Implement read operation for AWS::SSM::Parameter & update resource spec (#11962)

cloutierMat · web-flow · commit be61d50d827e · 2024-11-29T10:16:55.000+01:00
diff --git a/localstack-core/localstack/services/cloudformation/engine/quirks.py b/localstack-core/localstack/services/cloudformation/engine/quirks.py
@@ -28,7 +28,6 @@
     "AWS::Events::EventBus": "/properties/Name",
     "AWS::Logs::LogStream": "/properties/LogStreamName",
     "AWS::Logs::SubscriptionFilter": "/properties/LogGroupName",
-    "AWS::SSM::Parameter": "/properties/Name",
     "AWS::RDS::DBProxyTargetGroup": "/properties/TargetGroupName",
     "AWS::Glue::SchemaVersionMetadata": "</properties/SchemaVersionId>|</properties/Key>|</properties/Value>",  # composite
     "AWS::WAFv2::WebACL": "</properties/Name>|</properties/Id>|</properties/Scope>",
diff --git a/localstack-core/localstack/services/cloudformation/provider_utils.py b/localstack-core/localstack/services/cloudformation/provider_utils.py
@@ -227,7 +227,7 @@ def recursive_convert(obj):
 
 
 #  LocalStack specific utilities
-def get_schema_path(file_path: Path) -> Path:
+def get_schema_path(file_path: Path) -> dict:
     file_name_base = file_path.name.removesuffix(".py").removesuffix(".py.enc")
     with Path(file_path).parent.joinpath(f"{file_name_base}.schema.json").open() as fd:
         return json.load(fd)
diff --git a/localstack-core/localstack/services/ssm/resource_providers/aws_ssm_parameter.py b/localstack-core/localstack/services/ssm/resource_providers/aws_ssm_parameter.py
@@ -19,7 +19,6 @@ class SSMParameterProperties(TypedDict):
     AllowedPattern: Optional[str]
     DataType: Optional[str]
     Description: Optional[str]
-    Id: Optional[str]
     Name: Optional[str]
     Policies: Optional[str]
     Tags: Optional[dict]
@@ -41,19 +40,21 @@ def create(
         Create a new resource.
 
         Primary identifier fields:
-          - /properties/Id
+          - /properties/Name
 
         Required properties:
-          - Type
           - Value
+          - Type
 
         Create-only properties:
           - /properties/Name
 
-        Read-only properties:
-          - /properties/Id
 
 
+        IAM permissions required:
+          - ssm:PutParameter
+          - ssm:AddTagsToResource
+          - ssm:GetParameters
 
         """
         model = request.desired_state
@@ -87,11 +88,7 @@ def create(
 
         ssm.put_parameter(**params)
 
-        return ProgressEvent(
-            status=OperationStatus.SUCCESS,
-            resource_model=model,
-            custom_context=request.custom_context,
-        )
+        return self.read(request)
 
     def read(
         self,
@@ -100,9 +97,27 @@ def read(
         """
         Fetch resource information
 
-
+        IAM permissions required:
+          - ssm:GetParameters
         """
-        raise NotImplementedError
+        ssm = request.aws_client_factory.ssm
+        parameter_name = request.desired_state.get("Name")
+        try:
+            resource = ssm.get_parameter(Name=parameter_name, WithDecryption=False)
+        except ssm.exceptions.ParameterNotFound:
+            return ProgressEvent(
+                status=OperationStatus.FAILED,
+                message=f"Resource of type '{self.TYPE}' with identifier '{parameter_name}' was not found.",
+                error_code="NotFound",
+            )
+
+        parameter = util.select_attributes(resource["Parameter"], params=self.SCHEMA["properties"])
+
+        return ProgressEvent(
+            status=OperationStatus.SUCCESS,
+            resource_model=parameter,
+            custom_context=request.custom_context,
+        )
 
     def delete(
         self,
@@ -111,7 +126,8 @@ def delete(
         """
         Delete a resource
 
-
+        IAM permissions required:
+          - ssm:DeleteParameter
         """
         model = request.desired_state
         ssm = request.aws_client_factory.ssm
@@ -131,7 +147,11 @@ def update(
         """
         Update a resource
 
-
+        IAM permissions required:
+          - ssm:PutParameter
+          - ssm:AddTagsToResource
+          - ssm:RemoveTagsFromResource
+          - ssm:GetParameters
         """
         model = request.desired_state
         ssm = request.aws_client_factory.ssm
@@ -203,6 +223,7 @@ def list(
         return ProgressEvent(
             status=OperationStatus.SUCCESS,
             resource_models=[
-                SSMParameterProperties(Id=resource["Name"]) for resource in resources["Parameters"]
+                SSMParameterProperties(Name=resource["Name"])
+                for resource in resources["Parameters"]
             ],
         )
diff --git a/localstack-core/localstack/services/ssm/resource_providers/aws_ssm_parameter.schema.json b/localstack-core/localstack/services/ssm/resource_providers/aws_ssm_parameter.schema.json
@@ -4,47 +4,118 @@
   "additionalProperties": false,
   "properties": {
     "Type": {
-      "type": "string"
+      "type": "string",
+      "description": "The type of the parameter.",
+      "enum": [
+        "String",
+        "StringList",
+        "SecureString"
+      ]
+    },
+    "Value": {
+      "type": "string",
+      "description": "The value associated with the parameter."
     },
     "Description": {
-      "type": "string"
+      "type": "string",
+      "description": "The information about the parameter."
     },
     "Policies": {
-      "type": "string"
+      "type": "string",
+      "description": "The policies attached to the parameter."
     },
     "AllowedPattern": {
-      "type": "string"
+      "type": "string",
+      "description": "The regular expression used to validate the parameter value."
     },
     "Tier": {
-      "type": "string"
+      "type": "string",
+      "description": "The corresponding tier of the parameter.",
+      "enum": [
+        "Standard",
+        "Advanced",
+        "Intelligent-Tiering"
+      ]
     },
-    "Value": {
-      "type": "string"
+    "Tags": {
+      "type": "object",
+      "description": "A key-value pair to associate with a resource.",
+      "patternProperties": {
+        "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$": {
+          "type": "string"
+        }
+      },
+      "additionalProperties": false
     },
     "DataType": {
-      "type": "string"
-    },
-    "Id": {
-      "type": "string"
-    },
-    "Tags": {
-      "type": "object"
+      "type": "string",
+      "description": "The corresponding DataType of the parameter.",
+      "enum": [
+        "text",
+        "aws:ec2:image"
+      ]
     },
     "Name": {
-      "type": "string"
+      "type": "string",
+      "description": "The name of the parameter."
     }
   },
   "required": [
-    "Type",
-    "Value"
+    "Value",
+    "Type"
   ],
+  "tagging": {
+    "taggable": true,
+    "tagOnCreate": true,
+    "tagUpdatable": true,
+    "cloudFormationSystemTags": true,
+    "tagProperty": "/properties/Tags"
+  },
   "createOnlyProperties": [
     "/properties/Name"
   ],
   "primaryIdentifier": [
-    "/properties/Id"
+    "/properties/Name"
+  ],
+  "writeOnlyProperties": [
+    "/properties/Tags",
+    "/properties/Description",
+    "/properties/Tier",
+    "/properties/AllowedPattern",
+    "/properties/Policies"
   ],
-  "readOnlyProperties": [
-    "/properties/Id"
-  ]
+  "handlers": {
+    "create": {
+      "permissions": [
+        "ssm:PutParameter",
+        "ssm:AddTagsToResource",
+        "ssm:GetParameters"
+      ],
+      "timeoutInMinutes": 5
+    },
+    "read": {
+      "permissions": [
+        "ssm:GetParameters"
+      ]
+    },
+    "update": {
+      "permissions": [
+        "ssm:PutParameter",
+        "ssm:AddTagsToResource",
+        "ssm:RemoveTagsFromResource",
+        "ssm:GetParameters"
+      ],
+      "timeoutInMinutes": 5
+    },
+    "delete": {
+      "permissions": [
+        "ssm:DeleteParameter"
+      ]
+    },
+    "list": {
+      "permissions": [
+        "ssm:DescribeParameters"
+      ]
+    }
+  }
 }
diff --git a/localstack-core/localstack/utils/aws/client_types.py b/localstack-core/localstack/utils/aws/client_types.py
@@ -264,6 +264,7 @@ class ServicePrincipal(str):
     """
 
     apigateway = "apigateway"
+    cloudformation = "cloudformation"
     dms = "dms"
     events = "events"
     firehose = "firehose"
