From ff8e5f59f4bcf6990e6c47a3bb25b1bb6608f6af Mon Sep 17 00:00:00 2001 From: kaplanyaniv Date: Thu, 4 Aug 2022 16:32:44 +0300 Subject: [PATCH 1/4] switched to node.properties --- cloudify_aws/ec2/resources/image.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cloudify_aws/ec2/resources/image.py b/cloudify_aws/ec2/resources/image.py index 04789389..96aab29e 100644 --- a/cloudify_aws/ec2/resources/image.py +++ b/cloudify_aws/ec2/resources/image.py @@ -138,7 +138,7 @@ def prepare(ctx, iface, resource_config, **_): @decorators.wait_for_status(status_good=['available'], fail_on_missing=False) def create(ctx, iface, resource_config, **_): """Create an AWS EC2 Image""" - if ctx.instance.runtime_properties.get('use_external_resource'): + if ctx.node.properties.get('use_external_resource'): # if use_external_resource there we are using an existing image return @@ -161,7 +161,7 @@ def create(ctx, iface, resource_config, **_): @decorators.wait_for_delete(status_deleted=['deregistered']) def delete(ctx, iface, resource_config, **_): """delete/deregister an AWS EC2 Image""" - if not ctx.instance.runtime_properties.get('use_external_resource'): + if not ctx.node.properties.get('use_external_resource'): params = {'ImageId': iface.resource_id} try: iface.delete(params) From 82ddfabf2362436dff60a19cb573d9b5b0d3f156 Mon Sep 17 00:00:00 2001 From: nely Date: Thu, 7 Jul 2022 11:18:52 +0300 Subject: [PATCH 2/4] parent ff8e5f59f4bcf6990e6c47a3bb25b1bb6608f6af author nely 1657181932 +0300 committer EarthmanT 1667240307 -0400 support plugin creds in plugin avoid-s3-malformed-xml updated cleanup_vpc_internet_gateways, so deatching of igw has vpc id as well. add function poststart for ebs untag fix draft updated all ec2 delete function to include dry_run param fixed securitygroup.py new feature cognito added message as an error and added datetime as wheel to wgn --- .circleci/config.yml | 9 +- .gitignore | 1 - CHANGELOG.txt | 13 + cloudify_aws/cognito/__init__.py | 64 + cloudify_aws/cognito/resources/__init__.py | 0 .../cognito/resources/identity_pool.py | 143 + .../cognito/resources/identity_provider.py | 119 + cloudify_aws/cognito/resources/user_pool.py | 104 + .../cognito/resources/user_pool_client.py | 111 + cloudify_aws/cognito/scripts/params.py | 229 + cloudify_aws/cognito/scripts/script.py | 145 + cloudify_aws/cognito/tests/__init__.py | 0 .../cognito/tests/test_identity_pool.py | 170 + .../cognito/tests/test_identity_provider.py | 127 + cloudify_aws/cognito/tests/test_user_pool.py | 130 + .../cognito/tests/test_user_pool_client.py | 113 + cloudify_aws/common/connection.py | 17 +- cloudify_aws/common/decorators.py | 8 +- cloudify_aws/common/tests/test_base.py | 40 +- cloudify_aws/common/tests/test_connection.py | 9 +- .../common/tests/test_iface_requirement.py | 8 +- cloudify_aws/common/utils.py | 9 + .../ec2/resources/customer_gateway.py | 3 +- cloudify_aws/ec2/resources/dhcp.py | 1 - cloudify_aws/ec2/resources/ebs.py | 38 +- cloudify_aws/ec2/resources/eni.py | 3 +- cloudify_aws/ec2/resources/image.py | 9 +- cloudify_aws/ec2/resources/instances.py | 4 +- .../ec2/resources/internet_gateway.py | 3 +- cloudify_aws/ec2/resources/keypair.py | 4 +- cloudify_aws/ec2/resources/nat_gateway.py | 4 +- cloudify_aws/ec2/resources/networkacl.py | 4 +- cloudify_aws/ec2/resources/route.py | 1 - cloudify_aws/ec2/resources/routetable.py | 4 +- cloudify_aws/ec2/resources/securitygroup.py | 9 +- .../ec2/resources/spot_fleet_request.py | 62 +- cloudify_aws/ec2/resources/spot_instances.py | 8 +- cloudify_aws/ec2/resources/subnet.py | 3 +- cloudify_aws/ec2/resources/tags.py | 1 - cloudify_aws/ec2/resources/transit_gateway.py | 4 +- .../ec2/resources/transit_gateway_route.py | 5 +- .../resources/transit_gateway_routetable.py | 3 +- cloudify_aws/ec2/resources/vpc.py | 8 +- cloudify_aws/ec2/resources/vpc_peering.py | 4 +- cloudify_aws/ec2/resources/vpn_gateway.py | 3 +- cloudify_aws/ec2/tests/test_vpn_connection.py | 6 +- cloudify_aws/iam/resources/role.py | 7 +- cloudify_aws/iam/tests/test_role.py | 13 +- cloudify_aws/s3/resources/bucket.py | 3 + cloudify_aws/workflows/tests/test_discover.py | 2 + examples/cognito-feature-demo/blueprint.yaml | 229 + .../ec2-image-feature-demo/blueprint.yaml | 2 +- examples/ec2-spot-fleet-request/instance.yaml | 2 +- ignore_plugin_yaml_differences | 2 +- plugin.yaml | 276 +- plugin_1_4.yaml | 309 +- plugin_1_5.yaml | 4662 +++++++++++++++++ setup.py | 3 +- tox.ini | 2 +- v2_plugin.yaml | 308 +- 60 files changed, 7489 insertions(+), 94 deletions(-) create mode 100644 cloudify_aws/cognito/__init__.py create mode 100644 cloudify_aws/cognito/resources/__init__.py create mode 100644 cloudify_aws/cognito/resources/identity_pool.py create mode 100644 cloudify_aws/cognito/resources/identity_provider.py create mode 100644 cloudify_aws/cognito/resources/user_pool.py create mode 100644 cloudify_aws/cognito/resources/user_pool_client.py create mode 100644 cloudify_aws/cognito/scripts/params.py create mode 100644 cloudify_aws/cognito/scripts/script.py create mode 100644 cloudify_aws/cognito/tests/__init__.py create mode 100644 cloudify_aws/cognito/tests/test_identity_pool.py create mode 100644 cloudify_aws/cognito/tests/test_identity_provider.py create mode 100644 cloudify_aws/cognito/tests/test_user_pool.py create mode 100644 cloudify_aws/cognito/tests/test_user_pool_client.py create mode 100644 examples/cognito-feature-demo/blueprint.yaml create mode 100644 plugin_1_5.yaml diff --git a/.circleci/config.yml b/.circleci/config.yml index ae46359a..0c9b9732 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,9 +2,9 @@ version: 2.1 orbs: node: cloudify/public-unittest-orb@1 #orb version - wagonorb: cloudify/wagon-bulder-orb@2.4.0 #orb version - releaseorb: cloudify/release-orb@1.4.0 #orb version - managerorb: cloudify/manager-orb@1 + wagonorb: cloudify/wagon-bulder-orb@2 #orb version + releaseorb: cloudify/release-orb@1 #orb version + managerorb: cloudify/manager-orb@2 checkout: post: @@ -30,6 +30,9 @@ commands: steps: - run: ls -alR - run: ecosystem-test prepare-test-manager -l $TEST_LICENSE -es aws_access_key_id=$aws_access_key_id -es aws_secret_access_key=$aws_secret_access_key --bundle-path workspace/build/cloudify-plugins-bundle.tgz --yum-package python-netaddr --yum-package git + - run: | + docker exec -it cfy_manager mkdir -p /etc/cloudify/.cloudify/profiles/manager-local/ + docker exec -it cfy_manager cp /root/.cloudify/profiles/manager-local/context.json /etc/cloudify/.cloudify/profiles/manager-local/context.json run_hello_world_test: steps: diff --git a/.gitignore b/.gitignore index 4f7bd200..56a9ab06 100644 --- a/.gitignore +++ b/.gitignore @@ -100,4 +100,3 @@ local-storage/ plugin_docs workspace *.wgn -resources diff --git a/CHANGELOG.txt b/CHANGELOG.txt index f2c2d8e0..b3251e52 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,16 @@ +<<<<<<< HEAD +3.0.11: + - RD 5833 DSL 1.5 Plugin YAML. + - Handle malformed xml in s3 empty CreateBucketConfiguration. + - updated cleanup_vpc_internet_gateways, so deatching of igw has vpc id as well. + - updated cleanup_vpc_internet_gateways, so detaching of igw has vpc id as well. + - ec2 resources will check that deletion will be successful using dry run before deleting tags + - image resources check node properties instead of runtime properties + - updated cleanup_vpc_internet_gateways, so detaching of igw has vpc id as well. + - ec2 resources will check that deletion will be successful using dry run before deleting tags +======= +3.1.0: Add cognito. +>>>>>>> 26bf4b7 (support cognito) 3.0.10: Workflow availability. 3.0.9: Add Status reports in CF. 3.0.8: diff --git a/cloudify_aws/cognito/__init__.py b/cloudify_aws/cognito/__init__.py new file mode 100644 index 00000000..fb4cddd9 --- /dev/null +++ b/cloudify_aws/cognito/__init__.py @@ -0,0 +1,64 @@ +# Copyright (c) 2018 Cloudify Platform Ltd. All rights reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +""" + Cognito + ~~~~~~~ + AWS Cognito base interface +""" +# Cloudify AWS +from cloudify_aws.common import AWSResourceBase +from cloudify_aws.common.connection import Boto3Connection + +# pylint: disable=R0903 + + +class CognitoBase(AWSResourceBase): + """ + AWS Cognito base interface + """ + def __init__(self, ctx_node, resource_id=None, client=None, logger=None): + AWSResourceBase.__init__( + self, client or Boto3Connection(ctx_node).client('cognito-idp'), + resource_id=resource_id, logger=logger) + self.ctx_node = ctx_node + + @property + def properties(self): + """Gets the properties of an external resource""" + raise NotImplementedError() + + @property + def status(self): + """Gets the status of an external resource""" + raise NotImplementedError() + + def create(self, params): + """Creates a resource""" + raise NotImplementedError() + + def delete(self, params=None): + """Deletes a resource""" + raise NotImplementedError() + + +class CognitoIdentityBase(AWSResourceBase): + """ + AWS Cognito base interface + """ + def __init__(self, ctx_node, resource_id=None, client=None, logger=None): + AWSResourceBase.__init__( + self, + client or Boto3Connection(ctx_node).client('cognito-identity'), + resource_id=resource_id, logger=logger) + self.ctx_node = ctx_node diff --git a/cloudify_aws/cognito/resources/__init__.py b/cloudify_aws/cognito/resources/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/cloudify_aws/cognito/resources/identity_pool.py b/cloudify_aws/cognito/resources/identity_pool.py new file mode 100644 index 00000000..816a9028 --- /dev/null +++ b/cloudify_aws/cognito/resources/identity_pool.py @@ -0,0 +1,143 @@ +# Copyright (c) 2018 Cloudify Platform Ltd. All rights reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" + Cognito.identity_pool + ~~~~~~~~ + AWS Cognito Identity Pool interface +""" + +# Third party imports +from botocore.exceptions import ClientError, ParamValidationError + +# Local imports +from ...iam.resources.role import IAMRole +from cloudify_aws.common import decorators, utils +from cloudify_aws.cognito import CognitoIdentityBase + +RESOURCE_NAME = 'IdentityPoolName' +DESCRIBE_INDEX = 'IdentityPoolId' +RESOURCE_TYPE = 'Cognito Identity Pool' + + +class CognitoIdentityPool(CognitoIdentityBase): + """ + AWS Cognito Identity Pool + """ + def __init__(self, ctx_node, resource_id=None, client=None, logger=None): + CognitoIdentityBase.__init__( + self, ctx_node, resource_id, client, logger) + self.type_name = RESOURCE_TYPE + + @property + def properties(self): + """Gets the properties of an external resource""" + if self.resource_id: + try: + resource = self.client.describe_identity_pool( + IdentityPoolId=self.resource_id) + except (ParamValidationError, ClientError): + pass + else: + return resource.get(DESCRIBE_INDEX, {}) + return {} + + @property + def status(self): + """Gets the status of an external resource""" + return self.properties + + def create(self, params): + """Create a new AWS Cognito Identity Pool.""" + return self.make_client_call('create_identity_pool', params) + + def delete(self, params=None): + """Delete a new AWS Cognito Identity Pool.""" + return self.make_client_call('delete_identity_pool', params) + + def get_roles(self): + return self.client.get_identity_pool_roles( + IdentityPoolId=self.resource_id) + + def set_roles(self, params): + return self.make_client_call('set_identity_pool_roles', params) + + +@decorators.aws_resource(CognitoIdentityPool, RESOURCE_TYPE) +def prepare(ctx, resource_config, **_): + """Prepares an AWS Cognito Identity Pool""" + # Save the parameters + ctx.instance.runtime_properties['resource_config'] = resource_config + + +@decorators.aws_resource(CognitoIdentityPool, RESOURCE_TYPE) +def create(ctx, iface, resource_config, **_): + """Creates an AWS Cognito Identity Pool""" + create_response = iface.create(resource_config) + utils.update_resource_id( + ctx.instance, create_response['IdentityPoolId']) + + +@decorators.aws_resource(CognitoIdentityPool, + RESOURCE_TYPE, + ignore_properties=True) +def delete(iface, resource_config, **_): + """Deletes an AWS Cognito Identity Pool""" + iface.delete( + { + 'IdentityPoolId': utils.get_resource_id() + } + ) + + +@decorators.aws_relationship(IAMRole, RESOURCE_TYPE) +def set(ctx, iface, **_): + """Deletes an AWS Cognito Identity Pool""" + identity_pool = CognitoIdentityPool( + ctx.target.node, + ctx.target.instance.runtime_properties['aws_resource_id'], + logger=ctx.logger, + ) + roles = identity_pool.get_roles() + if ctx.source.node.id not in roles.get('Roles', {}): + updated_roles = roles.get('Roles', {}) + updated_roles.update({ + ctx.source.node.id: utils.get_resource_arn( + ctx.source.node, + ctx.source.instance, + raise_on_missing=True + ) + }) + identity_pool.set_roles({ + 'IdentityPoolId': identity_pool.resource_id, + 'Roles': updated_roles, + }) + + +@decorators.aws_relationship(IAMRole, RESOURCE_TYPE) +def unset(ctx, iface, **_): + """Deletes an AWS Cognito Identity Pool""" + identity_pool = CognitoIdentityPool( + ctx.target.node, + ctx.target.instance.runtime_properties['aws_resource_id'], + logger=ctx.logger, + ) + roles = identity_pool.get_roles() + if ctx.source.node.id in roles.get('Roles', {}): + updated_roles = roles.get('Roles', {}) + del updated_roles[ctx.source.node.id] + identity_pool.set_roles({ + 'IdentityPoolId': identity_pool.resource_id, + 'Roles': updated_roles, + }) diff --git a/cloudify_aws/cognito/resources/identity_provider.py b/cloudify_aws/cognito/resources/identity_provider.py new file mode 100644 index 00000000..91962959 --- /dev/null +++ b/cloudify_aws/cognito/resources/identity_provider.py @@ -0,0 +1,119 @@ +# Copyright (c) 2018 Cloudify Platform Ltd. All rights reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" + Cognito.identity_provider + ~~~~~~~~ + AWS Cognito Identity Provider interface +""" + +# Third party imports +from botocore.exceptions import ClientError, ParamValidationError + +# Local imports +from cloudify_aws.common import decorators, utils +from cloudify_aws.cognito import CognitoBase + +RESOURCE_NAME = 'ProviderName' +DESCRIBE_INDEX = 'IdentityProvider' +RESOURCE_TYPE = 'Cognito Identity Provider' + + +class CognitoIdentityProvider(CognitoBase): + """ + AWS Cognito Identity interface + """ + def __init__(self, ctx_node, resource_id=None, client=None, logger=None): + CognitoBase.__init__(self, ctx_node, resource_id, client, logger) + self.type_name = RESOURCE_TYPE + self._provider_name = \ + self.ctx_node.properties['resource_config']['ProviderName'] + self._user_pool_id = \ + self.ctx_node.properties['resource_config']['UserPoolId'] + + @property + def provider_name(self): + return self._provider_name + + @provider_name.setter + def provider_name(self, value): + self._provider_name = value + + @property + def user_pool_id(self): + return self._user_pool_id + + @user_pool_id.setter + def user_pool_id(self, value): + self._user_pool_id = value + + @property + def properties(self): + """Gets the properties of an external resource""" + if self.resource_id: + try: + resource = self.client.describe_identity_provider( + UserPoolId=self.user_pool_id, + ProviderName=self.resource_id) + except (ParamValidationError, ClientError): + pass + else: + return resource.get(DESCRIBE_INDEX, {}) + return {} + + @property + def status(self): + """Gets the status of an external resource""" + return self.properties.get('Status') + + def create(self, params): + """Create a new AWS Cognito Identity Provider.""" + return self.make_client_call('create_identity_provider', params) + + def delete(self, params=None): + """Delete a new AWS Cognito Identity Provider.""" + return self.make_client_call('delete_identity_provider', params) + + +@decorators.aws_resource(CognitoIdentityProvider, RESOURCE_TYPE) +def prepare(ctx, resource_config, **_): + """Prepares an AWS Cognito Identity Provider""" + # Save the parameters + ctx.instance.runtime_properties['resource_config'] = resource_config + + +@decorators.aws_resource(CognitoIdentityProvider, RESOURCE_TYPE) +def create(ctx, iface, resource_config, **_): + """Creates an AWS Cognito Identity Provider""" + create_response = iface.create(resource_config) + utils.update_resource_id( + ctx.instance, create_response['IdentityProvider']['ProviderName']) + ctx.instance.runtime_properties['create_response'] = \ + utils.JsonCleanuper(create_response).to_dict() + + +@decorators.aws_resource(CognitoIdentityProvider, + RESOURCE_TYPE) +def delete(iface, resource_config, **_): + """Deletes an AWS Cognito Identity Provider""" + iface.user_pool_id = resource_config.get( + 'UserPoolId') or iface.user_pool_id + iface.provider_name = resource_config.get( + 'ProviderName') or iface.provider_name + iface.delete( + { + 'UserPoolId': iface.user_pool_id, + 'ProviderName': iface.provider_name, + } + ) diff --git a/cloudify_aws/cognito/resources/user_pool.py b/cloudify_aws/cognito/resources/user_pool.py new file mode 100644 index 00000000..6bfd6631 --- /dev/null +++ b/cloudify_aws/cognito/resources/user_pool.py @@ -0,0 +1,104 @@ +# Copyright (c) 2018 Cloudify Platform Ltd. All rights reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" + Cognito.user_pool + ~~~~~~~~ + AWS Cognito User Pool interface +""" + +# Third party imports +from botocore.exceptions import ( + ClientError, + ParamValidationError) + +# Local imports +from cloudify_aws.cognito import CognitoBase +from cloudify_aws.common import decorators, utils + +RESOURCE_NAME = 'PoolName' +DESCRIBE_INDEX = 'UserPool' +RESOURCE_TYPE = 'Cognito User Pool' + + +class CognitoUserPool(CognitoBase): + """ + AWS Cognito User Pool interface + """ + def __init__(self, ctx_node, resource_id=None, client=None, logger=None): + CognitoBase.__init__(self, ctx_node, resource_id, client, logger) + self.type_name = RESOURCE_TYPE + + @property + def properties(self): + """Gets the properties of an external resource""" + if self.resource_id: + try: + resource = self.client.describe_user_pools( + UserPoolId=self.resource_id) + except (ParamValidationError, ClientError): + pass + else: + return resource.get(DESCRIBE_INDEX, {}) + return {} + + @property + def status(self): + """Gets the status of an external resource""" + return self.properties.get('Status') + + def create(self, params): + """Create a new AWS Cognito User Pool.""" + return self.make_client_call('create_user_pool', params) + + def delete(self, params=None): + """Delete a new AWS Cognito User Pool.""" + return self.make_client_call('delete_user_pool', params) + + +@decorators.aws_resource(CognitoUserPool, RESOURCE_TYPE) +def prepare(ctx, resource_config, **_): + """Prepares an AWS Cognito User Pool""" + # Save the parameters + ctx.instance.runtime_properties['resource_config'] = resource_config + + +@decorators.aws_resource(CognitoUserPool, RESOURCE_TYPE) +def create(ctx, iface, resource_config, **_): + """Creates an AWS Cognito User Pool""" + create_response = utils.raise_on_substring( + iface, + 'create', + resource_config, + 'Role does not have a trust relationship') + utils.update_resource_id( + ctx.instance, + create_response['UserPool']['Id']) + utils.update_resource_arn( + ctx.instance, + create_response['UserPool']['Arn']) + ctx.instance.runtime_properties['create_response'] = \ + utils.JsonCleanuper(create_response).to_dict() + + +@decorators.aws_resource(CognitoUserPool, + RESOURCE_TYPE, + ignore_properties=True) +def delete(iface, resource_config, **_): + """Deletes an AWS Cognito User Pool""" + iface.delete( + { + 'UserPoolId': utils.get_resource_id() + } + ) diff --git a/cloudify_aws/cognito/resources/user_pool_client.py b/cloudify_aws/cognito/resources/user_pool_client.py new file mode 100644 index 00000000..006158b0 --- /dev/null +++ b/cloudify_aws/cognito/resources/user_pool_client.py @@ -0,0 +1,111 @@ +# Copyright (c) 2018 Cloudify Platform Ltd. All rights reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" + Cognito.user_pool_client + ~~~~~~~~ + AWS Cognito User Pool Client interface +""" + +# Third party imports +from botocore.exceptions import ClientError, ParamValidationError + +# Local imports +from cloudify_aws.common import decorators, utils +from cloudify_aws.cognito import CognitoBase + +RESOURCE_NAME = 'ClientName' +DESCRIBE_INDEX = 'UserPoolClient' +RESOURCE_TYPE = 'Cognito User Pool Client' + + +class CognitoUserPoolClient(CognitoBase): + """ + AWS Cognito Cognito User Pool Client interface + """ + def __init__(self, ctx_node, resource_id=None, client=None, logger=None): + CognitoBase.__init__(self, ctx_node, resource_id, client, logger) + self.type_name = RESOURCE_TYPE + self._user_pool_id = \ + self.ctx_node.properties['resource_config']['UserPoolId'] + + @property + def user_pool_id(self): + return self._user_pool_id + + @user_pool_id.setter + def user_pool_id(self, value): + self._user_pool_id = value + + @property + def properties(self): + """Gets the properties of an external resource""" + if self.resource_id: + try: + resource = self.client.describe_user_pool_client( + UserPoolId=self.user_pool_id, + ClientId=self.resource_id + ) + except (ParamValidationError, ClientError): + pass + else: + return resource.get('UserPoolClient', {}) + return {} + + @property + def status(self): + """Gets the status of an external resource""" + return self.properties + + def create(self, params): + """Create a new AWS Cognito User Pool Client.""" + return self.make_client_call('create_user_pool_client', params) + + def delete(self, params=None): + """Delete a new AWS Cognito User Pool Client.""" + return self.make_client_call('delete_user_pool_client', params) + + +@decorators.aws_resource(CognitoUserPoolClient, RESOURCE_TYPE) +def prepare(ctx, resource_config, **_): + """Prepares an AWS Cognito User Pool Client""" + # Save the parameters + ctx.instance.runtime_properties['resource_config'] = resource_config + + +@decorators.aws_resource(CognitoUserPoolClient, RESOURCE_TYPE) +def create(ctx, iface, resource_config, **_): + """Creates an AWS Cognito User Pool Client""" + create_response = iface.create(resource_config) + utils.update_resource_id( + ctx.instance, create_response['UserPoolClient']['ClientId']) + utils.update_resource_id( + ctx.instance, + create_response['UserPoolClient']['ClientId']) + ctx.instance.runtime_properties['create_response'] = \ + utils.JsonCleanuper(create_response).to_dict() + + +@decorators.aws_resource(CognitoUserPoolClient, + RESOURCE_TYPE) +def delete(ctx, iface, resource_config, **_): + """Deletes an AWS Cognito User Pool Client""" + iface.user_pool_id = resource_config.get( + 'UserPoolId') or iface.user_pool_id + iface.delete( + { + 'UserPoolId': iface.user_pool_id, + 'ClientId': utils.get_resource_id(), + } + ) diff --git a/cloudify_aws/cognito/scripts/params.py b/cloudify_aws/cognito/scripts/params.py new file mode 100644 index 00000000..6a4995c6 --- /dev/null +++ b/cloudify_aws/cognito/scripts/params.py @@ -0,0 +1,229 @@ + +import json + + +sns_role_params = { + 'RoleName': 'SNSRole', + 'AssumeRolePolicyDocument': json.dumps( + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": {"Service": ["cognito-idp.amazonaws.com"]}, + "Action": ["sts:AssumeRole"] + } + ] + } + ), +} + + +sns_policy_params = { + "PolicyName": "CognitoSNSPolicy", + "PolicyDocument": json.dumps( + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "sns:publish", + "Resource": "*" + } + ] + } + ) +} + + +def get_user_pool_params(role_arn): + return { + "PoolName": "MyUserPoolApp", + "AutoVerifiedAttributes": [ + "phone_number" + ], + "MfaConfiguration": "ON", + "SmsConfiguration": { + "ExternalId": "MyUserPoolApp-external", + "SnsCallerArn": role_arn + }, + "Schema": [ + { + "Name": "name", + "AttributeDataType": "String", + "Mutable": True, + "Required": True + }, + { + "Name": "email", + "AttributeDataType": "String", + "Mutable": False, + "Required": True + }, + { + "Name": "phone_number", + "AttributeDataType": "String", + "Mutable": False, + "Required": True + }, + { + "Name": "slackId", + "AttributeDataType": "String", + "Mutable": True + } + ] + } + + +def get_user_pool_client_params(user_pool_id): + return { + 'ClientName': 'MyUserPoolClient', + 'GenerateSecret': True, + 'UserPoolId': user_pool_id + } + + +def get_identity_pool_provider(user_pool_id, client_id, client_secret): + return { + 'UserPoolId': user_pool_id, + "ProviderName": "LoginWithAmazon", + "ProviderDetails": { + "client_id": client_id, + "client_secret": client_secret, + "authorize_scopes": "profile postal_code" + }, + "ProviderType": "LoginWithAmazon", + "AttributeMapping": { + "email": "email", "phone_number": "phone_number", "name": "name", + } + } + + +def get_identity_pool_params(client_id, provider_name=None): + if not provider_name: + raise RuntimeError('No valid provider name provided.') + provider_name_template = 'cognito-idp.{}.amazonaws.com/{}' + region = provider_name.split('_')[0] + real_provider_name = provider_name_template.format(region, provider_name) + return { + 'IdentityPoolName': 'MyUserPoolIdentityPool', + 'AllowUnauthenticatedIdentities': True, + 'SupportedLoginProviders': { + 'www.amazon.com': client_id + }, + 'CognitoIdentityProviders': [ + { + 'ClientId': client_id, + 'ProviderName': real_provider_name, + } + ] + } + + +def get_unauth_role_params(identity_pool_id): + return { + 'RoleName': 'CognitoUnAuthRole', + 'PolicyDocument': json.dumps({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Federated": "cognito-identity.amazonaws.com" + }, + "Action": ["sts:AssumeRoleWithWebIdentity"], + "Condition": { + "StringEquals": { + "cognito-identity.amazonaws.com:aud": + identity_pool_id, + }, + "ForAnyValue:StringLike": { + "cognito-identity.amazonaws.com:amr": + "unauthenticated" + } + } + } + ] + }) + } + + +def get_unauth_policy_params(): + return { + "PolicyName": "CognitoUnauthorizedPolicy", + "PolicyDocument": json.dumps({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "mobileanalytics:PutEvents", + "cognito-sync:*" + ], + "Resource": "*" + } + ] + }) + } + + +def get_cognito_auth_role_params(identity_pool_id): + return { + 'RoleName': 'CognitoAuthRole', + 'AssumeRolePolicyDocument': json.dumps({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Federated": "cognito-identity.amazonaws.com" + }, + "Action": [ + "sts:AssumeRoleWithWebIdentity" + ], + "Condition": { + "StringEquals": { + "cognito-identity.amazonaws.com:aud": + identity_pool_id, + }, + "ForAnyValue:StringLike": { + "cognito-identity.amazonaws.com:amr": + "authenticated" + } + } + } + ] + }) + } + +cognito_auth_policy = { + "PolicyName": "CognitoAuthorizedPolicy", + "PolicyDocument": json.dumps({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "mobileanalytics:PutEvents", + "cognito-sync:*" + ], + "Resource": "*" + } + ] + }) +} + + +def get_identity_pool_role_params( + identity_pool_id, + authenticated_arn, + unauthenticated_arn): + return { + 'IdentityPoolId': identity_pool_id, + 'Roles': { + 'authenticated': authenticated_arn, + 'unauthenticated': unauthenticated_arn, + } + } + + diff --git a/cloudify_aws/cognito/scripts/script.py b/cloudify_aws/cognito/scripts/script.py new file mode 100644 index 00000000..8a3a91d3 --- /dev/null +++ b/cloudify_aws/cognito/scripts/script.py @@ -0,0 +1,145 @@ +import boto3 # noqa + +from .params import ( + sns_role_params, + sns_policy_params, + cognito_auth_policy, + get_user_pool_params, + get_identity_pool_params, + get_user_pool_client_params, + get_unauth_role_params, + get_unauth_policy_params, + get_identity_pool_provider, + get_cognito_auth_role_params, + get_identity_pool_role_params, +) + +sns = boto3.client('sns') +iam = boto3.client('iam') +cognito = boto3.client('cognito-idp') +cognito_identity = boto3.client('cognito-identity') + + +def create_sns_component(): + role = iam.create_role(**sns_role_params) + pol = iam.create_policy(**sns_policy_params) + att = iam.attach_role_policy( + RoleName=role['Role']['RoleName'], + PolicyArn=pol['Policy']['Arn'] + ) + return role, pol, att + + +def create_unauth_component(identity_pool_id): + cognito_unauth_role_params = get_unauth_role_params(identity_pool_id) + role = iam.create_role(**cognito_unauth_role_params) + cognito_unauth_policy = get_unauth_policy_params() + pol = iam.create_policy(**cognito_unauth_policy) + att = iam.attach_role_policy( + RoleName=role['Role']['RoleName'], + PolicyArn=pol['Policy']['Arn'] + ) + return role, pol, att + + +def create_auth_component(identity_pool_id): + cognito_auth_role_params = get_cognito_auth_role_params( + identity_pool_id) + role = iam.create_role(**cognito_auth_role_params) + pol = iam.create_policy(**cognito_auth_policy) + att = iam.attach_role_policy( + RoleName=role['Role']['RoleName'], + PolicyArn=pol['Policy']['Arn'] + ) + return role, pol, att + + +def create_user_pool(sns_role_arn): + try: + user_pool_params = get_user_pool_params(sns_role_arn) + user_pool_response = cognito.create_user_pool(**user_pool_params) + except: + return None, None + try: + user_pool_client_create = get_user_pool_client_params( + user_pool_response['UserPool']['Id']) + user_pool_client_response = cognito.create_user_pool_client( + **user_pool_client_create) + except: + return user_pool_response, None + return user_pool_response, user_pool_client_response + + +def create_identity_pool(user_pool_id, client_id, client_secret): + try: + identity_provider_params = get_identity_pool_provider( + user_pool_id, client_id, client_secret) + identity_provider_response = cognito.create_identity_provider( + **identity_provider_params) + except: + return None, None + try: + identity_pool_params = get_identity_pool_params( + client_id, + identity_provider_response['IdentityProvider']['UserPoolId']) + identity_pool_response = cognito_identity.create_identity_pool( + **identity_pool_params) + except: + return identity_provider_response, None + return identity_provider_response, identity_pool_response + + +sns_role_response, sns_policy_response, attach_policy_response = \ + create_sns_component() +user_pool_response, user_pool_client_response = \ + create_user_pool(sns_role_response['Role']['Arn']) # This can raise InvalidSmsRoleTrustRelationshipException +identity_provider_response, identity_pool_response = \ + create_identity_pool( + user_pool_response['UserPool']['Id'], + user_pool_client_response['UserPoolClient']['ClientId'], + user_pool_client_response['UserPoolClient']['ClientSecret'], + ) + +cognito_unauth_role_response, cognito_unauth_policy_response, attach_policy_response = create_unauth_component(identity_pool_response['IdentityPoolId']) # noqa +cognito_auth_role_response, cognito_auth_policy_response, attach_policy_response = create_auth_component(identity_pool_response['IdentityPoolId']) # noqa + +identity_pool_role_params = get_identity_pool_role_params( + identity_pool_response['IdentityPoolId'], + cognito_auth_role_response['Role']['Arn'], + cognito_unauth_role_response['Role']['Arn'], +) + +identity_pool_role_response = cognito_identity.set_identity_pool_roles( + **identity_pool_role_params) + +##### +detach_policy_response = iam.detach_role_policy( + RoleName=cognito_auth_role_response['Role']['RoleName'], + PolicyArn=cognito_auth_policy_response['Policy']['Arn']) +delete_policy_response = iam.delete_policy( + PolicyArn=cognito_auth_policy_response['Policy']['Arn']) +delete_role_response = iam.delete_role(RoleName='CognitoAuthRole') + +detach_policy_response = iam.detach_role_policy( + RoleName=cognito_unauth_role_response['Role']['RoleName'], + PolicyArn=cognito_unauth_policy_response['Policy']['Arn']) +delete_policy_response = iam.delete_policy( + PolicyArn=cognito_unauth_policy_response['Policy']['Arn']) +delete_role_response = iam.delete_role( + RoleName='CognitoUnAuthRole') + +cognito.delete_identity_provider( + UserPoolId=user_pool_response['UserPool']['Id'], + ProviderName=identity_provider_response['IdentityProvider']['ProviderName']) +delete_user_pool_response = cognito.delete_user_pool_client( + UserPoolId=user_pool_response['UserPool']['Id'], + ClientId=user_pool_client_response['UserPoolClient']['ClientId']) +delete_user_pool_response = cognito.delete_user_pool( + UserPoolId=user_pool_response['UserPool']['Id']) + +detach_policy_response = iam.detach_role_policy( + RoleName=sns_role_response['Role']['RoleName'], + PolicyArn=sns_policy_response['Policy']['Arn']) +delete_policy_response = iam.delete_policy( + PolicyArn=sns_policy_response['Policy']['Arn']) +delete_role_response = iam.delete_role(RoleName='SNSRole') diff --git a/cloudify_aws/cognito/tests/__init__.py b/cloudify_aws/cognito/tests/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/cloudify_aws/cognito/tests/test_identity_pool.py b/cloudify_aws/cognito/tests/test_identity_pool.py new file mode 100644 index 00000000..bc30f9c5 --- /dev/null +++ b/cloudify_aws/cognito/tests/test_identity_pool.py @@ -0,0 +1,170 @@ +# Copyright (c) 2018 Cloudify Platform Ltd. All rights reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Standard imports +import datetime + +# Third party imports +from mock import patch, MagicMock + +from cloudify.state import current_ctx + +# Local imports +from ..resources import identity_pool +from ...common.tests.test_base import TestBase, CLIENT_CONFIG +from ...common.tests.test_base import DEFAULT_RUNTIME_PROPERTIES + +# Constants +IDENTITY_POOL_NAME = 'DemoIdentityPool' + +IDENTITY_POOL_TH = [ + 'cloudify.nodes.Root', + 'cloudify.nodes.aws.cognito.IdentityPool' +] + +NODE_PROPERTIES = { + 'resource_id': 'node_resource_id', + 'use_external_resource': False, + 'resource_config': { + "IdentityPoolName": IDENTITY_POOL_NAME, + "AllowUnauthenticatedIdentities": True, + "SupportedLoginProviders": { + "www.amazon.com": 'foo', + }, + "CognitoIdentityProviders": [ + { + "ClientId": 'foo', + "ProviderName": 'foo', + } + ] + }, + 'client_config': CLIENT_CONFIG +} + +RUNTIME_PROPERTIES_AFTER_CREATE = { + 'aws_resource_id': IDENTITY_POOL_NAME, + 'resource_config': NODE_PROPERTIES.get('resource_config', {}), +} + +CREATE_RESPONSE = { + 'IdentityPoolId': 'foo', + 'IdentityPoolName': IDENTITY_POOL_NAME, + 'AllowUnauthenticatedIdentities': False, + 'AllowClassicFlow': False, + 'SupportedLoginProviders': { + 'foo': 'bar', + }, + 'DeveloperProviderName': 'foo', + 'OpenIdConnectProviderARNs': ['foo'], + 'CognitoIdentityProviders': [ + { + 'ProviderName': 'foo', + 'ClientId': 'foo', + }, + ], + 'SamlProviderARNs': ['foo'], + 'IdentityPoolTags': { + 'foo': 'bar', + } +} + +TEST_DATE = datetime.datetime(2020, 1, 1) + + +class TestCognitoIdentityPool(TestBase): + + def setUp(self): + super(TestCognitoIdentityPool, self).setUp() + + self.fake_boto, self.fake_client = self.fake_boto_client( + 'cognito-identity') + + self.mock_patch = patch('boto3.client', self.fake_boto) + self.mock_patch.start() + + def tearDown(self): + self.mock_patch.stop() + self.fake_boto = None + self.fake_client = None + super(TestCognitoIdentityPool, self).tearDown() + + def test_create(self): + _ctx = self.get_mock_ctx( + 'test_create', + test_properties=NODE_PROPERTIES, + test_runtime_properties=DEFAULT_RUNTIME_PROPERTIES, + type_hierarchy=IDENTITY_POOL_TH, + ctx_operation_name='cloudify.interfaces.lifecycle.create', + ) + current_ctx.set(_ctx) + self.fake_client.create_identity_pool = MagicMock( + return_value=CREATE_RESPONSE, + ) + identity_pool.create(ctx=_ctx, iface=None, params=None) + self.fake_boto.assert_called_with('cognito-identity', **CLIENT_CONFIG) + self.fake_client.create_identity_pool.assert_called_with( + **_ctx.node.properties['resource_config'] + ) + + def test_delete(self): + _ctx = self.get_mock_ctx( + 'test_delete', + test_properties=NODE_PROPERTIES, + test_runtime_properties=RUNTIME_PROPERTIES_AFTER_CREATE, + type_hierarchy=IDENTITY_POOL_TH, + ctx_operation_name='cloudify.interfaces.lifecycle.delete' + ) + current_ctx.set(_ctx) + identity_pool.delete(ctx=_ctx, resource_config=None, iface=None) + self.fake_boto.assert_called_with('cognito-identity', **CLIENT_CONFIG) + self.fake_client.delete_identity_pool.assert_called_with( + IdentityPoolId=IDENTITY_POOL_NAME + ) + + def test_set(self): + self.fake_client.get_identity_pool_roles = MagicMock( + return_value={ + 'IdentityPoolId': IDENTITY_POOL_NAME, + 'Roles': { + 'authenticated': 'foo', + }, + }, + ) + _source_ctx, _target_ctx, _group_rel = \ + self._create_common_relationships( + 'test_node', + source_type_hierarchy=[ + 'cloudify.nodes.Root', + 'cloudify.nodes.aws.iam.Role' + ], + target_type_hierarchy=[ + 'cloudify.nodes.Root', + 'cloudify.nodes.aws.cognito.IdentityPool' + ], + source_node_id='unauthenticated', + source_node_properties=NODE_PROPERTIES, + ) + _source_ctx.instance.runtime_properties['aws_resource_id'] = \ + 'foo' + _source_ctx.instance.runtime_properties['aws_resource_arn'] = \ + 'bar' + _target_ctx.instance.runtime_properties['aws_resource_id'] = \ + IDENTITY_POOL_NAME + _ctx = self.get_mock_relationship_ctx( + 'foo', + test_source=_source_ctx, + test_target=_target_ctx, + ) + current_ctx.set(_ctx) + identity_pool.set(ctx=_ctx, iface=None, params=None) diff --git a/cloudify_aws/cognito/tests/test_identity_provider.py b/cloudify_aws/cognito/tests/test_identity_provider.py new file mode 100644 index 00000000..5ff008dc --- /dev/null +++ b/cloudify_aws/cognito/tests/test_identity_provider.py @@ -0,0 +1,127 @@ +# Copyright (c) 2018 Cloudify Platform Ltd. All rights reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Standard imports +import datetime + +# Third party imports +from mock import patch, MagicMock + +from cloudify.state import current_ctx + +# Local imports +from ..resources import identity_provider +from cloudify_aws.common.tests.test_base import TestBase, CLIENT_CONFIG +from cloudify_aws.common.tests.test_base import DEFAULT_RUNTIME_PROPERTIES + +# Constants +IDENTITY_PROVIDER_NAME = 'DemoIdentityProvider' + +IDENTITY_PROVIDER_TH = [ + 'cloudify.nodes.Root', + 'cloudify.nodes.aws.cognito.IdentityProvider' +] + +NODE_PROPERTIES = { + 'resource_id': 'node_resource_id', + 'use_external_resource': False, + 'resource_config': { + "UserPoolId": 'foo', + "ProviderName": IDENTITY_PROVIDER_NAME, + "ProviderType": "foo", + "ProviderDetails": { + "foo": "bar" + }, + "IdpIdentifiers": { + "foo": "bar" + }, + }, + 'client_config': CLIENT_CONFIG +} + +RUNTIME_PROPERTIES_AFTER_CREATE = { + 'aws_resource_id': IDENTITY_PROVIDER_NAME, + 'resource_config': NODE_PROPERTIES.get('resource_config', {}), +} + +CREATE_RESPONSE = { + 'IdentityProvider': { + 'UserPoolId': 'foo', + 'ProviderName': IDENTITY_PROVIDER_NAME, + 'ProviderType': 'LoginWithAmazon', + 'ProviderDetails': { + 'foo': 'bar' + }, + 'AttributeMapping': { + 'foo': 'bar' + }, + 'IdpIdentifiers': [ + 'foo', + ], + } +} + +TEST_DATE = datetime.datetime(2020, 1, 1) + + +class TestCognitoIdentityProvider(TestBase): + + def setUp(self): + super(TestCognitoIdentityProvider, self).setUp() + + self.fake_boto, self.fake_client = self.fake_boto_client( + 'cognito-idp') + + self.mock_patch = patch('boto3.client', self.fake_boto) + self.mock_patch.start() + + def tearDown(self): + self.mock_patch.stop() + self.fake_boto = None + self.fake_client = None + super(TestCognitoIdentityProvider, self).tearDown() + + def test_create(self): + _ctx = self.get_mock_ctx( + 'test_create', + test_properties=NODE_PROPERTIES, + test_runtime_properties=DEFAULT_RUNTIME_PROPERTIES, + type_hierarchy=IDENTITY_PROVIDER_TH, + ctx_operation_name='cloudify.interfaces.lifecycle.create', + ) + current_ctx.set(_ctx) + self.fake_client.create_identity_provider = MagicMock( + return_value=CREATE_RESPONSE, + ) + identity_provider.create(ctx=_ctx, iface=None, params=None) + self.fake_boto.assert_called_with('cognito-idp', **CLIENT_CONFIG) + self.fake_client.create_identity_provider.assert_called_with( + **_ctx.node.properties['resource_config'] + ) + + def test_delete(self): + _ctx = self.get_mock_ctx( + 'test_delete', + test_properties=NODE_PROPERTIES, + test_runtime_properties=RUNTIME_PROPERTIES_AFTER_CREATE, + type_hierarchy=IDENTITY_PROVIDER_TH, + ctx_operation_name='cloudify.interfaces.lifecycle.delete' + ) + current_ctx.set(_ctx) + identity_provider.delete(ctx=_ctx, resource_config=None, iface=None) + self.fake_boto.assert_called_with('cognito-idp', **CLIENT_CONFIG) + self.fake_client.delete_identity_provider.assert_called_with( + ProviderName=IDENTITY_PROVIDER_NAME, + UserPoolId='foo' + ) diff --git a/cloudify_aws/cognito/tests/test_user_pool.py b/cloudify_aws/cognito/tests/test_user_pool.py new file mode 100644 index 00000000..14a84126 --- /dev/null +++ b/cloudify_aws/cognito/tests/test_user_pool.py @@ -0,0 +1,130 @@ +# Copyright (c) 2018 Cloudify Platform Ltd. All rights reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Standard imports +import datetime + +# Third party imports +from mock import patch, MagicMock + +from cloudify.state import current_ctx + +# Local imports +from ..resources import user_pool +from cloudify_aws.common.tests.test_base import TestBase, CLIENT_CONFIG +from cloudify_aws.common.tests.test_base import DEFAULT_RUNTIME_PROPERTIES + +# Constants +USER_POOL_NAME = 'DemoUserPool' + +USER_POOL_TH = [ + 'cloudify.nodes.Root', + 'cloudify.nodes.aws.cognito.UserPool' +] + +NODE_PROPERTIES = { + 'resource_id': 'node_resource_id', + 'use_external_resource': False, + 'resource_config': { + "PoolName": USER_POOL_NAME, + "AutoVerifiedAttributes": ["phone_number"], + "MfaConfiguration": 'ON', + "SmsConfiguration": { + "ExternalId": 'MyUserPoolApp-external', + "SnsCallerArn": 'foo', + }, + "Schema": [ + { + "Name": "slackId", + "AttributeDataType": "String", + "Mutable": True + } + ], + }, + 'client_config': CLIENT_CONFIG +} + +RUNTIME_PROPERTIES_AFTER_CREATE = { + 'aws_resource_id': USER_POOL_NAME, + 'resource_config': NODE_PROPERTIES.get('resource_config', {}), +} + +CREATE_RESPONSE = { + 'UserPool': { + 'Id': 'string', + 'Arn': 'foo', + 'Name': 'string', + 'Status': 'Enabled', + 'AutoVerifiedAttributes': ['phone_number'], + 'MfaConfiguration': 'OFF', + 'SmsConfiguration': { + 'SnsCallerArn': 'string', + 'ExternalId': 'string', + 'SnsRegion': 'string' + }, + } +} + +TEST_DATE = datetime.datetime(2020, 1, 1) + + +class TestCognitoUserPool(TestBase): + + def setUp(self): + super(TestCognitoUserPool, self).setUp() + + self.fake_boto, self.fake_client = self.fake_boto_client( + 'cognito-idp') + + self.mock_patch = patch('boto3.client', self.fake_boto) + self.mock_patch.start() + + def tearDown(self): + self.mock_patch.stop() + self.fake_boto = None + self.fake_client = None + super(TestCognitoUserPool, self).tearDown() + + def test_create(self): + _ctx = self.get_mock_ctx( + 'test_create', + test_properties=NODE_PROPERTIES, + test_runtime_properties=DEFAULT_RUNTIME_PROPERTIES, + type_hierarchy=USER_POOL_TH, + ctx_operation_name='cloudify.interfaces.lifecycle.create', + ) + current_ctx.set(_ctx) + self.fake_client.create_user_pool = MagicMock( + return_value=CREATE_RESPONSE, + ) + user_pool.create(ctx=_ctx, iface=None, params=None) + self.fake_boto.assert_called_with('cognito-idp', **CLIENT_CONFIG) + self.fake_client.create_user_pool.assert_called_with( + **_ctx.node.properties['resource_config'] + ) + + def test_delete(self): + _ctx = self.get_mock_ctx( + 'test_delete', + test_properties=NODE_PROPERTIES, + test_runtime_properties=RUNTIME_PROPERTIES_AFTER_CREATE, + type_hierarchy=USER_POOL_TH, + ctx_operation_name='cloudify.interfaces.lifecycle.delete' + ) + current_ctx.set(_ctx) + user_pool.delete(ctx=_ctx, resource_config=None, iface=None) + self.fake_boto.assert_called_with('cognito-idp', **CLIENT_CONFIG) + self.fake_client.delete_user_pool.assert_called_with( + UserPoolId=USER_POOL_NAME + ) diff --git a/cloudify_aws/cognito/tests/test_user_pool_client.py b/cloudify_aws/cognito/tests/test_user_pool_client.py new file mode 100644 index 00000000..7d221c23 --- /dev/null +++ b/cloudify_aws/cognito/tests/test_user_pool_client.py @@ -0,0 +1,113 @@ +# Copyright (c) 2018 Cloudify Platform Ltd. All rights reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Standard imports +import datetime + +# Third party imports +from mock import patch, MagicMock + +from cloudify.state import current_ctx + +# Local imports +from ..resources import user_pool_client +from cloudify_aws.common.tests.test_base import TestBase, CLIENT_CONFIG +from cloudify_aws.common.tests.test_base import DEFAULT_RUNTIME_PROPERTIES + +# Constants +USER_POOL_CLIENT_NAME = 'DemoUserPool' + +USER_POOL_CLIENT_TH = [ + 'cloudify.nodes.Root', + 'cloudify.nodes.aws.cognito.UserPool' +] + +NODE_PROPERTIES = { + 'resource_id': 'node_resource_id', + 'use_external_resource': False, + 'resource_config': { + "UserPoolId": "foo", + "ClientName": USER_POOL_CLIENT_NAME, + "GenerateSecret": True, + }, + 'client_config': CLIENT_CONFIG +} + +RUNTIME_PROPERTIES_AFTER_CREATE = { + 'aws_resource_id': 'foo', + 'resource_config': NODE_PROPERTIES.get('resource_config', {}), +} + +CREATE_RESPONSE = { + 'UserPoolClient': { + 'UserPoolId': 'foo', + 'ClientName': USER_POOL_CLIENT_NAME, + 'ClientId': 'foo', + 'ClientSecret': 'bar', + } +} + +TEST_DATE = datetime.datetime(2020, 1, 1) + + +class TestCognitoUserPool(TestBase): + + def setUp(self): + super(TestCognitoUserPool, self).setUp() + + self.fake_boto, self.fake_client = self.fake_boto_client( + 'cognito-idp') + + self.mock_patch = patch('boto3.client', self.fake_boto) + self.mock_patch.start() + + def tearDown(self): + self.mock_patch.stop() + self.fake_boto = None + self.fake_client = None + super(TestCognitoUserPool, self).tearDown() + + def test_create(self): + _ctx = self.get_mock_ctx( + 'test_create', + test_properties=NODE_PROPERTIES, + test_runtime_properties=DEFAULT_RUNTIME_PROPERTIES, + type_hierarchy=USER_POOL_CLIENT_TH, + ctx_operation_name='cloudify.interfaces.lifecycle.create', + ) + current_ctx.set(_ctx) + self.fake_client.create_user_pool_client = MagicMock( + return_value=CREATE_RESPONSE, + ) + user_pool_client.create(ctx=_ctx, iface=None, params=None) + self.fake_boto.assert_called_with('cognito-idp', **CLIENT_CONFIG) + self.fake_client.create_user_pool_client.assert_called_with( + **_ctx.node.properties['resource_config'] + ) + + def test_delete(self): + _ctx = self.get_mock_ctx( + 'test_delete', + test_properties=NODE_PROPERTIES, + test_runtime_properties=RUNTIME_PROPERTIES_AFTER_CREATE, + type_hierarchy=USER_POOL_CLIENT_TH, + ctx_operation_name='cloudify.interfaces.lifecycle.delete' + ) + current_ctx.set(_ctx) + user_pool_client.delete(ctx=_ctx, resource_config=None, iface=None) + self.fake_boto.assert_called_with('cognito-idp', **CLIENT_CONFIG) + self.fake_client.delete_user_pool_client.assert_called_with( + UserPoolId='foo', + ClientId='foo', + ) diff --git a/cloudify_aws/common/connection.py b/cloudify_aws/common/connection.py index e492c49e..10fcf696 100644 --- a/cloudify_aws/common/connection.py +++ b/cloudify_aws/common/connection.py @@ -27,6 +27,7 @@ get_uuid, desecretize_client_config ) +from cloudify import ctx from cloudify_aws.common.constants import AWS_CONFIG_PROPERTY # pylint: disable=R0903 @@ -53,7 +54,14 @@ def __init__(self, node, aws_config=None): # Get additional config from node configuration. additional_config = config_from_props.pop('additional_config', None) - self.aws_config = desecretize_client_config(config_from_props) + # Handle the Plugin properties + config_from_plugin_props = getattr(ctx.plugin, 'properties', {}) + additional_config_plugin = config_from_plugin_props.pop( + 'additional_config', None) + + config_from_plugin_props.update(config_from_props) + self.aws_config = desecretize_client_config( + config_from_plugin_props) # Merge user-provided AWS config with generated config if aws_config: self.aws_config.update(aws_config) @@ -73,6 +81,13 @@ def __init__(self, node, aws_config=None): # Add additional config after whitelist filter. if additional_config and isinstance(additional_config, dict): self.aws_config['config'] = Config(**additional_config) + if additional_config_plugin and isinstance( + additional_config_plugin, dict): + self.aws_config['config'].update(additional_config_plugin) + else: + ctx.logger.debug( + 'No plugin properties were provided. ' + 'Defaulting client_config credentials.') def get_sts_credentials(self, role, config): sts_client = boto3.client("sts", **config) diff --git a/cloudify_aws/common/decorators.py b/cloudify_aws/common/decorators.py index 0497b369..751e5c3a 100644 --- a/cloudify_aws/common/decorators.py +++ b/cloudify_aws/common/decorators.py @@ -37,6 +37,8 @@ ) # Local imports from .constants import SUPPORT_DRIFT +from cloudify_aws.eks import EKSBase +from cloudify_aws.elb import ELBBase from cloudify_aws.common import utils from cloudify_aws.common._compat import text_type from cloudify_common_sdk.utils import get_ctx_instance @@ -850,7 +852,11 @@ def wrapper(**kwargs): ctx.node.properties.get('Tags'), ctx.instance.runtime_properties.get('Tags'), kwargs.get('Tags')) - if iface and tags and resource_ids: + if isinstance(iface, (ELBBase, EKSBase)): + can_be_deleted = False + else: + can_be_deleted = utils.delete_will_succeed(fn=fn, params=kwargs) + if iface and tags and resource_ids and can_be_deleted: iface.untag({ 'Tags': tags, 'Resources': resource_ids}) diff --git a/cloudify_aws/common/tests/test_base.py b/cloudify_aws/common/tests/test_base.py index e7a23363..c8371b32 100644 --- a/cloudify_aws/common/tests/test_base.py +++ b/cloudify_aws/common/tests/test_base.py @@ -12,22 +12,22 @@ # See the License for the specific language governing permissions and # limitations under the License. -import unittest import copy +import unittest from functools import wraps from mock import MagicMock, patch -from botocore.exceptions import UnknownServiceError from botocore.exceptions import ClientError +from botocore.exceptions import UnknownServiceError -from cloudify.mocks import MockCloudifyContext from cloudify.state import current_ctx +from cloudify.mocks import MockCloudifyContext from cloudify.manager import DirtyTrackingDict from cloudify.constants import RELATIONSHIP_INSTANCE -from cloudify_aws.common._compat import text_type from cloudify_aws.common import AWSResourceBase +from cloudify_aws.common._compat import text_type CLIENT_CONFIG = { @@ -91,6 +91,17 @@ def type_hierarchy(self, value): self._type_hierarchy = value +class SpecialMockCloudifyContext(MockCloudifyContext): + + def __init__(self, *args, **kwargs) -> None: + super().__init__(*args, **kwargs) + self._plugin = MagicMock(properties={}) + + @property + def plugin(self): + return self._plugin + + class TestBase(unittest.TestCase): sleep_mock = None @@ -148,7 +159,7 @@ def get_mock_ctx(self, test_runtime_properties = test_runtime_properties or {} - ctx = MockCloudifyContext( + ctx = SpecialMockCloudifyContext( node_id=test_name, node_name=test_name, deployment_id=test_name, @@ -162,7 +173,6 @@ def get_mock_ctx(self, ctx.node._type = type_node ctx.node.type_hierarchy = type_hierarchy or ['cloudify.nodes.Root'] ctx.instance.refresh = MagicMock() - return ctx def get_mock_relationship_ctx(self, @@ -564,11 +574,17 @@ def _prepare_create_raises_UnknownServiceError( fake_boto.assert_called_with(type_name, **CLIENT_CONFIG) - def _create_common_relationships(self, node_id, source_type_hierarchy, - target_type_hierarchy): + def _create_common_relationships(self, + node_id, + source_type_hierarchy, + target_type_hierarchy, + source_node_id=None, + target_node_id=None, + source_node_properties=None, + target_node_properties=None,): _source_ctx = self.get_mock_ctx( - 'test_attach_source', - test_properties={ + source_node_id or 'test_attach_source', + test_properties=source_node_properties or { 'client_config': CLIENT_CONFIG }, test_runtime_properties={ @@ -581,8 +597,8 @@ def _create_common_relationships(self, node_id, source_type_hierarchy, ) _target_ctx = self.get_mock_ctx( - 'test_attach_target', - test_properties={}, + target_node_id or 'test_attach_target', + test_properties=target_node_properties or {}, test_runtime_properties={ 'resource_id': 'prepare_attach_target', 'aws_resource_id': 'aws_target_mock_id', diff --git a/cloudify_aws/common/tests/test_connection.py b/cloudify_aws/common/tests/test_connection.py index 9c0642d2..9b94323b 100644 --- a/cloudify_aws/common/tests/test_connection.py +++ b/cloudify_aws/common/tests/test_connection.py @@ -14,8 +14,9 @@ import copy import unittest - from mock import patch, MagicMock +from cloudify.state import current_ctx + from cloudify_aws.common.connection import Boto3Connection from cloudify_aws.common.tests.test_base import TestBase, CLIENT_CONFIG @@ -42,6 +43,8 @@ def test_client_direct_params(self): node = MagicMock() node.properties = {} + _ctx = self.get_mock_ctx('test') + current_ctx.set(_ctx) connection = Boto3Connection(node, copy.deepcopy(CLIENT_CONFIG)) connection.client('abc') @@ -56,6 +59,8 @@ def test_client_node_params(self): node.properties = { 'client_config': copy.deepcopy(CLIENT_CONFIG) } + _ctx = self.get_mock_ctx('test') + current_ctx.set(_ctx) connection = Boto3Connection(node, {'a': 'b'}) connection.client('abc') @@ -75,6 +80,8 @@ def test_client_session_token(self): 'region_name': 'bar' } } + _ctx = self.get_mock_ctx('test') + current_ctx.set(_ctx) connection = Boto3Connection(node, {'a': 'b'}) connection.client('abc') diff --git a/cloudify_aws/common/tests/test_iface_requirement.py b/cloudify_aws/common/tests/test_iface_requirement.py index 1edc248c..5a12c4c1 100644 --- a/cloudify_aws/common/tests/test_iface_requirement.py +++ b/cloudify_aws/common/tests/test_iface_requirement.py @@ -127,6 +127,8 @@ def get_op_ctx(self, operation): _ctx.instance.runtime_properties['instances'] = ['foo'] _ctx.instance.runtime_properties['resources'] = {} _ctx.instance.runtime_properties['resource_config'] = { + 'UserPoolId': 'foo', + 'ProviderName': 'foo', 'HostedZoneId': 'foo', 'ChangeBatch': { 'Changes': [{'ResourceRecordSet': 'foo'}] @@ -144,7 +146,11 @@ def get_op_ctx(self, operation): } _ctx.node.properties['client_config'] = \ {'region_name': 'eu-west-1'} - _ctx.node.properties['resource_config'] = {'kwargs': {}} + _ctx.node.properties['resource_config'] = { + 'UserPoolId': 'foo', + 'ProviderName': 'foo', + 'kwargs': {} + } _ctx.node.properties['log_create_response'] = False _ctx.node.properties['create_secret'] = False _ctx.node.properties['store_kube_config_in_runtime'] = \ diff --git a/cloudify_aws/common/utils.py b/cloudify_aws/common/utils.py index 1d5e9c9c..f79907e2 100644 --- a/cloudify_aws/common/utils.py +++ b/cloudify_aws/common/utils.py @@ -993,3 +993,12 @@ def check_drift(resource_type, iface, logger): class SkipWaitingOperation(Exception): pass + + +def delete_will_succeed(fn, params): + try: + fn(**params, dry_run=True) + except ClientError as e: + if 'would have succeeded' in str(e): + return True + return False diff --git a/cloudify_aws/ec2/resources/customer_gateway.py b/cloudify_aws/ec2/resources/customer_gateway.py index 6e25e2e3..2ff0d448 100644 --- a/cloudify_aws/ec2/resources/customer_gateway.py +++ b/cloudify_aws/ec2/resources/customer_gateway.py @@ -119,8 +119,9 @@ def create(ctx, iface, resource_config, **_): @decorators.wait_for_delete(status_deleted=['deleted'], status_pending=['available', 'deleting']) @decorators.untag_resources -def delete(iface, resource_config, **_): +def delete(iface, resource_config, dry_run=False, **_): """Deletes an AWS EC2 Customer Gateway""" + resource_config['DryRun'] = dry_run customer_gateway_id = resource_config.get(CUSTOMERGATEWAY_ID) diff --git a/cloudify_aws/ec2/resources/dhcp.py b/cloudify_aws/ec2/resources/dhcp.py index d44882b9..d609718c 100644 --- a/cloudify_aws/ec2/resources/dhcp.py +++ b/cloudify_aws/ec2/resources/dhcp.py @@ -110,7 +110,6 @@ def create(ctx, iface, resource_config, **_): waits_for_status=False) def delete(ctx, iface, resource_config, **_): """Deletes an AWS EC2 DhcpOptions""" - # Create a copy of the resource config for clean manipulation. dhcp_options_id = resource_config.get(DHCPOPTIONS_ID) diff --git a/cloudify_aws/ec2/resources/ebs.py b/cloudify_aws/ec2/resources/ebs.py index 11724270..65f8a254 100644 --- a/cloudify_aws/ec2/resources/ebs.py +++ b/cloudify_aws/ec2/resources/ebs.py @@ -149,7 +149,7 @@ def _attach_ebs(params, iface, _ctx): # Check if the resource attaching done if create_response: - _ctx.instance.runtime_properties['eps_attach'] =\ + _ctx.instance.runtime_properties['ebs_attach'] =\ utils.JsonCleanuper(create_response).to_dict() return create_response @@ -184,10 +184,10 @@ def _create_attachment(ctx, iface, resource_config): :param resource_config: """ response = _attach_ebs(resource_config, iface, ctx) - # Update the esp_id (volume_id) - esp_id = response.get(VOLUME_ID, '') - utils.update_resource_id(ctx.instance, esp_id) - iface.update_resource_id(esp_id) + # Update the ebs_id (volume_id) + ebs_id = response.get(VOLUME_ID, '') + utils.update_resource_id(ctx.instance, ebs_id) + iface.update_resource_id(ebs_id) def _delete_attachment(ctx, iface, **kwargs): @@ -261,19 +261,19 @@ def create(ctx, iface, resource_config, **_): '{0} ID# "{1}" reported an empty response'.format( RESOURCE_TYPE_VOLUME, iface.resource_id)) - ctx.instance.runtime_properties['eps_create'] = \ + ctx.instance.runtime_properties['ebs_create'] = \ utils.JsonCleanuper(create_response).to_dict() - # Update the esp_id (volume_id) - esp_id = create_response.get(VOLUME_ID, '') - utils.update_resource_id(ctx.instance, esp_id) - iface.update_resource_id(esp_id) + # Update the ebs_id (volume_id) + ebs_id = create_response.get(VOLUME_ID, '') + utils.update_resource_id(ctx.instance, ebs_id) + iface.update_resource_id(ebs_id) @decorators.aws_resource(EC2Volume, RESOURCE_TYPE_VOLUME, ignore_properties=True) @decorators.untag_resources -def delete(ctx, iface, resource_config, **_): +def delete(ctx, iface, resource_config, dry_run=False, **_): """ Deletes an AWS EC2 EBS Volume :param ctx: @@ -289,7 +289,7 @@ def delete(ctx, iface, resource_config, **_): volume_config = ctx.instance.runtime_properties['resource_config'] if isinstance(volume_config, dict): - deleted_params['DryRun'] = volume_config.get('DryRun') or False + deleted_params['DryRun'] = volume_config.get('DryRun') or dry_run iface.delete(deleted_params) @@ -377,3 +377,17 @@ def detach(ctx, iface, resource_config, **kwargs): :param _: """ _delete_attachment(ctx, iface, **kwargs) + + +@decorators.aws_resource(EC2VolumeAttachment, RESOURCE_TYPE_VOLUME_ATTACHMENT) +def poststart(ctx, iface, resource_config, **_): + """ + Attaches an AWS EC2 EBS Volume TO Instance + :param ctx: + :param iface: + :param resource_config: + :param _: + """ + + ctx.instance.runtime_properties['ebs_attach'] = utils.JsonCleanuper( + iface.properties).to_dict() diff --git a/cloudify_aws/ec2/resources/eni.py b/cloudify_aws/ec2/resources/eni.py index 550e736b..925ec04c 100644 --- a/cloudify_aws/ec2/resources/eni.py +++ b/cloudify_aws/ec2/resources/eni.py @@ -155,9 +155,10 @@ def create(ctx, iface, resource_config, **_): @decorators.aws_resource(EC2NetworkInterface, RESOURCE_TYPE, ignore_properties=True) @decorators.untag_resources -def delete(ctx, iface, resource_config, **_): +def delete(ctx, iface, resource_config, dry_run=False, **_): """Deletes an AWS EC2 NetworkInterface""" + resource_config['DryRun'] = dry_run # Create a copy of the resource config for clean manipulation. eni_id = resource_config.get(NETWORKINTERFACE_ID) diff --git a/cloudify_aws/ec2/resources/image.py b/cloudify_aws/ec2/resources/image.py index 96aab29e..a9a31e3a 100644 --- a/cloudify_aws/ec2/resources/image.py +++ b/cloudify_aws/ec2/resources/image.py @@ -131,6 +131,12 @@ def prepare(ctx, iface, resource_config, **_): if ctx.node.properties.get('use_external_resource'): ctx.instance.runtime_properties['resource_config'] = resource_config iface.prepare_describe_image_filter(resource_config) + try: + iface.properties.get(IMAGE_ID) + except AttributeError: + raise NonRecoverableError( + 'Failed to find AMI with parameters: {}'.format( + resource_config)) utils.update_resource_id(ctx.instance, iface.properties.get(IMAGE_ID)) @@ -162,7 +168,8 @@ def create(ctx, iface, resource_config, **_): def delete(ctx, iface, resource_config, **_): """delete/deregister an AWS EC2 Image""" if not ctx.node.properties.get('use_external_resource'): - params = {'ImageId': iface.resource_id} + dry_run = resource_config.get(DRY_RUN, False) + params = {'ImageId': iface.resource_id, 'DryRun': dry_run} try: iface.delete(params) except ClientError as e: diff --git a/cloudify_aws/ec2/resources/instances.py b/cloudify_aws/ec2/resources/instances.py index 7f14ab4a..79bbc103 100644 --- a/cloudify_aws/ec2/resources/instances.py +++ b/cloudify_aws/ec2/resources/instances.py @@ -260,9 +260,9 @@ def stop(ctx, iface, resource_config, **_): @decorators.wait_for_delete( status_deleted=[TERMINATED], status_pending=[PENDING, STOPPING, STOPPED, SHUTTING_DOWN]) -def delete(iface, resource_config, **_): +def delete(iface, resource_config, dry_run=False, **_): '''Deletes AWS EC2 Instances''' - + resource_config['DryRun'] = dry_run if MULTI_ID in ctx.instance.runtime_properties: resource_config[INSTANCE_IDS] = \ ctx.instance.runtime_properties[MULTI_ID] diff --git a/cloudify_aws/ec2/resources/internet_gateway.py b/cloudify_aws/ec2/resources/internet_gateway.py index 9190ae7a..604f15db 100644 --- a/cloudify_aws/ec2/resources/internet_gateway.py +++ b/cloudify_aws/ec2/resources/internet_gateway.py @@ -139,8 +139,9 @@ def create(ctx, iface, resource_config, **_): ignore_properties=True, waits_for_status=False) @decorators.untag_resources -def delete(iface, resource_config, **_): +def delete(iface, resource_config, dry_run=False, **_): '''Deletes an AWS EC2 Internet Gateway''' + resource_config['DryRun'] = dry_run internet_gateway_id = resource_config.get(INTERNETGATEWAY_ID) if not internet_gateway_id: internet_gateway_id = iface.resource_id diff --git a/cloudify_aws/ec2/resources/keypair.py b/cloudify_aws/ec2/resources/keypair.py index bb9a62cc..c0647e46 100644 --- a/cloudify_aws/ec2/resources/keypair.py +++ b/cloudify_aws/ec2/resources/keypair.py @@ -156,12 +156,12 @@ def create(ctx, iface, resource_config, **_): @decorators.aws_resource(EC2Keypair, RESOURCE_TYPE) @decorators.untag_resources -def delete(iface, resource_config, **_): +def delete(iface, resource_config, dry_run=False, **_): '''Deletes AWS EC2 Keypairs''' key_name = resource_config.get(KEYNAME, iface.resource_id) - iface.delete({KEYNAME: key_name}) + iface.delete({KEYNAME: key_name, 'DryRun': dry_run}) if ctx.node.properties['create_secret']: try: diff --git a/cloudify_aws/ec2/resources/nat_gateway.py b/cloudify_aws/ec2/resources/nat_gateway.py index 49f8fb52..8217aac3 100644 --- a/cloudify_aws/ec2/resources/nat_gateway.py +++ b/cloudify_aws/ec2/resources/nat_gateway.py @@ -152,9 +152,9 @@ def create(ctx, iface, resource_config, **_): status_deleted=['deleted'], status_pending=['deleting', 'pending', 'available']) @decorators.untag_resources -def delete(iface, resource_config, **_): +def delete(iface, resource_config, dry_run=False, **_): """Deletes an AWS EC2 NAT Gateway""" - + resource_config['DryRun'] = dry_run nat_gateway_id = resource_config.get(NATGATEWAY_ID) if not nat_gateway_id: diff --git a/cloudify_aws/ec2/resources/networkacl.py b/cloudify_aws/ec2/resources/networkacl.py index dee52b7c..e331ff1d 100644 --- a/cloudify_aws/ec2/resources/networkacl.py +++ b/cloudify_aws/ec2/resources/networkacl.py @@ -130,9 +130,9 @@ def create(ctx, iface, resource_config, **_): @decorators.aws_resource(EC2NetworkAcl, RESOURCE_TYPE, ignore_properties=True) @decorators.untag_resources -def delete(ctx, iface, resource_config, **_): +def delete(ctx, iface, resource_config, dry_run=False, **_): """Deletes an AWS EC2 NetworkAcl""" - + resource_config['DryRun'] = dry_run network_acl_id = resource_config.get(NETWORKACL_ID) if not network_acl_id: diff --git a/cloudify_aws/ec2/resources/route.py b/cloudify_aws/ec2/resources/route.py index 80ceb8e0..dfa382bb 100644 --- a/cloudify_aws/ec2/resources/route.py +++ b/cloudify_aws/ec2/resources/route.py @@ -155,7 +155,6 @@ def create(ctx, iface, resource_config, **_): waits_for_status=False) def delete(ctx, iface, resource_config, **_): '''Deletes an AWS EC2 Route''' - routetable_id = resource_config.get(ROUTETABLE_ID) if DESTINATION_CIDR_BLOCK in ctx.instance.runtime_properties: resource_config[DESTINATION_CIDR_BLOCK] = \ diff --git a/cloudify_aws/ec2/resources/routetable.py b/cloudify_aws/ec2/resources/routetable.py index 2c05b147..b2a91605 100644 --- a/cloudify_aws/ec2/resources/routetable.py +++ b/cloudify_aws/ec2/resources/routetable.py @@ -168,9 +168,9 @@ def create(ctx, iface, resource_config, **_): @decorators.aws_resource(EC2RouteTable, RESOURCE_TYPE, ignore_properties=True) @decorators.untag_resources -def delete(ctx, iface, resource_config, **_): +def delete(ctx, iface, resource_config, dry_run=False, **_): '''Deletes an AWS EC2 Route Table''' - + resource_config['DryRun'] = dry_run route_table_id = resource_config.get(ROUTETABLE_ID) if not route_table_id: resource_config[ROUTETABLE_ID] = \ diff --git a/cloudify_aws/ec2/resources/securitygroup.py b/cloudify_aws/ec2/resources/securitygroup.py index c82599bc..9fa12d7a 100644 --- a/cloudify_aws/ec2/resources/securitygroup.py +++ b/cloudify_aws/ec2/resources/securitygroup.py @@ -152,13 +152,18 @@ def create(ctx, iface, resource_config, **_): @decorators.aws_resource(EC2SecurityGroup, RESOURCE_TYPE) @decorators.untag_resources -def delete(ctx, iface, resource_config, **_): +def delete(ctx, iface, resource_config, dry_run=False, **_): '''Deletes an AWS EC2 Security Group''' - group_id = resource_config.get(GROUPID) if not group_id: group_id = iface.resource_id + if dry_run: + utils.exit_on_substring(iface, + 'delete', + {GROUPID: group_id, 'DryRun': dry_run}, + 'Request would have succeeded') + utils.exit_on_substring(iface, 'delete', {GROUPID: group_id}, diff --git a/cloudify_aws/ec2/resources/spot_fleet_request.py b/cloudify_aws/ec2/resources/spot_fleet_request.py index 42c6c6b5..2f7fda71 100644 --- a/cloudify_aws/ec2/resources/spot_fleet_request.py +++ b/cloudify_aws/ec2/resources/spot_fleet_request.py @@ -16,9 +16,14 @@ ~~~~~~~~~~~~~~ AWS EC2 VPC interface ''' +import re import time + # Third Party imports + +from datetime import datetime + from botocore.exceptions import ClientError from cloudify.exceptions import OperationRetry, NonRecoverableError @@ -40,6 +45,7 @@ SpotFleetRequestConfig = 'SpotFleetRequestConfig' SpotFleetRequestConfigs = 'SpotFleetRequestConfigs' LaunchSpecifications = 'LaunchSpecifications' +DATETIME_FORMAT = '%Y-%m-%d' class EC2SpotFleetRequest(EC2Base): @@ -65,7 +71,7 @@ def get(self, spot_fleet_request_ids=None): try: return self.make_client_call( 'describe_spot_fleet_requests', params) - except (NonRecoverableError): + except NonRecoverableError: return @property @@ -116,6 +122,14 @@ def list_spot_fleet_instances(self, params=None): params = params or {SpotFleetRequestId: self.resource_id} return self.make_client_call('describe_spot_fleet_instances', params) + def describe_spot_fleet_request_history(self, params=None): + ''' + Checks current instances of AWS EC2 Spot Fleet Request. + ''' + params = params or {SpotFleetRequestId: self.resource_id} + return self.make_client_call('describe_spot_fleet_request_history', + params) + @decorators.aws_resource(EC2SpotFleetRequest, resource_type=RESOURCE_TYPE, @@ -169,6 +183,25 @@ def poststart(ctx, iface, resource_config, wait_for_target_capacity=True, **_): active = spot_fleet_instances.get('ActiveInstances', []) if not len(active) == target_capacity: + + time_of_request = iface.properties.get( + 'CreateTime', "2022-09-13") + ctx.logger.info("time of request = {}".format(time_of_request)) + match = re.search(r'(\d+-\d+-\d+)', str(time_of_request)) + cleaned_time = match.group(1) + + date = datetime.strptime(cleaned_time, DATETIME_FORMAT) + params = { + "StartTime": date, + "SpotFleetRequestId": iface.resource_id + } + described_response = iface.describe_spot_fleet_request_history(params) + sfr_dict = described_response['HistoryRecords'] + + for dic in sfr_dict: + if dic['EventInformation']['EventSubType'] == 'launchSpecUnusable': + ctx.logger.error(dic['EventInformation']['EventDescription']) + raise OperationRetry( 'Waiting for active instance number to match target capacity.' ' Current instances: {}, Target: {}.'.format(len(active), @@ -185,19 +218,28 @@ def poststart(ctx, iface, resource_config, wait_for_target_capacity=True, **_): ignore_properties=True, waits_for_status=False) @decorators.untag_resources -def delete(iface, resource_config, terminate_instances=True, **_): +def delete( + iface, resource_config, terminate_instances=True, dry_run=False, **_): '''Deletes an AWS EC2 Vpc''' + resource_config['DryRun'] = dry_run params = dict() params.update({SpotFleetRequestIds: [iface.resource_id]}) params.update({'TerminateInstances': terminate_instances}) - try: - iface.delete(params) - except ClientError: - pass - finally: - if iface.active_instances: - raise OperationRetry( - 'Waiting while all spot fleet instances are terminated.') + params.update({'DryRun': dry_run}) + if dry_run: + utils.exit_on_substring(iface, + 'delete', + params, + 'Request would have succeeded') + else: + try: + iface.delete(params) + except ClientError: + pass + finally: + if iface.active_instances: + raise OperationRetry( + 'Waiting while all spot fleet instances are terminated.') def update_launch_spec_security_groups(groups): diff --git a/cloudify_aws/ec2/resources/spot_instances.py b/cloudify_aws/ec2/resources/spot_instances.py index c8c0cf38..48cbfcb1 100644 --- a/cloudify_aws/ec2/resources/spot_instances.py +++ b/cloudify_aws/ec2/resources/spot_instances.py @@ -180,10 +180,12 @@ def stop(ctx, iface, resource_config, **_): @decorators.aws_resource(EC2SpotInstances, RESOURCE_TYPE, waits_for_status=False) -@decorators.tag_resources -def delete(ctx, iface, resource_config, **_): +@decorators.untag_resources +def delete(ctx, iface, resource_config, dry_run=False, **_): '''Deletes an AWS EC2 Spot Instance Request''' - ctx.logger.info('Deleting spot instance request...') + resource_config['DryRun'] = dry_run + if not dry_run: + ctx.logger.info('Deleting spot instance request...') iface.delete(iface.prepare_request_id_param(resource_config)) diff --git a/cloudify_aws/ec2/resources/subnet.py b/cloudify_aws/ec2/resources/subnet.py index 161c887f..eb152a1e 100644 --- a/cloudify_aws/ec2/resources/subnet.py +++ b/cloudify_aws/ec2/resources/subnet.py @@ -112,8 +112,9 @@ def create(ctx, iface, resource_config, **_): @decorators.aws_resource(EC2Subnet, RESOURCE_TYPE, ignore_properties=True) @decorators.untag_resources -def delete(ctx, iface, resource_config, **_): +def delete(ctx, iface, resource_config, dry_run=False, **_): '''Deletes an AWS EC2 Subnet''' + resource_config['DryRun'] = dry_run subnet_id = resource_config.get(SUBNET_ID) if not subnet_id: resource_config[SUBNET_ID] = \ diff --git a/cloudify_aws/ec2/resources/tags.py b/cloudify_aws/ec2/resources/tags.py index 7020d910..5c3633cf 100644 --- a/cloudify_aws/ec2/resources/tags.py +++ b/cloudify_aws/ec2/resources/tags.py @@ -85,7 +85,6 @@ def create(ctx, iface, resource_config, **_): @decorators.aws_resource(EC2Tags, RESOURCE_TYPE, waits_for_status=False) def delete(ctx, iface, resource_config, **_): '''Deletes an AWS EC2 Tags''' - resources = resource_config.get('Resources') if not resources: targets = \ diff --git a/cloudify_aws/ec2/resources/transit_gateway.py b/cloudify_aws/ec2/resources/transit_gateway.py index 7a5b913c..e9089e96 100644 --- a/cloudify_aws/ec2/resources/transit_gateway.py +++ b/cloudify_aws/ec2/resources/transit_gateway.py @@ -168,9 +168,9 @@ def create(ctx, iface, resource_config, **_): ignore_properties=True, waits_for_status=False) @decorators.untag_resources -def delete(iface, resource_config, **_): +def delete(iface, resource_config, dry_run=False, **_): '''Deletes an AWS EC2 Transit Gateway''' - + resource_config['DryRun'] = dry_run if TG_ID not in resource_config: resource_config.update({TG_ID: iface.resource_id}) diff --git a/cloudify_aws/ec2/resources/transit_gateway_route.py b/cloudify_aws/ec2/resources/transit_gateway_route.py index 6cb46c79..05edb3f1 100644 --- a/cloudify_aws/ec2/resources/transit_gateway_route.py +++ b/cloudify_aws/ec2/resources/transit_gateway_route.py @@ -96,12 +96,13 @@ def create(ctx, iface, resource_config, **_): @decorators.aws_resource(EC2TransitGatewayRoute, RESOURCE_TYPE) -def delete(ctx, iface, resource_config, **_): +def delete(ctx, iface, resource_config, dry_run=False, **_): '''Deletes an AWS EC2 Transit Gateway Route''' routetable_id = get_routetable_id(ctx.instance, resource_config) request = { CIDR: resource_config.get(CIDR), - ROUTETABLE_ID: routetable_id + ROUTETABLE_ID: routetable_id, + 'DryRun': dry_run } # Actually create the resource response = iface.delete(request)[ROUTE] diff --git a/cloudify_aws/ec2/resources/transit_gateway_routetable.py b/cloudify_aws/ec2/resources/transit_gateway_routetable.py index 796a04b8..c44e3654 100644 --- a/cloudify_aws/ec2/resources/transit_gateway_routetable.py +++ b/cloudify_aws/ec2/resources/transit_gateway_routetable.py @@ -140,8 +140,9 @@ def create(ctx, iface, resource_config, **_): @decorators.aws_resource(EC2TransitGatewayRouteTable, RESOURCE_TYPE, ignore_properties=True) @decorators.untag_resources -def delete(ctx, iface, resource_config, **_): +def delete(ctx, iface, resource_config, dry_run=False, **_): '''Deletes an AWS EC2 Transit Gateway Route Table''' + resource_config['DryRun'] = dry_run resource_config[ROUTETABLE_ID] = iface.resource_id iface.delete(resource_config) diff --git a/cloudify_aws/ec2/resources/vpc.py b/cloudify_aws/ec2/resources/vpc.py index d7a18070..74a3d40a 100644 --- a/cloudify_aws/ec2/resources/vpc.py +++ b/cloudify_aws/ec2/resources/vpc.py @@ -22,8 +22,8 @@ from botocore.exceptions import ClientError -from cloudify.exceptions import NonRecoverableError, OperationRetry from cloudify.utils import exception_to_error_cause +from cloudify.exceptions import NonRecoverableError, OperationRetry # Local imports from cloudify_aws.ec2 import EC2Base @@ -78,7 +78,7 @@ def cleanup_vpc_internet_gateways(self, vpc=None): Filters=[{'Name': 'attachment.vpc-id', 'Values': [vpc]}]) for ig in igs.get('InternetGateways', []): self.client.detach_internet_gateway( - InternetGatewayId=ig.get('InternetGatewayId')) + InternetGatewayId=ig.get('InternetGatewayId'), VpcId=vpc) def cleanup_vpc_route_tables(self, vpc=None): vpc = vpc or self.resource_id @@ -209,9 +209,9 @@ def check_drift(ctx, iface=None, **_): @decorators.aws_resource(EC2Vpc, RESOURCE_TYPE, ignore_properties=True) @decorators.untag_resources -def delete(iface, resource_config, **_): +def delete(iface, resource_config, dry_run=False, **_): '''Deletes an AWS EC2 Vpc''' - + resource_config['DryRun'] = dry_run if VPC_ID not in resource_config: resource_config.update({VPC_ID: iface.resource_id}) diff --git a/cloudify_aws/ec2/resources/vpc_peering.py b/cloudify_aws/ec2/resources/vpc_peering.py index 0a5fe8e1..c7f7af31 100644 --- a/cloudify_aws/ec2/resources/vpc_peering.py +++ b/cloudify_aws/ec2/resources/vpc_peering.py @@ -176,7 +176,7 @@ def modify(ctx, iface, resource_config, **_): @decorators.aws_resource(EC2VpcPeering, RESOURCE_TYPE) @decorators.untag_resources -def delete(ctx, iface, resource_config, **_): +def delete(ctx, iface, resource_config, dry_run=False, **_): """Deletes an AWS EC2 Vpc""" deleted_params = dict() @@ -185,7 +185,7 @@ def delete(ctx, iface, resource_config, **_): ctx.instance.runtime_properties[constants.EXTERNAL_RESOURCE_ID] if resource_config: - deleted_params['DryRun'] = resource_config.get('DryRun') or False + deleted_params['DryRun'] = resource_config.get('DryRun') or dry_run if resource_id: deleted_params[VPC_PEERING_CONNECTION_ID] = resource_id diff --git a/cloudify_aws/ec2/resources/vpn_gateway.py b/cloudify_aws/ec2/resources/vpn_gateway.py index 3c1a8854..092aec7f 100644 --- a/cloudify_aws/ec2/resources/vpn_gateway.py +++ b/cloudify_aws/ec2/resources/vpn_gateway.py @@ -114,8 +114,9 @@ def create(ctx, iface, resource_config, **_): @decorators.wait_for_delete(status_deleted=['deleted'], status_pending=['available', 'deleting']) @decorators.untag_resources -def delete(iface, resource_config, **_): +def delete(iface, resource_config, dry_run=False, **_): """Deletes an AWS EC2 VPN Gateway""" + resource_config['DryRun'] = dry_run vpn_gateway_id = resource_config.get(VPNGATEWAY_ID) diff --git a/cloudify_aws/ec2/tests/test_vpn_connection.py b/cloudify_aws/ec2/tests/test_vpn_connection.py index 77b997a8..9697b290 100644 --- a/cloudify_aws/ec2/tests/test_vpn_connection.py +++ b/cloudify_aws/ec2/tests/test_vpn_connection.py @@ -17,12 +17,13 @@ # Third party imports from mock import patch, MagicMock +from cloudify.state import current_ctx # Local imports +from cloudify_aws.common import constants from cloudify_aws.common._compat import reload_module -from cloudify_aws.ec2.resources.vpn_connection import EC2VPNConnection from cloudify_aws.ec2.resources import vpn_connection -from cloudify_aws.common import constants +from cloudify_aws.ec2.resources.vpn_connection import EC2VPNConnection from cloudify_aws.common.tests.test_base import ( TestBase, mock_decorator @@ -34,6 +35,7 @@ class TestEC2VPNConnection(TestBase): def setUp(self): super(TestEC2VPNConnection, self).setUp() ctx = self.get_mock_ctx("TestEC2VPNConnection") + current_ctx.set(ctx) self.vpn_connection = EC2VPNConnection(ctx.node, resource_id='foo', client=None, logger=None) mock1 = patch('cloudify_aws.common.decorators.aws_resource', diff --git a/cloudify_aws/iam/resources/role.py b/cloudify_aws/iam/resources/role.py index 79f11c85..775b81bd 100644 --- a/cloudify_aws/iam/resources/role.py +++ b/cloudify_aws/iam/resources/role.py @@ -19,11 +19,11 @@ from json import dumps as json_dumps from botocore.exceptions import ClientError +from cloudify.exceptions import NonRecoverableError # Cloudify -from cloudify.exceptions import NonRecoverableError -from cloudify_aws.common import decorators, utils from cloudify_aws.iam import IAMBase +from cloudify_aws.common import decorators, utils RESOURCE_TYPE = 'IAM Role' RESOURCE_NAME = 'RoleName' @@ -147,6 +147,9 @@ def create(ctx, iface, resource_config, params, **_): utils.update_resource_id(ctx.instance, resource_id) utils.update_resource_arn( ctx.instance, create_response['Role']['Arn']) + create_response.pop('ResponseMetadata', None) + ctx.instance.runtime_properties['create_response'] = \ + utils.JsonCleanuper(create_response).to_dict() # attach policy role policies_arn = [] diff --git a/cloudify_aws/iam/tests/test_role.py b/cloudify_aws/iam/tests/test_role.py index 71ea91a4..3dcfe388 100644 --- a/cloudify_aws/iam/tests/test_role.py +++ b/cloudify_aws/iam/tests/test_role.py @@ -75,7 +75,13 @@ RUNTIME_PROPERTIES_AFTER_CREATE = { 'aws_resource_arn': 'arn_id', 'aws_resource_id': 'role_name_id', - 'resource_config': {} + 'resource_config': {}, + 'create_response': { + 'Role': { + 'RoleName': 'role_name_id', + 'Arn': 'arn_id' + } + } } @@ -172,7 +178,10 @@ def test_create(self): AssumeRolePolicyDocument=ASSUME_STR, Path='/service-role/', RoleName='aws_resource') - + # raise Exception('{} != {}'.format( + # _ctx.instance.runtime_properties, + # RUNTIME_PROPERTIES_AFTER_CREATE + # )) self.assertEqual( _ctx.instance.runtime_properties, RUNTIME_PROPERTIES_AFTER_CREATE diff --git a/cloudify_aws/s3/resources/bucket.py b/cloudify_aws/s3/resources/bucket.py index 7563ad89..55780dd1 100644 --- a/cloudify_aws/s3/resources/bucket.py +++ b/cloudify_aws/s3/resources/bucket.py @@ -104,6 +104,9 @@ def create(ctx, iface, resource_config, params, **_): if params['CreateBucketConfiguration'].get( 'LocationConstraint') == 'us-east-1': del params['CreateBucketConfiguration']['LocationConstraint'] + # to avoid malformed XML because of empty dict + if not params['CreateBucketConfiguration']: + del params['CreateBucketConfiguration'] # Actually create the resource bucket = iface.create(params) diff --git a/cloudify_aws/workflows/tests/test_discover.py b/cloudify_aws/workflows/tests/test_discover.py index 6333bc82..5650769c 100644 --- a/cloudify_aws/workflows/tests/test_discover.py +++ b/cloudify_aws/workflows/tests/test_discover.py @@ -1,4 +1,5 @@ from unittest import TestCase +from cloudify.state import current_ctx from mock import patch, call, MagicMock from .. import resources, discover @@ -169,6 +170,7 @@ def test_get_resources(self, *_): } expected = {'region1': {'AWS::EKS::CLUSTER': {}}, 'region2': {'AWS::EKS::CLUSTER': {}}} + current_ctx.set(mock_ctx) self.assertEqual(resources.get_resources(**params), expected) @patch('cloudify_aws.common.connection.boto3') diff --git a/examples/cognito-feature-demo/blueprint.yaml b/examples/cognito-feature-demo/blueprint.yaml new file mode 100644 index 00000000..fe2cac7e --- /dev/null +++ b/examples/cognito-feature-demo/blueprint.yaml @@ -0,0 +1,229 @@ +tosca_definitions_version: cloudify_dsl_1_4 + +description: > + Example blueprint demonstrating congito configuraton. + +imports: + - http://cloudify.co/spec/cloudify/6.4.0/types.yaml + - plugin:cloudify-aws-plugin + +inputs: + + aws_region_name: + type: string + default: 'us-east-2' + +dsl_definitions: + + client_config: &client_config + aws_access_key_id: { get_secret: aws_access_key_id } + aws_secret_access_key: { get_secret: aws_secret_access_key } + region_name: { get_input: aws_region_name } + +node_templates: + + # SNS Component + + sns_policy: + type: cloudify.nodes.aws.iam.Policy + properties: + client_config: *client_config + resource_config: + PolicyName: CognitoSNSPolicy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: sns:publish + Resource: "*" + + sns_role: + type: cloudify.nodes.aws.iam.Role + properties: + client_config: *client_config + resource_config: + RoleName: SNSRole + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: + - cognito-idp.amazonaws.com + Action: + - sts:AssumeRole + relationships: + - type: cloudify.relationships.aws.iam.role.connected_to + target: sns_policy + + user_pool: + type: cloudify.nodes.aws.cognitoidp.UserPool + properties: + client_config: *client_config + resource_config: + PoolName: MyUserPoolApp + AutoVerifiedAttributes: + - phone_number + MfaConfiguration: 'ON' + SmsConfiguration: + ExternalId: MyUserPoolApp-external + SnsCallerArn: { get_attribute: [ sns_role, aws_resource_arn ] } + Schema: + - Name: name + AttributeDataType: String + Mutable: true + Required: true + - Name: email + AttributeDataType: String + Mutable: false + Required: true + - Name: phone_number + AttributeDataType: String + Mutable: false + Required: true + - Name: slackId + AttributeDataType: String + Mutable: true + relationships: + - type: cloudify.relationships.depends_on + target: sns_role + + user_pool_client: + type: cloudify.nodes.aws.cognitoidp.UserPoolClient + properties: + client_config: *client_config + resource_config: + ClientName: MyUserPoolClient + GenerateSecret: true + UserPoolId: { get_attribute: [ user_pool, aws_resource_id ] } + relationships: + - type: cloudify.relationships.depends_on + target: user_pool + + identity_pool_provider: + type: cloudify.nodes.aws.cognitoidp.IdentityProvider + properties: + client_config: *client_config + resource_config: + UserPoolId: { get_attribute: [ user_pool, create_response, UserPool, Id ] } + ProviderName: LoginWithAmazon + ProviderDetails: + client_id: { get_attribute: [ user_pool_client, create_response, UserPoolClient, ClientId ] } + client_secret: { get_attribute: [ user_pool_client, create_response, UserPoolClient, ClientSecret ] } + authorize_scopes: profile postal_code + ProviderType: LoginWithAmazon + AttributeMapping: + email: email + phone_number: phone_number + name: name + relationships: + - type: cloudify.relationships.depends_on + target: user_pool_client + + identity_pool: + type: cloudify.nodes.aws.cognito.IdentityPool + properties: + client_config: *client_config + resource_config: + IdentityPoolName: MyUserPoolIdentityPool + AllowUnauthenticatedIdentities: true + SupportedLoginProviders: + 'www.amazon.com': { get_attribute: [ user_pool_client, create_response, UserPoolClient, ClientId ] } + CognitoIdentityProviders: + - ClientId: { get_attribute: [ user_pool_client, create_response, UserPoolClient, ClientId ] } + ProviderName: { concat: [ 'cognito-idp.', { get_input: aws_region_name }, '.amazonaws.com/', { get_attribute: [ identity_pool_provider, create_response, IdentityProvider, UserPoolId ] } ] } + relationships: + - type: cloudify.relationships.depends_on + target: identity_pool_provider + - type: cloudify.relationships.depends_on + target: user_pool_client + + # Unauth Component + + unauth_policy: + type: cloudify.nodes.aws.iam.Policy + properties: + client_config: *client_config + resource_config: + PolicyName: CognitoUnauthorizedPolicy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - mobileanalytics:PutEvents + - cognito-sync:* + Resource: "*" + relationships: + - type: cloudify.relationships.depends_on + target: identity_pool + + unauthenticated: + type: cloudify.nodes.aws.iam.Role + properties: + client_config: *client_config + resource_config: + RoleName: CognitoUnAuthRole + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Federated: cognito-identity.amazonaws.com + Action: + - sts:AssumeRoleWithWebIdentity + Condition: + StringEquals: + cognito-identity.amazonaws.com:aud: { get_attribute: [ identity_pool, aws_resource_id ] } + ForAnyValue:StringLike: + cognito-identity.amazonaws.com:amr: unauthenticated + relationships: + - type: cloudify.relationships.aws.cognito.set_identity_pool_roles + target: identity_pool + - type: cloudify.relationships.aws.iam.role.connected_to + target: unauth_policy + + # Auth Component + + auth_policy: + type: cloudify.nodes.aws.iam.Policy + properties: + client_config: *client_config + resource_config: + PolicyName: CognitoAuthorizedPolicy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - mobileanalytics:PutEvents + - cognito-sync:* + Resource: "*" + relationships: + - type: cloudify.relationships.depends_on + target: identity_pool + + authenticated: + type: cloudify.nodes.aws.iam.Role + properties: + client_config: *client_config + resource_config: + RoleName: CognitoAuthRole + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Federated: cognito-identity.amazonaws.com + Action: + - sts:AssumeRoleWithWebIdentity + Condition: + StringEquals: + cognito-identity.amazonaws.com:aud: { get_attribute: [ identity_pool, aws_resource_id ] } + ForAnyValue:StringLike: + cognito-identity.amazonaws.com:amr: authenticated + relationships: + - type: cloudify.relationships.aws.cognito.set_identity_pool_roles + target: identity_pool + - type: cloudify.relationships.aws.iam.role.connected_to + target: auth_policy diff --git a/examples/ec2-image-feature-demo/blueprint.yaml b/examples/ec2-image-feature-demo/blueprint.yaml index 77c4f75b..8d60b588 100644 --- a/examples/ec2-image-feature-demo/blueprint.yaml +++ b/examples/ec2-image-feature-demo/blueprint.yaml @@ -26,7 +26,7 @@ inputs: ami_name_filter: type: string description: The name of the AWS AMI in the AWS region. - default: 'CentOS 7.7.1908 x86_64 with cloud-init (HVM)' + default: 'CentOS 7.9.2009 - HVM' dsl_definitions: diff --git a/examples/ec2-spot-fleet-request/instance.yaml b/examples/ec2-spot-fleet-request/instance.yaml index 2b635d87..04bad5f1 100644 --- a/examples/ec2-spot-fleet-request/instance.yaml +++ b/examples/ec2-spot-fleet-request/instance.yaml @@ -27,7 +27,7 @@ inputs: ami_name_filter: type: string description: The name of the AWS AMI in the AWS region. - default: 'CentOS 7.7.1908 x86_64 with cloud-init (HVM)' + default: 'CentOS 7.9.2009 - HVM' instance_type: type: string diff --git a/ignore_plugin_yaml_differences b/ignore_plugin_yaml_differences index cb5a5713..a73c8d5e 100644 --- a/ignore_plugin_yaml_differences +++ b/ignore_plugin_yaml_differences @@ -1 +1 @@ -{'values_changed': {"root['workflows']['discover_and_deploy']['parameters']['blueprint_id']['type']": {'new_value': 'Blueprint_ID', 'old_value': 'string'}}} \ No newline at end of file +{'dictionary_item_added': [root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['Policies']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['LambdaConfig']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['AutoVerifiedAttributes']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['AliasAttributes']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['UsernameAttributes']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['VerificationMessageTemplate']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['UserAttributeUpdateSettings']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['DeviceConfiguration']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['EmailConfiguration']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['SmsConfiguration']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['UserPoolTags']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['AdminCreateUserConfig']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['Schema']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['UserPoolAddOns']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['UsernameConfiguration']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPool.config']['properties']['AccountRecoverySetting']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPoolClient.config']['properties']['TokenValidityUnits']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPoolClient.config']['properties']['ReadAttributes']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPoolClient.config']['properties']['CallbackURLs']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPoolClient.config']['properties']['ExplicitAuthFlows']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPoolClient.config']['properties']['SupportedIdentityProviders']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPoolClient.config']['properties']['LogoutURLs']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPoolClient.config']['properties']['AllowedOAuthFlows']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPoolClient.config']['properties']['AllowedOAuthScopes']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.UserPoolClient.config']['properties']['AnalyticsConfiguration']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.IdentityProvider.config']['properties']['ProviderDetails']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.IdentityProvider.config']['properties']['AttributeMapping']['type'], root['data_types']['cloudify.datatypes.aws.cognitoidp.IdentityProvider.config']['properties']['IdpIdentifiers']['type'], root['data_types']['cloudify.datatypes.aws.cognito.IdentityPool.config']['properties']['SupportedLoginProviders']['type'], root['data_types']['cloudify.datatypes.aws.cognito.IdentityPool.config']['properties']['OpenIdConnectProviderARNs']['type'], root['data_types']['cloudify.datatypes.aws.cognito.IdentityPool.config']['properties']['CognitoIdentityProviders']['type'], root['data_types']['cloudify.datatypes.aws.cognito.IdentityPool.config']['properties']['SamlProviderARNs']['type'], root['data_types']['cloudify.datatypes.aws.cognito.IdentityPool.config']['properties']['IdentityPoolTags']['type']]} diff --git a/plugin.yaml b/plugin.yaml index 17306d3a..f1d7fdb5 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -2,7 +2,11 @@ plugins: aws: executor: central_deployment_agent package_name: cloudify-aws-plugin - package_version: '3.0.10' +<<<<<<< HEAD + package_version: '3.0.11' +======= + package_version: '3.1.0' +>>>>>>> 26bf4b7 (support cognito) data_types: @@ -248,7 +252,7 @@ data_types: Path: type: string description: The path to the policy. - required: true + required: false PolicyDocument: type: string description: The policy document. @@ -1253,6 +1257,171 @@ data_types: description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/codepipeline.html#CodePipeline.Client.create_pipeline default: {} + cloudify.datatypes.aws.cognitoidp.UserPool.config: + properties: + PoolName: + type: string + description: The name of the user pool + required: true + Policies: + required: false + LambdaConfig: + required: false + AutoVerifiedAttributes: + required: false + AliasAttributes: + required: false + UsernameAttributes: + required: false + SmsVerificationMessage: + type: string + required: false + EmailVerificationMessage: + type: string + required: false + EmailVerificationSubject: + type: string + required: false + VerificationMessageTemplate: + required: false + SmsAuthenticationMessage: + type: string + required: false + MfaConfiguration: + type: string + UserAttributeUpdateSettings: + required: false + DeviceConfiguration: + required: false + EmailConfiguration: + required: false + SmsConfiguration: + required: false + UserPoolTags: + required: false + AdminCreateUserConfig: + required: false + Schema: + required: false + UserPoolAddOns: + required: false + UsernameConfiguration: + required: false + AccountRecoverySetting: + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_user_pool + default: {} + + cloudify.datatypes.aws.cognitoidp.UserPoolClient.config: + properties: + UserPoolId: + type: string + required: true + ClientName: + type: string + required: true + GenerateSecret: + type: boolean + required: false + RefreshTokenValidity: + type: integer + required: false + AccessTokenValidity: + type: integer + required: false + IdTokenValidity: + type: integer + required: false + TokenValidityUnits: + required: false + ReadAttributes: + required: false + CallbackURLs: + required: false + ExplicitAuthFlows: + required: false + SupportedIdentityProviders: + required: false + LogoutURLs: + required: false + DefaultRedirectURI: + type: string + required: false + AllowedOAuthFlows: + required: false + AllowedOAuthScopes: + required: false + AllowedOAuthFlowsUserPoolClient: + type: boolean + required: false + AnalyticsConfiguration: + required: false + PreventUserExistenceErrors: + type: string + required: false + EnableTokenRevocation: + type: boolean + required: false + EnablePropagateAdditionalUserContextData: + type: boolean + required: false + AuthSessionValidity: + type: integer + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_user_pool_client + default: {} + + cloudify.datatypes.aws.cognitoidp.IdentityProvider.config: + properties: + UserPoolId: + type: string + required: true + ProviderName: + type: string + required: true + ProviderType: + type: string + required: true + ProviderDetails: + required: true + AttributeMapping: + required: false + IdpIdentifiers: + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_identity_provider + default: {} + + cloudify.datatypes.aws.cognito.IdentityPool.config: + properties: + IdentityPoolName: + type: string + required: true + AllowUnauthenticatedIdentities: + type: boolean + required: true + AllowClassicFlow: + type: boolean + required: false + SupportedLoginProviders: + required: false + DeveloperProviderName: + type: string + required: false + OpenIdConnectProviderARNs: + required: false + CognitoIdentityProviders: + required: false + SamlProviderARNs: + required: false + IdentityPoolTags: + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-identity.html#CognitoIdentity.Client.create_identity_pool + default: {} + dsl_definitions: use_external_resource_desc: &use_external_resource_desc > @@ -3227,6 +3396,9 @@ node_types: create: implementation: aws.cloudify_aws.ec2.resources.ebs.create inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.ec2.resources.ebs.poststart + inputs: *operation_inputs delete: implementation: aws.cloudify_aws.ec2.resources.ebs.delete inputs: *operation_inputs @@ -3857,6 +4029,98 @@ node_types: implementation: aws.cloudify_aws.codepipeline.resources.pipeline.execute inputs: *operation_inputs + cloudify.nodes.aws.cognitoidp.UserPool: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.UserPool.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.user_pool.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.user_pool.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.user_pool.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognitoidp.UserPoolClient: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.UserPoolClient.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognitoidp.IdentityProvider: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.IdentityProvider.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognito.IdentityPool: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognito.IdentityPool.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.delete + inputs: *operation_inputs + cloudify.nodes.resources.AmazonWebServices: derived_from: cloudify.nodes.Root properties: @@ -3991,6 +4255,14 @@ relationships: unlink: { implementation: aws.cloudify_aws.iam.resources.role.detach_from } + cloudify.relationships.aws.cognito.set_identity_pool_roles: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.cognito.resources.identity_pool.set } + unlink: { implementation: aws.cloudify_aws.cognito.resources.identity_pool.unset } + + #### # AWS Lambda #### diff --git a/plugin_1_4.yaml b/plugin_1_4.yaml index 51b1fa23..3a61e090 100644 --- a/plugin_1_4.yaml +++ b/plugin_1_4.yaml @@ -2,7 +2,11 @@ plugins: aws: executor: central_deployment_agent package_name: cloudify-aws-plugin - package_version: '3.0.10' +<<<<<<< HEAD + package_version: '3.0.11' +======= + package_version: '3.1.0' +>>>>>>> 26bf4b7 (support cognito) data_types: @@ -248,7 +252,7 @@ data_types: Path: type: string description: The path to the policy. - required: true + required: false PolicyDocument: type: string description: The policy document. @@ -1253,6 +1257,204 @@ data_types: description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/codepipeline.html#CodePipeline.Client.create_pipeline default: {} + cloudify.datatypes.aws.cognitoidp.UserPool.config: + properties: + PoolName: + type: string + description: The name of the user pool + required: true + Policies: + type: dict + required: false + LambdaConfig: + type: dict + required: false + AutoVerifiedAttributes: + type: list + required: false + AliasAttributes: + type: list + required: false + UsernameAttributes: + type: list + required: false + SmsVerificationMessage: + type: string + required: false + EmailVerificationMessage: + type: string + required: false + EmailVerificationSubject: + type: string + required: false + VerificationMessageTemplate: + type: dict + required: false + SmsAuthenticationMessage: + type: string + required: false + MfaConfiguration: + type: string + UserAttributeUpdateSettings: + type: dict + required: false + DeviceConfiguration: + type: dict + required: false + EmailConfiguration: + type: dict + required: false + SmsConfiguration: + type: dict + required: false + UserPoolTags: + type: dict + required: false + AdminCreateUserConfig: + type: dict + required: false + Schema: + type: list + required: false + UserPoolAddOns: + type: dict + required: false + UsernameConfiguration: + type: dict + required: false + AccountRecoverySetting: + type: dict + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_user_pool + default: {} + + cloudify.datatypes.aws.cognitoidp.UserPoolClient.config: + properties: + UserPoolId: + type: string + required: true + ClientName: + type: string + required: true + GenerateSecret: + type: boolean + required: false + RefreshTokenValidity: + type: integer + required: false + AccessTokenValidity: + type: integer + required: false + IdTokenValidity: + type: integer + required: false + TokenValidityUnits: + type: dict + required: false + ReadAttributes: + type: list + required: false + CallbackURLs: + type: list + required: false + ExplicitAuthFlows: + type: list + required: false + SupportedIdentityProviders: + type: list + required: false + LogoutURLs: + type: list + required: false + DefaultRedirectURI: + type: string + required: false + AllowedOAuthFlows: + type: list + required: false + AllowedOAuthScopes: + type: list + required: false + AllowedOAuthFlowsUserPoolClient: + type: boolean + required: false + AnalyticsConfiguration: + type: dict + required: false + PreventUserExistenceErrors: + type: string + required: false + EnableTokenRevocation: + type: boolean + required: false + EnablePropagateAdditionalUserContextData: + type: boolean + required: false + AuthSessionValidity: + type: integer + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_user_pool_client + default: {} + + cloudify.datatypes.aws.cognitoidp.IdentityProvider.config: + properties: + UserPoolId: + type: string + required: true + ProviderName: + type: string + required: true + ProviderType: + type: string + required: true + ProviderDetails: + type: dict + required: true + AttributeMapping: + type: dict + required: false + IdpIdentifiers: + type: list + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_identity_provider + default: {} + + cloudify.datatypes.aws.cognito.IdentityPool.config: + properties: + IdentityPoolName: + type: string + required: true + AllowUnauthenticatedIdentities: + type: boolean + required: true + AllowClassicFlow: + type: boolean + required: false + SupportedLoginProviders: + type: dict + required: false + DeveloperProviderName: + type: string + required: false + OpenIdConnectProviderARNs: + type: list + required: false + CognitoIdentityProviders: + type: list + required: false + SamlProviderARNs: + type: list + required: false + IdentityPoolTags: + type: dict + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-identity.html#CognitoIdentity.Client.create_identity_pool + default: {} + dsl_definitions: use_external_resource_desc: &use_external_resource_desc > @@ -3227,6 +3429,9 @@ node_types: create: implementation: aws.cloudify_aws.ec2.resources.ebs.create inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.ec2.resources.ebs.poststart + inputs: *operation_inputs delete: implementation: aws.cloudify_aws.ec2.resources.ebs.delete inputs: *operation_inputs @@ -3857,6 +4062,99 @@ node_types: implementation: aws.cloudify_aws.codepipeline.resources.pipeline.execute inputs: *operation_inputs + + cloudify.nodes.aws.cognitoidp.UserPool: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.UserPool.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.user_pool.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.user_pool.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.user_pool.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognitoidp.UserPoolClient: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.UserPoolClient.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognitoidp.IdentityProvider: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.IdentityProvider.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognito.IdentityPool: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognito.IdentityPool.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.delete + inputs: *operation_inputs + cloudify.nodes.resources.AmazonWebServices: derived_from: cloudify.nodes.Root properties: @@ -3990,6 +4288,13 @@ relationships: establish: { implementation: aws.cloudify_aws.iam.resources.role.attach_to } unlink: { implementation: aws.cloudify_aws.iam.resources.role.detach_from } + cloudify.relationships.aws.cognito.set_identity_pool_roles: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.cognito.resources.identity_pool.set } + unlink: { implementation: aws.cloudify_aws.cognito.resources.identity_pool.unset } + #### # AWS Lambda diff --git a/plugin_1_5.yaml b/plugin_1_5.yaml new file mode 100644 index 00000000..bc5323c6 --- /dev/null +++ b/plugin_1_5.yaml @@ -0,0 +1,4662 @@ +plugins: + aws: + executor: central_deployment_agent + package_name: cloudify-aws-plugin + package_version: '3.1.0' + properties_description: | + Manage AWS resources. + Credentials documentation: https://docs.cloudify.co/latest/working_with/official_plugins/infrastructure/aws/#authentication-with-aws. + properties: + aws_session_token: + type: string + display_label: AWS session token + description: Session token. + aws_access_key_id: + type: string + display_label: AWS Access Key ID + description: The ID of your AWS ACCESS KEY ID. + aws_secret_access_key: + type: string + display_label: AWS Secret Access Key + description: The ID of your AWS SECRET ACCESS KEY. + region_name: + type: string + display_label: AWS Region name + description: | + The server region name, such as us-east-1. + (Not us-east-1b, which is an availability zone, or + US East, which is a Region.) + endpoint_url: + type: string + display_label: AWS Endpoint URL + description: | + The complete URL to use for the constructed + client. Normally, botocore will automatically construct the + appropriate URL to use when communicating with a service. You + can specify a complete URL (including the "http/https" scheme) + to override this behavior. If this value is provided, + then ``use_ssl`` is ignored. + api_version: + type: string + display_label: AWS API Version + description: The API Version to use, if not latest. + assume_role: + type: string + display_label: AWS assume role + description: The role ARN that Cloudify manager instance is able to assume. + additional_config: + type: dict + display_label: Additional config + description: | + An abstraction of the 'config' parameter accepted by boto3.client function. + This parameter should only be used by experienced users. Example usage: + vm: + type: cloudify.nodes.aws.ec2.Instances + properties: + client_config: + additional_config: + retries: + max_attempts: 10 + mode: adaptive + +data_types: + + cloudify.datatypes.swift.Connection: + properties: + swift_username: + description: > + The USERNAME of your Swift. + type: string + required: true + swift_password: + description: > + The PASSWORD of your Swift. + type: string + required: true + swift_auth_url: + description: > + The auth url in order to authenticate against and generate token + type: string + required: true + swift_region_name: + description: > + The server region name, such as us-east-1. + (Not us-east-1b, which is an availability zone, or + US East, which is a Region.) + type: string + required: true + + cloudify.datatypes.aws.ConnectionConfig: + properties: &aws_plugin_connection_config + aws_session_token: + type: string + description: Session token. + required: false + aws_access_key_id: + type: string + description: The ID of your AWS ACCESS KEY ID. + required: false + aws_secret_access_key: + type: string + description: The ID of your AWS SECRET ACCESS KEY. + region_name: + type: string + description: | + The server region name, such as us-east-1. + (Not us-east-1b, which is an availability zone, or + US East, which is a Region.) + required: true + endpoint_url: + type: string + description: | + The complete URL to use for the constructed + client. Normally, botocore will automatically construct the + appropriate URL to use when communicating with a service. You + can specify a complete URL (including the "http/https" scheme) + to override this behavior. If this value is provided, + then ``use_ssl`` is ignored. + required: false + api_version: + type: string + description: The API Version to use, if not latest. + required: false + assume_role: + type: string + description: The role ARN that Cloudify manager instance is able to assume. + required: false + additional_config: + type: dict + description: | + An abstraction of the 'config' parameter accepted by boto3.client function. + This parameter should only be used by experienced users. Example usage: + vm: + type: cloudify.nodes.aws.ec2.Instances + properties: + client_config: + additional_config: + retries: + max_attempts: 10 + mode: adaptive + required: false + + cloudify.datatypes.aws.dynamodb.Table.config: + properties: + TableName: + description: The name of the table to create. + type: string + required: true + AttributeDefinitions: + description: An array of attributes that describe the key schema (dict) for the table and indexes. Keys are AttributeName, AttributeType. + default: [] + KeySchema: + description: Specifies the attributes that make up the primary key for a table or an index. The attributes in KeySchema must also be defined in the AttributeDefinitions array. For more information, see Data Model in the Amazon DynamoDB Developer Guide . + default: [] + LocalSecondaryIndexes: + description: One or more local secondary indexes (the maximum is five) to be created on the table. Each index is scoped to a given partition key value. There is a 10 GB size limit per partition key value; otherwise, the size of a local secondary index is unconstrained. + default: [] + GlobalSecondaryIndexes: + description: One or more global secondary indexes (the maximum is five) to be created on the table.. + default: [] + BillingMode: + description: Controls how you are charged for read and write throughput and how you manage capacity. This setting can be changed later. Either 'PROVISIONED' or 'PAY_PER_REQUEST'. + type: string + required: false + ProvisionedThroughput: + description: Represents the provisioned throughput settings for a specified table or index. The settings can be modified using the UpdateTable operation. + default: {} + StreamSpecification: + description: The settings for DynamoDB Streams on the table. + default: {} + SSESpecification: + description: Represents the settings used to enable server-side encryption. + default: {} + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#DynamoDB.Client.create_table + default: {} + + cloudify.datatypes.aws.iam.Group.config: + properties: + Path: + description: The path to the group. For more information about paths, see IAM Identifiers in the IAM User Guide. + type: string + required: false + GroupName: + description: The name of the group to create. Do not include the path in this value. + type: string + required: true + default: 'cfy_CloudifyGroup' + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.create_group + default: {} + + cloudify.datatypes.aws.iam.AccessKey.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.create_access_key + default: {} + + cloudify.datatypes.aws.iam.LoginProfile.config: + properties: + UserName: + type: string + description: The name of the IAM user that the new key will belong to. + required: false + Password: + type: string + description: The new password for the user. + required: false + PasswordResetRequired: + type: boolean + description: Specifies whether the user is required to set a new password on next sign-in. + required: false + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.create_login_profile + default: {} + + cloudify.datatypes.aws.iam.User.config: + properties: + UserName: + type: string + description: The name of the IAM user that the new key will belong to. + required: false + Path: + description: The path to the user. For more information about paths, see IAM Identifiers in the IAM User Guide. + type: string + required: false + PermissionsBoundary: + description: The ARN of the policy that is used to set the permissions boundary for the user. + type: string + required: false + Tags: + description: A list of tags that you want to attach to the newly created user. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM Identities in the IAM User Guide. + default: [] + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.create_user + default: {} + + cloudify.datatypes.aws.iam.Role.config: + properties: + AssumeRolePolicyDocument: + description: The trust relationship policy document that grants an entity permission to assume the role. + required: true + default: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: 'lambda.amazonaws.com' + Action: 'sts:AssumeRole' + RoleName: + description: The name of the role to create. + type: string + required: true + default: 'cfy_lambdarole' + Path: + description: The path to the role. + type: string + required: false + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.create_role + default: {} + + cloudify.datatypes.aws.iam.RolePolicy.config: + properties: + RoleName: + type: string + description: The name of the role to associate the policy with. Required if no relationship to a Role was provided. + required: false + PolicyName: + type: string + description: The name of the policy document. + required: true + PolicyDocument: + type: string + description: The policy document. + required: true + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.put_role_policy + default: {} + + cloudify.datatypes.aws.iam.InstanceProfile.config: + properties: + InstanceProfileName: + type: string + description: The name of the instance profile to create. + required: true + default: 'cfy_iam_user_instance_profile' + Path: + type: string + description: The path to the instance profile. + required: true + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.create_instance_profile + default: {} + + cloudify.datatypes.aws.iam.Policy.config: + properties: + PolicyName: + type: string + description: The friendly name of the policy. + required: true + Path: + type: string + description: The path to the policy. + required: false + PolicyDocument: + type: string + description: The policy document. + required: true + Description: + type: string + description: A friendly description of the policy. + required: false + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.create_policy + default: {} + + cloudify.datatypes.aws.lambda.Function.config: + properties: + FunctionName: + type: string + description: The name of the Lambda function. + required: true + Runtime: + type: string + description: The runtime version for the function. + required: true + Handler: + type: string + description: The name of the method within your code that Lambda calls to execute your function. + required: true + Code: + description: The code for the function. + required: true + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/lambda.html#Lambda.Client.create_function + default: {} + + cloudify.datatypes.aws.lambda.Invoke.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/lambda.html#Lambda.Client.invoke + default: {} + + cloudify.datatypes.aws.lambda.Permission.config: + properties: + FunctionName: + type: string + description: The name of the Lambda function. Required. May also be provided from a relationship to a cloudify.nodes.aws.lambda.Function. + required: false + StatementId: + type: string + description: A unique statement identifier. + required: true + Action: + type: string + description: The AWS Lambda action you want to allow in this statement. + required: true + Principal: + type: string + description: The principal who is getting this permission. + required: true + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/lambda.html#Lambda.Client.add_permission + default: {} + + cloudify.datatypes.aws.rds.Instance.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_instance + default: {} + + cloudify.datatypes.aws.rds.InstanceReadReplica.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_instance_read_replica + default: {} + + cloudify.datatypes.aws.rds.SubnetGroup.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_subnet_group + default: {} + + cloudify.datatypes.aws.rds.OptionGroup.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_option_group + default: {} + + cloudify.datatypes.aws.rds.Option.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.modify_option_group + default: {} + + cloudify.datatypes.aws.rds.ParameterGroup.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_parameter_group + default: {} + + cloudify.datatypes.aws.rds.Parameter.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.modify_db_parameter_group + default: {} + + cloudify.datatypes.aws.route53.HostedZone.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/route53.html#Route53.Client.create_hosted_zone + default: {} + + cloudify.datatypes.aws.route53.RecordSet.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/route53.html#Route53.Client.change_resource_record_sets + default: {} + + cloudify.datatypes.aws.elb.LoadBalancer.config: + properties: + Name: + type: string + description: The name of the load balancer. + required: true + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html#ElasticLoadBalancingv2.Client.create_load_balancer + default: {} + + cloudify.datatypes.aws.elb.TargetGroup.config: + properties: + Name: + type: string + description: The name of the target group. + required: true + Protocol: + type: string + description: The protocol to use for routing traffic to the targets. + required: false + Port: + type: string + description: The port on which the targets receive traffic. + required: false + HealthCheckProtocol: + type: string + description: The protocol the load balancer uses when performing health checks on targets. + required: false + HealthCheckPort: + type: string + description: The port the load balancer uses when performing health checks on targets.. + required: false + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html#ElasticLoadBalancingv2.Client.create_target_group + default: {} + + cloudify.datatypes.aws.elb.Listener.config: + properties: + Protocol: + type: string + description: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocol is TCP. + required: true + Port: + type: integer + description: The port on which the load balancer is listening. + required: true + DefaultActions: + description: The actions for the default rule. + default: [] + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html#ElasticLoadBalancingv2.Client.create_listener + default: {} + + cloudify.datatypes.aws.elb.Rule.config: + properties: + Conditions: + description: The conditions. Each condition specifies a field name and a single value. + default: [] + Priority: + type: integer + description: The rule priority. A listener can't have multiple rules with the same priority. + required: true + Actions: + description: The actions. Each rule must include exactly one of the following types of actions - forward, fixed-response, or redirect. + default: [] + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html#ElasticLoadBalancingv2.Client.create_rule + default: {} + + cloudify.datatypes.aws.elb.Classic.LoadBalancer.config: + properties: + LoadBalancerName: + type: string + description: The name of the load balancer. + required: true + Listeners: + description: The listeners. + default: {} + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/elb.html#ElasticLoadBalancing.Client.create_load_balancer + default: {} + + cloudify.datatypes.aws.elb.Classic.Listener.config: + properties: + LoadBalancerName: + type: string + description: The name of the load balancer. + required: false + Listeners: + description: The listeners. + default: {} + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/elb.html#ElasticLoadBalancing.Client.create_load_balancer_listeners + default: {} + + cloudify.datatypes.aws.elb.Classic.healthCheck.healthCheck: + properties: + Target: + type: string + required: true + description: The instance being checked. The protocol is either TCP, HTTP, HTTPS, or SSL. The range of valid ports is one (1) through 65535. + Interval: + type: integer + required: true + description: The approximate interval, in seconds, between health checks of an individual instance. + Timeout: + type: integer + required: true + description: The amount of time, in seconds, during which no response means a failed health check. + UnhealthyThreshold: + type: integer + required: true + description: The number of consecutive health check failures required before moving the instance to the Unhealthy state. + HealthyThreshold: + type: integer + required: true + description: The number of consecutive health checks successes required before moving the instance to the Healthy state. + + cloudify.datatypes.aws.elb.Classic.HealthCheck.config: + properties: + LoadBalancerName: + type: string + description: The name of the load balancer. + required: false + HealthCheck: + type: cloudify.datatypes.aws.elb.Classic.healthCheck.healthCheck + required: true + description: The configuration information. + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/elb.html#ElasticLoadBalancing.Client.configure_health_check + default: {} + + cloudify.datatypes.aws.elb.Classic.Policy.config: + properties: + LoadBalancerName: + type: string + description: The name of the load balancer. + required: false + PolicyName: + type: string + required: true + description: The name of the load balancer policy to be created. This name must be unique within the set of policies for this load balancer. + PolicyTypeName: + type: string + required: true + description: The name of the base policy type. To get the list of policy types, use DescribeLoadBalancerPolicyTypes. + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/elb.html#ElasticLoadBalancing.Client.create_load_balancer_policy + default: {} + + cloudify.datatypes.aws.elb.Classic.StickinessPolicy.config: + properties: + LoadBalancerName: + type: string + description: The name of the load balancer. + required: false + PolicyName: + type: string + required: true + description: The name of the load balancer policy to be created. This name must be unique within the set of policies for this load balancer. + CookieExpirationPeriod: + type: integer + required: false + description: The time period, in seconds, after which the cookie should be considered stale. + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/elb.html#ElasticLoadBalancing.Client.create_lb_cookie_stickiness_policy + default: {} + + cloudify.datatypes.aws.SQS.Queue.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/sqs.html#SQS.Client.create_queue + default: {} + + cloudify.datatypes.aws.SNS.Topic.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/sns.html#SNS.Client.create_topic + default: {} + + cloudify.datatypes.aws.SNS.Subscription.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/sns.html#SNS.Client.get_subscription_attributes + default: {} + + cloudify.datatypes.aws.s3.BucketTagging.Tagging: + properties: + TagSet: + required: true + description: A list of dictionaries with a keys Key and Value. + default: [] + + cloudify.datatypes.aws.s3.BucketTagging.config: + properties: + Bucket: + type: string + required: false + description: The bucket to tag. + Tagging: + type: cloudify.datatypes.aws.s3.BucketTagging.Tagging + required: true + description: The tagging set. + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/s3.html#S3.Client.put_bucket_tagging + default: {} + + cloudify.datatypes.aws.s3.BucketLifecycleConfiguration.Lifecycle: + properties: + Rules: + default: [] + required: true + description: A list of rules in dict format with keys Prefix, Status, etc. + + cloudify.datatypes.aws.s3.BucketLifecycleConfiguration.config: + properties: + Bucket: + type: string + required: false + description: The bucket to tag. + LifecycleConfiguration: + type: cloudify.datatypes.aws.s3.BucketLifecycleConfiguration.Lifecycle + required: false + description: The lifecycle configuration. + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/s3.html#S3.Client.put_bucket_lifecycle + default: {} + + cloudify.datatypes.aws.s3.BucketPolicy.config: + properties: + Bucket: + type: string + required: false + description: The bucket to tag. + ConfirmRemoveSelfBucketAccess: + type: boolean + required: false + description: Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future. + Policy: + required: true + description: The bucket policy as a JSON document. + default: {} + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/s3.html#S3.Client.put_bucket_policy + default: {} + + cloudify.datatypes.aws.s3.CreateBucketConfiguration: + properties: + LocationConstraint: + type: string + required: false + description: Specifies the region where the bucket will be created. If you don't specify a region, the bucket will be created in US Standard. + + cloudify.datatypes.aws.s3.Bucket.config: + properties: + Bucket: + type: string + required: true + description: The bucket name. + ACL: + type: string + required: false + description: The canned ACL to apply to the bucket. + CreateBucketConfiguration: + type: cloudify.datatypes.aws.s3.CreateBucketConfiguration + required: false + description: Specifies the region where the bucket will be created. + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/s3.html#S3.Client.create_bucket + default: {} + + cloudify.datatypes.aws.s3.BucketObject.config: + properties: + Bucket: + type: string + required: false + description: The bucket name. + Key: + type: string + required: false + description: Object key for which the PUT operation was initiated. + ACL: + type: string + required: false + description: Object key for which the PUT operation was initiated. + kwargs: + description: https://boto3.readthedocs.io/en/latest/reference/services/s3.html#S3.Client.put_object + default: {} + + cloudify.datatypes.aws.ec2.Vpc.config: + properties: + CidrBlock: + type: string + description: The IPv4 network range for the VPC, in CIDR notation. + required: true + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_vpc + default: {} + + cloudify.datatypes.aws.ec2.VpcPeering.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_vpc_peering_connection + default: {} + + cloudify.datatypes.aws.ec2.VpcPeeringRequest.config: + properties: + kwargs: + description: > + http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.accept_vpc_peering_connection + http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.reject_vpc_peering_connection + default: {} + + cloudify.datatypes.aws.ec2.Subnet.config: + properties: + AvailabilityZone: + type: string + description: The Availability Zone for the subnet. + required: false + CidrBlock: + type: string + description: The IPv4 network range for the subnet, in CIDR notation. + required: false + VpcId: + type: string + description: The ID of the VPC. May be provided via relationship to a VPC type. + required: false + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_subnet + default: {} + + cloudify.datatypes.aws.ec2.SecurityGroup.config: + properties: + Description: + type: string + description: The description for the security group. + required: true + GroupName: + type: string + description: The name of the security group. + required: true + VpcId: + type: string + description: The ID of the VPC. Required for EC2-VPC. + required: false + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_security_group + default: {} + + cloudify.datatypes.aws.ec2.SecurityGroupRules.config: + properties: + IpPermissions: + description: One or more sets of IP permissions. + default: [] + kwargs: + description: > + http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.authorize_security_group_ingress + http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.authorize_security_group_egress + default: {} + + cloudify.datatypes.aws.ec2.NATGateway.config: + properties: + ConnectivityType: + type: string + required: false + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_nat_gateway + default: {} + + cloudify.datatypes.aws.ec2.NetworkACL.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_network_acl + default: {} + + cloudify.datatypes.aws.ec2.Interface.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_network_interface + default: {} + + cloudify.datatypes.aws.ec2.Instances.LaunchTemplate: + properties: + LaunchTemplateId: + type: string + required: false + LaunchTemplateName: + type: string + required: false + Version: + type: string + required: false + + cloudify.datatypes.aws.ec2.Instances.config: + properties: + MinCount: + type: integer + default: 1 + MaxCount: + type: integer + default: 1 + ImageId: + type: string + required: false + InstanceType: + type: string + required: false + LaunchTemplate: + type: cloudify.datatypes.aws.ec2.Instances.LaunchTemplate + required: false + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.run_instances + default: {} + + cloudify.datatypes.aws.ec2.SpotInstances.config: + properties: + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.request_spot_instances + default: {} + + cloudify.datatypes.aws.ec2.SpotFleetRequest.config: + properties: + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.request_spot_fleet + default: {} + + cloudify.datatypes.aws.ec2.Keypair.config: + properties: + KeyName: + type: string + required: false + description: > + If not provided, this defaults to the node-instance ID. + PublicKeyMaterial: + type: string + required: false + description: > + If PublicKeyMaterial is provided, the import_key_pair operation is executed instead of create_key_pair. + See documentation: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.import_key_pair. + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_key_pair + default: {} + + cloudify.datatypes.aws.ec2.ElasticIP.config: + properties: + Domain: + type: string + description: Set to vpc to allocate the address for use with instances in a VPC, valid values are 'vpc' or 'standard'. + default: vpc + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.allocate_address + default: {} + + cloudify.datatypes.aws.ec2.NetworkAclEntry.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_network_acl_entry + default: {} + + cloudify.datatypes.aws.ec2.DHCPOptions.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_dhcp_options + default: {} + + cloudify.datatypes.aws.ec2.VPNGateway.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_vpn_gateway + default: {} + + cloudify.datatypes.aws.ec2.VPNConnection.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_vpn_connection + default: {} + + cloudify.datatypes.aws.ec2.VPNConnectionRoute.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_vpn_connection_route + default: {} + + cloudify.datatypes.aws.ec2.CustomerGateway.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_customer_gateway + default: {} + + cloudify.datatypes.aws.ec2.InternetGateway.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_internet_gateway + default: {} + + cloudify.datatypes.aws.ec2.TransitGateway.config: + properties: + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.create_transit_gateway + default: {} + + cloudify.datatypes.aws.ec2.TransitGatewayVPCAttachment.config: + properties: + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.create_transit_gateway_vpc_attachment + default: {} + + cloudify.datatypes.aws.ec2.TransitGatewayRouteTable.config: + properties: + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.create_transit_gateway_route_table + default: {} + + cloudify.datatypes.aws.ec2.TransitGatewayRoute.config: + properties: + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.create_transit_gateway_route + default: {} + + cloudify.datatypes.aws.ec2.RouteTable.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_route_table + default: {} + + cloudify.datatypes.aws.ec2.Route.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_route + default: {} + + cloudify.datatypes.aws.ec2.Image.config.create.BlockDeviceMappings: + properties: + DeviceName: + type: string + required: false + description: ~ + VirtualName: + type: string + required: false + description: ~ + Ebs: + type: cloudify.datatypes.aws.ec2.Image.config.create.BlockDeviceMappings.Ebs + required: false + description: ~ + NoDevice: + type: string + required: false + description: ~ + kwargs: + description: ~ + default: { } + + cloudify.datatypes.aws.ec2.Image.config: + properties: + BlockDeviceMappings: + type: cloudify.datatypes.aws.ec2.Image.config.create.BlockDeviceMappings + required: false + description: list contaning a dict of arguments to create an ami. + Description: + type: string + required: false + description: The description of the created image. + DryRun: + type: boolean + required: false + description: ~ + InstanceId: + type: string + required: false + description: The InstanceId to create an image from. + Name: + type: string + required: false + description: The name of the image. + NoReboot: + type: boolean + required: false + description: ~ + TagSpecifications: + type: cloudify.datatypes.aws.TagSpecifications + required: false + description: ~ + kwargs: + description: "https://docs.cloudify.co/latest/working_with/official_plugins/infrastructure/aws/#cloudify-nodes-aws-ec2-image" + default: {} + + cloudify.datatypes.aws.ec2.Image.config.create.BlockDeviceMappings.Ebs: + properties: + DeleteOnTermination: + type: boolean + required: false + description: ~ + Iops: + type: integer + required: false + description: ~ + SnapshotId: + type: string + required: false + description: ~ + VolumeSize: + type: integer + required: false + description: ~ + VolumeType: + type: string + required: false + description: ~ + KmsKeyId: + type: string + required: false + description: + Throughput: + type: integer + required: false + description: ~ + OutpostArn: + type: string + required: false + description: ~ + Encrypted: + type: boolean + required: false + description: ~ + kwargs: + description: ~ + default: { } + + cloudify.datatypes.aws.TagSpecifications: + properties: + ResourceType: + type: string + required: false + description: ~ + Tags: + type: list + required: false + + cloudify.datatypes.aws.ec2.Tags.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_tags + default: {} + + cloudify.datatypes.aws.ec2.EBSVolume.config: + properties: + AvailabilityZone: + type: string + description: The Availability Zone in which to create the volume. + required: true + Size: + type: integer + description: The size of the volume, in GiBs. + required: false + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_volume + default: {} + + cloudify.datatypes.aws.ec2.EBSAttachment.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.attach_volume + default: {} + + cloudify.datatypes.aws.autoscaling.LaunchTemplate: + properties: + LaunchTemplateId: + type: string + required: false + description: The ID of the launch template. You must specify either a template ID or a template name. + LaunchTemplateName: + type: string + required: false + description: The name of the launch template. You must specify either a template name or a template ID. + Version: + type: string + required: false + description: The version number, $Latest , or $Default . If the value is $Latest , Amazon EC2 Auto Scaling selects the latest version of the launch template when launching instances. If the value is $Default , Amazon EC2 Auto Scaling selects the default version of the launch template when launching instances. The default value is $Default. + + cloudify.datatypes.aws.autoscaling.Group.config: + properties: + AutoScalingGroupName: + type: string + required: true + description: The name of the Auto Scaling group. This name must be unique within the scope of your AWS account. + LaunchConfigurationName: + type: string + required: false + description: The name of the launch configuration. This parameter, a launch template, a mixed instances policy, or an EC2 instance must be specified. + LaunchTemplate: + type: cloudify.datatypes.aws.autoscaling.LaunchTemplate + required: false + description: The launch template to use to launch instances. This parameter, a launch configuration, a mixed instances policy, or an EC2 instance must be specified. + InstanceId: + type: string + required: false + description: The ID of the instance used to create a launch configuration for the group. This parameter, a launch configuration, a launch template, or a mixed instances policy must be specified. + MinSize: + type: integer + required: true + description: The minimum size of the group. + MaxSize: + type: integer + required: true + description: The maximum size of the group. + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/autoscaling.html#AutoScaling.Client.create_auto_scaling_group + default: {} + + cloudify.datatypes.aws.autoscaling.LaunchConfiguration.config: + properties: + LaunchConfigurationName: + type: string + required: true + description: The name of the launch configuration. This name must be unique within the scope of your AWS account. + ImageId: + type: string + required: false + description: The ID of the Amazon Machine Image (AMI) to use to launch your EC2 instances. + InstanceType: + type: string + required: false + description: The instance type of the EC2 instance. If you do not specify InstanceId, you must specify InstanceType. + InstanceId: + type: string + required: false + description: The ID of the instance to use to create the launch configuration. The new launch configuration derives attributes from the instance, except for the block device mapping. If you do not specify InstanceId , you must specify both ImageId and InstanceType. + KeyName: + type: string + required: false + description: The name of the key pair. + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/autoscaling.html#AutoScaling.Client.create_launch_configuration + default: {} + + cloudify.datatypes.aws.autoscaling.Policy.config: + properties: + AutoScalingGroupName: + type: string + required: false + description: The name of the Auto Scaling group. + PolicyName: + type: string + required: true + description: The name of the policy. + PolicyType: + type: string + required: false + description: The policy type. The valid values are SimpleScaling, StepScaling, and TargetTrackingScaling. If the policy type is null, the value is treated as SimpleScaling. + AdjustmentType: + type: string + required: false + description: The adjustment type. The valid values are ChangeInCapacity, ExactCapacity, and PercentChangeInCapacity. This parameter is supported if the policy type is SimpleScaling or StepScaling. + ScalingAdjustment: + type: integer + required: false + description: The amount by which to scale, based on the specified adjustment type. A positive value adds to the current capacity while a negative number removes from the current capacity. + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/autoscaling.html#AutoScaling.Client.put_scaling_policy + default: {} + + cloudify.datatypes.aws.autoscaling.LifecycleHook.config: + properties: + LifecycleHookName: + type: string + required: true + description: The name of the lifecycle hook. + AutoScalingGroupName: + type: string + required: false + description: The name of the Auto Scaling group. + LifecycleTransition: + type: string + required: false + description: The instance state to which you want to attach the lifecycle hook. + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/autoscaling.html#AutoScaling.Client.put_lifecycle_hook + default: {} + + cloudify.datatypes.aws.autoscaling.NotificationConfiguration.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/autoscaling.html#AutoScaling.Client.put_notification_configuration + default: {} + + cloudify.datatypes.aws.cloudwatch.Alarm.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/cloudwatch.html#CloudWatch.Client.put_metric_alarm + default: {} + + + cloudify.datatypes.aws.cloudwatch.Rule.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/events.html#CloudWatchEvents.Client.put_rule + default: {} + + cloudify.datatypes.aws.cloudwatch.Event.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/events.html#CloudWatchEvents.Client.put_events + default: {} + + cloudify.datatypes.aws.cloudwatch.Target.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/events.html#CloudWatchEvents.Client.put_targets + default: {} + + cloudify.datatypes.aws.efs.FileSystem.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/efs.html#EFS.Client.create_file_system + default: {} + + cloudify.datatypes.aws.efs.FileSystemTags.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/efs.html#EFS.Client.create_tags + default: {} + + cloudify.datatypes.aws.efs.MountTarget.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/efs.html#EFS.Client.create_mount_target + default: {} + + cloudify.datatypes.aws.kms.CustomerMasterKey.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/kms.html#KMS.Client.create_key + default: {} + + cloudify.datatypes.aws.kms.Alias.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/kms.html#KMS.Client.create_alias + default: {} + + cloudify.datatypes.aws.kms.Grant.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/kms.html#KMS.Client.create_grant + default: {} + + cloudify.datatypes.aws.CloudFormation.Stack.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/cloudformation.html#CloudFormation.Client.create_stack + default: {} + + cloudify.datatypes.aws.ECS.Cluster.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ecs.html#ECS.Client.create_cluster + default: {} + + cloudify.datatypes.aws.ECS.Service.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ecs.html#ECS.Client.create_service + default: {} + + cloudify.datatypes.aws.ECS.TaskDefinition.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/ecs.html#ECS.Client.register_task_definition + default: {} + + cloudify.datatypes.aws.EKS.Cluster.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/eks.html#EKS.Client.create_cluster + default: {} + + cloudify.datatypes.aws.EKS.NodeGroup.config: + properties: + kwargs: + description: http://boto3.readthedocs.io/en/latest/reference/services/eks.html#EKS.Client.create_nodegroup + default: {} + + cloudify.datatypes.aws.codepipeline.Pipeline.config: + properties: + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/codepipeline.html#CodePipeline.Client.create_pipeline + default: {} + + cloudify.datatypes.aws.cognitoidp.UserPool.config: + properties: + PoolName: + type: string + description: The name of the user pool + required: true + Policies: + type: dict + required: false + LambdaConfig: + type: dict + required: false + AutoVerifiedAttributes: + type: list + required: false + AliasAttributes: + type: list + required: false + UsernameAttributes: + type: list + required: false + SmsVerificationMessage: + type: string + required: false + EmailVerificationMessage: + type: string + required: false + EmailVerificationSubject: + type: string + required: false + VerificationMessageTemplate: + type: dict + required: false + SmsAuthenticationMessage: + type: string + required: false + MfaConfiguration: + type: string + UserAttributeUpdateSettings: + type: dict + required: false + DeviceConfiguration: + type: dict + required: false + EmailConfiguration: + type: dict + required: false + SmsConfiguration: + type: dict + required: false + UserPoolTags: + type: dict + required: false + AdminCreateUserConfig: + type: dict + required: false + Schema: + type: list + required: false + UserPoolAddOns: + type: dict + required: false + UsernameConfiguration: + type: dict + required: false + AccountRecoverySetting: + type: dict + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_user_pool + default: {} + + cloudify.datatypes.aws.cognitoidp.UserPoolClient.config: + properties: + UserPoolId: + type: string + required: true + ClientName: + type: string + required: true + GenerateSecret: + type: boolean + required: false + RefreshTokenValidity: + type: integer + required: false + AccessTokenValidity: + type: integer + required: false + IdTokenValidity: + type: integer + required: false + TokenValidityUnits: + type: dict + required: false + ReadAttributes: + type: list + required: false + CallbackURLs: + type: list + required: false + ExplicitAuthFlows: + type: list + required: false + SupportedIdentityProviders: + type: list + required: false + LogoutURLs: + type: list + required: false + DefaultRedirectURI: + type: string + required: false + AllowedOAuthFlows: + type: list + required: false + AllowedOAuthScopes: + type: list + required: false + AllowedOAuthFlowsUserPoolClient: + type: boolean + required: false + AnalyticsConfiguration: + type: dict + required: false + PreventUserExistenceErrors: + type: string + required: false + EnableTokenRevocation: + type: boolean + required: false + EnablePropagateAdditionalUserContextData: + type: boolean + required: false + AuthSessionValidity: + type: integer + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_user_pool_client + default: {} + + cloudify.datatypes.aws.cognitoidp.IdentityProvider.config: + properties: + UserPoolId: + type: string + required: true + ProviderName: + type: string + required: true + ProviderType: + type: string + required: true + ProviderDetails: + type: dict + required: true + AttributeMapping: + type: dict + required: false + IdpIdentifiers: + type: list + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_identity_provider + default: {} + + cloudify.datatypes.aws.cognito.IdentityPool.config: + properties: + IdentityPoolName: + type: string + required: true + AllowUnauthenticatedIdentities: + type: boolean + required: true + AllowClassicFlow: + type: boolean + required: false + SupportedLoginProviders: + type: dict + required: false + DeveloperProviderName: + type: string + required: false + OpenIdConnectProviderARNs: + type: list + required: false + CognitoIdentityProviders: + type: list + required: false + SamlProviderARNs: + type: list + required: false + IdentityPoolTags: + type: dict + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-identity.html#CognitoIdentity.Client.create_identity_pool + default: {} + +dsl_definitions: + + use_external_resource_desc: &use_external_resource_desc > + Indicate whether the resource exists or if Cloudify should create the resource, + true if you are bringing an existing resource, false if you want cloudify to create it. + + resource_id_desc: &resource_id_desc > + The AWS resource ID of the external resource, if + use_external_resource is true. Otherwise it is an empty string. + + # Every operation uses these inputs, unless noted. + operation_inputs: &operation_inputs + aws_resource_id: + description: > + This overrides the resource_id property (useful for setting the + resource ID of a node instance at runtime). + type: string + required: false + default: ~ + runtime_properties: + description: > + This overrides any runtime property at runtime. This is a key-value + pair / dictionary that will be passed, as-is, to the runtime properties + of the running instance. + required: false + default: ~ + force_operation: + description: > + Forces the current operation to be executed regardless + if the "use_external_resource" property is set or not. + required: false + default: false + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + required: false + default: {} + + # Every resource uses this property unless noted. + external_resource: &external_resource + use_external_resource: + description: *use_external_resource_desc + type: boolean + default: false + + # Every resource uses this property unless noted. + client_config: &client_config + client_config: + description: > + A dictionary of values to pass to authenticate with the AWS API. + type: cloudify.datatypes.aws.ConnectionConfig + required: false + + # Every resource uses this property unless noted. + resource_id: &resource_id + resource_id: + description: *resource_id_desc + type: string + default: '' + + # Every resource uses this property to create swift resources. + swift_config: &swift_config + swift_config: + description: > + A dictionary of values to pass to authenticate with the SWIFT API. + type: cloudify.datatypes.swift.Connection + required: true + + tags_property: &tags_property + Tags: + description: Tags to add to an EC2 resource. + required: false + + device_name: &device_name + device_name: + description: Device name which is requried when creating EBS volume which need to be attached to EC2 instance using relationship + type: string + default: '' + + validation_interface: &validation_interface + cloudify.interfaces.validation: + check_status: + implementation: aws.cloudify_aws.workflows.check_status.check_status + +node_types: + + cloudify.nodes.aws.dynamodb.Table: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.dynamodb.Table.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.dynamodb.resources.table.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.dynamodb.resources.table.delete + inputs: *operation_inputs + + cloudify.nodes.aws.iam.Group: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.iam.Group.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.iam.resources.group.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.iam.resources.group.delete + inputs: *operation_inputs + + cloudify.nodes.aws.iam.AccessKey: + derived_from: cloudify.nodes.Root + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.iam.AccessKey.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + configure: + implementation: aws.cloudify_aws.iam.resources.access_key.configure + inputs: + runtime_properties: + description: > + This overrides any runtime property at runtime. This is a key-value + pair / dictionary that will be passed, as-is, to the runtime properties + of the running instance. + required: false + default: ~ + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + required: false + default: {} + + cloudify.nodes.aws.iam.LoginProfile: + derived_from: cloudify.nodes.Root + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.iam.LoginProfile.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + configure: + implementation: aws.cloudify_aws.iam.resources.login_profile.configure + inputs: + runtime_properties: + description: > + This overrides any runtime property at runtime. This is a key-value + pair / dictionary that will be passed, as-is, to the runtime properties + of the running instance. + required: false + default: ~ + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + required: false + default: {} + + cloudify.nodes.aws.iam.User: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.iam.User.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.iam.resources.user.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.iam.resources.user.delete + inputs: *operation_inputs + + cloudify.nodes.aws.iam.Role: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + policy_arns: + description: > + List of ARN policies to be provided. + The list needs to contain dictionaries containing a single ARN + policy with the key 'PolicyArn' + type: list + default: [] + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.iam.Role.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.iam.resources.role.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.iam.resources.role.delete + inputs: *operation_inputs + + cloudify.nodes.aws.iam.RolePolicy: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.iam.RolePolicy.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.iam.resources.role_policy.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.iam.resources.role_policy.delete + inputs: *operation_inputs + + cloudify.nodes.aws.iam.InstanceProfile: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.iam.InstanceProfile.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.iam.resources.instance_profile.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.iam.resources.instance_profile.delete + inputs: *operation_inputs + + cloudify.nodes.aws.iam.Policy: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.iam.Policy.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.iam.resources.policy.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.iam.resources.policy.delete + inputs: *operation_inputs + + cloudify.nodes.aws.lambda.Function: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.lambda.Function.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.lambda_serverless.resources.function.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.lambda_serverless.resources.function.delete + inputs: *operation_inputs + + cloudify.nodes.aws.lambda.Invoke: + derived_from: cloudify.nodes.Root + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method, except for dicionary containing Payload key. Payload + content will be encoded according to Boto3 requirements. + If the Payload value is a dictionary it will be JSON encoded and + converted into bytes. If the Payload value is string it will be + treated as the path for file that will be used to populate the value. + In other cases (integer, bool, etc.) Payload will be passed as is. + Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.lambda.Invoke.config + required: false + resource_encoding: + description: > + Encoding used to decode replies + default: 'utf-8' + interfaces: + cloudify.interfaces.lifecycle: + configure: + implementation: aws.cloudify_aws.lambda_serverless.resources.invoke.configure + inputs: + runtime_properties: + description: > + This overrides any runtime property at runtime. This is a key-value + pair / dictionary that will be passed, as-is, to the runtime properties + of the running instance. + required: false + default: ~ + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + required: false + default: {} + + cloudify.nodes.aws.lambda.Permission: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.lambda.Permission.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.lambda_serverless.resources.permission.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.lambda_serverless.resources.permission.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.lambda_serverless.resources.permission.delete + inputs: *operation_inputs + + cloudify.nodes.aws.rds.Instance: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.rds.Instance.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.rds.resources.instance.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.rds.resources.instance.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.rds.resources.instance.start + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.rds.resources.instance.delete + inputs: *operation_inputs + + cloudify.nodes.aws.rds.InstanceReadReplica: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.rds.InstanceReadReplica.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.rds.resources.instance_read_replica.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.rds.resources.instance_read_replica.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.rds.resources.instance_read_replica.delete + inputs: *operation_inputs + + cloudify.nodes.aws.rds.SubnetGroup: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.rds.SubnetGroup.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.rds.resources.subnet_group.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.rds.resources.subnet_group.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.rds.resources.subnet_group.delete + inputs: *operation_inputs + + cloudify.nodes.aws.rds.OptionGroup: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.rds.OptionGroup.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.rds.resources.option_group.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.rds.resources.option_group.delete + inputs: *operation_inputs + + # Stores prepared Option in runtime property "resource_config" + cloudify.nodes.aws.rds.Option: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.rds.Option.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + configure: + implementation: aws.cloudify_aws.rds.resources.option.configure + inputs: *operation_inputs + + # Reference: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_parameter_group + cloudify.nodes.aws.rds.ParameterGroup: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.rds.ParameterGroup.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.rds.resources.parameter_group.create + inputs: *operation_inputs + configure: + implementation: aws.cloudify_aws.rds.resources.parameter_group.configure + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.rds.resources.parameter_group.delete + inputs: *operation_inputs + + # Stores prepared Parameter in runtime property "resource_config" + cloudify.nodes.aws.rds.Parameter: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.rds.Parameter.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + configure: + implementation: aws.cloudify_aws.rds.resources.parameter.configure + inputs: *operation_inputs + + # Reference: https://boto3.readthedocs.io/en/latest/reference/services/route53.html#Route53.Client.create_hosted_zone + cloudify.nodes.aws.route53.HostedZone: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.route53.HostedZone.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.route53.resources.hosted_zone.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.route53.resources.hosted_zone.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.route53.resources.hosted_zone.delete + inputs: + aws_resource_id: + description: > + This overrides the resource_id property (useful for setting the + resource ID of a node instance at runtime). + type: string + required: false + default: ~ + runtime_properties: + description: > + This overrides any runtime property at runtime. This is a key-value + pair / dictionary that will be passed, as-is, to the runtime properties + of the running instance. + required: false + default: ~ + force_operation: + description: > + Forces the current operation to be executed regardless + if the "use_external_resource" property is set or not. + required: false + default: false + force_delete: + description: > + Hosted Zones can only be deleted if all Resource Sets (except for the + default ones) are already removed. If this is set to `true`, the operation + will attempt to delete all Resource Sets within the Hosted Zone before + deleting the Hosted Zone itself. + required: true + default: false + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + required: false + default: {} + + # Reference: https://boto3.readthedocs.io/en/latest/reference/services/route53.html#Route53.Client.change_resource_record_sets + cloudify.nodes.aws.route53.RecordSet: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.route53.RecordSet.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.route53.resources.record_set.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.route53.resources.record_set.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.route53.resources.record_set.delete + inputs: *operation_inputs + + # Reference: https://boto3.readthedocs.io/en/latest/reference/services/sqs.html + cloudify.nodes.aws.SQS.Queue: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.SQS.Queue.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.sqs.resources.queue.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.sqs.resources.queue.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.sqs.resources.queue.delete + inputs: *operation_inputs + + # https://boto3.readthedocs.io/en/latest/reference/services/sns.html + cloudify.nodes.aws.SNS.Topic: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.SNS.Topic.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.sns.resources.topic.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.sns.resources.topic.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.sns.resources.topic.delete + inputs: *operation_inputs + + cloudify.nodes.aws.SNS.Subscription: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.SNS.Subscription.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.sns.resources.subscription.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.sns.resources.subscription.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.sns.resources.subscription.start + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.sns.resources.subscription.delete + inputs: *operation_inputs + + cloudify.nodes.aws.elb.LoadBalancer: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.elb.LoadBalancer.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.elb.resources.load_balancer.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.elb.resources.load_balancer.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.elb.resources.load_balancer.modify + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.elb.resources.load_balancer.delete + inputs: *operation_inputs + + cloudify.nodes.aws.elb.Classic.LoadBalancer: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.elb.Classic.LoadBalancer.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.elb.resources.classic.load_balancer.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.elb.resources.classic.load_balancer.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.elb.resources.classic.load_balancer.start + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.elb.resources.classic.load_balancer.delete + inputs: *operation_inputs + + cloudify.nodes.aws.elb.Classic.HealthCheck: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.elb.Classic.HealthCheck.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.elb.resources.classic.health_check.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.elb.resources.classic.health_check.create + inputs: *operation_inputs + + cloudify.nodes.aws.elb.Listener: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.elb.Listener.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.elb.resources.listener.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.elb.resources.listener.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.elb.resources.listener.delete + inputs: *operation_inputs + + cloudify.nodes.aws.elb.Classic.Listener: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.elb.Classic.Listener.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.elb.resources.classic.listener.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.elb.resources.classic.listener.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.elb.resources.classic.listener.delete + inputs: *operation_inputs + + cloudify.nodes.aws.elb.Rule: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.elb.Rule.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.elb.resources.rule.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.elb.resources.rule.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.elb.resources.rule.delete + inputs: *operation_inputs + + cloudify.nodes.aws.elb.TargetGroup: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.elb.TargetGroup.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.elb.resources.target_group.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.elb.resources.target_group.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.elb.resources.target_group.modify + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.elb.resources.target_group.delete + inputs: *operation_inputs + + cloudify.nodes.aws.elb.Classic.Policy: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.elb.Classic.Policy.config + required: true + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.elb.resources.classic.policy.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.elb.resources.classic.policy.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.elb.resources.classic.policy.delete + inputs: *operation_inputs + + cloudify.nodes.aws.elb.Classic.Policy.Stickiness: + derived_from: cloudify.nodes.aws.elb.Classic.Policy + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.elb.Classic.StickinessPolicy.config + required: true + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.elb.resources.classic.policy.create_sticky + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.elb.resources.classic.policy.start_sticky + inputs: *operation_inputs + + cloudify.nodes.aws.s3.BaseBucket: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.s3.Bucket.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.s3.resources.bucket.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.s3.resources.bucket.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.s3.resources.bucket.delete + inputs: *operation_inputs + + cloudify.nodes.aws.s3.BaseBucketObject: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.s3.BucketObject.config + required: false + source_type: + description: > + This property represents the source type of the object that need to be upload to the S3. the following options supported: + - remote: Read data from remote url + - local: Read data from local url exists with blueprint + - bytes: Read data as sequence of bytes.These bytes should be + specified inside "Body" param inside "resource_config" + type: string + default: local + path: + description: > + This property represents the path to read file that need to be + uploaded to the S3 and this param should only provided when the + source_type is "local" or "remote" + type: string + default: '' + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.s3.resources.bucket_object.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.s3.resources.bucket_object.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.s3.resources.bucket_object.delete + inputs: *operation_inputs + + cloudify.nodes.aws.s3.Bucket: + derived_from: cloudify.nodes.aws.s3.BaseBucket + properties: + <<: *client_config + + cloudify.nodes.aws.s3.BucketPolicy: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.s3.BucketPolicy.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.s3.resources.bucket_policy.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.s3.resources.bucket_policy.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.s3.resources.bucket_policy.delete + inputs: *operation_inputs + + cloudify.nodes.aws.s3.BucketLifecycleConfiguration: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.s3.BucketLifecycleConfiguration.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.s3.resources.lifecycle_configuration.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.s3.resources.lifecycle_configuration.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.s3.resources.lifecycle_configuration.delete + inputs: *operation_inputs + + cloudify.nodes.aws.s3.BucketTagging: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.s3.BucketTagging.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.s3.resources.tagging.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.s3.resources.tagging.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.s3.resources.tagging.delete + inputs: *operation_inputs + + cloudify.nodes.aws.s3.BucketObject: + derived_from: cloudify.nodes.aws.s3.BaseBucketObject + properties: + <<: *client_config + + cloudify.nodes.aws.ec2.BaseType: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + <<: *tags_property + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + + cloudify.nodes.aws.ec2.Vpc: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.Vpc.config + required: false + interfaces: + <<: *validation_interface + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.vpc.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.vpc.create + inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.ec2.resources.vpc.poststart + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.vpc.delete + inputs: *operation_inputs + modify_vpc_attribute: + implementation: aws.cloudify_aws.ec2.resources.vpc.modify_vpc_attribute + inputs: *operation_inputs + check_drift: + implementation: aws.cloudify_aws.ec2.resources.vpc.check_drift + inputs: {} + + + cloudify.nodes.aws.ec2.VpcPeering: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.VpcPeering.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.vpc_peering.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.vpc_peering.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.ec2.resources.vpc_peering.modify + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.vpc_peering.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.VpcPeeringRequest: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.VpcPeeringRequest.config + required: false + + cloudify.nodes.aws.ec2.VpcPeeringAcceptRequest: + derived_from: cloudify.nodes.aws.ec2.VpcPeeringRequest + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.vpc_peering.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.vpc_peering.accept + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.VpcPeeringRejectRequest: + derived_from: cloudify.nodes.aws.ec2.VpcPeeringRequest + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.vpc_peering.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.vpc_peering.reject + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.Subnet: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.Subnet.config + required: false + use_available_zones: + type: boolean + description: A boolean to choose another available zone if the one provided is not available. + required: false + interfaces: + <<: *validation_interface + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.subnet.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.subnet.create + inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.ec2.resources.subnet.poststart + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.subnet.delete + inputs: *operation_inputs + modify_subnet_attribute: + implementation: aws.cloudify_aws.ec2.resources.subnet.modify_subnet_attribute + inputs: *operation_inputs + check_drift: + implementation: aws.cloudify_aws.ec2.resources.subnet.check_drift + inputs: {} + + cloudify.nodes.aws.ec2.SecurityGroup: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.SecurityGroup.config + required: false + interfaces: + <<: *validation_interface + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.securitygroup.prepare +# inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.securitygroup.create +# inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.ec2.resources.securitygroup.poststart +# inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.securitygroup.delete +# inputs: *operation_inputs + check_drift: + implementation: aws.cloudify_aws.ec2.resources.securitygroup.check_drift + inputs: {} + + cloudify.nodes.aws.ec2.SecurityGroupRuleIngress: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.SecurityGroupRules.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + start: + implementation: aws.cloudify_aws.ec2.resources.securitygroup.authorize_ingress_rules +# inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.ec2.resources.securitygroup.revoke_ingress_rules +# inputs: *operation_inputs + + cloudify.nodes.aws.ec2.SecurityGroupRuleEgress: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.SecurityGroupRules.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + start: + implementation: aws.cloudify_aws.ec2.resources.securitygroup.authorize_egress_rules + inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.ec2.resources.securitygroup.revoke_egress_rules + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.NATGateway: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.NATGateway.config + required: false + interfaces: + <<: *validation_interface + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.nat_gateway.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.nat_gateway.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.nat_gateway.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.Interface: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.Interface.config + required: false + interfaces: + <<: *validation_interface + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.eni.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.eni.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.ec2.resources.eni.attach + inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.ec2.resources.eni.poststart + stop: + implementation: aws.cloudify_aws.ec2.resources.eni.detach + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.eni.delete + inputs: *operation_inputs + modify_network_interface_attribute: + implementation: aws.cloudify_aws.ec2.resources.eni.modify_network_interface_attribute + inputs: *operation_inputs + check_drift: + implementation: aws.cloudify_aws.ec2.resources.eni.check_drift + inputs: {} + + cloudify.nodes.aws.ec2.Instances: + derived_from: cloudify.nodes.Compute + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + <<: *tags_property + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.Instances.config + required: false + use_ipv6_ip: + type: boolean + description: > + Tells us to use the IPv6 IP if one exists for agent installation. If use_public_ip is provided, this is overridden. + default: false + use_public_ip: + type: boolean + description: > + Tells the deployment to use the public IP (if available) of the resource + for Cloudify Agent connections + default: false + use_password: + type: boolean + description: Whether to use a password for agent communication. + default: false + interfaces: + <<: *validation_interface + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.instances.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.instances.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.ec2.resources.instances.start + inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.ec2.resources.instances.poststart + inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.ec2.resources.instances.stop + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.instances.delete + inputs: *operation_inputs + modify_instance_attribute: + implementation: aws.cloudify_aws.ec2.resources.instances.modify_instance_attribute + inputs: *operation_inputs + check_drift: + implementation: aws.cloudify_aws.ec2.resources.instances.check_drift + inputs: {} + + cloudify.nodes.aws.ec2.SpotInstances: + derived_from: cloudify.nodes.Compute + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + <<: *tags_property + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.SpotInstances.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.spot_instances.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.spot_instances.create + inputs: *operation_inputs + configure: + implementation: aws.cloudify_aws.ec2.resources.spot_instances.configure + inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.ec2.resources.spot_instances.stop + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.spot_instances.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.SpotFleetRequest: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.SpotFleetRequest.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.spot_fleet_request.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.spot_fleet_request.create + inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.ec2.resources.spot_fleet_request.poststart + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.spot_fleet_request.delete + inputs: + <<: *operation_inputs + terminate_instances: + type: boolean + description: Indicates whether to terminate instances for a Spot Fleet Request if it is canceled successfully. + default: true + + cloudify.nodes.aws.ec2.Keypair: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.Keypair.config + required: false + log_create_response: + description: > + Opt-in to storing the create API request. Not recommended. + default: false + store_in_runtime_properties: + description: > + Opt-in to save the KeyPair KeyMaterial in the node-instance runtime-properties. Not recommended. + default: false + create_secret: + description: > + Opt-in to save the KeyPair KeyMaterial in the secret store. Only available in Cloudify Manager. + default: false + secret_name: + description: > + If "create_secret" property is true, provide the name of the secret, defaults to KeyName. + required: false + update_existing_secret: + description: > + If "create_secret" property is true, and the secret name already exists, overwrite the secret. + default: false + cloudify_tagging: + default: False + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.keypair.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.keypair.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.keypair.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.ElasticIP: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + <<: *tags_property + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.ElasticIP.config + required: false + use_unassociated_addresses: + description: > + Sometimes an IP has already been allocated, + but is not assigned to a NIC. + In order to work with limited quota, set this to true. + default: false + attach_existing_address: + description: If use_external_resource is true, and we do not want to try to attach the resource. + default: false + interfaces: + <<: *validation_interface + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.elasticip.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.elasticip.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.ec2.resources.elasticip.attach + inputs: + <<: *operation_inputs + force_operation: + default: true + stop: + implementation: aws.cloudify_aws.ec2.resources.elasticip.detach + inputs: + <<: *operation_inputs + force_operation: + default: true + delete: + implementation: aws.cloudify_aws.ec2.resources.elasticip.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.NetworkACL: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.NetworkACL.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.networkacl.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.networkacl.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.ec2.resources.networkacl.attach + inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.ec2.resources.networkacl.detach + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.networkacl.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.NetworkAclEntry: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.NetworkAclEntry.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.networkaclentry.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.networkaclentry.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.networkaclentry.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.DHCPOptions: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.DHCPOptions.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.dhcp.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.dhcp.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.ec2.resources.dhcp.attach + inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.ec2.resources.dhcp.detach + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.dhcp.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.VPNGateway: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.VPNGateway.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.vpn_gateway.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.vpn_gateway.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.ec2.resources.vpn_gateway.attach + inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.ec2.resources.vpn_gateway.detach + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.vpn_gateway.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.VPNConnection: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.VPNConnection.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.vpn_connection.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.vpn_connection.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.vpn_connection.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.VPNConnectionRoute: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.VPNConnectionRoute.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.vpn_connection_route.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.vpn_connection_route.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.vpn_connection_route.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.CustomerGateway: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.CustomerGateway.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.customer_gateway.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.customer_gateway.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.customer_gateway.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.InternetGateway: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.InternetGateway.config + required: false + interfaces: + <<: *validation_interface + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.internet_gateway.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.internet_gateway.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.ec2.resources.internet_gateway.attach + inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.ec2.resources.internet_gateway.detach + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.internet_gateway.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.TransitGateway: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.TransitGateway.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.TransitGatewayRouteTable: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.TransitGatewayRouteTable.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway_routetable.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway_routetable.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway_routetable.attach + inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway_routetable.detach + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway_routetable.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.TransitGatewayRoute: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.TransitGatewayRoute.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway_route.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway_route.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway_route.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.RouteTable: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.RouteTable.config + required: false + interfaces: + <<: *validation_interface + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.routetable.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.routetable.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.ec2.resources.routetable.attach + inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.ec2.resources.routetable.detach + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.routetable.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.Route: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.Route.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.route.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.route.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.route.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.Image: + derived_from: cloudify.nodes.Root + properties: + use_external_resource: + type: boolean + default: true + description: indecates if external_resourc should be used + <<: *client_config + <<: *resource_id + + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.Image.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.image.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.image.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.image.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.Tags: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.Tags.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.tags.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.tags.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.tags.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.EBSVolume: + derived_from: cloudify.nodes.aws.ec2.BaseType + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + <<: *device_name + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.EBSVolume.config + required: false + use_available_zones: + type: boolean + description: A boolean to choose another available zone if the one provided is not available. + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ec2.resources.ebs.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.ebs.create + inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.ec2.resources.ebs.poststart + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.ebs.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ec2.EBSAttachment: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ec2.EBSAttachment.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + prepare: + implementation: aws.cloudify_aws.ec2.resources.ebs.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ec2.resources.ebs.attach + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ec2.resources.ebs.detach + inputs: *operation_inputs + + cloudify.nodes.aws.autoscaling.Group: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.autoscaling.Group.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.create + inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.stop + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.delete + inputs: *operation_inputs + + cloudify.nodes.aws.autoscaling.LaunchConfiguration: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.autoscaling.LaunchConfiguration.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.autoscaling.resources.launch_configuration.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.autoscaling.resources.launch_configuration.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.autoscaling.resources.launch_configuration.delete + inputs: *operation_inputs + + cloudify.nodes.aws.autoscaling.Policy: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.autoscaling.Policy.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.autoscaling.resources.policy.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.autoscaling.resources.policy.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.autoscaling.resources.policy.delete + inputs: *operation_inputs + + cloudify.nodes.aws.autoscaling.LifecycleHook: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.autoscaling.LifecycleHook.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.autoscaling.resources.lifecycle_hook.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.autoscaling.resources.lifecycle_hook.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.autoscaling.resources.lifecycle_hook.delete + inputs: *operation_inputs + + cloudify.nodes.aws.autoscaling.NotificationConfiguration: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.autoscaling.NotificationConfiguration.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.autoscaling.resources.notification_configuration.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.autoscaling.resources.notification_configuration.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.autoscaling.resources.notification_configuration.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cloudwatch.Alarm: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cloudwatch.Alarm.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cloudwatch.resources.alarm.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cloudwatch.resources.alarm.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cloudwatch.resources.alarm.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cloudwatch.Rule: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cloudwatch.Rule.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cloudwatch.resources.rule.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cloudwatch.resources.rule.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cloudwatch.resources.rule.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cloudwatch.Event: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cloudwatch.Event.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cloudwatch.resources.event.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cloudwatch.resources.event.create + inputs: *operation_inputs + + cloudify.nodes.aws.cloudwatch.Target: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cloudwatch.Target.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cloudwatch.resources.target.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cloudwatch.resources.target.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cloudwatch.resources.target.delete + inputs: *operation_inputs + + cloudify.nodes.aws.efs.FileSystem: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.efs.FileSystem.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.efs.resources.file_system.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.efs.resources.file_system.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.efs.resources.file_system.delete + inputs: *operation_inputs + + cloudify.nodes.aws.efs.MountTarget: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.efs.MountTarget.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.efs.resources.mount_target.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.efs.resources.mount_target.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.efs.resources.mount_target.delete + inputs: *operation_inputs + + cloudify.nodes.aws.efs.FileSystemTags: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.efs.FileSystemTags.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.efs.resources.tags.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.efs.resources.tags.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.efs.resources.tags.delete + inputs: *operation_inputs + + cloudify.nodes.aws.kms.CustomerMasterKey: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.kms.CustomerMasterKey.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.kms.resources.key.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.kms.resources.key.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.kms.resources.key.enable + inputs: *operation_inputs + stop: + implementation: aws.cloudify_aws.kms.resources.key.disable + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.kms.resources.key.delete + inputs: *operation_inputs + + cloudify.nodes.aws.kms.Alias: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.kms.Alias.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.kms.resources.alias.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.kms.resources.alias.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.kms.resources.alias.delete + inputs: *operation_inputs + + cloudify.nodes.aws.kms.Grant: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.kms.Grant.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.kms.resources.grant.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.kms.resources.grant.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.kms.resources.grant.delete + inputs: *operation_inputs + + cloudify.nodes.aws.CloudFormation.Stack: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.CloudFormation.Stack.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cloudformation.resources.stack.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cloudformation.resources.stack.create + inputs: + minimum_wait_time: + type: integer + default: 0 + description: | + Minimum waiting time in seconds to complete the operation. + <<: *operation_inputs + start: + implementation: aws.cloudify_aws.cloudformation.resources.stack.start + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cloudformation.resources.stack.delete + inputs: + minimum_wait_time: + type: integer + default: 0 + description: | + Minimum waiting time in seconds to complete the operation. + <<: *operation_inputs + pull: + implementation: aws.cloudify_aws.cloudformation.resources.stack.pull + + cloudify.nodes.aws.ecs.Cluster: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ECS.Cluster.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ecs.resources.cluster.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ecs.resources.cluster.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ecs.resources.cluster.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ecs.Service: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ECS.Service.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ecs.resources.service.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ecs.resources.service.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ecs.resources.service.delete + inputs: *operation_inputs + + cloudify.nodes.aws.ecs.TaskDefinition: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.ECS.TaskDefinition.config + required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.ecs.resources.task_definition.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.ecs.resources.task_definition.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.ecs.resources.task_definition.delete + inputs: *operation_inputs + + + #### + # Swift Nodes + ### + cloudify.nodes.swift.s3.Bucket: + derived_from: cloudify.nodes.aws.s3.BaseBucket + properties: + <<: *swift_config + + cloudify.nodes.swift.s3.BucketObject: + derived_from: cloudify.nodes.aws.s3.BaseBucketObject + properties: + <<: *swift_config + + #### + # EKS Nodes + ### + cloudify.nodes.aws.eks.Cluster: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.EKS.Cluster.config + required: false + store_kube_config_in_runtime: + type: boolean + default: true + required: true + description: > + it will store the kubernetes configuration into a runtime property ['kubeconf'] to + use later to interact with the cluster + interfaces: + <<: *validation_interface + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.eks.resources.cluster.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.eks.resources.cluster.create + inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.eks.resources.cluster.poststart + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.eks.resources.cluster.delete + inputs: *operation_inputs + check_drift: + implementation: aws.cloudify_aws.eks.resources.cluster.check_drift + inputs: {} + + cloudify.nodes.aws.eks.NodeGroup: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + cloudify_tagging: + description: an automatic tag to identify the ec2 instance + type: boolean + default: true + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.EKS.NodeGroup.config + required: false + interfaces: + <<: *validation_interface + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.eks.resources.node_group.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.eks.resources.node_group.create + inputs: *operation_inputs + start: + implementation: aws.cloudify_aws.eks.resources.node_group.start + inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.eks.resources.node_group.poststart + delete: + implementation: aws.cloudify_aws.eks.resources.node_group.delete + inputs: *operation_inputs + check_drift: + implementation: aws.cloudify_aws.eks.resources.node_group.check_drift + + cloudify.nodes.aws.codepipeline.Pipeline: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.codepipeline.Pipeline.config +# required: false + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.codepipeline.resources.pipeline.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.codepipeline.resources.pipeline.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.codepipeline.resources.pipeline.delete + inputs: *operation_inputs + aws.codepipeline.pipeline: + start_pipeline_execution: + implementation: aws.cloudify_aws.codepipeline.resources.pipeline.execute + inputs: *operation_inputs + + + cloudify.nodes.aws.cognitoidp.UserPool: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.UserPool.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.user_pool.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.user_pool.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.user_pool.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognitoidp.UserPoolClient: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.UserPoolClient.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognitoidp.IdentityProvider: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.IdentityProvider.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognito.IdentityPool: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognito.IdentityPool.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.delete + inputs: *operation_inputs + + cloudify.nodes.resources.AmazonWebServices: + derived_from: cloudify.nodes.Root + properties: + <<: *client_config + regions: + type: list + default: [] + resource_config: + type: dict + default: + resource_types: + - AWS::EKS::CLUSTER + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: aws.cloudify_aws.workflows.resources.initialize + inputs: + resource_config: + default: { get_property: [ SELF, resource_config ] } + regions: + default: { get_property: [ SELF, regions ] } + delete: + implementation: aws.cloudify_aws.workflows.resources.deinitialize + inputs: *operation_inputs + +relationships: + + cloudify.relationships.aws.connected_to: + derived_from: cloudify.relationships.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + preconfigure: + implementation: ~ + inputs: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + required: false + default: {} + postconfigure: + implementation: ~ + inputs: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + required: false + default: {} + establish: + implementation: ~ + inputs: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + required: false + default: {} + unlink: + implementation: ~ + inputs: + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + required: false + default: {} + + + + #### + # AWS Identity & Access Management + #### + + ## + # IAM USER + ## + # IAM GROUP: https://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.add_user_to_group + # IAM POLICY: https://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.attach_user_policy + # IAM LOGIN PROFILE: https://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.create_login_profile + # IAM ACCESS KEY: https://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.create_access_key + cloudify.relationships.aws.iam.user.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.iam.resources.user.attach_to } + unlink: { implementation: aws.cloudify_aws.iam.resources.user.detach_from } + + ## + # IAM GROUP + ## + # IAM USER: https://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.add_user_to_group + # IAM POLICY: https://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.attach_group_policy + cloudify.relationships.aws.iam.group.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.iam.resources.group.attach_to } + unlink: { implementation: aws.cloudify_aws.iam.resources.group.detach_from } + + ## + # IAM ACCESS KEY + ## + # IAM USER: https://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.create_access_key + cloudify.relationships.aws.iam.access_key.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.iam.resources.access_key.attach_to } + unlink: { implementation: aws.cloudify_aws.iam.resources.access_key.detach_from } + + ## + # IAM LOGIN PROFILE + ## + # IAM USER: https://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.create_login_profile + cloudify.relationships.aws.iam.login_profile.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.iam.resources.login_profile.attach_to } + unlink: { implementation: aws.cloudify_aws.iam.resources.login_profile.detach_from } + + ## + # IAM ROLE + ## + # IAM POLICY: https://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.attach_role_policy + cloudify.relationships.aws.iam.role.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.iam.resources.role.attach_to } + unlink: { implementation: aws.cloudify_aws.iam.resources.role.detach_from } + + cloudify.relationships.aws.cognito.set_identity_pool_roles: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.cognito.resources.identity_pool.set } + unlink: { implementation: aws.cloudify_aws.cognito.resources.identity_pool.unset } + + + #### + # AWS Lambda + #### + + ## + # LAMBDA INVOKE + ## + # LAMBDA FUNCTION: https://boto3.readthedocs.io/en/latest/reference/services/lambda.html#Lambda.Client.invoke + cloudify.relationships.aws.lambda.invoke.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.lambda_serverless.resources.invoke.attach_to } + unlink: { implementation: aws.cloudify_aws.lambda_serverless.resources.invoke.detach_from } + + ## + # LAMBDA PERMISSION + ## + # LAMBDA FUNCTION: https://boto3.readthedocs.io/en/latest/reference/services/lambda.html#Lambda.Client.add_permission + cloudify.relationships.aws.lambda.permission.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + preconfigure: { implementation: aws.cloudify_aws.lambda_serverless.resources.permission.prepare_assoc } + unlink: { implementation: aws.cloudify_aws.lambda_serverless.resources.permission.detach_from } + + + #### + # AWS Relational Database Service + #### + + ## + # RDS INSTANCE READ REPLICA + ## + # RDS INSTANCE: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_instance_read_replica + # RDS PARAMETER GROUP: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_instance_read_replica + # RDS OPTION GROUP: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_instance_read_replica + # IAM ROLE: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_instance + cloudify.relationships.aws.rds.instance_read_replica.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + preconfigure: + implementation: aws.cloudify_aws.rds.resources.instance_read_replica.prepare_assoc + inputs: + iam_role_type_key: + description: > + If the relationship target is an IAM Role, it's necessary to give more context in order to + match the Role with the correct mapping to the relationship source since this type accepts + more than 1 type of Role. For instance, the RDS.Client.create_db_instance() method can + take both "DomainIAMRoleName" and "MonitoringRoleArn" keys. Consider this input as the + destination function keyword for the Role's ID or ARN. This is a required input if the + relationship target is of type IAM Role. + type: string + default: MonitoringRoleArn + required: false + iam_role_id_key: + description: > + If the relationship target is an IAM Role, it's necessary to give more context in order to + match the Role with the correct mapping to the relationship source since this type accepts + more than 1 type of Role. The value for this input should be the key name of a runtime + property (of the target) which will be subsequently placed as the value for the destination + function keyword from the "iam_role_type_key" input. This is a required input if the + relationship target is of type IAM Role. + type: string + default: aws_resource_arn + unlink: { implementation: aws.cloudify_aws.rds.resources.instance_read_replica.detach_from } + + ## + # RDS INSTANCE + ## + # RDS SUBNET GROUP: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_instance + # RDS PARAMETER GROUP: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_instance + # RDS OPTION GROUP: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_instance + # IAM ROLE: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_instance + # EC2 SECURITY GROUP: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_instance + cloudify.relationships.aws.rds.instance.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + preconfigure: + implementation: aws.cloudify_aws.rds.resources.instance.prepare_assoc + inputs: + iam_role_type_key: + description: > + If the relationship target is an IAM Role, it's necessary to give more context in order to + match the Role with the correct mapping to the relationship source since this type accepts + more than 1 type of Role. For instance, the RDS.Client.create_db_instance() method can + take both "DomainIAMRoleName" and "MonitoringRoleArn" keys. Consider this input as the + destination function keyword for the Role's ID or ARN. This is a required input if the + relationship target is of type IAM Role. + type: string + default: ~ + required: false + iam_role_id_key: + description: > + If the relationship target is an IAM Role, it's necessary to give more context in order to + match the Role with the correct mapping to the relationship source since this type accepts + more than 1 type of Role. The value for this input should be the key name of a runtime + property (of the target) which will be subsequently placed as the value for the destination + function keyword from the "iam_role_type_key" input. This is a required input if the + relationship target is of type IAM Role. + type: string + default: aws_resource_arn + unlink: { implementation: aws.cloudify_aws.rds.resources.instance.detach_from } + + ## + # RDS SUBNET GROUP + ## + # EC2 VPC SUBNET: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.create_db_subnet_group + cloudify.relationships.aws.rds.subnet_group.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + preconfigure: { implementation: aws.cloudify_aws.rds.resources.subnet_group.prepare_assoc } + unlink: { implementation: aws.cloudify_aws.rds.resources.subnet_group.detach_from } + + ## + # RDS PARAMETER GROUP + ## + # RDS PARAMETER: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.modify_db_parameter_group + cloudify.relationships.aws.rds.parameter_group.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.rds.resources.parameter_group.attach_to } + unlink: { implementation: aws.cloudify_aws.rds.resources.parameter_group.detach_from } + + ## + # RDS PARAMETER + ## + # RDS PARAMETER GROUP: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.modify_db_parameter_group + cloudify.relationships.aws.rds.parameter.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.rds.resources.parameter.attach_to } + unlink: { implementation: aws.cloudify_aws.rds.resources.parameter.detach_from } + + ## + # RDS OPTION GROUP + ## + # RDS OPTION: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.modify_db_option_group + cloudify.relationships.aws.rds.option_group.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.rds.resources.option_group.attach_to } + unlink: { implementation: aws.cloudify_aws.rds.resources.option_group.detach_from } + + ## + # RDS OPTION + ## + # RDS OPTION GROUP: https://boto3.readthedocs.io/en/latest/reference/services/rds.html#RDS.Client.modify_db_option_group + cloudify.relationships.aws.rds.option.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.rds.resources.option.attach_to } + unlink: { implementation: aws.cloudify_aws.rds.resources.option.detach_from } + + + #### + # AWS Route53 DNS Service + #### + + ## + # ROUTE53 HOSTED ZONE + ## + # EC2 VPC: https://boto3.readthedocs.io/en/latest/reference/services/route53.html#Route53.Client.create_hosted_zone + cloudify.relationships.aws.route53.hosted_zone.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + preconfigure: { implementation: aws.cloudify_aws.route53.resources.hosted_zone.prepare_assoc } + unlink: { implementation: aws.cloudify_aws.route53.resources.hosted_zone.detach_from } + + ## + # ROUTE53 RESOURCE RECORD SET + ## + # ROUTE53 HOSTED ZONE: https://boto3.readthedocs.io/en/latest/reference/services/route53.html#Route53.Client.change_resource_record_sets + cloudify.relationships.aws.route53.record_set.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + preconfigure: { implementation: aws.cloudify_aws.route53.resources.record_set.prepare_assoc } + unlink: { implementation: aws.cloudify_aws.route53.resources.record_set.detach_from } + + ## + # Instance to LB + ## + cloudify.relationships.aws.elb.instance.connected_to: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.elb.resources.classic.load_balancer.assoc } + unlink: { implementation: aws.cloudify_aws.elb.resources.classic.load_balancer.disassoc } + + + ## + # EBS to EC2 Instance + ## + + cloudify.relationships.aws.ebs.attachment.connected_to: + derived_from: cloudify.relationships.aws.connected_to + target_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.ec2.resources.ebs.attach_using_relationship } + unlink: { implementation: aws.cloudify_aws.ec2.resources.ebs.detach_using_relationship } + + + cloudify.relationships.aws.ec2.subnet_connected_to_vpc: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: + implementation: aws.cloudify_aws.ec2.resources.subnet.set_subnet + unlink: + implementation: aws.cloudify_aws.ec2.resources.subnet.unset_subnet + + cloudify.relationships.aws.ec2.attach_transit_gateway_to_vpc: + derived_from: cloudify.relationships.aws.connected_to + target_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway.request_vpc_attachment + inputs: + # cloudify.datatypes.aws.ec2.TransitGatewayVPCAttachment.config + transit_gateway_id: + type: string + description: The Transit Gateway ID. See documentation. The value can be provided as an input, but if the value is not provided, then the plugin will perform the same default lookup as indicated byt the get attribute intrinsic function. + default: { get_attribute: [ SOURCE, aws_resource_id ] } + vpc_id: + type: string + description: The VPC ID. See documentation. The value can be provided as an input, but if the value is not provided, then the plugin will perform the same default lookup as indicated byt the get attribute intrinsic function. + default: { get_attribute: [ TARGET, create_response, vpc_id ] } + SubnetIds: + type: list + description: A list of Subnet IDs. + default: [ { get_attribute: [ TARGET, aws_resource_id ] } ] + Options: + type: dict + description: See documentation. + default: {} + TagSpecifications: + type: list + description: See documentation. + default: [] + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + unlink: + implementation: aws.cloudify_aws.ec2.resources.transit_gateway.delete_vpc_attachment + inputs: + transit_gateway_attachment_id: + # https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.accept_transit_gateway_vpc_attachment + type: string + description: The Gateway Attachment ID that is created in request_vpc_attachment. The value can be provided as an input, but if the value is not provided, then the plugin will perform the same default lookup as indicated byt the get attribute intrinsic function. + default: { get_attribute: [ SOURCE, TransitGatewayVpcAttachments, { get_attribute: [ TARGET, aws_resource_id ] }, TransitGatewayVpcAttachment, TransitGatewayAttachmentId] } + + ## + # Refresh kubeconfig for EKS cluster in runtime properties. Use this relationship on kubernetes + # resources that use EKS cluster kubeconfig as authentication method. + ## + + cloudify.relationships.aws.eks.connected_to_eks_cluster: + derived_from: cloudify.relationships.aws.connected_to + target_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.eks.resources.cluster.refresh_kubeconfig} + unlink: { implementation: aws.cloudify_aws.eks.resources.cluster.refresh_kubeconfig } + +workflows: + + discover_and_deploy: +# description: > +# Using provided credentials, list all discoverable resources of specified resource type. +# (Default is cloudify.nodes.aws.eks.Cluster). +# This is restricted to provided credentials and region. +# Install new deployments for them. + mapping: aws.cloudify_aws.workflows.discover.discover_and_deploy + availability_rules: + node_instances_active: ['all'] + node_types_required: ['cloudify.nodes.resources.AmazonWebServices'] + parameters: + node_id: + type: node_id + description: > + The node_id. Not required. + default: '' + resource_types: + description: > + The name of the resource to discover. + Default is [AWS::EKS::CLUSTER], as that is the only currently supported resource. + type: list + default: + - AWS::EKS::CLUSTER + blueprint_id: + description: The ID of the blueprint that should be used to deploy the new resources. Default is current blueprint. + type: blueprint_id + default: 'existing-eks-cluster' + +blueprint_labels: + obj-type: + values: + - aws + +labels: + obj-type: + values: + - aws + +resource_tags: + tenant: { get_sys: [ tenant, name ] } + deployment_id: { get_sys: [ deployment, id ] } + owner: { get_sys: [ deployment, owner ] } diff --git a/setup.py b/setup.py index 6f1f42e3..17e70daf 100644 --- a/setup.py +++ b/setup.py @@ -48,6 +48,7 @@ def get_version(rel_file='plugin.yaml'): 'cloudify-utilities-plugins-sdk>=0.0.61', 'botocore', 'pycryptodome==3.9.7', - 'deepdiff==3.3.0' + 'deepdiff==3.3.0', + 'datetime' ] ) diff --git a/tox.ini b/tox.ini index 5648b2c9..afde60f6 100644 --- a/tox.ini +++ b/tox.ini @@ -17,7 +17,7 @@ whitelist_externals = bash [testenv:linting] commands = - flake8 cloudify_aws + flake8 cloudify_aws --exclude cloudify_aws/cognito/scripts/* [testenv:unittesting] commands = diff --git a/v2_plugin.yaml b/v2_plugin.yaml index fec6ce04..e33a5cef 100644 --- a/v2_plugin.yaml +++ b/v2_plugin.yaml @@ -2,7 +2,11 @@ plugins: aws: executor: central_deployment_agent package_name: cloudify-aws-plugin - package_version: '3.0.10' +<<<<<<< HEAD + package_version: '3.0.11' +======= + package_version: '3.1.0' +>>>>>>> 26bf4b7 (support cognito) data_types: @@ -248,7 +252,7 @@ data_types: Path: type: string description: The path to the policy. - required: true + required: false PolicyDocument: type: string description: The policy document. @@ -1253,6 +1257,205 @@ data_types: description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/codepipeline.html#CodePipeline.Client.create_pipeline default: {} + + cloudify.datatypes.aws.cognitoidp.UserPool.config: + properties: + PoolName: + type: string + description: The name of the user pool + required: true + Policies: + type: dict + required: false + LambdaConfig: + type: dict + required: false + AutoVerifiedAttributes: + type: list + required: false + AliasAttributes: + type: list + required: false + UsernameAttributes: + type: list + required: false + SmsVerificationMessage: + type: string + required: false + EmailVerificationMessage: + type: string + required: false + EmailVerificationSubject: + type: string + required: false + VerificationMessageTemplate: + type: dict + required: false + SmsAuthenticationMessage: + type: string + required: false + MfaConfiguration: + type: string + UserAttributeUpdateSettings: + type: dict + required: false + DeviceConfiguration: + type: dict + required: false + EmailConfiguration: + type: dict + required: false + SmsConfiguration: + type: dict + required: false + UserPoolTags: + type: dict + required: false + AdminCreateUserConfig: + type: dict + required: false + Schema: + type: list + required: false + UserPoolAddOns: + type: dict + required: false + UsernameConfiguration: + type: dict + required: false + AccountRecoverySetting: + type: dict + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_user_pool + default: {} + + cloudify.datatypes.aws.cognitoidp.UserPoolClient.config: + properties: + UserPoolId: + type: string + required: true + ClientName: + type: string + required: true + GenerateSecret: + type: boolean + required: false + RefreshTokenValidity: + type: integer + required: false + AccessTokenValidity: + type: integer + required: false + IdTokenValidity: + type: integer + required: false + TokenValidityUnits: + type: dict + required: false + ReadAttributes: + type: list + required: false + CallbackURLs: + type: list + required: false + ExplicitAuthFlows: + type: list + required: false + SupportedIdentityProviders: + type: list + required: false + LogoutURLs: + type: list + required: false + DefaultRedirectURI: + type: string + required: false + AllowedOAuthFlows: + type: list + required: false + AllowedOAuthScopes: + type: list + required: false + AllowedOAuthFlowsUserPoolClient: + type: boolean + required: false + AnalyticsConfiguration: + type: dict + required: false + PreventUserExistenceErrors: + type: string + required: false + EnableTokenRevocation: + type: boolean + required: false + EnablePropagateAdditionalUserContextData: + type: boolean + required: false + AuthSessionValidity: + type: integer + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_user_pool_client + default: {} + + cloudify.datatypes.aws.cognitoidp.IdentityProvider.config: + properties: + UserPoolId: + type: string + required: true + ProviderName: + type: string + required: true + ProviderType: + type: string + required: true + ProviderDetails: + type: dict + required: true + AttributeMapping: + type: dict + required: false + IdpIdentifiers: + type: list + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.create_identity_provider + default: {} + + cloudify.datatypes.aws.cognito.IdentityPool.config: + properties: + IdentityPoolName: + type: string + required: true + AllowUnauthenticatedIdentities: + type: boolean + required: true + AllowClassicFlow: + type: boolean + required: false + SupportedLoginProviders: + type: dict + required: false + DeveloperProviderName: + type: string + required: false + OpenIdConnectProviderARNs: + type: list + required: false + CognitoIdentityProviders: + type: list + required: false + SamlProviderARNs: + type: list + required: false + IdentityPoolTags: + type: dict + required: false + kwargs: + description: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-identity.html#CognitoIdentity.Client.create_identity_pool + default: {} + dsl_definitions: use_external_resource_desc: &use_external_resource_desc > @@ -3227,6 +3430,9 @@ node_types: create: implementation: aws.cloudify_aws.ec2.resources.ebs.create inputs: *operation_inputs + poststart: + implementation: aws.cloudify_aws.ec2.resources.ebs.poststart + inputs: *operation_inputs delete: implementation: aws.cloudify_aws.ec2.resources.ebs.delete inputs: *operation_inputs @@ -3857,6 +4063,98 @@ node_types: implementation: aws.cloudify_aws.codepipeline.resources.pipeline.execute inputs: *operation_inputs + cloudify.nodes.aws.cognitoidp.UserPool: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.UserPool.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.user_pool.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.user_pool.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.user_pool.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognitoidp.UserPoolClient: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.UserPoolClient.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.user_pool_client.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognitoidp.IdentityProvider: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognitoidp.IdentityProvider.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.identity_provider.delete + inputs: *operation_inputs + + cloudify.nodes.aws.cognito.IdentityPool: + derived_from: cloudify.nodes.Root + properties: + <<: *external_resource + <<: *client_config + <<: *resource_id + resource_config: + description: > + Configuration key-value data to be passed as-is to the corresponding + Boto3 method. Key names must match the case that Boto3 requires. + type: cloudify.datatypes.aws.cognito.IdentityPool.config + interfaces: + cloudify.interfaces.lifecycle: + precreate: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.prepare + inputs: *operation_inputs + create: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.create + inputs: *operation_inputs + delete: + implementation: aws.cloudify_aws.cognito.resources.identity_pool.delete + inputs: *operation_inputs + cloudify.nodes.resources.AmazonWebServices: derived_from: cloudify.nodes.Root properties: @@ -3990,6 +4288,12 @@ relationships: establish: { implementation: aws.cloudify_aws.iam.resources.role.attach_to } unlink: { implementation: aws.cloudify_aws.iam.resources.role.detach_from } + cloudify.relationships.aws.cognito.set_identity_pool_roles: + derived_from: cloudify.relationships.aws.connected_to + source_interfaces: + cloudify.interfaces.relationship_lifecycle: + establish: { implementation: aws.cloudify_aws.cognito.resources.identity_pool.set } + unlink: { implementation: aws.cloudify_aws.cognito.resources.identity_pool.unset } #### # AWS Lambda From 1b56acb5afccc81b236e7a8162c7866ea7bfa6a8 Mon Sep 17 00:00:00 2001 From: EarthmanT Date: Mon, 31 Oct 2022 14:25:54 -0400 Subject: [PATCH 3/4] fixing plugin yaml --- plugin.yaml | 4 ---- plugin_1_4.yaml | 4 ---- 2 files changed, 8 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index f1d7fdb5..a1acbdd3 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -2,11 +2,7 @@ plugins: aws: executor: central_deployment_agent package_name: cloudify-aws-plugin -<<<<<<< HEAD - package_version: '3.0.11' -======= package_version: '3.1.0' ->>>>>>> 26bf4b7 (support cognito) data_types: diff --git a/plugin_1_4.yaml b/plugin_1_4.yaml index 3a61e090..6dd5d711 100644 --- a/plugin_1_4.yaml +++ b/plugin_1_4.yaml @@ -2,11 +2,7 @@ plugins: aws: executor: central_deployment_agent package_name: cloudify-aws-plugin -<<<<<<< HEAD - package_version: '3.0.11' -======= package_version: '3.1.0' ->>>>>>> 26bf4b7 (support cognito) data_types: From 5c512d69e11c9aa02ccf129d987208d47c0e3e80 Mon Sep 17 00:00:00 2001 From: EarthmanT Date: Mon, 31 Oct 2022 14:27:47 -0400 Subject: [PATCH 4/4] fix plugin yaml --- .circleci/config.yml | 5 ++++- CHANGELOG.txt | 10 ++-------- plugin_1_5.yaml | 30 ++++++++++++++++-------------- v2_plugin.yaml | 4 ---- 4 files changed, 22 insertions(+), 27 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 0c9b9732..68a011e0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -29,7 +29,10 @@ commands: prepare_test_manager: steps: - run: ls -alR - - run: ecosystem-test prepare-test-manager -l $TEST_LICENSE -es aws_access_key_id=$aws_access_key_id -es aws_secret_access_key=$aws_secret_access_key --bundle-path workspace/build/cloudify-plugins-bundle.tgz --yum-package python-netaddr --yum-package git + - run: ecosystem-test prepare-test-manager -l $TEST_LICENSE -es aws_access_key_id=$aws_access_key_id -es aws_secret_access_key=$aws_secret_access_key --yum-package python-netaddr --yum-package git + - run: ecosystem-test upload-plugin -PN utilities + - run: ecosystem-test upload-plugin -PN ansible + - run: ecosystem-test upload-plugin -PN kubernetes - run: | docker exec -it cfy_manager mkdir -p /etc/cloudify/.cloudify/profiles/manager-local/ docker exec -it cfy_manager cp /root/.cloudify/profiles/manager-local/context.json /etc/cloudify/.cloudify/profiles/manager-local/context.json diff --git a/CHANGELOG.txt b/CHANGELOG.txt index b3251e52..a1185aa0 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,16 +1,10 @@ -<<<<<<< HEAD -3.0.11: +3.1.0: - RD 5833 DSL 1.5 Plugin YAML. - Handle malformed xml in s3 empty CreateBucketConfiguration. - - updated cleanup_vpc_internet_gateways, so deatching of igw has vpc id as well. - updated cleanup_vpc_internet_gateways, so detaching of igw has vpc id as well. - ec2 resources will check that deletion will be successful using dry run before deleting tags - image resources check node properties instead of runtime properties - - updated cleanup_vpc_internet_gateways, so detaching of igw has vpc id as well. - - ec2 resources will check that deletion will be successful using dry run before deleting tags -======= -3.1.0: Add cognito. ->>>>>>> 26bf4b7 (support cognito) + - Add cognito. 3.0.10: Workflow availability. 3.0.9: Add Status reports in CF. 3.0.8: diff --git a/plugin_1_5.yaml b/plugin_1_5.yaml index bc5323c6..91146f37 100644 --- a/plugin_1_5.yaml +++ b/plugin_1_5.yaml @@ -87,46 +87,49 @@ data_types: required: true cloudify.datatypes.aws.ConnectionConfig: - properties: &aws_plugin_connection_config + properties: aws_session_token: - type: string description: Session token. + type: string required: false aws_access_key_id: + description: > + The ID of your AWS ACCESS KEY ID. type: string - description: The ID of your AWS ACCESS KEY ID. required: false aws_secret_access_key: + description: > + The ID of your AWS SECRET ACCESS KEY. type: string - description: The ID of your AWS SECRET ACCESS KEY. + required: false region_name: - type: string - description: | + description: > The server region name, such as us-east-1. (Not us-east-1b, which is an availability zone, or US East, which is a Region.) - required: true - endpoint_url: type: string - description: | + required: false + endpoint_url: + description: > The complete URL to use for the constructed client. Normally, botocore will automatically construct the appropriate URL to use when communicating with a service. You can specify a complete URL (including the "http/https" scheme) to override this behavior. If this value is provided, then ``use_ssl`` is ignored. + type: string required: false api_version: type: string - description: The API Version to use, if not latest. required: false + description: The API Version to use, if not latest. assume_role: type: string - description: The role ARN that Cloudify manager instance is able to assume. required: false + description: The role ARN that Cloudify manager instance is able to assume. additional_config: - type: dict - description: | + required: false + description: > An abstraction of the 'config' parameter accepted by boto3.client function. This parameter should only be used by experienced users. Example usage: vm: @@ -137,7 +140,6 @@ data_types: retries: max_attempts: 10 mode: adaptive - required: false cloudify.datatypes.aws.dynamodb.Table.config: properties: diff --git a/v2_plugin.yaml b/v2_plugin.yaml index e33a5cef..9eb4a8d9 100644 --- a/v2_plugin.yaml +++ b/v2_plugin.yaml @@ -2,11 +2,7 @@ plugins: aws: executor: central_deployment_agent package_name: cloudify-aws-plugin -<<<<<<< HEAD - package_version: '3.0.11' -======= package_version: '3.1.0' ->>>>>>> 26bf4b7 (support cognito) data_types: