")
automatic_failover = argument.Boolean(field="AutomaticFailoverEnabled")
num_cache_clusters = argument.Integer(field="NumCacheClusters")
class ExternalRole(BaseAccount):
resource_name = "external_role"
name = argument.String(field="RoleSessionName")
arn = argument.String(field="RoleArn")
policy = argument.String(field="Policy")
duration = argument.Integer(min=900, max=3600, field="DurationSeconds")
external_id = argument.String(field="ExternalId")
mfa_device = argument.String(field="SerialNumber")
mfa_token = argument.String(field="TokenCode")
account = argument.Resource(Account)
class Zone(Resource):
name = argument.String()
prefix = argument.Integer(default=24)
cidr_block = argument.IPNetwork()
""" Is this zone on the public internet? """
public = argument.Boolean(default=False)
""" The availability zones to create this zone in """
availability_zones = argument.List(
argument.String(min=1, max=1),
min=2,
max=2,
default=["a", "b"],
)
environment = argument.Resource(Environment)
class DefaultCacheBehavior(Resource):
resource_name = "default_cache_behaviour"
dot_ignore = True
extra_serializers = {
# TrustedSigners are not supported yet, so include stub in serialized form
"TrustedSigners":
serializers.Const({
"Enabled": False,
"Quantity": 0,
}),
"AllowedMethods":
CloudFrontList(
inner=serializers.Context(serializers.Argument("allowed_methods"),
serializers.List()),
CachedMethods=serializers.Context(
serializers.Argument("cached_methods"), CloudFrontList()),
),
}
target_origin = argument.String(field='TargetOriginId')
forwarded_values = argument.Resource(
ForwardedValues,
default=lambda instance: dict(),
field="ForwardedValues",
serializer=serializers.Resource(),
)
viewer_protocol_policy = argument.String(
choices=['allow-all', 'https-only', 'redirect-to-https'],
default='allow-all',
field="ViewerProtocolPolicy")
min_ttl = argument.Integer(default=0, field="MinTTL")
allowed_methods = argument.List(default=lambda x: ["GET", "HEAD"])
cached_methods = argument.List(default=lambda x: ["GET", "HEAD"])
smooth_streaming = argument.Boolean(default=False, field='SmoothStreaming')
def test_not_an_integer(self):
self.assertRaises(errors.InvalidParameter,
argument.Integer().clean, None, "five")
def test_integer(self):
self.assertEqual(argument.Integer().clean(None, 0), 0)
def test_integer_from_string(self):
self.assertEqual(argument.Integer().clean(None, "0"), 0)
class LoadBalancer(zone.Zone):
resource_name = "load_balancer"
prefix = argument.Integer(default=28)
class Rule(Resource):
resource_name = "rule"
@property
def dot_ignore(self):
return self.security_group is None
protocol = argument.String(default='tcp',
choices=['tcp', 'udp', 'icmp'],
field="IpProtocol")
port = argument.Integer(min=-1, max=32768)
from_port = argument.Integer(default=lambda r: r.port,
min=-1,
max=32768,
field="FromPort")
to_port = argument.Integer(default=lambda r: r.port,
min=-1,
max=32768,
field="ToPort")
security_group = argument.Resource(
"touchdown.aws.vpc.security_group.SecurityGroup",
field="UserIdGroupPairs",
serializer=serializers.ListOfOne(
serializers.Dict(
UserId=serializers.Property("OwnerId"),
GroupId=serializers.Identifier(),
)),
)
network = argument.IPNetwork(
field="IpRanges",
serializer=serializers.ListOfOne(
serializers.Dict(CidrIp=serializers.String(), )),
)
def matches(self, runner, rule):
sg = None
if self.security_group:
sg = runner.get_plan(self.security_group)
# If the SecurityGroup doesn't exist yet then this rule can't exist
# yet - so we can bail early!
if not sg.resource_id:
return False
if self.protocol != rule['IpProtocol']:
return False
if self.from_port != rule.get('FromPort', None):
return False
if self.to_port != rule.get('ToPort', None):
return False
if sg and sg.object:
for group in rule.get('UserIdGroupPairs', []):
if group['GroupId'] == sg.resource_id and group[
'UserId'] == sg.object['OwnerId']:
return True
if self.network:
for network in rule.get('IpRanges', []):
if network['CidrIp'] == str(self.network):
return True
return False
def __str__(self):
name = super(Rule, self).__str__()
if self.from_port == self.to_port:
ports = "port {}".format(self.from_port)
else:
ports = "ports {} to {}".format(self.from_port, self.to_port)
return "{}: {} {} from {}".format(
name, self.protocol, ports,
self.network if self.network else self.security_group)