AWS - streaming_distribution set-attributes action and config filter

c7n/resources/cloudfront.py

@@ -164,7 +164,7 @@ class DistributionConfig(ValueFilter):
                 filters:
                   - type: distribution-config
                     key: Logging.Enabled
-                    value: true
+                    value: False
    """
 
     schema = type_schema('distribution-config', rinherit=ValueFilter.schema)
@@ -199,6 +199,55 @@ def __call__(self, r):
         return super(DistributionConfig, self).__call__(r[self.annotation_key])
 
 
+@StreamingDistribution.filter_registry.register('streaming-distribution-config')
+class StreamingDistributionConfig(ValueFilter):
+    """Check for Cloudfront streaming distribution config values
+
+    :example:
+
+    .. code-block:: yaml
+
+            policies:
+              - name: streaming-distribution-logging-enabled
+                resource: streaming-distribution
+                filters:
+                  - type: streaming-distribution-config
+                    key: Logging.Enabled
+                    value: true
+   """
+
+    schema = type_schema('streaming-distribution-config', rinherit=ValueFilter.schema)
+    schema_alias = False
+    permissions = ('cloudfront:GetStreamingDistributionConfig',)
+    annotation_key = 'c7n:streaming-distribution-config'
+    annotate = False
+
+    def process(self, resources, event=None):
+
+        self.augment([r for r in resources if self.annotation_key not in r])
+        return super().process(resources, event)
+
+    def augment(self, resources):
+
+        client = local_session(self.manager.session_factory).client(
+            'cloudfront', region_name=self.manager.config.region)
+
+        for r in resources:
+            try:
+                r[self.annotation_key] = client.get_streaming_distribution_config(Id=r['Id']) \
+                    .get('StreamingDistributionConfig')
+            except (client.exceptions.NoSuchStreamingDistribution):
+                r[self.annotation_key] = {}
+            except Exception as e:
+                self.log.warning(
+                    "Exception trying to get Streaming Distribution Config: %s error: %s",
+                    r['ARN'], e)
+                raise e
+
+    def __call__(self, r):
+        return super(StreamingDistributionConfig, self).__call__(r[self.annotation_key])
+
+
 @Distribution.filter_registry.register('mismatch-s3-origin')
 class MismatchS3Origin(Filter):
     """Check for existence of S3 bucket referenced by Cloudfront,
@@ -564,6 +613,10 @@ def set_required_update_fields(self, config):
                 "ViewerProtocolPolicy": "",
                 "MinTTL": 0
             }
+        if 'Comment' not in config:
+            config['Comment'] = ''
+        if 'Enabled' not in config:
+            config['Enabled'] = False
 
     def process(self, distributions):
         client = local_session(self.manager.session_factory).client(
@@ -592,3 +645,94 @@ def process_distribution(self, client, distribution):
                 "Exception trying to update Distribution: %s error: %s",
                 distribution['ARN'], e)
             raise e
+
+
+@StreamingDistribution.action_registry.register('set-attributes')
+class StreamingDistributionUpdateAction(BaseAction):
+    """Action to update the attributes of a distribution
+
+    :example:
+
+    .. code-block:: yaml
+
+        policies:
+        - name: enforce-streaming-distribution-logging
+          resource: streaming-distribution
+          filters:
+            - type: value
+              key: "Logging.Enabled"
+              value: false
+          actions:
+            - type: set-attributes
+              attributes:
+                Logging:
+                    Enabled: true
+                    Bucket: 'test-enable-logging-c7n.s3.amazonaws.com'
+                    Prefix: ''
+    """
+    schema = type_schema('set-attributes',
+                        attributes={"type": "object"},
+                        required=('attributes',))
+
+    permissions = ("cloudfront:UpdateStreamingDistribution",
+                   "cloudfront:GetStreamingDistributionConfig",)
+    shape = 'UpdateStreamingDistributionRequest'
+
+    def validate(self):
+        attrs = dict(self.data.get('attributes'))
+        if attrs.get('CallerReference'):
+            raise PolicyValidationError('CallerReference field cannot be updated')
+
+        # Set default values for required fields if they are not present
+        attrs["CallerReference"] = ""
+        self.set_required_update_fields(attrs)
+
+        request = {
+            "StreamingDistributionConfig": attrs,
+            "Id": "sample_id",
+            "IfMatch": "sample_string",
+        }
+        return shape_validate(request, self.shape, 'cloudfront')
+
+    def set_required_update_fields(self, config):
+        if 'S3Origin' not in config:
+            config["S3Origin"] = {
+                "DomainName": 'domain_name',
+                "OriginAccessIdentity": 'origin_access_identity'
+            }
+        if 'TrustedSigners' not in config:
+            config["TrustedSigners"] = {
+                "Enabled": False,
+                "Quantity": 0
+            }
+        if 'Comment' not in config:
+            config['Comment'] = ''
+        if 'Enabled' not in config:
+            config['Enabled'] = False
+
+    def process(self, streaming_distributions):
+        client = local_session(self.manager.session_factory).client(
+            self.manager.get_model().service)
+        for d in streaming_distributions:
+            self.process_distribution(client, d)
+
+    def process_distribution(self, client, streaming_distribution):
+        try:
+            res = client.get_streaming_distribution_config(
+                Id=streaming_distribution[self.manager.get_model().id])
+            config = res['StreamingDistributionConfig']
+            updatedConfig = {**config, **self.data['attributes']}
+            if config == updatedConfig:
+                return
+            res = client.update_streaming_distribution(
+                Id=streaming_distribution[self.manager.get_model().id],
+                IfMatch=res['ETag'],
+                StreamingDistributionConfig=updatedConfig
+            )
+        except (client.exceptions.NoSuchResource, client.exceptions.NoSuchStreamingDistribution):
+            pass
+        except Exception as e:
+            self.log.warning(
+                "Exception trying to update Streaming Distribution: %s error: %s",
+                streaming_distribution['ARN'], e)
+            raise e

tests/data/placebo/test_distribution_update_distribution/cloudfront.GetDistributionConfig_1.json

@@ -1,22 +1,10 @@
 {
     "status_code": 200,
     "data": {
-        "ResponseMetadata": {
-            "RequestId": "b63bf6dd-3564-47e2-931f-34f9b4045f13",
-            "HTTPStatusCode": 200,
-            "HTTPHeaders": {
-                "x-amzn-requestid": "b63bf6dd-3564-47e2-931f-34f9b4045f13",
-                "etag": "E2LOA0W0H4PY7B",
-                "content-type": "text/xml",
-                "content-length": "2298",
-                "vary": "Accept-Encoding",
-                "date": "Fri, 28 Feb 2020 17:58:16 GMT"
-            },
-            "RetryAttempts": 0
-        },
-        "ETag": "E2LOA0W0H4PY7B",
+        "ResponseMetadata": {},
+        "ETag": "ETAPGKTC9B1VZ",
         "DistributionConfig": {
-            "CallerReference": "1582867337153",
+            "CallerReference": "6441605581961",
             "Comment": "",
             "Enabled": true,
             "Logging": {

tests/data/placebo/test_distribution_update_distribution/cloudfront.GetDistributionConfig_2.json

@@ -1,28 +1,16 @@
 {
     "status_code": 200,
     "data": {
-        "ResponseMetadata": {
-            "RequestId": "4bab1034-442e-4706-a513-bd2073dd9fe1",
-            "HTTPStatusCode": 200,
-            "HTTPHeaders": {
-                "x-amzn-requestid": "4bab1034-442e-4706-a513-bd2073dd9fe1",
-                "etag": "E51JMM89BDP7",
-                "content-type": "text/xml",
-                "content-length": "2337",
-                "vary": "Accept-Encoding",
-                "date": "Fri, 28 Feb 2020 17:58:16 GMT"
-            },
-            "RetryAttempts": 0
-        },
-        "ETag": "E51JMM89BDP7",
+        "ResponseMetadata": {},
+        "ETag": "ETAPGKTC9B1VZ",
         "DistributionConfig": {
-            "CallerReference": "1582867337153",
+            "CallerReference": "6441605581961",
             "Comment": "",
             "Enabled": true,
             "Logging": {
-                "Enabled": true,
+                "Enabled": false,
                 "IncludeCookies": false,
-                "Bucket": "test-enable-logging-c7n.s3.amazonaws.com",
+                "Bucket": "",
                 "Prefix": ""
             }
         }

tests/data/placebo/test_distribution_update_distribution/cloudfront.GetDistributionConfig_3.json

@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ETag": "E3SPE6T0EJSAA4",
+        "DistributionConfig": {
+            "CallerReference": "6441605581961",
+            "Comment": "",
+            "Enabled": true,
+            "Logging": {
+                "Enabled": true,
+                "IncludeCookies": false,
+                "Bucket": "test-logging.s3.amazonaws.com",
+                "Prefix": ""
+            }
+        }
+    }
+}

tests/data/placebo/test_distribution_update_distribution/cloudfront.ListDistributions_1.json

@@ -1,27 +1,16 @@
 {
     "status_code": 200,
     "data": {
-        "ResponseMetadata": {
-            "RequestId": "3f9b9bca-cc65-49c3-8ef7-fe2112ae7f5d",
-            "HTTPStatusCode": 200,
-            "HTTPHeaders": {
-                "x-amzn-requestid": "3f9b9bca-cc65-49c3-8ef7-fe2112ae7f5d",
-                "content-type": "text/xml",
-                "content-length": "2481",
-                "vary": "Accept-Encoding",
-                "date": "Fri, 28 Feb 2020 17:58:16 GMT"
-            },
-            "RetryAttempts": 0
-        },
+        "ResponseMetadata": {},
         "DistributionList": {
             "Marker": "",
             "MaxItems": 100,
             "IsTruncated": false,
             "Quantity": 1,
             "Items": [
                 {
-                    "Id": "E1FBPN9VF9FG4X",
-                    "ARN": "arn:aws:cloudfront::123456789012:distribution/E1FBPN9VF9FG4X",
+                    "Id": "E1OQK8XICQK4UM",
+                    "ARN": "arn:aws:cloudfront::123456789012:distribution/E1OQK8XICQK4UM",
                     "Status": "InProgress",
                     "Comment": "",
                     "Enabled": true

tests/data/placebo/test_distribution_update_distribution/cloudfront.UpdateDistribution_1.json

@@ -1,31 +1,19 @@
 {
     "status_code": 200,
     "data": {
-        "ResponseMetadata": {
-            "RequestId": "b1d631b0-64d2-4536-94d4-fde33b5e2042",
-            "HTTPStatusCode": 200,
-            "HTTPHeaders": {
-                "x-amzn-requestid": "b1d631b0-64d2-4536-94d4-fde33b5e2042",
-                "etag": "E51JMM89BDP7",
-                "content-type": "text/xml",
-                "content-length": "2757",
-                "vary": "Accept-Encoding",
-                "date": "Fri, 28 Feb 2020 17:58:16 GMT"
-            },
-            "RetryAttempts": 0
-        },
-        "ETag": "E51JMM89BDP7",
+        "ResponseMetadata": {},
+        "ETag": "E3SPE6T0EJSAA4",
         "Distribution": {
-            "Id": "E1FBPN9VF9FG4X",
-            "ARN": "arn:aws:cloudfront::12346789012:distribution/E1FBPN9VF9FG4X",
+            "Id": "E1OQK8XICQK4UM",
+            "ARN": "arn:aws:cloudfront::123456789012:distribution/E1OQK8XICQK4UM",
             "Status": "InProgress",
             "DistributionConfig": {
-                "CallerReference": "1582867337153",
+                "CallerReference": "6441605581961",
                 "Comment": "",
                 "Logging": {
                     "Enabled": true,
                     "IncludeCookies": false,
-                    "Bucket": "test-enable-logging-c7n.s3.amazonaws.com",
+                    "Bucket": "test-logging.s3.amazonaws.com",
                     "Prefix": ""
                 },
                 "Enabled": true

tests/data/placebo/test_distribution_update_distribution/tagging.GetResources_1.json

@@ -3,16 +3,6 @@
     "data": {
         "PaginationToken": "",
         "ResourceTagMappingList": [],
-        "ResponseMetadata": {
-            "RequestId": "39bd145a-0e72-413f-9a75-7d5d854cae1a",
-            "HTTPStatusCode": 200,
-            "HTTPHeaders": {
-                "x-amzn-requestid": "39bd145a-0e72-413f-9a75-7d5d854cae1a",
-                "content-type": "application/x-amz-json-1.1",
-                "content-length": "50",
-                "date": "Fri, 28 Feb 2020 17:58:15 GMT"
-            },
-            "RetryAttempts": 0
-        }
+        "ResponseMetadata": {}
     }
 }

tests/data/placebo/test_distribution_update_streaming_distribution/cloudfront.GetStreamingDistributionConfig_1.json

@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ETag": "E1SDZ8L66HNLQJ",
+        "StreamingDistributionConfig": {
+            "CallerReference": "6441605581965",
+            "S3Origin": {
+                "DomainName": "test-pratyush.s3.amazonaws.com",
+                "OriginAccessIdentity": ""
+            },
+            "Aliases": {
+                "Quantity": 0
+            },
+            "Comment": "",
+            "Logging": {
+                "Enabled": false,
+                "Bucket": "",
+                "Prefix": ""
+            },
+            "TrustedSigners": {
+                "Enabled": false,
+                "Quantity": 0
+            },
+            "PriceClass": "PriceClass_All",
+            "Enabled": true
+        }
+    }
+}