aws cloudformation自定义资源提供程序的基类。
cfn-resource-provider的Python项目详细描述
这个resourceprovider基类使得实现自定义cloudformation资源变得非常简单。
首先,从基类继承并指定一个json模式,该模式定义所需的资源属性:
from cfn_resource_provider import ResourceProvider class SecretProvider(ResourceProvider): def __init__(self): super(SecretProvider, self).__init__() self.request_schema = { "type": "object", "required": ["Name"], "properties": { "Name": {"type": "string", "minLength": 1, "pattern": "[a-zA-Z0-9_/]+", "description": "the name of the value in the parameters store"}, "Description": {"type": "string", "default": "", "description": "the description of the value in the parameter store"}, "Alphabet": {"type": "string", "default": "abcdfghijklmnopqrstuvwyxzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_", "description": "the characters from which to generate the secret"}, "ReturnSecret": {"type": "boolean", "default": False, "description": "return secret as attribute 'Secret'"}, "KeyAlias": {"type": "string", "default": "alias/aws/ssm", "description": "KMS key to use to encrypt the value"}, "Length": {"type": "integer", "minimum": 1, "maximum": 512, "default": 30, "description": "length of the secret"} } }
json模式允许您指定预期的属性、约束和默认值。 之后,只需实现方法create,update和delete:
class SecretProvider(ResourceProvider): ... def create(self): try: value = "".join(choice(self.get('Alphabet') for x in range(0, self.get('Length'))) self.ssm.put_parameter(Name=self.get('Name'), KeyId=self.get('KeyAlias'), Type='SecureString', Overwrite=False, Value=value) self.set_attribute('Arn', self.arn) if self.get('ReturnSecret'): self.set_attribute('Secret', value) self.physical_resource_id = self.arn except ClientError as e: self.physical_resource_id = 'could-not-create' self.fail(str(e)) def create(self): .... def delete(self): ....
在这些方法中,您可以安全地访问json模式中定义的所有属性。方法 仅在根据架构验证请求后调用。
- 要返回可由fn::getatt访问的值,可以调用方法set_attribute。
- 要返回资源的资源ID,可以设置属性physical\u resource\u id。
- 要指示失败的请求,可以调用方法fail。
- 要指示成功的请求,可以调用方法success。
最后,在模块的末尾实现aws lambda handle函数:
provider = SecretProvider() def handle(request, context): provider.handle(request, context)
处理布尔和整数属性
aws cloudformation以字符串格式传递所有属性,例如“true”、“false”、“123”。这对于json模式验证器来说不是很好。因此,在调用验证器之前,它调用方法convert_property_types。使用此方法转换非字符串属性:
def convert_property_types(self): try: if 'Length' in self.properties and isinstance(self.properties['Length'], (str, unicode,)): self.properties['Length'] = int(self.properties['Length']) if 'ReturnSecret' in self.properties and isinstance(self.properties['ReturnSecret'], (str, unicode,)): self.properties['ReturnSecret'] = (self.properties['ReturnSecret'] == 'true') except ValueError as e: log.error('failed to convert property types %s', e)
如果无法转换值,则可以:验证器将为您报告错误:-)
或者,您可以使用启发式转换属性类型方法:
def convert_property_types(self): self.heuristic_convert_property_types(self.properties)
它将把所有整数字符串转换为int类型,“true”和“false”字符串转换为布尔类型。在你的字典里反复出现。