我正在使用 boto 创建数据库安全组。我想要这样的东西:
- 如果数据库安全组存在,检查给定规则,如果不存在,则使用规则授权组
- 如果该组不存在,则创建它,并使用给定的规则授权该组
到目前为止,这是我的代码:
import boto.rds
conn = boto.rds.connect_to_region("{{region}}", aws_access_key_id = '{{ keyid }}', aws_secret_access_key = '{{ key }}')
group = conn.get_all_dbsecurity_groups('{{name}}')
if group:
group[0].authorize({{ connection_type }} = '{{ details }}')
else:
sg = conn.create_dbsecurity_group('{{ name }}', '{{ description }}')
sg.authorize({{ connection_type }} = '{{ details }}')
我遇到了这个错误:
未找到 DBSecurityGroup
Traceback (most recent call last):
File "/usr/local/src/dbgroups.py", line 18, in <module>
group = conn.get_all_dbsecurity_groups('kdkdkdk')
File "/usr/local/lib/python2.7/site-packages/boto/rds/__init__.py", line 923, in get_all_dbsecurity_groups
[('DBSecurityGroup', DBSecurityGroup)])
File "/usr/local/lib/python2.7/site-packages/boto/connection.py", line 1186, in get_list
raise self.ResponseError(response.status, response.reason, body)
boto.exception.BotoServerError: BotoServerError: 404 Not Found
<ErrorResponse xmlns="http://rds.amazonaws.com/doc/2013-05-15/">
<Error>
<Type>Sender</Type>
<Code>DBSecurityGroupNotFound</Code>
<Message>DBSecurityGroup dbgrouptesting not found.</Message>
</Error>
<RequestId>3b9af082-fe3c-11e4-bd53-e9bc444dcde5</RequestId>
</ErrorResponse>
授权已经存在
Traceback (most recent call last):
File "/usr/local/src/dbgroups.py", line 24, in <module>
group[0].authorize(cidr_ip = '0.0.0.0/0')
File "/usr/local/lib/python2.7/site-packages/boto/rds/dbsecuritygroup.py", line 109, in authorize
group_owner_id)
File "/usr/local/lib/python2.7/site-packages/boto/rds/__init__.py", line 995, in authorize_dbsecurity_group
DBSecurityGroup)
File "/usr/local/lib/python2.7/site-packages/boto/connection.py", line 1208, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.BotoServerError: BotoServerError: 400 Bad Request
<ErrorResponse xmlns="http://rds.amazonaws.com/doc/2013-05-15/">
<Error>
<Type>Sender</Type>
<Code>AuthorizationAlreadyExists</Code>
<Message>Authorization already exists: 0.0.0.0/0</Message>
</Error>
<RequestId>5fc68ac7-fe3b-11e4-b082-0b206bb7b937</RequestId>
</ErrorResponse>
最佳答案
当请求的安全组不存在时,boto 函数看起来不像是返回 nil 或空响应,而是抛出 DBSecurityGroupNotFound 异常。因此,请更改您的代码以使用 try/except 而不是“if group”。
像这样:
try:
group = conn.get_all_dbsecurity_groups('{{name}}')
group[0].authorize({{connection_type}} = '{{details}}')
except boto.exception.BotoServerError as e:
if (e.status == 400 && e.error_code == 'DBSecurityGroupNotFound'):
sg = conn.create_dbsecurity_group('{{name}}', '{{description}}')
sg.authorize({{connection_type}} = '{{details}}')
else:
raise;
您还需要处理来自“授权”调用的潜在错误。
或者,预先获取所有安全组的列表,然后在该列表中找到所需的安全组并相应地进行。
关于python - 使用 boto 的 AWS DB 安全组(捕获异常),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30328171/