def doStart(reqbody, context, env, version):
try:
verstr = "chaim-cli-{}".format(env) + " " + version
log.debug("{} doStart entered: {}".format(verstr, reqbody))
ep = EnvParam()
secretpath = ep.getParam("SECRETPATH")
pms = Permissions(secretpath, stagepath=env + "/")
cp = CommandParse(reqbody, roledict=pms.roleAliasDict())
emsg = ""
if cp.dolist:
log.debug("cli account list request")
kdict = {"accountlist": pms.accountList()}
else:
rdict = cp.requestDict()
msg = "incoming CLI request: user agent"
msg += " unknown!" if rdict["useragent"] is None else " {}".format(
rdict["useragent"])
log.info(msg)
if "role" in rdict:
if rdict["role"] is None:
raise DataNotFound("Role not recognised: {}".format(
rdict["rolealias"]))
log.debug("incoming cli request: {}".format(rdict))
kdict, rdict = chaim.buildCredentials(pms, rdict, noUrl=True)
if kdict is None:
emsg = "Failed to build credentials"
else:
chaim.incMetric("key.cli")
return [emsg, kdict]
except Exception as e:
emsg = "doStart: Error {}: {}".format(type(e).__name__, e)
log.error(emsg)
chaim.incMetric("key.cli.error")
return [emsg, None]
def doSnsReq(rbody, context, verstr, ep, env):
"""The chaim sns handler hands off to this after obtaining the wavefront key
:param rbody: the request body
:param context: the AWS lambda context
:param verstr: the full version string
:param ep: an EnvParam object
:param evn: the enviroment this is operating in
"""
secretpath = ep.getParam("SECRETPATH", True)
pms = Permissions(secretpath=secretpath, stagepath=env)
cp = CommandParse(rbody, roledict=pms.roleAliasDict())
if cp.docommand:
log.debug("incoming command request")
chaim.doCommand(cp, pms, verstr)
else:
rdict = cp.requestDict()
rdict["username"] = pms.userNameFromSlackIds(rdict["teamid"],
rdict["slackid"])
try:
log.debug("incoming sns request")
kdict, rdict = chaim.buildCredentials(pms, rdict)
if kdict is None:
raise (Exception("Failed to build credentials."))
cmsg = "\nCredentials OK. "
cmsg += "The ChatBot will send a url for account "
cmsg += "{} ".format(rdict["accountname"])
cmsg += "- {} ".format(kdict["accountid"])
cmsg += "with a role of {}\n".format(rdict["role"])
chaim.sendToSlack(rdict["responseurl"], cmsg)
umsg = "Account ID: {}".format(kdict["accountid"])
if rdict["stage"] == "dev":
umsg += "\nAccessKeyID: {}\n".format(kdict["accesskeyid"])
umsg += "SecretKeyID: {}\n".format(kdict["secretkey"])
umsg += "Session Token: {}\n".format(kdict["sessiontoken"])
umsg += "\nLink {}\n".format(rdict["expiresstr"].lower())
chaim.incMetric("key.sns")
res = chaim.sendSlackBot(
pms.slackapitoken, rdict["slackusername"], umsg, kdict["url"],
"{} {}".format(rdict["accountname"].upper(), rdict["role"]))
if res['ok'] is False:
emsg = "Sending login url to users private Slack Channel failed"
emsg += ": {}".format(res)
log.error(emsg)
chaim.sendToSlack(rdict["responseurl"], emsg)
raise (chaim.SlackSendFail(emsg))
except Exception as e:
emsg = "doSnsReq error: {}: {}".format(type(e).__name__, e)
log.error(emsg)
chaim.sendToSlack(rdict["responseurl"], emsg)
def test_readKeyInit():
b = chaim.begin(testbody + testextra, **context)
pms = Permissions(os.environ["SECRETPATH"], True)
cp = CommandParse(b, pms.roleAliasDict())
xs = chaim.readKeyInit(cp.requestDict(), pms)
assert xs[0:24] == "Chaim Credentials Expire"
def test_odd_role_request():
pms = Permissions(secretpath=secretpath, testdb=True, stagepath=stagepath)
roledict = pms.roleAliasDict()
cp = CommandParse(oddrolebody, roledict)
rd = cp.requestDict()
assert rd["role"] == "ChaimLeakDataScienceUser"
def test_swap_request():
cp = CommandParse(swappedbody)
rd = cp.requestDict()
assert rd["duration"] == 3600
def test_good_request():
cp = CommandParse(goodbody)
rd = cp.requestDict()
assert rd["duration"] == 3600