in aws-sso-permissionset/src/main/java/software/amazon/sso/permissionset/UpdateHandler.java [39:187]
protected ProgressEvent<ResourceModel, CallbackContext> handleRequest(
final AmazonWebServicesClientProxy proxy,
final ResourceHandlerRequest<ResourceModel> request,
final CallbackContext callbackContext,
final ProxyClient<SsoAdminClient> proxyClient,
final Logger logger) {
this.logger = logger;
if (!callbackContext.isHandlerInvoked()) {
callbackContext.setHandlerInvoked(true);
callbackContext.setRetryAttempts(RETRY_ATTEMPTS);
}
ResourceModel model = request.getDesiredResourceState();
ManagedPolicyAttachmentProxy managedPolicyAttachmentProxy = new ManagedPolicyAttachmentProxy(proxy, proxyClient);
InlinePolicyProxy inlinePolicyProxy = new InlinePolicyProxy(proxy, proxyClient);
return ProgressEvent.progress(request.getDesiredResourceState(), callbackContext)
.then(progress -> proxy.initiate("sso::update-permissionset", proxyClient, progress.getResourceModel(), progress.getCallbackContext())
.translateToServiceRequest(Translator::translateToUpdateRequest)
.makeServiceCall((updateRequest, client) -> {
UpdatePermissionSetResponse response = proxy.injectCredentialsAndInvokeV2(updateRequest, client.client()::updatePermissionSet);
//Reset attempts for next action
callbackContext.resetRetryAttempts(RETRY_ATTEMPTS);
return response;
})
.handleError((describePermissionSetRequest, exception, client, resourceModel, context) -> {
if (exception instanceof ResourceNotFoundException) {
return ProgressEvent.defaultFailureHandler(exception, HandlerErrorCode.NotFound);
} else if (exception instanceof ThrottlingException || exception instanceof InternalServerException || exception instanceof ConflictException) {
if (context.getRetryAttempts() == RETRY_ATTEMPTS_ZERO) {
return ProgressEvent.defaultFailureHandler(exception, mapExceptionToHandlerCode(exception));
}
context.decrementRetryAttempts();
return ProgressEvent.defaultInProgressHandler(callbackContext, 5, model);
}
return ProgressEvent.defaultFailureHandler(exception, HandlerErrorCode.GeneralServiceException);
})
.progress())
.then(progress -> {
if (!callbackContext.isTagUpdated()) {
try {
updateTags(model, proxy, proxyClient);
} catch (ThrottlingException | InternalServerException | ConflictException e) {
if (callbackContext.getRetryAttempts() == RETRY_ATTEMPTS_ZERO) {
return ProgressEvent.defaultFailureHandler(e, mapExceptionToHandlerCode(e));
}
callbackContext.decrementRetryAttempts();
return ProgressEvent.defaultInProgressHandler(callbackContext, 5, model);
}
//Reset attempts for next action
callbackContext.resetRetryAttempts(RETRY_ATTEMPTS);
callbackContext.setTagUpdated(true);
}
logger.log(String.format("%s tags have been successfully updated.", ResourceModel.TYPE_NAME));
return progress;
})
.then(progress -> {
if (!callbackContext.isManagedPolicyUpdated()) {
//Update related policies
try {
managedPolicyAttachmentProxy.updateManagedPolicyAttachment(model.getInstanceArn(),
model.getPermissionSetArn(),
model.getManagedPolicies());
} catch (ThrottlingException | InternalServerException | ConflictException e) {
if (callbackContext.getRetryAttempts() == RETRY_ATTEMPTS_ZERO) {
return ProgressEvent.defaultFailureHandler(e, mapExceptionToHandlerCode(e));
}
callbackContext.decrementRetryAttempts();
return ProgressEvent.defaultInProgressHandler(callbackContext, 5, model);
} catch (ValidationException e2) {
return ProgressEvent.defaultFailureHandler(e2, HandlerErrorCode.InvalidRequest);
}
//Reset attempts for next action
callbackContext.resetRetryAttempts(RETRY_ATTEMPTS);
callbackContext.setManagedPolicyUpdated(true);
}
logger.log(String.format("%s managed policies have been successfully updated.", ResourceModel.TYPE_NAME));
return progress;
})
.then(progress -> {
if (!callbackContext.isInlinePolicyUpdated()) {
try {
String inlinePolicy = processInlinePolicy(model.getInlinePolicy());
if (inlinePolicy != null && !inlinePolicy.isEmpty()) {
inlinePolicyProxy.putInlinePolicyToPermissionSet(model.getInstanceArn(), model.getPermissionSetArn(),inlinePolicy);
} else {
inlinePolicyProxy.deleteInlinePolicyFromPermissionSet(model.getInstanceArn(), model.getPermissionSetArn());
}
} catch (ThrottlingException | InternalServerException | ConflictException e) {
if (callbackContext.getRetryAttempts() == RETRY_ATTEMPTS_ZERO) {
return ProgressEvent.defaultFailureHandler(e, mapExceptionToHandlerCode(e));
}
callbackContext.decrementRetryAttempts();
return ProgressEvent.defaultInProgressHandler(callbackContext, 5, model);
} catch (ValidationException e2) {
return ProgressEvent.defaultFailureHandler(e2, HandlerErrorCode.InvalidRequest);
}
//Reset attempts for next action
callbackContext.resetRetryAttempts(RETRY_ATTEMPTS);
callbackContext.setInlinePolicyUpdated(true);
}
logger.log(String.format("%s inline policy has successfully been updated.", ResourceModel.TYPE_NAME));
return progress;
})
.then(progress -> proxy.initiate("sso::provision-permissionset", proxyClient, progress.getResourceModel(), progress.getCallbackContext())
.translateToServiceRequest(Translator::translateToProvsionPermissionSetRequest)
.makeServiceCall((provisionRequest, client) -> proxy.injectCredentialsAndInvokeV2(provisionRequest, proxyClient.client()::provisionPermissionSet))
.stabilize((provisionRequest, provisionResult, client, progressModel, context) -> {
logger.log("Stabilizing the provision status.");
String statusTrackId = provisionResult.permissionSetProvisioningStatus().requestId();
DescribePermissionSetProvisioningStatusRequest statusRequest = DescribePermissionSetProvisioningStatusRequest.builder()
.provisionPermissionSetRequestId(statusTrackId)
.instanceArn(progressModel.getInstanceArn())
.build();
DescribePermissionSetProvisioningStatusResponse statusResult
= proxy.injectCredentialsAndInvokeV2(statusRequest, client.client()::describePermissionSetProvisioningStatus);
if (statusResult.permissionSetProvisioningStatus().status().equals(StatusValues.SUCCEEDED)) {
logger.log(String.format("%s [%s] has been stabilized.", ResourceModel.TYPE_NAME, model.getPrimaryIdentifier()));
//Reset the retry attempts for read handler
callbackContext.resetRetryAttempts(RETRY_ATTEMPTS);
return true;
} else if (statusResult.permissionSetProvisioningStatus().status().equals(StatusValues.FAILED)) {
String failedReason = statusResult.permissionSetProvisioningStatus().failureReason();
throw new CfnGeneralServiceException(String.format(FAILED_WORKFLOW_REQUEST, statusTrackId, failedReason));
}
return false;
})
.handleError((awsRequest, exception, client, resourceModel, context) -> {
if (exception instanceof ConflictException || exception instanceof ThrottlingException) {
return ProgressEvent.defaultInProgressHandler(callbackContext, 300, model);
} else if (exception instanceof ResourceNotFoundException) {
return ProgressEvent.defaultFailureHandler(exception, HandlerErrorCode.InternalFailure);
} else if (exception instanceof InternalServerException) {
if (context.getRetryAttempts() == RETRY_ATTEMPTS_ZERO) {
return ProgressEvent.defaultFailureHandler(exception, mapExceptionToHandlerCode(exception));
}
context.decrementRetryAttempts();
return ProgressEvent.defaultInProgressHandler(callbackContext, 5, model);
}
return ProgressEvent.defaultFailureHandler(exception, HandlerErrorCode.GeneralServiceException);
})
.progress()
)
.then(progress -> new ReadHandler().handleRequest(proxy, request, callbackContext, proxyClient, logger));
}