def test_get_resource_arn(self):
_test_name = 'test_get_resource_arn'
_test_node_properties = {'use_external_resource': False}
_test_runtime_properties = {'resource_config': {}}
_ctx = self.get_mock_ctx(
_test_name,
test_properties=_test_node_properties,
test_runtime_properties=_test_runtime_properties,
type_hierarchy=['cloudify.nodes.Root'])
current_ctx.set(_ctx)
self.assertEqual(utils.get_resource_arn(), None)
with self.assertRaises(NonRecoverableError):
utils.get_resource_arn(raise_on_missing=True)
def attach_to(ctx, iface, resource_config, **_):
'''Attaches an IAM User to something else'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.Group'):
resource_config['UserName'] = iface.resource_id
IAMGroup(ctx.target.node, logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).attach_user(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.LoginProfile'):
iface.create_login_profile(
resource_config or
ctx.target.instance.runtime_properties.get('resource_config'))
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.AccessKey'):
resp = iface.create_access_key(
resource_config or
ctx.target.instance.runtime_properties.get('resource_config'))
utils.update_resource_id(ctx.target.instance, resp['AccessKeyId'])
ctx.target.instance.runtime_properties['SecretAccessKey'] = \
resp['SecretAccessKey']
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.Policy'):
resource_config['PolicyArn'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.attach_policy(resource_config)
def attach_to(ctx, iface, resource_config, **_):
'''Attaches an IAM User to something else'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.Group'):
resource_config['UserName'] = iface.resource_id
IAMGroup(ctx.target.node, logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).attach_user(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.LoginProfile'):
iface.create_login_profile(
resource_config or
ctx.target.instance.runtime_properties.get('resource_config'))
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.AccessKey'):
resp = iface.create_access_key(
resource_config or
ctx.target.instance.runtime_properties.get('resource_config'))
utils.update_resource_id(ctx.target.instance, resp['AccessKeyId'])
ctx.target.instance.runtime_properties['SecretAccessKey'] = \
resp['SecretAccessKey']
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.Policy'):
resource_config['PolicyArn'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.attach_policy(resource_config)
def detach_from(ctx, iface, resource_config, **_):
'''Detaches an IAM User from something else'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.Group'):
resource_config['UserName'] = iface.resource_id
IAMGroup(ctx.target.node, logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).detach_user(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.LoginProfile'):
iface.delete_login_profile(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.AccessKey'):
resource_config['AccessKeyId'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.delete_access_key(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.Policy'):
resource_config['PolicyArn'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.detach_policy(resource_config)
def detach_from(ctx, iface, resource_config, **_):
'''Detaches an IAM User from something else'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.Group'):
resource_config['UserName'] = iface.resource_id
IAMGroup(ctx.target.node, logger=ctx.logger,
resource_id=utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)).detach_user(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.LoginProfile'):
iface.delete_login_profile(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.AccessKey'):
resource_config['AccessKeyId'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.delete_access_key(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.Policy'):
resource_config['PolicyArn'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.detach_policy(resource_config)
def detach_from(ctx, iface, resource_config, **_):
'''Detaches an IAM Role from something else'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.Policy'):
resource_config['PolicyArn'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.detach_policy(resource_config)
def prepare_assoc(ctx, iface, resource_config, **_):
'''Prepares to associate an Lambda Permission to something else'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.lambda.Function'):
ctx.source.instance.runtime_properties['resource_config'][
'FunctionName'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
def prepare_assoc(ctx, iface, resource_config, **_):
'''Prepares to associate an Lambda Permission to something else'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.lambda.Function'):
ctx.source.instance.runtime_properties[
'resource_config']['FunctionName'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
def _get_iam_role_to_attach(ctx):
role_arn = None
iam_role = utils.find_rel_by_node_type(ctx.instance,
'cloudify.nodes.aws.iam.Role')
if iam_role:
role_arn = utils.get_resource_arn(node=iam_role.target.node,
instance=iam_role.target.instance,
raise_on_missing=True)
return role_arn
def test_get_resource_arn(self):
_test_name = 'test_get_resource_arn'
_test_node_properties = {
'use_external_resource': False
}
_test_runtime_properties = {
'resource_config': {}
}
_ctx = self.get_mock_ctx(
_test_name,
test_properties=_test_node_properties,
test_runtime_properties=_test_runtime_properties,
type_hierarchy=['cloudify.nodes.Root']
)
current_ctx.set(_ctx)
self.assertEqual(utils.get_resource_arn(), None)
with self.assertRaises(NonRecoverableError):
utils.get_resource_arn(raise_on_missing=True)
def delete(ctx, iface, resource_config, **_):
"""Deletes an AWS SNS Topic"""
# Create a copy of the resource config for clean manipulation.
params = dict() if not resource_config else resource_config.copy()
if TOPIC_ARN not in params:
params.update(
{TOPIC_ARN: utils.get_resource_arn(ctx.node, ctx.instance)})
# Actually delete the resource
iface.delete(params)
def attach_to(ctx, iface, resource_config, **_):
'''Attaches an IAM Group to something else'''
if utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.User'):
resource_config['UserName'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.attach_user(resource_config)
elif utils.is_node_type(ctx.target.node, 'cloudify.nodes.aws.iam.Policy'):
resource_config['PolicyArn'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.attach_policy(resource_config)
def delete(ctx, iface, resource_config, **_):
"""Deletes an AWS SNS Subscription"""
# Create a copy of the resource config for clean manipulation.
params = dict() if not resource_config else resource_config.copy()
# Add the required SubscriptionArn parameter.
if SUB_ARN not in params:
arn = \
utils.get_resource_arn(
ctx.node,
ctx.instance)
params[SUB_ARN] = arn
# Actually delete the resource
iface.delete(params)
def delete(ctx, iface, resource_config, **_):
"""Deletes an AWS SNS Topic"""
# Create a copy of the resource config for clean manipulation.
params = \
dict() if not resource_config else resource_config.copy()
if TOPIC_ARN not in params.keys():
params.update(
{TOPIC_ARN:
utils.get_resource_arn(
ctx.node,
ctx.instance)})
# Actually delete the resource
iface.delete(params)
def detach_from(ctx, iface, resource_config, **_):
'''Detaches an IAM Group from something else'''
if utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.User'):
resource_config['UserName'] = utils.get_resource_id(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.detach_user(resource_config)
elif utils.is_node_type(ctx.target.node,
'cloudify.nodes.aws.iam.Policy'):
resource_config['PolicyArn'] = utils.get_resource_arn(
node=ctx.target.node,
instance=ctx.target.instance,
raise_on_missing=True)
iface.detach_policy(resource_config)
def delete(ctx, iface, resource_config, **_):
"""Deletes an AWS SNS Subscription"""
# Create a copy of the resource config for clean manipulation.
params = \
dict() if not resource_config else resource_config.copy()
# Add the required SubscriptionArn parameter.
if SUB_ARN not in params.keys():
arn = \
utils.get_resource_arn(
ctx.node,
ctx.instance)
params[SUB_ARN] = arn
# Actually delete the resource
iface.delete(params)
def start(ctx, iface, resource_config, **_):
"""Confirm an AWS SNS Subscription"""
# Create a copy of the resource config for clean manipulation.
params = dict() if not resource_config else resource_config.copy()
# Add the required SubscriptionArn parameter.
if SUB_ARN not in params:
arn = \
utils.get_resource_arn(
ctx.node,
ctx.instance)
params[SUB_ARN] = arn
sub_attributes = iface.confirm(params)
if CONFIRM_AUTHENTICATED not in sub_attributes:
return ctx.operation.retry(
'Confirm has not been authenticated. Retrying...')
def start(ctx, iface, resource_config, **_):
"""Confirm an AWS SNS Subscription"""
# Create a copy of the resource config for clean manipulation.
params = \
dict() if not resource_config else resource_config.copy()
# Add the required SubscriptionArn parameter.
if SUB_ARN not in params.keys():
arn = \
utils.get_resource_arn(
ctx.node,
ctx.instance)
params[SUB_ARN] = arn
sub_attributes = iface.confirm(params)
if CONFIRM_AUTHENTICATED not in sub_attributes:
return ctx.operation.retry(
'Confirm has not been authenticated. Retrying...')
def create(ctx, iface, resource_config, **_):
'''Creates an AWS Lambda Function'''
# Build API params
params = utils.clean_params(
dict() if not resource_config else resource_config.copy())
if RESOURCE_ID not in params:
params[RESOURCE_ID] = iface.resource_id
vpc_config = params.get('VpcConfig', dict())
# Attach a Subnet Group if it exists
subnet_ids = vpc_config.get('SubnetIds', list())
subnet_rels = \
utils.find_rels_by_node_type(
ctx.instance, SUBNET_TYPE) or \
utils.find_rels_by_node_type(
ctx.instance, SUBNET_TYPE)
for rel in subnet_rels:
subnet_ids.append(utils.get_resource_id(
node=rel.target.node,
instance=rel.target.instance,
raise_on_missing=True))
vpc_config['SubnetIds'] = subnet_ids
# Attach any security groups if they exist
security_groups = vpc_config.get('SecurityGroupIds', list())
sg_rels = \
utils.find_rels_by_node_type(
ctx.instance, SECGROUP_TYPE) or \
utils.find_rels_by_node_type(
ctx.instance, SECGROUP_TYPE_DEPRECATED)
for rel in sg_rels:
security_groups.append(
utils.get_resource_id(
node=rel.target.node,
instance=rel.target.instance,
raise_on_missing=True))
vpc_config['SecurityGroupIds'] = security_groups
params['VpcConfig'] = vpc_config
# Attach an IAM Role if it exists
iam_role = utils.find_rel_by_node_type(
ctx.instance, 'cloudify.nodes.aws.iam.Role')
if iam_role:
params['Role'] = utils.get_resource_arn(
node=iam_role.target.node,
instance=iam_role.target.instance,
raise_on_missing=True)
# Handle user-profided code ZIP file
if params.get('Code', dict()).get('ZipFile'):
codezip = params['Code']['ZipFile']
ctx.logger.debug('ZipFile: "%s" (%s)' % (codezip, type(codezip)))
if not path_exists(codezip):
codezip = ctx.download_resource(codezip)
ctx.logger.debug('Downloaded resource: "%s"' % codezip)
with open(codezip, mode='rb') as _file:
params['Code']['ZipFile'] = _file.read()
ctx.logger.debug('Deleting resource: "%s"' % codezip)
os_remove(codezip)
else:
with open(codezip, mode='rb') as _file:
params['Code']['ZipFile'] = _file.read()
# Actually create the resource
create_response = iface.create(params)
resource_id = create_response['FunctionName']
utils.update_resource_id(ctx.instance, resource_id)
utils.update_resource_arn(
ctx.instance, create_response['FunctionArn'])
# Save vpc_config to be used later on when remove eni created by invoke
# function
if vpc_config and create_response.get('VpcConfig'):
ctx.instance.runtime_properties['vpc_config'] =\
create_response['VpcConfig']
def delete(iface, resource_config, **_):
'''Deletes an AWS IAM Policy'''
iface.update_resource_id(utils.get_resource_arn())
iface.delete(resource_config)
