package software.amazon.s3outposts.accesspoint; import software.amazon.awssdk.services.s3control.S3ControlClient; import software.amazon.awssdk.services.s3control.model.S3ControlException; import software.amazon.awssdk.utils.StringUtils; import software.amazon.cloudformation.proxy.*; public class ReadHandler extends BaseHandlerStd { private Logger logger; protected ProgressEvent handleRequest( final AmazonWebServicesClientProxy proxy, final ResourceHandlerRequest request, final CallbackContext callbackContext, final ProxyClient proxyClient, final Logger logger) { this.logger = logger; final ResourceModel model = request.getDesiredResourceState(); // Expecting customer to only provide Arn if (model == null || StringUtils.isEmpty(model.getArn())) { return ProgressEvent.failed(model, callbackContext, HandlerErrorCode.InvalidRequest, ACCESSPOINT_ARN_REQD); } logger.log(String.format("%s::ReadHandler called for arn: %s \n", ResourceModel.TYPE_NAME, model.getArn())); return (ProgressEvent.progress(model, callbackContext)) .then(progress -> getAccessPoint(proxy, proxyClient, request, progress.getResourceModel(), progress.getCallbackContext(), logger)) .then(progress -> getAccessPointPolicy(proxy, proxyClient, request, progress.getResourceModel(), progress.getCallbackContext(), logger)) .then(progress -> ProgressEvent.defaultSuccessHandler(progress.getResourceModel())); } /** * Calls the API getAccessPointPolicy * Ref: https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/s3control/S3ControlClient.html#getAccessPointPolicy-software.amazon.awssdk.services.s3control.model.GetAccessPointPolicyRequest- * * @param proxy * @param proxyClient * @param request * @param model * @param callbackContext * @param logger * @return */ private ProgressEvent getAccessPointPolicy( AmazonWebServicesClientProxy proxy, ProxyClient proxyClient, ResourceHandlerRequest request, ResourceModel model, CallbackContext callbackContext, Logger logger) { logger.log(String.format("%s::Read::GetAccessPointPolicy - arn: %s \n", ResourceModel.TYPE_NAME, model.getArn())); return proxy.initiate("AWS-S3Outposts-AccessPoint::Read::GetAccessPointPolicy", proxyClient, model, callbackContext) // Form GetAccessPointPolicyRequest .translateToServiceRequest(resourceModel -> Translator.translateToGetAPPolicyRequest(resourceModel, request.getAwsAccountId())) // Issue call getAccessPoint .makeServiceCall((getAPPolicyRequest, s3ControlProxyClient) -> { return s3ControlProxyClient.injectCredentialsAndInvokeV2(getAPPolicyRequest, s3ControlProxyClient.client()::getAccessPointPolicy); }) .handleError((getAPPolicyRequest, exception, client, resourceModel, cbContext) -> { // It is ok to not have an AccessPointPolicy for a CFN AccessPoint resource. We do not have to fail the CFN AccessPoint::Read operation for this. if (exception instanceof S3ControlException && StringUtils.equals(((S3ControlException) exception).awsErrorDetails().errorCode(), NO_SUCH_ACCESSPOINT_POLICY)) { logger.log(String.format("NoSuchAccessPointPolicy, Message: %s \n", exception.getMessage())); return ProgressEvent.progress(resourceModel, cbContext); } else { logger.log(String.format("API getAccessPointPolicy failed with exception: %s", exception.getMessage())); return handleError(getAPPolicyRequest, exception, client, resourceModel, cbContext); } }) .done(getAPPolicyResponse -> { try { final ResourceModel getAPPolicyResponseModel = Translator.translateFromGetAPPolicyResponse(getAPPolicyResponse, model); return ProgressEvent.progress(getAPPolicyResponseModel, callbackContext); } catch (Exception exception) { logger.log("Failed to translate from GetAccessPointPolicyResponse"); return ProgressEvent.failed(model, callbackContext, HandlerErrorCode.GeneralServiceException, exception.getMessage()); } }); } }