def should_skip_message(sns_message_id, event):
stack_arn = cfn.stack_id(event)
logical_resource_id = cfn.logical_resource_id(event)
log.msg('checking sns message skipping',
stack_arn=stack_arn,
logical_resource_id=logical_resource_id,
sns_message_id=sns_message_id)
parameter_name = naming.dns_certificate_sns_message_id_parameter_name(
stack_arn, logical_resource_id)
last_message_id = None
try:
last_message_id = cssm.fetch_string_parameter(ssm, parameter_name)
except ssm.exceptions.ParameterNotFound:
pass
except Exception as e:
raise e
if last_message_id == sns_message_id:
log.msg('sns message already processed', sns_message_id=sns_message_id)
return True
else:
cssm.put_string_parameter(ssm,
parameter_name,
value=sns_message_id,
description=SSM_PARAMETER_DESCRIPTION)
return False
def create(event, _):
properties = validate_properties(resource_properties(event))
parameter_name = naming.s3_release_cleanup_parameter_name(
stack_arn=cfn.stack_id(event),
logical_resource_id=cfn.logical_resource_id(event))
put_json_parameter(parameter_name, [properties.current_release_prefix])
return parameter_name
def delete_sns_message_ssm_parameter(event):
stack_arn = cfn.stack_id(event)
logical_resource_id = cfn.logical_resource_id(event)
parameter_name = naming.dns_certificate_sns_message_id_parameter_name(
stack_arn, logical_resource_id)
try:
ssm.delete_parameter(Name=parameter_name)
except ssm.exceptions.ParameterNotFound:
log.msg('parameter does not exists, skipping',
parameter_name=parameter_name)
except Exception as e:
raise e
def is_same_region(event, region1, region2):
# 1. if the new region is the same as the old one, they are the same.
if region1 == region2:
return True
# 2. else, if both are defined, they are not the same.
if region1 and region2:
return False
# 3. else, we have a complicate case where either the old or the new region are implicit from the
# region of the cloudformation stack.
sdk_region = extract_region(cfn.stack_id(event))
return sdk_region == region1 or sdk_region == region2
def update_certificate(sns_message_id, event):
if should_skip_message(sns_message_id, event):
return
new_properties = validate_properties(resource_properties(event))
old_properties = validate_properties(cfn.old_resource_properties(event))
certificate_arn = cfn.physical_resource_id(event)
if needs_new(event, old_properties, new_properties):
log.msg('new certificate needed',
stack_arn=cfn.stack_id(event),
logical_resource_id=cfn.logical_resource_id(event))
log.msg('delete old dns record', old_properties=old_properties)
cert_proc = CertificateProcessor(certificate_arn, old_properties)
cert_proc.delete_record_set_group()
create_certificate(sns_message_id, event)
else:
cert_proc = CertificateProcessor(certificate_arn, new_properties)
if safe_set(old_properties.tags) != safe_set(new_properties.tags):
cert_proc.update_tags()
if old_properties.with_caa != new_properties.with_caa:
if new_properties.with_caa:
cert_proc.create_caa_records()
else:
cert_proc.delete_caa_records()
cfn.send_success(event)