def update_object(self):
if self.resource.route_table:
if not self.object.get("RouteTableAssociationId", None):
yield self.generic_action(
"Associate route table",
self.client.associate_route_table,
SubnetId=serializers.Identifier(),
RouteTableId=serializers.Context(
serializers.Argument("route_table"),
serializers.Identifier()),
)
elif self.object['RouteTableId'] != self.runner.get_plan(
self.resource.route_table).resource_id:
yield self.generic_action(
"Replace route table association",
self.client.associate_route_table,
AssociationId=self.object["RouteTableAssociationId"],
RouteTableId=serializers.Context(
serializers.Argument("route_table"),
serializers.Identifier()),
)
elif self.object.get("RouteTableAssociationId", None):
yield self.generic_action(
"Disassociate route table",
self.client.disassociate_route_table,
AssociationId=self.object["RouteTableAssociationId"],
)
naa_changed = False
if not self.resource.network_acl:
return
if not self.object:
naa_changed = True
elif not self.object.get("NetworkAclAssociationId", None):
naa_changed = True
elif self.runner.get_plan(
self.resource.network_acl).resource_id != self.object.get(
'NetworkAclId', None):
naa_changed = True
if naa_changed:
yield self.generic_action(
"Replace Network ACL association",
self.client.replace_network_acl_association,
AssociationId=serializers.Property('NetworkAclAssociationId'),
NetworkAclId=serializers.Context(
serializers.Argument("network_acl"),
serializers.Identifier()),
)
def update_object(self):
policy_names = []
for change in super(Apply, self).update_object():
yield change
remote_policy = self.object.get('AssumeRolePolicyDocument', None)
if remote_policy and remote_policy != self.resource.assume_role_policy:
yield self.generic_action(
"Update 'Assume Role Policy' document",
self.client.update_assume_role_policy,
RoleName=serializers.Identifier(),
PolicyDocument=serializers.Json(serializers.Argument("assume_role_policy")),
)
# If the object exists then we can look at the roles it has
# Otherwise we assume its a new role and it will have no policies
if self.object:
policy_names = self.client.list_role_policies(
RoleName=self.resource.name,
)['PolicyNames']
for name, document in self.resource.policies.items():
document = json.loads(document)
changed = False
if name not in policy_names:
changed = True
# We can't do a single API to get all names and documents for all
# policies, so for each policy that *might* have changed we have to
# call teh API and check.
# Save an API call by only doing it for policies that definitely
# exist
if not changed:
policy = self.client.get_role_policy(
RoleName=self.resource.name,
PolicyName=name,
)
if policy['PolicyDocument'] != document:
changed = True
if changed:
yield self.generic_action(
"Put policy {}".format(name),
self.client.put_role_policy,
RoleName=self.resource.name,
PolicyName=name,
PolicyDocument=json.dumps(document),
)
for name in policy_names:
if name not in self.resource.policies:
yield self.generic_action(
"Delete policy {}".format(name),
self.client.delete_role_policy,
RoleName=self.resource.name,
PolicyName=name,
)
def test_list(self):
serializer = serializers.List(
serializers.Dict(Name=serializers.Argument("name")))
result = serializer.render(self.runner, [self.resource])
self.assertEqual(result, [
{
"Name": "test"
},
])
def update_object(self):
if not self.object:
yield self.generic_action(
"Attach gateway to vpc",
self.client.attach_vpn_gateway,
VpnGatewayId=serializers.Identifier(),
VpcId=serializers.Context(serializers.Argument("vpc"),
serializers.Identifer()),
)
class ForwardedValues(Resource):
resource_name = "forwarded_values"
dot_ignore = True
extra_serializers = {
"Cookies":
serializers.Dict(
Forward=serializers.Argument("forward_cookies"),
WhitelistedNames=CloudFrontList(
serializers.Argument("cookie_whitelist")),
)
}
query_string = argument.Boolean(field="QueryString", default=False)
headers = argument.List(field="Headers",
serializer=CloudFrontList(serializers.List()))
forward_cookies = argument.String(default="whitelist")
cookie_whitelist = argument.List()
class CustomOrigin(Resource):
resource_name = "custom_origin"
dot_ignore = True
extra_serializers = {
"CustomOriginConfig":
serializers.Dict(
HTTPPort=serializers.Argument("http_port"),
HTTPSPort=serializers.Argument("https_port"),
OriginProtocolPolicy=serializers.Argument("origin_protocol"),
)
}
name = argument.String(field='Id')
domain_name = argument.String(field='DomainName')
http_port = argument.Integer(default=80)
https_port = argument.Integer(default=443)
origin_protocol = argument.String(choices=['http-only', 'match-viewer'],
default='match-viewer')
class Rule(Resource):
resource_name = "rule"
dot_ignore = True
network = argument.IPNetwork(field="CidrBlock")
protocol = argument.String(default='tcp',
choices=['tcp', 'udp', 'icmp'],
field="Protocol")
port = argument.Integer(min=-1, max=65535)
from_port = argument.Integer(default=lambda r: r.port
if r.port != -1 else 1,
min=-1,
max=65535)
to_port = argument.Integer(default=lambda r: r.port
if r.port != -1 else 65535,
min=-1,
max=65535)
action = argument.String(default="allow",
choices=["allow", "deny"],
field="RuleAction")
extra_serializers = {
"PortRange":
serializers.Dict(
From=serializers.Integer(serializers.Argument("from_port")),
To=serializers.Integer(serializers.Argument("to_port")),
),
}
def __str__(self):
name = super(Rule, self).__str__()
if self.from_port == self.to_port:
ports = "port {}".format(self.from_port)
else:
ports = "ports {} to {}".format(self.from_port, self.to_port)
return "{}: {} {} from {}".format(name, self.protocol, ports,
self.network)
class DefaultCacheBehavior(Resource):
resource_name = "default_cache_behaviour"
dot_ignore = True
extra_serializers = {
# TrustedSigners are not supported yet, so include stub in serialized form
"TrustedSigners":
serializers.Const({
"Enabled": False,
"Quantity": 0,
}),
"AllowedMethods":
CloudFrontList(
inner=serializers.Context(serializers.Argument("allowed_methods"),
serializers.List()),
CachedMethods=serializers.Context(
serializers.Argument("cached_methods"), CloudFrontList()),
),
}
target_origin = argument.String(field='TargetOriginId')
forwarded_values = argument.Resource(
ForwardedValues,
default=lambda instance: dict(),
field="ForwardedValues",
serializer=serializers.Resource(),
)
viewer_protocol_policy = argument.String(
choices=['allow-all', 'https-only', 'redirect-to-https'],
default='allow-all',
field="ViewerProtocolPolicy")
min_ttl = argument.Integer(default=0, field="MinTTL")
allowed_methods = argument.List(default=lambda x: ["GET", "HEAD"])
cached_methods = argument.List(default=lambda x: ["GET", "HEAD"])
smooth_streaming = argument.Boolean(default=False, field='SmoothStreaming')
def update_object(self):
for change in super(Apply, self).update_object():
yield change
for attachment in self.object.get("Attachments", []):
if attachment['VpcId'] == self.runner.get_plan(
self.resource.vpc).resource_id:
return
yield self.generic_action(
"Attach to vpc {}".format(self.resource.vpc),
self.client.attach_internet_gateway,
InternetGatewayId=serializers.Identifier(),
VpcId=serializers.Context(serializers.Argument("vpc"),
serializers.Identifier()),
)
class S3Origin(Resource):
resource_name = "s3_origin"
extra_serializers = {
"S3OriginConfig":
serializers.Dict(OriginAccessIdentity=serializers.Argument(
"origin_access_identity"), ),
}
name = argument.String(field='Id')
bucket = argument.Resource(Bucket,
field="DomainName",
serializer=serializers.Format(
"{0}.s3.amazonaws.com",
serializers.Identifier()))
origin_access_identity = argument.String(default='')
def test_dict(self):
serializer = serializers.Dict(Name=serializers.Argument("name"))
result = serializer.render(self.runner, self.resource)
self.assertEqual(result, {"Name": "test"})
def test_required(self):
serializer = serializers.Required(serializers.Argument("description"))
self.assertRaises(serializers.RequiredFieldNotPresent,
serializer.render, self.runner, self.resource)
def test_attribute(self):
serializer = serializers.Argument("name")
result = serializer.render(self.runner, self.resource)
self.assertEqual(result, "test")
class Distribution(Resource):
resource_name = "distribution"
extra_serializers = {
"CallerReference":
serializers.Expression(lambda runner, object: runner.get_plan(object).
object.get('DistributionConfig', {}).get(
'CallerReference', str(uuid.uuid4()))),
"Aliases":
CloudFrontList(
serializers.Chain(
serializers.Context(serializers.Argument("name"),
serializers.ListOfOne()),
serializers.Context(serializers.Argument("aliases"),
serializers.List()),
)),
# We don't support GeoRestrictions yet - so include a stubbed default
# when serializing
"Restrictions":
serializers.Const({
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0,
},
}),
}
name = argument.String()
comment = argument.String(field='Comment',
default=lambda instance: instance.name)
aliases = argument.List()
root_object = argument.String(default='/', field="DefaultRootObject")
enabled = argument.Boolean(default=True, field="Enabled")
origins = argument.ResourceList(
(S3Origin, CustomOrigin),
field="Origins",
serializer=CloudFrontResourceList(),
)
default_cache_behavior = argument.Resource(
DefaultCacheBehavior,
field="DefaultCacheBehavior",
serializer=serializers.Resource(),
)
behaviors = argument.ResourceList(
CacheBehavior,
field="CacheBehaviors",
serializer=CloudFrontResourceList(),
)
error_responses = argument.ResourceList(
ErrorResponse,
field="CustomErrorResponses",
serializer=CloudFrontResourceList(),
)
logging = argument.Resource(
LoggingConfig,
default=lambda instance: dict(enabled=False),
field="Logging",
serializer=serializers.Resource(),
)
price_class = argument.String(
default="PriceClass_100",
choices=['PriceClass_100', 'PriceClass_200', 'PriceClass_All'],
field="PriceClass",
)
viewer_certificate = argument.Resource(
ViewerCertificate,
field="ViewerCertificate",
serializer=serializers.Resource(),
)
account = argument.Resource(Account)
