class Role(Resource): resource_name = "role" name = argument.String(field="RoleName") path = argument.String(field='Path') assume_role_policy = argument.Dict(field="AssumeRolePolicyDocument", serializer=serializers.Json()) policies = argument.Dict() account = argument.Resource(Account) def clean_assume_role_policy(self, policy): if frozenset(policy.keys()).difference(frozenset(("Version", "Statement"))): raise errors.InvalidParameter("Unexpected policy key") result = {} result['Version'] = policy.get('Version', '2012-10-17') result['Statement'] = [] for statement in policy.get("Statement", []): s = { "Action": statement["Action"], "Effect": statement["Effect"], "Principal": statement["Principal"], "Sid": statement.get("Sid", ""), } result['Statement'].append(s) return result
class HostedZone(Resource): """ A DNS zone hosted at Amazon Route53 """ resource_name = "hosted_zone" extra_serializers = { "CallerReference": serializers.Expression(lambda x, y: str(uuid.uuid4())), } name = argument.String(field="Name") vpc = argument.Resource(VPC, field="VPC") comment = argument.String( field="HostedZoneConfig", serializer=serializers.Dict(Comment=serializers.Identity(), ), ) records = argument.ResourceList(Record) shared = argument.Boolean() """ If a hosted zone is shared then it won't be destroyed and DNS records will never be deleted """ account = argument.Resource(BaseAccount) def clean_name(self, name): return _normalize(name)
class Connection(resource.Resource): resource_name = "ssh_connection" username = argument.String(default="root", field="username") password = argument.String(field="password") private_key = argument.String(field="pkey", serializer=serializers.Identity()) hostname = argument.String(field="hostname") instance = argument.Resource(Instance, field="hostname", serializer=serializers.Resource()) port = argument.Integer(field="port", default=22) proxy = argument.Resource("touchdown.ssh.Connection") root = argument.Resource(workspace.Workspace) def clean_private_key(self, private_key): if private_key: for cls in (paramiko.RSAKey, paramiko.ECDSAKey, paramiko.DSSKey): try: key = cls.from_private_key(six.BytesIO(private_key)) except paramiko.SSHException: continue return key raise errors.InvalidParameter("Invalid SSH private key")
class InstanceProfile(Resource): resource_name = "instance_profile" name = argument.String(field="InstanceProfileName") path = argument.String(field='Path') roles = argument.ResourceList(Role) account = argument.Resource(Account)
class KeyPair(Resource): resource_name = "keypair" name = argument.String(field="KeyName") public_key = argument.String(field="PublicKeyMaterial") account = argument.Resource(Account)
class SubnetGroup(Resource): resource_name = "db_subnet_group" name = argument.String(field="DBSubnetGroupName") description = argument.String(field="DBSubnetGroupDescription") subnets = argument.ResourceList(Subnet, field="SubnetIds") # tags = argument.Dict() account = argument.Resource(Account)
class VpnGateway(Resource): resource_name = "vpn_gateway" name = argument.String() type = argument.String(default="ipsec.1", choices=["ipsec.1"], field="Type") availability_zone = argument.String(field="AvailabilityZone") tags = argument.Dict() vpc = argument.Resource(VPC)
class ServerCertificate(Resource): resource_name = "server_certificate" name = argument.String(field="ServerCertificateName") path = argument.String(field='Path') certificate_body = argument.String(field="CertificateBody") private_key = argument.String(field="PrivateKey", secret=True) certificate_chain = argument.String(field="CertificateChain") account = argument.Resource(Account)
class CustomerGateway(Resource): resource_name = "customer_gateway" name = argument.String() type = argument.String(default="ipsec.1", choices=["ipsec.1"], field="GatewayType") public_ip = argument.IPAddress(field="PublicIp") bgp_asn = argument.Integer(default=65000, field="BgpAsn") tags = argument.Dict() vpc = argument.Resource(VPC)
class Bucket(Resource): resource_name = "bucket" name = argument.String(field="Bucket") region = argument.String( field="CreateBucketConfiguration", serializer=serializers.Dict( LocationConstraint=serializers.Identity(), ), ) account = argument.Resource(Account)
class Listener(Resource): resource_name = "listener" protocol = argument.String(field="Protocol") port = argument.Integer(field="LoadBalancerPort") instance_protocol = argument.String(field="InstanceProtocol") instance_port = argument.Integer(field="InstancePort") ssl_certificate = argument.Resource( ServerCertificate, field="SSLCertificiateId", serializer=serializers.Property("Arn"), )
class VPC(Resource): resource_name = "vpc" name = argument.String() cidr_block = argument.IPNetwork(field='CidrBlock') tenancy = argument.String(default="default", choices=["default", "dedicated"], field="InstanceTenancy") tags = argument.Dict() account = argument.Resource(Account)
class ReplicationGroup(BaseCacheCluster, Resource): resource_name = "replication_group" name = argument.String(regex=r"[a-z1-9\-]{1,20}", field="ReplicationGroupId") description = argument.String(default=lambda resource: resource.name, field="ReplicationGroupDescription") primary_cluster = argument.Resource( "touchdown.aws.elasticache.cache.CacheCluster", field="PrimaryClusterId") automatic_failover = argument.Boolean(field="AutomaticFailoverEnabled") num_cache_clusters = argument.Integer(field="NumCacheClusters")
class SecurityGroup(Resource): resource_name = "security_group" name = argument.String(field="GroupName") description = argument.String(field="Description") ingress = argument.ResourceList(Rule) egress = argument.ResourceList( Rule, default=lambda instance: [dict(protocol=-1, network=['0.0.0.0/0'])], ) tags = argument.Dict() vpc = argument.Resource(VPC, field="VpcId")
class Environment(Resource): resource_name = "environment" name = argument.String() cidr_block = argument.IPNetwork() account = argument.Resource(Account)
class S3Origin(Resource): resource_name = "s3_origin" extra_serializers = { "S3OriginConfig": serializers.Dict(OriginAccessIdentity=serializers.Argument( "origin_access_identity"), ), } name = argument.String(field='Id') bucket = argument.Resource(Bucket, field="DomainName", serializer=serializers.Format( "{0}.s3.amazonaws.com", serializers.Identifier())) origin_access_identity = argument.String(default='')
class InternetGateway(Resource): resource_name = "internet_gateway" name = argument.String() tags = argument.Dict() vpc = argument.Resource(VPC)
class AutoScalingGroup(zone.Zone): resource_name = "auto_scaling_group" name = argument.String() replacement_policy = argument.String(choices=['singleton', 'graceful'], ) load_balancers = argument.ResourceList(LoadBalancer, ) user_data = argument.Dict() def clean_user_data(self, value): value = serializers.Dict(**value) for dep in value.dependencies(self): if dep != self: self.add_dependency(dep) return value
class ErrorResponse(Resource): resource_name = "error_response" dot_ignore = True error_code = argument.Integer(field="ErrorCode") response_page_path = argument.String(field="ResponsePagePath") response_code = argument.Integer(field="ResponseCode") min_ttl = argument.Integer(field="ErrorCachingMinTTL")
class RouteTable(Resource): resource_name = "route_table" name = argument.String() routes = argument.ResourceList(Route) propagating_vpn_gateways = argument.ResourceList(VpnGateway) tags = argument.Dict() vpc = argument.Resource(VPC, field='VpcId')
class Zone(Resource): name = argument.String() prefix = argument.Integer(default=24) cidr_block = argument.IPNetwork() """ Is this zone on the public internet? """ public = argument.Boolean(default=False) """ The availability zones to create this zone in """ availability_zones = argument.List( argument.String(min=1, max=1), min=2, max=2, default=["a", "b"], ) environment = argument.Resource(Environment)
class Subnet(Resource): resource_name = "subnet" field_order = ["vpc"] name = argument.String() cidr_block = argument.IPNetwork(field='CidrBlock') availability_zone = argument.String(field='AvailabilityZone') route_table = argument.Resource(RouteTable) network_acl = argument.Resource(NetworkACL) tags = argument.Dict() vpc = argument.Resource(VPC, field='VpcId') def clean_cidr_block(self, cidr_block): if not cidr_block in self.vpc.cidr_block: raise errors.InvalidParameter("{} not inside network {}".format( self.cidr_block, self.vpc.cidr_block)) return cidr_block
class CustomOrigin(Resource): resource_name = "custom_origin" dot_ignore = True extra_serializers = { "CustomOriginConfig": serializers.Dict( HTTPPort=serializers.Argument("http_port"), HTTPSPort=serializers.Argument("https_port"), OriginProtocolPolicy=serializers.Argument("origin_protocol"), ) } name = argument.String(field='Id') domain_name = argument.String(field='DomainName') http_port = argument.Integer(default=80) https_port = argument.Integer(default=443) origin_protocol = argument.String(choices=['http-only', 'match-viewer'], default='match-viewer')
class HealthCheck(Resource): resource_name = "health_check" dot_ignore = True interval = argument.Integer(field="Interval") check = argument.String(field="Target") healthy_threshold = argument.Integer(field="HealthyThreshold") unhealthy_threshold = argument.Integer(field="UnhealthyThreshold") timeout = argument.Integer(field="Timeout")
class NetworkACL(Resource): resource_name = "network_acl" name = argument.String() inbound = argument.ResourceList(Rule) outbound = argument.ResourceList(Rule) tags = argument.Dict() vpc = argument.Resource(VPC, field="VpcId")
class VpnConnection(Resource): resource_name = "vpn_connection" name = argument.String() customer_gateway = argument.Resource(CustomerGateway, field="CustomerGatewayId") vpn_gateway = argument.Resource(VpnGateway, field="VpnGatewayId") type = argument.String(default="ipsec.1", choices=["ipsec.1"], field="Type") static_routes_only = argument.Boolean( default=True, field="Options", serializer=serializers.Dict(StaticRoutesOnly=serializers.Boolean()), ) static_routes = argument.List() # FIXME: This should somehow be a list of argument.IPNetwork tags = argument.Dict() vpc = argument.Resource(VPC)
class LaunchConfiguration(Resource): resource_name = "launch_configuration" name = argument.String(max=255, field="LaunchConfigurationName", update=False) image = argument.String(max=255, field="ImageId") key_pair = argument.Resource(KeyPair, field="KeyName") security_groups = argument.ResourceList(SecurityGroup, field="SecurityGroups") user_data = argument.Serializer(field="UserData") instance_type = argument.String(max=255, field="InstanceType") kernel = argument.String(max=255, field="KernelId") ramdisk = argument.String(max=255, field="RamdiskId") # block_devices = argument.Dict(field="BlockDeviceMappings") instance_monitoring = argument.Boolean( default=False, field="InstanceMonitoring", serializer=serializers.Dict(Enabled=serializers.Identity()), ) spot_price = argument.String(field="SpotPrice") instance_profile = argument.Resource( InstanceProfile, field="IamInstanceProfile", serializers=serializers.Property("Arn"), ) ebs_optimized = argument.Boolean(field="EbsOptimized") associate_public_ip_address = argument.Boolean(field="AssociatePublicIpAddress") placement_tenancy = argument.String( max=64, choices=[ "default", "dedicated", ], field="PlacementTenancy", ) account = argument.Resource(Account) def matches(self, runner, remote): if "UserData" in remote and remote["UserData"]: import base64 remote["UserData"] = base64.b64decode(remote["UserData"]) return super(LaunchConfiguration, self).matches(runner, remote)
class LoggingConfig(Resource): resource_name = "logging_config" dot_ignore = True enabled = argument.Boolean(field="Enabled", default=False) include_cookies = argument.Boolean(field="IncludeCookies", default=False) bucket = argument.Resource(Bucket, field="Bucket", serializer=serializers.Default(default=None), default="") prefix = argument.String(field="Prefix", default="")
class LoadBalancer(Resource): resource_name = "load_balancer" name = argument.String(field="LoadBalancerName") listeners = argument.ResourceList( Listener, field="Listeners", serializer=serializers.List(serializers.Resource()), ) availability_zones = argument.List(field="AvailabilityZones") scheme = argument.String(choices=["internet-facing", "private"], field="Scheme") subnets = argument.ResourceList(Subnet, field="Subnets") security_groups = argument.ResourceList(SecurityGroup, field="SecurityGroups") # tags = argument.Dict() health_check = argument.Resource(HealthCheck) attributes = argument.Resource(Attributes) account = argument.Resource(Account)
class Pipeline(Resource): resource_name = "pipeline" name = argument.String(field="Name") input_bucket = argument.Resource(Bucket, field="InputBucket") output_bucket = argument.Resource(Bucket, field="OutputBucket") role = argument.Resource(Role, field="Role") # key = argument.Resource(KmsKey, field="AwsKmsKeyArn") # notifications = argument.Resource(Topic, field="Notifications") content_config = argument.Dict(field="ContentConfig") thumbnail_config = argument.Dict(field="ThumbnailConfig") account = argument.Resource(Account)