-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
974a731
commit 68fd13f
Showing
6 changed files
with
558 additions
and
107 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
import logging | ||
from urllib.request import urlopen, Request, HTTPError, URLError | ||
import json | ||
|
||
logger = logging.getLogger() | ||
logger.setLevel(logging.INFO) | ||
|
||
|
||
class CustomResourceResponse: | ||
def __init__(self, request_payload): | ||
self.payload = request_payload | ||
self.response = { | ||
"StackId": request_payload["StackId"], | ||
"RequestId": request_payload["RequestId"], | ||
"LogicalResourceId": request_payload["LogicalResourceId"], | ||
"Status": 'SUCCESS', | ||
} | ||
|
||
def respond_error(self, message): | ||
self.response['Status'] = 'FAILED' | ||
self.response['Reason'] = message | ||
self.respond() | ||
|
||
def respond(self, resource_attributes=None): | ||
event = self.payload | ||
response = self.response | ||
#### | ||
#### copied from https://github.com/ryansb/cfn-wrapper-python/blob/master/cfn_resource.py | ||
#### | ||
if resource_attributes is not None: | ||
response['Data'] = resource_attributes | ||
|
||
if event.get("PhysicalResourceId", False): | ||
response["PhysicalResourceId"] = event["PhysicalResourceId"] | ||
|
||
logger.debug("Received %s request with event: %s" % (event['RequestType'], json.dumps(event))) | ||
|
||
serialized = json.dumps(response) | ||
logger.info(f"Responding to {event['RequestType']} request with: {serialized}") | ||
|
||
req_data = serialized.encode('utf-8') | ||
|
||
req = Request( | ||
event['ResponseURL'], | ||
data=req_data, | ||
headers={'Content-Length': len(req_data), 'Content-Type': ''} | ||
) | ||
req.get_method = lambda: 'PUT' | ||
|
||
try: | ||
urlopen(req) | ||
logger.debug("Request to CFN API succeeded, nothing to do here") | ||
except HTTPError as e: | ||
logger.error("Callback to CFN API failed with status %d" % e.code) | ||
logger.error("Response: %s" % e.reason) | ||
except URLError as e: | ||
logger.error("Failed to reach the server - %s" % e.reason) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
import boto3 | ||
import botocore.exceptions | ||
import json | ||
import sys | ||
import os | ||
|
||
sys.path.append(f"{os.environ['LAMBDA_TASK_ROOT']}/lib") | ||
sys.path.append(os.path.dirname(os.path.realpath(__file__))) | ||
|
||
import cr_response | ||
|
||
efs = boto3.client('efs') | ||
|
||
def handler(event, context): | ||
print(f"Received event:{json.dumps(event)}") | ||
lambda_response = cr_response.CustomResourceResponse(event) | ||
filesystem_id = event['ResourceProperties']['FileSystemId'] | ||
filesystem_policy = event['ResourceProperties']['Policy'] | ||
|
||
try: | ||
if event['RequestType'] == 'Create': | ||
if check_filesystem_policy(filesystem_id) == False: | ||
event['PhysicalResourceId'] = context.log_stream_name # Set the PhysicalResourceId to the name of the current log stream for the function as there is no physical resource being created | ||
create_filesystem_policy(filesystem_id, filesystem_policy) | ||
lambda_response.respond() | ||
else: | ||
lambda_response.respond_error("There is already a policy on this FileSystem, overwriting or modifying an existing FileSystem policy is not currently supported.") | ||
elif event['RequestType'] == 'Update': | ||
update_filesystem_policy(filesystem_id, filesystem_policy) | ||
lambda_response.respond() | ||
elif event['RequestType'] == 'Delete': | ||
delete_filesystem_policy(filesystem_id) | ||
lambda_response.respond() | ||
except Exception as e: | ||
message = str(e) | ||
lambda_response.respond_error(message) | ||
return 'OK' | ||
|
||
def create_filesystem_policy(filesystem_id, filesystem_policy): | ||
print(f"Creating a FileSystem policy for {filesystem_id}") | ||
try: | ||
response = efs.put_file_system_policy( | ||
FileSystemId=filesystem_id, | ||
Policy=json.dumps(filesystem_policy) | ||
) | ||
print(response) | ||
return response | ||
except Exception as error: | ||
print(f"error:{error}\n") | ||
raise error | ||
|
||
def update_filesystem_policy(filesystem_id, filesystem_policy): | ||
print(f"Updating the FileSystem policy for {filesystem_id}") | ||
# There is no update FileSystem policy method so we have to delete and create again | ||
try: | ||
response = efs.delete_file_system_policy( | ||
FileSystemId=filesystem_id | ||
) | ||
print(response) | ||
response = efs.put_file_system_policy( | ||
FileSystemId=filesystem_id, | ||
Policy=json.dumps(filesystem_policy) | ||
) | ||
print(response) | ||
return response | ||
except Exception as error: | ||
print(f"error:{error}\n") | ||
raise error | ||
|
||
def delete_filesystem_policy(filesystem_id): | ||
print(f"Deleting the FileSystem policy for {filesystem_id}") | ||
try: | ||
response = efs.delete_file_system_policy( | ||
FileSystemId=filesystem_id | ||
) | ||
print(response) | ||
return response | ||
except Exception as error: | ||
print(f"error:{error}\n") | ||
raise error | ||
|
||
def check_filesystem_policy(filesystem_id): | ||
try: | ||
print("Checking the FileSystem for a FileSystem policy...") | ||
response = efs.describe_file_system_policy( | ||
FileSystemId=filesystem_id | ||
) | ||
print('Filesystem policy found.') | ||
return True | ||
except botocore.exceptions.ClientError as error: | ||
if error.response['Error']['Code'] == 'PolicyNotFound': | ||
print('No FileSystem policy found.') | ||
return False | ||
else: | ||
raise error |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.