AWS::SSM::Parameter resource #159
Conversation
aws-ssm-parameter/src/main/java/com/amazonaws/ssm/parameter/ClientBuilder.java
Outdated
Show resolved
Hide resolved
aws-ssm-parameter/src/main/java/com/amazonaws/ssm/parameter/CreateHandler.java
Show resolved
Hide resolved
aws-ssm-parameter/src/main/java/com/amazonaws/ssm/parameter/CreateHandler.java
Outdated
Show resolved
Hide resolved
aws-ssm-parameter/src/main/java/com/amazonaws/ssm/parameter/CreateHandler.java
Outdated
Show resolved
Hide resolved
aws-ssm-parameter/src/main/java/com/amazonaws/ssm/parameter/BaseHandlerStd.java
Show resolved
Hide resolved
| } else if (hasThrottled(e)) { | ||
| ex = new CfnThrottlingException(e); | ||
| } else { | ||
| ex = new CfnGeneralServiceException(e); |
There was a problem hiding this comment.
Can't find this Exception in javadoc for AWS::SSM::Parameter Resource. Unable to reproduce this error.
There was a problem hiding this comment.
Pass in bad inputs and check what exceptions are thrown. It might map to InvalidRequest
There was a problem hiding this comment.
Thanks. Added more exception handling cases.
aws-ssm-parameter/src/main/java/com/amazonaws/ssm/parameter/BaseHandlerStd.java
Show resolved
Hide resolved
There was a problem hiding this comment.
There seems to be a lot of deviation between native and this code base.
I have gone through everything except Update. But Create and Update are similar. Can you make the changes requested and when I look at it a second time, I will take a look at Update as well.
| "description": "The information about the parameter.", | ||
| "minLength": 0, | ||
| "maxLength": 1024 | ||
| "description": "Information about the parameter." | ||
| }, | ||
| "Policies": { | ||
| "type": "string", |
There was a problem hiding this comment.
This should be an object - it can take both a JSON and a String? Can you test this to verify? (Stringification is usually applicable to policies, but please verify it)
There was a problem hiding this comment.
CFN Doc says Policies is of type String
There was a problem hiding this comment.
Tried creating it via CLI with Json value instead of String, and faced below error.
Parameter validation failed:
Invalid type for parameter Policies
aws-ssm-parameter/src/main/java/com/amazonaws/ssm/parameter/CreateHandler.java
Outdated
Show resolved
Hide resolved
| if (model.getName() == null) { | ||
| model.setName(IdentifierUtils.generateResourceIdentifier("CFN", | ||
| request.getLogicalResourceIdentifier(), | ||
| request.getClientRequestToken(), 40)); |
There was a problem hiding this comment.
How did you arrive at 40? Also, you dont seem to be truncating the length of the logical resource id. WHy not just use the same function as native. Much easier. (Use the same values too)
There was a problem hiding this comment.
Reverted back to native implementation
| .makeServiceCall((putParameterRequest, ssmProxyClient) -> | ||
| ssmProxyClient.injectCredentialsAndInvokeV2(putParameterRequest, ssmProxyClient.client()::putParameter)) |
There was a problem hiding this comment.
It seems like there are two workflows here:
- When the SSM parameter is not of EC2 type - then we just create the SSM parameter.
- If it is of EC2 type, then we use versioning.
Where have you handled this?
| .makeServiceCall((putParameterRequest, ssmProxyClient) -> | ||
| ssmProxyClient.injectCredentialsAndInvokeV2(putParameterRequest, ssmProxyClient.client()::putParameter)) | ||
| .stabilize((req, response, client, model1, cbContext) -> stabilize(req, response, client, model1, cbContext, logger)) | ||
| .handleError((req, e, proxy1, model1, context1) -> handleError(req, e, proxy1, model1, context1, logger)) |
There was a problem hiding this comment.
Also, it seems like AlreadyExistsExceptions are swallowed after comparing to check if the resource OOB has identical configuration.
There was a problem hiding this comment.
This might cause contract test failures though - so we need to call this out. (Office hours item)
There was a problem hiding this comment.
So we let it pass if the resource exists with identical configuration ? A confirmation would help.
| .backoffDelay(getBackOffDelay(model)) | ||
| .makeServiceCall((putParameterRequest, ssmProxyClient) -> | ||
| ssmProxyClient.injectCredentialsAndInvokeV2(putParameterRequest, ssmProxyClient.client()::putParameter)) | ||
| .stabilize((req, response, client, model1, cbContext) -> stabilize(req, response, client, model1, cbContext, logger)) |
There was a problem hiding this comment.
Stabilization is called only for EC2 data types. You seem to be stabilizing even when the type is not EC2?
| return false; | ||
| } | ||
| return (response.parameters() != null && response.parameters().get(0).version() == putParameterResponse.version()); | ||
| } catch (Exception e) { |
There was a problem hiding this comment.
Handle Throttling here. If the exception type is of Throttling, then you can return false and retry.
| } | ||
| } | ||
|
|
||
| protected ProgressEvent<ResourceModel, CallbackContext> handleError(SsmRequest ssmRequest, Exception e, ProxyClient<SsmClient> proxyClient, |
There was a problem hiding this comment.
Native is handling a lot more errors - look for this -
` private static final Set THROTTLING_ERROR_CODES = ImmutableSet.of(
"ThrottlingException",
"TooManyUpdates");
private static final Set<String> ERROR_CODES_THAT_DEFAULT_TO_RETRIABLE_UNTOUCHED = Sets.union(
Collections.singleton(HTTP_CONNECTION_TIMEOUT_ERROR_CODE),
THROTTLING_ERROR_CODES);
private static final Set<String> ERROR_CODES_THAT_DEFAULT_TO_RETRIABLE_TOUCHED = ImmutableSet.of(
HTTP_TIMEOUT_ERROR_CODE,
HTTP_FAILURE_ERROR_CODE);`
There was a problem hiding this comment.
It's counterpart hasThrottled() has already been implemented which looks for errorCode.
| logger.log("Invoking Read Handler"); | ||
| logger.log("READ ResourceModel: " + model.toString()); | ||
|
|
||
| return ProgressEvent.progress(model, callbackContext) |
There was a problem hiding this comment.
Can you verify to see if Drift if working for values other than Type/Value? Looks like native is only checking for these 2 attributes.
There was a problem hiding this comment.
Drift does not work for Native. Yes Native only checks for 2 attributes. Current Uluru implementation supports all attributes.
| return ProgressEvent.progress(model, callbackContext) | ||
| .then(progress -> getParameters(proxy, progress, proxyClient, model, callbackContext, logger)) | ||
| .then(progress -> describeParameters(proxy, progress, proxyClient, progress.getResourceModel(), progress.getCallbackContext(), logger)) | ||
| .then(progress -> listTagsForResourceRequestForParameters(proxy, progress, proxyClient, progress.getResourceModel(), progress.getCallbackContext(), logger)) |
There was a problem hiding this comment.
You need to soft-fail wherever extra permissions are needed. (Like ListTags)
Development of AWS::SSM::Parameter resource