使用 boto 的 AWS DB 安全组(捕获异常)
AWS DB security groups using boto (catching exceptions)
我正在使用 boto 创建数据库安全组。我想要这样的东西:
- 如果数据库安全组存在,检查给定的规则,如果没有,用规则授权组
- 如果该组不存在,请创建它,并使用给定规则授权该组
到目前为止,这是我的代码:
import boto.rds
conn = boto.rds.connect_to_region("{{region}}", aws_access_key_id = '{{ keyid }}', aws_secret_access_key = '{{ key }}')
group = conn.get_all_dbsecurity_groups('{{name}}')
if group:
group[0].authorize({{ connection_type }} = '{{ details }}')
else:
sg = conn.create_dbsecurity_group('{{ name }}', '{{ description }}')
sg.authorize({{ connection_type }} = '{{ details }}')
我收到以下错误:
未找到 DBSecurityGroup
Traceback (most recent call last):
File "/usr/local/src/dbgroups.py", line 18, in <module>
group = conn.get_all_dbsecurity_groups('kdkdkdk')
File "/usr/local/lib/python2.7/site-packages/boto/rds/__init__.py", line 923, in get_all_dbsecurity_groups
[('DBSecurityGroup', DBSecurityGroup)])
File "/usr/local/lib/python2.7/site-packages/boto/connection.py", line 1186, in get_list
raise self.ResponseError(response.status, response.reason, body)
boto.exception.BotoServerError: BotoServerError: 404 Not Found
<ErrorResponse xmlns="http://rds.amazonaws.com/doc/2013-05-15/">
<Error>
<Type>Sender</Type>
<Code>DBSecurityGroupNotFound</Code>
<Message>DBSecurityGroup dbgrouptesting not found.</Message>
</Error>
<RequestId>3b9af082-fe3c-11e4-bd53-e9bc444dcde5</RequestId>
</ErrorResponse>
授权已经存在
Traceback (most recent call last):
File "/usr/local/src/dbgroups.py", line 24, in <module>
group[0].authorize(cidr_ip = '0.0.0.0/0')
File "/usr/local/lib/python2.7/site-packages/boto/rds/dbsecuritygroup.py", line 109, in authorize
group_owner_id)
File "/usr/local/lib/python2.7/site-packages/boto/rds/__init__.py", line 995, in authorize_dbsecurity_group
DBSecurityGroup)
File "/usr/local/lib/python2.7/site-packages/boto/connection.py", line 1208, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.BotoServerError: BotoServerError: 400 Bad Request
<ErrorResponse xmlns="http://rds.amazonaws.com/doc/2013-05-15/">
<Error>
<Type>Sender</Type>
<Code>AuthorizationAlreadyExists</Code>
<Message>Authorization already exists: 0.0.0.0/0</Message>
</Error>
<RequestId>5fc68ac7-fe3b-11e4-b082-0b206bb7b937</RequestId>
</ErrorResponse>
而不是 return 零或空响应,看起来 boto 函数在请求的安全组不存在时抛出 DBSecurityGroupNotFound 异常。因此,将您的代码更改为使用 try/except 而不是 'if group'.
像这样:
try:
group = conn.get_all_dbsecurity_groups('{{name}}')
group[0].authorize({{connection_type}} = '{{details}}')
except boto.exception.BotoServerError as e:
if (e.status == 400 && e.error_code == 'DBSecurityGroupNotFound'):
sg = conn.create_dbsecurity_group('{{name}}', '{{description}}')
sg.authorize({{connection_type}} = '{{details}}')
else:
raise;
您还需要处理来自 'authorize' 调用的潜在错误。
或者,预先获取 所有 个安全组的列表,然后在该列表中找到所需的安全组并相应地进行。
我正在使用 boto 创建数据库安全组。我想要这样的东西:
- 如果数据库安全组存在,检查给定的规则,如果没有,用规则授权组
- 如果该组不存在,请创建它,并使用给定规则授权该组
到目前为止,这是我的代码:
import boto.rds
conn = boto.rds.connect_to_region("{{region}}", aws_access_key_id = '{{ keyid }}', aws_secret_access_key = '{{ key }}')
group = conn.get_all_dbsecurity_groups('{{name}}')
if group:
group[0].authorize({{ connection_type }} = '{{ details }}')
else:
sg = conn.create_dbsecurity_group('{{ name }}', '{{ description }}')
sg.authorize({{ connection_type }} = '{{ details }}')
我收到以下错误:
未找到 DBSecurityGroup
Traceback (most recent call last):
File "/usr/local/src/dbgroups.py", line 18, in <module>
group = conn.get_all_dbsecurity_groups('kdkdkdk')
File "/usr/local/lib/python2.7/site-packages/boto/rds/__init__.py", line 923, in get_all_dbsecurity_groups
[('DBSecurityGroup', DBSecurityGroup)])
File "/usr/local/lib/python2.7/site-packages/boto/connection.py", line 1186, in get_list
raise self.ResponseError(response.status, response.reason, body)
boto.exception.BotoServerError: BotoServerError: 404 Not Found
<ErrorResponse xmlns="http://rds.amazonaws.com/doc/2013-05-15/">
<Error>
<Type>Sender</Type>
<Code>DBSecurityGroupNotFound</Code>
<Message>DBSecurityGroup dbgrouptesting not found.</Message>
</Error>
<RequestId>3b9af082-fe3c-11e4-bd53-e9bc444dcde5</RequestId>
</ErrorResponse>
授权已经存在
Traceback (most recent call last):
File "/usr/local/src/dbgroups.py", line 24, in <module>
group[0].authorize(cidr_ip = '0.0.0.0/0')
File "/usr/local/lib/python2.7/site-packages/boto/rds/dbsecuritygroup.py", line 109, in authorize
group_owner_id)
File "/usr/local/lib/python2.7/site-packages/boto/rds/__init__.py", line 995, in authorize_dbsecurity_group
DBSecurityGroup)
File "/usr/local/lib/python2.7/site-packages/boto/connection.py", line 1208, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.BotoServerError: BotoServerError: 400 Bad Request
<ErrorResponse xmlns="http://rds.amazonaws.com/doc/2013-05-15/">
<Error>
<Type>Sender</Type>
<Code>AuthorizationAlreadyExists</Code>
<Message>Authorization already exists: 0.0.0.0/0</Message>
</Error>
<RequestId>5fc68ac7-fe3b-11e4-b082-0b206bb7b937</RequestId>
</ErrorResponse>
而不是 return 零或空响应,看起来 boto 函数在请求的安全组不存在时抛出 DBSecurityGroupNotFound 异常。因此,将您的代码更改为使用 try/except 而不是 'if group'.
像这样:
try:
group = conn.get_all_dbsecurity_groups('{{name}}')
group[0].authorize({{connection_type}} = '{{details}}')
except boto.exception.BotoServerError as e:
if (e.status == 400 && e.error_code == 'DBSecurityGroupNotFound'):
sg = conn.create_dbsecurity_group('{{name}}', '{{description}}')
sg.authorize({{connection_type}} = '{{details}}')
else:
raise;
您还需要处理来自 'authorize' 调用的潜在错误。
或者,预先获取 所有 个安全组的列表,然后在该列表中找到所需的安全组并相应地进行。