ssmbak.restore package

Submodules

ssmbak.restore.actions module

Preview and restore AWS SSM params backed-up by the event-driven Lambda function.

Restores tracked SSM Parameters to their state at a given time. Preview is just a dry run without actual restore. Latest is always relative to the point in time (checktime). Works for just one key or a path with a bunch. You can choose whether to operate on the path recursively (default False).

Typical usage example (note trailing slash for path/):

from ssmbak.restore.actions import ParamPath

from datetime import datetime, timezone

point_in_time = datetime(2023, 8, 3, 21, 9, 31, tzinfo=timezone.utc)

path = ParamPath(“/some/ssm/path/”, point_in_time, “us-west-2”, mys3bucket, recurse=True)

previews = path.preview()

path.restore() # == previews

class ssmbak.restore.actions.ParamPath(name: str, checktime: datetime, region: str, bucketname: str, recurse=False)

Bases: Resource

An s3/ssm key or a path to restore to a point in time.

SSM Parms will be restored to their values at checktime. If params were deleted at that time, they will be deleted upon ParamPath.restore(). The lambda will back up any ssm change to exactly the same key in the configured s3 bucket. Multiple keys not in the same path will have to instantiate a ParamPath object for each one.

Attributes:

param name:

A string of the ssm/s3 key or path

param checktime:

the point in time for which to retrieve relative latest version

param recurse:

A boolean to operate on all paths/keys under name/

param versions:

A cache used for preview/restore, starts empty

param tracked_keys:

Set of s3 keys with any backup history under name

get_latest_version(name: str) → Version | None

Gets the concise latest version of a particular s3/ssm key.

Returns from the self.versions cache if it includes the key, populates it otherwise.

Args:

name: the s3/ssm key

Returns:

A dict with concise information about the key. {

“Description”: “fancy description”, “Deleted”: True, “Modified”: datetime.datetime(

2022, 8, 3, 21, 9, 31, tzinfo=datetime.timezone.utc

), “Name”: “/testyssmbak/5M9UOV”, “Type”: “SecureString”, “Value”: “318Z27”,

}

get_names() → list[str]

Get the names of the latest versions.

Seeds the version cache self.versions along the way.

Returns:

A list of version names only, e.g.

[“/some/key”, “/some/other/key”]

get_versions() → dict[str, Version]

Grabs the verbose versions most recent relative to checktime.

Keyed by s3/ssm key name.

Returns: Returns the self.versions cache if it’s not empty, populates it otherwise. Contains more infomration that ends up in preview.

{

“/testyssmbak/XHG0Y1”: {

“Body”: “4PPS8T”, “ETag”: ‘“3149f5a99287b0e05fe34446b4fbe054”’, “IsLatest”: False, “Key”: “/testyssmbak/XHG0Y1”, “LastModified”: datetime.datetime(

2024, 6, 8, 21, 45, 22, tzinfo=tzutc()

), “Owner”: {

“DisplayName”: “webfile”, “ID”: “029ejf2ienc09”,

}, “Size”: 6, “StorageClass”: “STANDARD”, “VersionId”: “OMY7u3ey3H6ACQEbne96zQ”, “tagset”: {

“ssmbakDescription”: “fancy “ “description”, “ssmbakTime”: “1659560971”, “ssmbakType”: “SecureString”,

},

}

}

preview() → list[Preview]

Shows what would be restored.

Only returns parameters that differ from current SSM state.

Returns:

A list of dicts, one for each ssm/s3 key, with concise information about the latest versions to be restored relative to checktime.

[

{

“Description”: “fancy description”, “Modified”: datetime.datetime(

2022, 8, 3, 21, 9, 31, tzinfo=datetime.timezone.utc

), “Name”: “/testyssmbak/08D2SR”, “Type”: “SecureString”, “Value”: “C2FMGS”,

}

]

preview_key(name: str) → Preview

Shows what would be restored for the single s3/ssm key.

Args:

name: the s3/ssm key

Returns:

A dict with concise information about the key. {

“Description”: “fancy description”, “Deleted”: True, “Modified”: datetime.datetime(

2022, 8, 3, 21, 9, 31, tzinfo=datetime.timezone.utc

), “Name”: “/testyssmbak/5M9UOV”, “Type”: “SecureString”, “Value”: “318Z27”,

}

restore() → list[Preview]

Restore parameters to their state at time,

It uses self.preview’s returned values to actually perform the restore. Deleted params are handled efficiently in batches.

Returns:

A list of dicts, one for each ssm/s3 key, with concise information about the latest versions to be restored relative to checktime.

[

{

“Description”: “fancy description”, “Modified”: datetime.datetime(

2022, 8, 3, 21, 9, 31, tzinfo=datetime.timezone.utc

), “Name”: “/testyssmbak/08D2SR”, “Type”: “SecureString”, “Value”: “C2FMGS”,

}, {

“Description”: “fancy description”, “Modified”: datetime.datetime(

2022, 8, 3, 21, 9, 31, tzinfo=datetime.timezone.utc

), “Name”: “/testyssmbak/19F3TS”, “Type”: “SecureString”, “Value”: “D3GNFT”,

},

]

ssmbak.restore.aws module

Handles interactions with AWS APIs.

Not to be handled directly.

class ssmbak.restore.aws.Resource(region, bucketname)

Bases: object

Parent to actions.Path.

Interface between what’s in SSM now and corresponding s3 backups from the Lambda function. The region for SSM params and bucket access need to be the same.

Attributes:

region: The AWS region for params and bucket access. bucketname: The same bucket that the lambda writes to. _CALLS: class attribute strictly for testing efficiency of AWS calls

classmethod clear_call_cache() → None

Reset call counts between tests.

classmethod get_calls() → dict[str, int]

Access call counts from tests.

property s3: S3Client

boto3 s3 client. There should only be one.

property s3res: S3ServiceResource

boto3 s3 resource for backup contents. There should only be one.

property ssm: SSMClient

boto3 ssm client. There should only be one.

Module contents