def update_object(self): if self.resource.route_table: if not self.object.get("RouteTableAssociationId", None): yield self.generic_action( "Associate route table", self.client.associate_route_table, SubnetId=serializers.Identifier(), RouteTableId=serializers.Context( serializers.Argument("route_table"), serializers.Identifier()), ) elif self.object['RouteTableId'] != self.runner.get_plan( self.resource.route_table).resource_id: yield self.generic_action( "Replace route table association", self.client.associate_route_table, AssociationId=self.object["RouteTableAssociationId"], RouteTableId=serializers.Context( serializers.Argument("route_table"), serializers.Identifier()), ) elif self.object.get("RouteTableAssociationId", None): yield self.generic_action( "Disassociate route table", self.client.disassociate_route_table, AssociationId=self.object["RouteTableAssociationId"], ) naa_changed = False if not self.resource.network_acl: return if not self.object: naa_changed = True elif not self.object.get("NetworkAclAssociationId", None): naa_changed = True elif self.runner.get_plan( self.resource.network_acl).resource_id != self.object.get( 'NetworkAclId', None): naa_changed = True if naa_changed: yield self.generic_action( "Replace Network ACL association", self.client.replace_network_acl_association, AssociationId=serializers.Property('NetworkAclAssociationId'), NetworkAclId=serializers.Context( serializers.Argument("network_acl"), serializers.Identifier()), )
def update_object(self): policy_names = [] for change in super(Apply, self).update_object(): yield change remote_policy = self.object.get('AssumeRolePolicyDocument', None) if remote_policy and remote_policy != self.resource.assume_role_policy: yield self.generic_action( "Update 'Assume Role Policy' document", self.client.update_assume_role_policy, RoleName=serializers.Identifier(), PolicyDocument=serializers.Json(serializers.Argument("assume_role_policy")), ) # If the object exists then we can look at the roles it has # Otherwise we assume its a new role and it will have no policies if self.object: policy_names = self.client.list_role_policies( RoleName=self.resource.name, )['PolicyNames'] for name, document in self.resource.policies.items(): document = json.loads(document) changed = False if name not in policy_names: changed = True # We can't do a single API to get all names and documents for all # policies, so for each policy that *might* have changed we have to # call teh API and check. # Save an API call by only doing it for policies that definitely # exist if not changed: policy = self.client.get_role_policy( RoleName=self.resource.name, PolicyName=name, ) if policy['PolicyDocument'] != document: changed = True if changed: yield self.generic_action( "Put policy {}".format(name), self.client.put_role_policy, RoleName=self.resource.name, PolicyName=name, PolicyDocument=json.dumps(document), ) for name in policy_names: if name not in self.resource.policies: yield self.generic_action( "Delete policy {}".format(name), self.client.delete_role_policy, RoleName=self.resource.name, PolicyName=name, )
def test_list(self): serializer = serializers.List( serializers.Dict(Name=serializers.Argument("name"))) result = serializer.render(self.runner, [self.resource]) self.assertEqual(result, [ { "Name": "test" }, ])
def update_object(self): if not self.object: yield self.generic_action( "Attach gateway to vpc", self.client.attach_vpn_gateway, VpnGatewayId=serializers.Identifier(), VpcId=serializers.Context(serializers.Argument("vpc"), serializers.Identifer()), )
class ForwardedValues(Resource): resource_name = "forwarded_values" dot_ignore = True extra_serializers = { "Cookies": serializers.Dict( Forward=serializers.Argument("forward_cookies"), WhitelistedNames=CloudFrontList( serializers.Argument("cookie_whitelist")), ) } query_string = argument.Boolean(field="QueryString", default=False) headers = argument.List(field="Headers", serializer=CloudFrontList(serializers.List())) forward_cookies = argument.String(default="whitelist") cookie_whitelist = argument.List()
class CustomOrigin(Resource): resource_name = "custom_origin" dot_ignore = True extra_serializers = { "CustomOriginConfig": serializers.Dict( HTTPPort=serializers.Argument("http_port"), HTTPSPort=serializers.Argument("https_port"), OriginProtocolPolicy=serializers.Argument("origin_protocol"), ) } name = argument.String(field='Id') domain_name = argument.String(field='DomainName') http_port = argument.Integer(default=80) https_port = argument.Integer(default=443) origin_protocol = argument.String(choices=['http-only', 'match-viewer'], default='match-viewer')
class Rule(Resource): resource_name = "rule" dot_ignore = True network = argument.IPNetwork(field="CidrBlock") protocol = argument.String(default='tcp', choices=['tcp', 'udp', 'icmp'], field="Protocol") port = argument.Integer(min=-1, max=65535) from_port = argument.Integer(default=lambda r: r.port if r.port != -1 else 1, min=-1, max=65535) to_port = argument.Integer(default=lambda r: r.port if r.port != -1 else 65535, min=-1, max=65535) action = argument.String(default="allow", choices=["allow", "deny"], field="RuleAction") extra_serializers = { "PortRange": serializers.Dict( From=serializers.Integer(serializers.Argument("from_port")), To=serializers.Integer(serializers.Argument("to_port")), ), } def __str__(self): name = super(Rule, self).__str__() if self.from_port == self.to_port: ports = "port {}".format(self.from_port) else: ports = "ports {} to {}".format(self.from_port, self.to_port) return "{}: {} {} from {}".format(name, self.protocol, ports, self.network)
class DefaultCacheBehavior(Resource): resource_name = "default_cache_behaviour" dot_ignore = True extra_serializers = { # TrustedSigners are not supported yet, so include stub in serialized form "TrustedSigners": serializers.Const({ "Enabled": False, "Quantity": 0, }), "AllowedMethods": CloudFrontList( inner=serializers.Context(serializers.Argument("allowed_methods"), serializers.List()), CachedMethods=serializers.Context( serializers.Argument("cached_methods"), CloudFrontList()), ), } target_origin = argument.String(field='TargetOriginId') forwarded_values = argument.Resource( ForwardedValues, default=lambda instance: dict(), field="ForwardedValues", serializer=serializers.Resource(), ) viewer_protocol_policy = argument.String( choices=['allow-all', 'https-only', 'redirect-to-https'], default='allow-all', field="ViewerProtocolPolicy") min_ttl = argument.Integer(default=0, field="MinTTL") allowed_methods = argument.List(default=lambda x: ["GET", "HEAD"]) cached_methods = argument.List(default=lambda x: ["GET", "HEAD"]) smooth_streaming = argument.Boolean(default=False, field='SmoothStreaming')
def update_object(self): for change in super(Apply, self).update_object(): yield change for attachment in self.object.get("Attachments", []): if attachment['VpcId'] == self.runner.get_plan( self.resource.vpc).resource_id: return yield self.generic_action( "Attach to vpc {}".format(self.resource.vpc), self.client.attach_internet_gateway, InternetGatewayId=serializers.Identifier(), VpcId=serializers.Context(serializers.Argument("vpc"), serializers.Identifier()), )
class S3Origin(Resource): resource_name = "s3_origin" extra_serializers = { "S3OriginConfig": serializers.Dict(OriginAccessIdentity=serializers.Argument( "origin_access_identity"), ), } name = argument.String(field='Id') bucket = argument.Resource(Bucket, field="DomainName", serializer=serializers.Format( "{0}.s3.amazonaws.com", serializers.Identifier())) origin_access_identity = argument.String(default='')
def test_dict(self): serializer = serializers.Dict(Name=serializers.Argument("name")) result = serializer.render(self.runner, self.resource) self.assertEqual(result, {"Name": "test"})
def test_required(self): serializer = serializers.Required(serializers.Argument("description")) self.assertRaises(serializers.RequiredFieldNotPresent, serializer.render, self.runner, self.resource)
def test_attribute(self): serializer = serializers.Argument("name") result = serializer.render(self.runner, self.resource) self.assertEqual(result, "test")
class Distribution(Resource): resource_name = "distribution" extra_serializers = { "CallerReference": serializers.Expression(lambda runner, object: runner.get_plan(object). object.get('DistributionConfig', {}).get( 'CallerReference', str(uuid.uuid4()))), "Aliases": CloudFrontList( serializers.Chain( serializers.Context(serializers.Argument("name"), serializers.ListOfOne()), serializers.Context(serializers.Argument("aliases"), serializers.List()), )), # We don't support GeoRestrictions yet - so include a stubbed default # when serializing "Restrictions": serializers.Const({ "GeoRestriction": { "RestrictionType": "none", "Quantity": 0, }, }), } name = argument.String() comment = argument.String(field='Comment', default=lambda instance: instance.name) aliases = argument.List() root_object = argument.String(default='/', field="DefaultRootObject") enabled = argument.Boolean(default=True, field="Enabled") origins = argument.ResourceList( (S3Origin, CustomOrigin), field="Origins", serializer=CloudFrontResourceList(), ) default_cache_behavior = argument.Resource( DefaultCacheBehavior, field="DefaultCacheBehavior", serializer=serializers.Resource(), ) behaviors = argument.ResourceList( CacheBehavior, field="CacheBehaviors", serializer=CloudFrontResourceList(), ) error_responses = argument.ResourceList( ErrorResponse, field="CustomErrorResponses", serializer=CloudFrontResourceList(), ) logging = argument.Resource( LoggingConfig, default=lambda instance: dict(enabled=False), field="Logging", serializer=serializers.Resource(), ) price_class = argument.String( default="PriceClass_100", choices=['PriceClass_100', 'PriceClass_200', 'PriceClass_All'], field="PriceClass", ) viewer_certificate = argument.Resource( ViewerCertificate, field="ViewerCertificate", serializer=serializers.Resource(), ) account = argument.Resource(Account)