def test_equals():
test_set_equals = {
"arn:aws:ssm:eu-central-1:111111111114:parameter/issue-25":
"arn:aws:ssm:eu-central-1:111111111114:parameter//issue-25",
"arn:aws:ssm:eu-central-1:111111111114:parameter/demo/issue-25":
"arn:aws:ssm:eu-central-1:111111111114:parameter/demo/issue-25",
"arn:aws:ssm:eu-central-1:111111111114:parameter/demo/issue-25":
"arn:aws:ssm:eu-central-1:111111111114:parameter//demo/issue-25",
"arn:aws:ssm:eu-central-1:111111111114:parameter/demo/issue-25":
"arn:aws:ssm:eu-central-1:111111111114:parameter//demo/issue-25",
"arn:aws:ssm:eu-central-1:111111111114:parameter/////demo/issue-25":
"arn:aws:ssm:eu-central-1:111111111114:parameter//demo/issue-25",
}
for arn1, arn2 in test_set_equals.items():
assert ssm_parameter_name.equals(arn1, arn2), f"{arn1} != {arn2}"
test_set_not_equals = {
"arn:aws:ssm:eu-central-1:111111111114:parameter/issue-25": "issue-25",
"arn:aws:ssm:eu-central-1:111111111114:parameter/issue-25":
"arn:aws:ssm:eu-west-1:111111111114:parameter/issue-25",
"arn:aws:ssm:eu-central-1:111111111114:parameter/issue-25":
"arn:aws:ssm:eu-central-1:132312323134:parameter/issue-25",
None: None,
}
for arn1, arn2 in test_set_not_equals.items():
assert not ssm_parameter_name.equals(arn1, arn2), f"{arn1} == {arn2}"
def create_or_update_secret(self, overwrite=False, new_secret=True):
try:
if new_secret:
private_key, public_key = self.create_key()
else:
private_key, public_key = self.get_key()
kwargs = {
"Name": self.get("Name"),
"KeyId": self.get("KeyAlias"),
"Type": "SecureString",
"Overwrite": overwrite,
"Value": private_key,
}
if self.get("Description") != "":
kwargs["Description"] = self.get("Description")
response = self.ssm.put_parameter(**kwargs)
version = response["Version"] if "Version" in response else 1
self.set_attribute("Arn", self.arn)
self.set_attribute("PublicKey", public_key)
self.set_attribute("PublicKeyPEM", self.public_key_to_pem(private_key))
self.set_attribute(
"Hash", hashlib.md5(public_key.encode("utf-8")).hexdigest()
)
self.set_attribute("Version", version)
if not ssm_parameter_name.equals(self.physical_resource_id, self.arn):
# prevent CFN deleting a resource with identical Arns in different formats.
self.physical_resource_id = self.arn
except ClientError as e:
self.physical_resource_id = "could-not-create"
self.fail(str(e))
def put_parameter(self, overwrite=False, new_secret=True):
try:
kwargs = {
"Name": self.get("Name"),
"KeyId": self.get("KeyAlias"),
"Type": "SecureString",
"Overwrite": overwrite,
}
if self.get("Description") != "":
kwargs["Description"] = self.get("Description")
if new_secret:
kwargs["Value"] = self.get_content()
else:
kwargs["Value"] = self.get_secret()
response = self.ssm.put_parameter(**kwargs)
version = response["Version"] if "Version" in response else 1
self.set_attribute("Arn", self.arn)
self.set_attribute(
"Hash",
hashlib.md5(kwargs["Value"].encode("utf8")).hexdigest())
self.set_attribute("Version", version)
if self.get("ReturnSecret"):
self.set_attribute("Secret", kwargs["Value"])
self.no_echo = self.get("NoEcho")
if not ssm_parameter_name.equals(self.physical_resource_id,
self.arn):
# prevent CFN deleting a resource with identical Arns in different formats.
self.physical_resource_id = self.arn
except (TypeError, ClientError) as e:
if self.request_type == "Create":
self.physical_resource_id = "could-not-create"
self.fail(str(e))
def put_parameter(self, overwrite=False, new_secret=True):
try:
kwargs = {
'Name': self.get('Name'),
'KeyId': self.get('KeyAlias'),
'Type': 'SecureString',
'Overwrite': overwrite
}
if self.get('Description') != '':
kwargs['Description'] = self.get('Description')
if new_secret:
kwargs['Value'] = self.get_content()
else:
kwargs['Value'] = self.get_secret()
response = self.ssm.put_parameter(**kwargs)
version = response['Version'] if 'Version' in response else 1
self.set_attribute('Arn', self.arn)
self.set_attribute(
'Hash',
hashlib.md5(kwargs['Value'].encode('utf8')).hexdigest())
self.set_attribute('Version', version)
if self.get('ReturnSecret'):
self.set_attribute('Secret', kwargs['Value'])
self.no_echo = self.get('NoEcho')
if not ssm_parameter_name.equals(self.physical_resource_id,
self.arn):
# prevent CFN deleting a resource with identical Arns in different formats.
self.physical_resource_id = self.arn
except (TypeError, ClientError) as e:
if self.request_type == 'Create':
self.physical_resource_id = 'could-not-create'
self.fail(str(e))
def create_or_update_secret(self, overwrite=False, new_secret=True):
try:
if new_secret:
private_key, public_key = self.create_key()
else:
private_key, public_key = self.get_key()
kwargs = {
'Name': self.get('Name'),
'KeyId': self.get('KeyAlias'),
'Type': 'SecureString',
'Overwrite': overwrite,
'Value': private_key
}
if self.get('Description') != '':
kwargs['Description'] = self.get('Description')
response = self.ssm.put_parameter(**kwargs)
version = response['Version'] if 'Version' in response else 1
self.set_attribute('Arn', self.arn)
self.set_attribute('PublicKey', public_key)
self.set_attribute('PublicKeyPEM',
self.public_key_to_pem(private_key))
self.set_attribute(
'Hash',
hashlib.md5(public_key.encode('utf-8')).hexdigest())
self.set_attribute('Version', version)
if not ssm_parameter_name.equals(self.physical_resource_id,
self.arn):
# prevent CFN deleting a resource with identical Arns in different formats.
self.physical_resource_id = self.arn
except ClientError as e:
self.physical_resource_id = 'could-not-create'
self.fail(str(e))
def allow_overwrite(self):
return ssm_parameter_name.equals(self.physical_resource_id, self.arn)
def update(self):
self.put_parameter(
overwrite=ssm_parameter_name.equals(self.physical_resource_id,
self.arn),
new_secret=self.refresh_on_update,
)
def update(self):
self.put_parameter(overwrite=ssm_parameter_name.equals(
self.physical_resource_id, self.arn),
new_secret=self.get('RefreshOnUpdate'))