in aws-sso-permissionset/src/main/java/software/amazon/sso/permissionset/CreateHandler.java [26:122]
protected ProgressEvent<ResourceModel, CallbackContext> handleRequest(
final AmazonWebServicesClientProxy proxy,
final ResourceHandlerRequest<ResourceModel> request,
final CallbackContext callbackContext,
final ProxyClient<SsoAdminClient> proxyClient,
final Logger logger) {
this.logger = logger;
ManagedPolicyAttachmentProxy managedPolicyAttachmentProxy = new ManagedPolicyAttachmentProxy(proxy, proxyClient);
InlinePolicyProxy inlinePolicyProxy = new InlinePolicyProxy(proxy, proxyClient);
logger.log("Starting PermissionSet creation process.");
if (!callbackContext.isHandlerInvoked()) {
callbackContext.setHandlerInvoked(true);
callbackContext.setRetryAttempts(RETRY_ATTEMPTS);
}
return ProgressEvent.progress(request.getDesiredResourceState(), callbackContext)
.then(progress -> proxy.initiate("sso::create-permissionset", proxyClient, request.getDesiredResourceState(), callbackContext)
.translateToServiceRequest(Translator::translateToCreateRequest)
.makeServiceCall((createPermissionSetRequest, client) -> proxy.injectCredentialsAndInvokeV2(createPermissionSetRequest, client.client()::createPermissionSet))
.handleError((createPermissionSetRequest, exception, client, model, context) -> {
if (exception instanceof ConflictException) {
return ProgressEvent.defaultFailureHandler(exception, HandlerErrorCode.AlreadyExists);
} else if (exception instanceof ThrottlingException || exception instanceof InternalServerException) {
if (context.getRetryAttempts() == RETRY_ATTEMPTS_ZERO) {
return ProgressEvent.defaultFailureHandler(exception, mapExceptionToHandlerCode(exception));
}
context.decrementRetryAttempts();
return ProgressEvent.defaultInProgressHandler(callbackContext, getRetryTime(exception), model);
}
return ProgressEvent.defaultFailureHandler(exception, HandlerErrorCode.GeneralServiceException);
})
.done((createPermissionSetRequest, createPermissionSetResponse, proxyInvocation, model, context) -> {
if (!StringUtils.isNullOrEmpty(createPermissionSetResponse.permissionSet().permissionSetArn())) {
model.setPermissionSetArn(createPermissionSetResponse.permissionSet().permissionSetArn());
logger.log(String.format("%s successfully created.", ResourceModel.TYPE_NAME));
//Reset the retry attempts for next action
context.resetRetryAttempts(RETRY_ATTEMPTS);
return ProgressEvent.defaultInProgressHandler(context, 0, model);
} else {
throw new CfnInternalFailureException(InternalServerException.builder().message("There is an internal service error with permission set creation.").build());
}
})
)
.then(progress -> {
ResourceModel model = progress.getResourceModel();
if (!callbackContext.isManagedPolicyUpdated()) {
try {
managedPolicyAttachmentProxy.updateManagedPolicyAttachment(model.getInstanceArn(),
model.getPermissionSetArn(),
model.getManagedPolicies());
} catch (ThrottlingException | InternalServerException | ConflictException e) {
if (callbackContext.getRetryAttempts() == RETRY_ATTEMPTS_ZERO) {
return ProgressEvent.defaultFailureHandler(e, mapExceptionToHandlerCode(e));
}
callbackContext.decrementRetryAttempts();
return ProgressEvent.defaultInProgressHandler(callbackContext, getRetryTime(e), model);
} catch (ValidationException e2) {
return ProgressEvent.defaultFailureHandler(e2, HandlerErrorCode.InvalidRequest);
}
callbackContext.setManagedPolicyUpdated(true);
//Reset the retry attempts for next action
callbackContext.resetRetryAttempts(RETRY_ATTEMPTS);
}
logger.log("Managed policies attached successfully.");
return progress;
})
.then(progress -> {
ResourceModel model = progress.getResourceModel();
if (!callbackContext.isInlinePolicyUpdated()) {
String inlinePolicy = processInlinePolicy(model.getInlinePolicy());
if (inlinePolicy != null && !inlinePolicy.isEmpty()) {
try {
inlinePolicyProxy.putInlinePolicyToPermissionSet(model.getInstanceArn(), model.getPermissionSetArn(), inlinePolicy);
} catch (ThrottlingException | InternalServerException | ConflictException e) {
if (callbackContext.getRetryAttempts() == RETRY_ATTEMPTS_ZERO) {
return ProgressEvent.defaultFailureHandler(e, mapExceptionToHandlerCode(e));
}
callbackContext.decrementRetryAttempts();
return ProgressEvent.defaultInProgressHandler(callbackContext, getRetryTime(e), model);
} catch (ValidationException e2) {
return ProgressEvent.defaultFailureHandler(e2, HandlerErrorCode.InvalidRequest);
}
}
callbackContext.setInlinePolicyUpdated(true);
//Reset the retry attempts for read handler
callbackContext.resetRetryAttempts(RETRY_ATTEMPTS);
}
logger.log("Inline policy added successfully.");
return progress;
})
.then(progress -> new ReadHandler().handleRequest(proxy, request, callbackContext, proxyClient, logger));
}