def update(table_name, key, update_attribute, target_update_date=None):
date_now = common_utils.get_current_date()
update_attribute['UpdatedAt'] = {'Value': date_now}
update_expression = 'SET '
update_expression_attribute_values = {
':UpdatedAt': update_attribute['UpdatedAt']['Value']
}
first_row = True
for update_key in update_attribute.keys():
update_value_key = ":{}".format(update_key)
update_value = " {} = {}".format(update_key, update_value_key)
if (first_row):
update_expression += update_value
first_row = False
else:
update_expression += ", {}".format(update_value)
update_expression_attribute_values[
update_value_key] = update_attribute[update_key]['Value']
condition_expression = Attr('UpdatedAt').eq(target_update_date)
try:
table = resource_connect().Table(table_name.value)
if target_update_date:
table.update_item(
Key=key,
ExpressionAttributeValues=update_expression_attribute_values,
UpdateExpression=update_expression,
ConditionExpression=condition_expression)
else:
table.update_item(
Key=key,
ExpressionAttributeValues=update_expression_attribute_values,
UpdateExpression=update_expression)
except Exception as e:
raise e
class DataPmAssessmentItems():
TIME_TO_LIVE_DATE = date_utils.get_current_date() + timedelta(days=180)
TIME_TO_LIVE = Decimal(TIME_TO_LIVE_DATE.timestamp())
DATE_NOW = common_utils.get_current_date()
ORGANIZATION_ID = copy.deepcopy(
DataCommon.ORGANIZATION_ID_TEST.format(str(3)))
PROJECT_ID = copy.deepcopy(DataCommon.PROJECT_ID.format(str(3)))
USER_ID = copy.deepcopy(DataCommon.USER_ID_TEST.format(str(3)))
ACCOUNT_REFINE_CODE_TEMPLATE = "{0}_{1}_{2}"
AWS_ACCOUNT = copy.deepcopy(DataCommon.AWS_ACCOUNT)
CHECK_CIS12_ITEM_4_04 = "CHECK_CIS12_ITEM_4_04"
ACCOUNT_REFINE_CODE = ACCOUNT_REFINE_CODE_TEMPLATE.format(
ORGANIZATION_ID, PROJECT_ID, AWS_ACCOUNT)
ASSESSMENTITEM_ID_TEMPLATE = "{0}_{1}_{2}_{3}"
ASSESSMENT_ITEM_ID = ASSESSMENTITEM_ID_TEMPLATE.format(
ORGANIZATION_ID, PROJECT_ID, AWS_ACCOUNT, CHECK_CIS12_ITEM_4_04)
DATA_SIMPLE = {
"AccountRefineCode": ACCOUNT_REFINE_CODE,
"AssessmentComment": "20190416145500に確認しました",
"AssessmentItemID": ASSESSMENT_ITEM_ID,
"AWSAccount": AWS_ACCOUNT,
"CheckItemCode": CHECK_CIS12_ITEM_4_04,
"CreatedAt": DATE_NOW,
"MailAddress": "*****@*****.**",
"OrganizationID": ORGANIZATION_ID,
"ProjectID": PROJECT_ID,
'TimeToLive': TIME_TO_LIVE,
"UpdatedAt": DATE_NOW,
"UserID": USER_ID
}
def create(trace_id,
organization_id,
notify_code,
webhook_url,
mentions,
is_cw_logger=False):
if (is_cw_logger):
common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
if common_utils.is_null(mentions):
mentions = None
date_now = common_utils.get_current_date()
org_notify_slack = {
"OrganizationID": organization_id,
"NotifyCode": notify_code,
"WebhookURL": webhook_url,
"Mentions": mentions,
"CreatedAt": date_now,
"UpdatedAt": date_now
}
DB_utils.create(trace_id,
Tables.PM_ORG_NOTIFY_SLACK,
org_notify_slack,
is_cw_logger=is_cw_logger)
def create(trace_id, check_result_item_id, check_history_id, check_result_id,
check_item_code, organization_id, organization_name, project_id,
project_name, aws_account_coop_id, aws_account, sort_code,
check_result, result_json_path, result_csv_path, executed_date_time,
time_to_live, aws_account_name, assessment_flag, exclusion_flag):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
data_create = {
'CheckResultItemID': check_result_item_id,
'CheckHistoryID': check_history_id,
'CheckResultID': check_result_id,
'CheckItemCode': check_item_code,
'OrganizationID': organization_id,
'OrganizationName': organization_name,
'ProjectID': project_id,
'ProjectName': project_name,
'AWSAccountCoopID': aws_account_coop_id,
'AWSAccount': aws_account,
'SortCode': sort_code,
'CheckResult': check_result,
'ResultJsonPath': result_json_path,
'ResultCsvPath': result_csv_path,
'ExecutedDateTime': executed_date_time,
'TimeToLive': time_to_live,
'AssessmentFlag': assessment_flag,
'ExclusionFlag': exclusion_flag,
'CreatedAt': date_now,
'UpdatedAt': date_now,
"AWSAccountName": aws_account_name
}
condition_expression = Attr("CheckResultItemID").not_exists()
DB_utils.create(trace_id, Tables.PM_CHECK_RESULT_ITEMS, data_create,
condition_expression)
def create(user_id, exclusion_resource_id, organization_id, project_id,
aws_account, check_item_code, region_name, resource_type,
resource_name, exclusion_comment, email, account_refine_code,
check_item_refine_code, time_to_live):
common_utils.begin_logger(user_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
if len(exclusion_comment) == 0:
exclusion_comment = None
create_exclusion_resources = {
'ExclusionResourceID': exclusion_resource_id,
'OrganizationID': organization_id,
'ProjectID': project_id,
'AWSAccount': aws_account,
'CheckItemCode': check_item_code,
'RegionName': region_name,
'ResourceType': resource_type,
'ResourceName': resource_name,
'ExclusionComment': exclusion_comment,
'UserID': user_id,
'MailAddress': email,
'AccountRefineCode': account_refine_code,
'CheckItemRefineCode': check_item_refine_code,
'TimeToLive': time_to_live,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
DB_utils.create(user_id, Tables.PM_EXCLUSION_RESOURCES,
create_exclusion_resources)
def create_report(trace_id, report_id, report_name, generate_user,
aws_accounts, status, resource_info_path, json_output_path,
json_output_time, html_output_status, html_path,
html_output_time, excel_output_status, excel_path,
excel_output_time, schema_version, organization_id,
project_id):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
create_report = {
'ReportID': report_id,
'ReportName': report_name,
'GenerateUser': generate_user,
'AWSAccounts': aws_accounts,
'ReportStatus': status,
'ResourceInfoPath': resource_info_path,
'JsonOutputPath': json_output_path,
'JsonOutputTime': json_output_time,
'HTMLOutputStatus': html_output_status,
'HTMLPath': html_path,
'HTMLOutputTime': html_output_time,
'ExcelOutputStatus': excel_output_status,
'ExcelPath': excel_path,
'ExcelOutputTime': excel_output_time,
'SchemaVersion': schema_version,
'OrganizationID': organization_id,
'ProjectID': project_id,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("ReportID").not_exists()
DB_utils.create(trace_id, Tables.PM_REPORTS, create_report,
condition_expression)
class DataPmUserAttribute():
DATA_SIMPLE = {
"UserID": copy.deepcopy(DataCommon.USER_ID_TEST.format(str(0))),
"UserName": "******",
"CompanyName": "company_name",
"DepartmentName": "department_name",
"CompanyFlg": 1,
"CountryCode": "jp",
"MailStatus": 0,
"CallerServiceName": "insightwatch",
"CreatedAt": common_utils.get_current_date(),
"UpdatedAt": common_utils.get_current_date()
}
DATA_NOT_CONTAIN_USER_NAME = {
"UserID": copy.deepcopy(DataCommon.USER_ID_TEST.format(str(3))),
"CompanyName": "company_name",
"DepartmentName": "department_name",
"CompanyFlg": 1,
"CountryCode": "jp",
"MailStatus": 0,
"CallerServiceName": "insightwatch",
"CreatedAt": common_utils.get_current_date(),
"UpdatedAt": common_utils.get_current_date()
}
DATA_NOT_COMPANYFLG_AND_COUNTRYCODE = {
"UserID": DataCommon.USER_ID_TEST.format(str(0)),
"UserName": "******",
"CompanyName": "company_name",
"DepartmentName": "department_name",
"MailStatus": 0,
"CreatedAt": common_utils.get_current_date(),
"UpdatedAt": common_utils.get_current_date()
}
DATA_UPDATE_SIMPLE = {
"UserID": DataCommon.USER_ID_TEST.format(str(0)),
"UserName": "******",
"CompanyName": "company_name_update",
"DepartmentName": "department_name_update",
"CompanyFlg": 2,
"CountryCode": "JA",
"MailStatus": 2
}
DATA_NOT_CALLERSERVICENAME = {
"UserID": DataCommon.USER_ID_TEST.format(str(0)),
"UserName": "******",
"CompanyName": "company_name",
"DepartmentName": "department_name",
"CompanyFlg": 1,
"CountryCode": "jp",
"MailStatus": 0,
"CreatedAt": common_utils.get_current_date(),
"UpdatedAt": common_utils.get_current_date()
}
def update(trace_id,
table_name,
key,
update_attribute,
target_update_date=None,
is_cw_logger=False):
if (is_cw_logger):
logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
date_now = common_utils.get_current_date()
update_attribute['UpdatedAt'] = {'Value': date_now}
update_expression = 'SET '
update_expression_attribute_values = {
':UpdatedAt': update_attribute['UpdatedAt']['Value']
}
first_row = True
for update_key in update_attribute.keys():
update_value_key = ":{}".format(update_key)
update_value = " {} = {}".format(update_key, update_value_key)
if (first_row):
update_expression += update_value
first_row = False
else:
update_expression += ", {}".format(update_value)
update_expression_attribute_values[
update_value_key] = update_attribute[update_key]['Value']
condition_expression = Attr('UpdatedAt').eq(target_update_date)
try:
table = connect_dynamodb(table_name)
if target_update_date:
table.update_item(
Key=key,
ExpressionAttributeValues=update_expression_attribute_values,
UpdateExpression=update_expression,
ConditionExpression=condition_expression)
else:
table.update_item(
Key=key,
ExpressionAttributeValues=update_expression_attribute_values,
UpdateExpression=update_expression)
logger.info(table_name.value + "を正常に更新しました。")
except ClientError as e:
if retrycheck.check_retryable(e.response):
retry_exception = RetryException(cause_error=e)
logger.error(retry_exception)
logger.exception("error_id: %s", retry_exception.error_id)
raise retry_exception
else:
no_retry_exception = NoRetryException(
cause_error=e, message=e.response['Error']['Message'])
logger.error(no_retry_exception)
raise no_retry_exception
class DataPmCheckHistory:
ORGANIZATION_ID = copy.deepcopy(
DataCommon.ORGANIZATION_ID_TEST.format(str(3)))
PROJECT_ID = copy.deepcopy(DataCommon.PROJECT_ID.format(str(3)))
CHECK_HISTORY_ID = copy.deepcopy(DataCommon.CHECK_HISTORY_ID.format(3))
DATA_SIMPLE = {
"CheckCode": "CHECK_CIS",
"CheckHistoryID": CHECK_HISTORY_ID,
"CheckStatus": 0,
"CreatedAt": common_utils.get_current_date(),
"ErrorCode": "ErrorCode",
"ExecutedDateTime": common_utils.get_current_date(),
"ExecutedType": "AUTO",
"OrganizationID": ORGANIZATION_ID,
"ProjectID": PROJECT_ID,
"ReportFilePath": "ReportFilePath",
"TimeToLive": time_to_live,
"UpdatedAt": common_utils.get_current_date()
}
def execute_security_check_with_executed_type(trace_id, organization_id,
project_id, user_id, email,
executed_type):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リソース関連性のバリデーションチェックを行います。
try:
project = pm_projects.get_projects_by_organization_id(
trace_id, project_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not project:
return common_utils.error_common(
MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger)
try:
check_history_id = common_utils.get_uuid4()
executed_date_time = common_utils.get_current_date()
pm_checkHistory.create(trace_id, check_history_id, organization_id,
project_id, CHECK_SECURITY, CheckStatus.Waiting,
None, executed_type, None, executed_date_time,
None, user_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
try:
topic_arn = common_utils.get_environ(
CommonConst.SECURITYCHECK_EXECUTE_TOPIC)
subject = "USER : {0}".format(user_id)
message = {
'CheckHistoryId': check_history_id
}
# Publish message
aws_common.aws_sns(trace_id, subject, json.dumps(message), topic_arn)
except PmError as e:
common_utils.write_log_pm_error(e, pm_logger, exc_info=True)
try:
check_history = pm_checkHistory.query_key(trace_id, check_history_id,
True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return data response
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, check_history)
return common_utils.response(response, pm_logger)
def create(trace_id, organization_id, notify_code, destinations):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
create_notify = {
'OrganizationID': organization_id,
'NotifyCode': notify_code,
'Destinations': destinations,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
DB_utils.create(trace_id, Tables.PM_ORG_NOTIFY_MAIL_DESTINATIONS,
create_notify)
class DataPmEmailChangeApply():
APPLY_ID = "eb3b5f76-8945-11e7-b15a-8f7e5433dada-{}"
BEFORE_MAIL_ADDRESS = "*****@*****.**"
AFTER_MAIL_ADDRESS = "*****@*****.**"
DATA_CALLER_SERVICE_NAME_INSIGHTWATCH = {
"ApplyID": APPLY_ID.format(str(3)),
"UserID": user_id,
"BeforeMailAddress": BEFORE_MAIL_ADDRESS,
"AfterMailAddress": AFTER_MAIL_ADDRESS,
"TimeToLive": time_to_live,
"CreatedAt": common_utils.get_current_date(),
"UpdatedAt": common_utils.get_current_date(),
"CallerServiceName": "insightwatch"
}
DATA_CALLER_SERVICE_NAME_OPSWITCH = {
"ApplyID": APPLY_ID.format(str(3)),
"UserID": user_id,
"BeforeMailAddress": BEFORE_MAIL_ADDRESS,
"AfterMailAddress": AFTER_MAIL_ADDRESS,
"TimeToLive": time_to_live,
"CreatedAt": common_utils.get_current_date(),
"UpdatedAt": common_utils.get_current_date(),
"CallerServiceName": "opswitch"
}
DATA_INSERT_NOT_EXISTS_CALLER_SERVICE_NAME = {
"ApplyID": APPLY_ID.format(str(3)),
"UserID": user_id,
"BeforeMailAddress": BEFORE_MAIL_ADDRESS,
"AfterMailAddress": AFTER_MAIL_ADDRESS,
"TimeToLive": time_to_live,
"CreatedAt": common_utils.get_current_date(),
"UpdatedAt": common_utils.get_current_date()
}
def create(trace_id, security_check_webhook_id, executed_status):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
data_create = {
'SecurityCheckWebhookID': security_check_webhook_id,
'CreatedAt': date_now,
'ExecutedStatus': executed_status
}
condition_expression = Attr('SecurityCheckWebhookID').not_exists().__and__(
Attr('CreatedAt').not_exists())
DB_utils.create(trace_id, Tables.PM_SECURITY_CHECK_WEBHOOK_CALL_HISTORY,
data_create, condition_expression)
def create(trace_id,
check_result_id,
check_history_id,
check_rule_code,
organization_id,
organization_name,
project_id,
project_name,
aws_account_coop_id,
aws_account,
sort_code,
ok_count,
critical_count,
ng_count,
executed_date_time,
time_to_live,
aws_account_name,
is_cw_logger=False):
if (is_cw_logger):
common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
data_create = {
'CheckResultID': check_result_id,
'CheckHistoryID': check_history_id,
'CheckRuleCode': check_rule_code,
'OrganizationID': organization_id,
'OrganizationName': organization_name,
'ProjectID': project_id,
'ProjectName': project_name,
'AWSAccountCoopID': aws_account_coop_id,
'AWSAccount': aws_account,
'SortCode': sort_code,
'OKCount': ok_count,
'CriticalCount': critical_count,
'NGCount': ng_count,
'ExecutedDateTime': executed_date_time,
'TimeToLive': time_to_live,
'CreatedAt': date_now,
'UpdatedAt': date_now,
'AWSAccountName': aws_account_name
}
condition_expression = Attr("CheckResultID").not_exists()
DB_utils.create(trace_id,
Tables.PM_CHECK_RESULTS,
data_create,
condition_expression,
is_cw_logger=is_cw_logger)
class DataPmAffiliation():
USER_ID = copy.deepcopy(DataCommon.USER_ID_TEST.format(str(3)))
ORGANIZATION_ID = copy.deepcopy(DataCommon.ORGANIZATION_ID_TEST.format(str(3)))
TRACE_ID = "eb3b5f76-8945-11e7-b15a-8f7e5433dada"
DATE_NOW = common_utils.get_current_date()
AFFILIATION_TEMPLATE_ADDRESS = "test-user{}example.com"
AFFILIATION_TEMPLATE_USER_ID = USER_ID
AFFILIATION_TEMPLATE_ORGANIZATION_ID = "3388259c-7821-11e7-9fb6-bb2200a6cdd"
AFFILIATION_TEMPLATE_ORGANIZATION_ID_TEMPLATE = ORGANIZATION_ID
AFFILIATION_TEMPLATE_AUTHORITY = 3
AFFILIATION_TEMPLATE_INVITATION_STATUS = 0
AFFILIATION_TEMPLATE = {
"MailAddress": AFFILIATION_TEMPLATE_ADDRESS,
"UserID": USER_ID,
"Authority": AFFILIATION_TEMPLATE_AUTHORITY,
"OrganizationID": ORGANIZATION_ID,
"InvitationStatus": AFFILIATION_TEMPLATE_INVITATION_STATUS,
"CreatedAt": DATE_NOW,
"UpdatedAt": DATE_NOW
}
AFFILIATION_AUTHORITY_VIEWER = {
"InvitationStatus": 1,
"MailAddress": "*****@*****.**",
"Authority": 1,
"UserID": copy.deepcopy(DataCommon.USER_ID_TEST.format(str(1))),
"OrganizationID": ORGANIZATION_ID,
"CreatedAt": common_utils.get_current_date(),
"UpdatedAt": common_utils.get_current_date()
}
LIST_AFFILIATIONS = [
{
"MailAddress": AFFILIATION_TEMPLATE_ADDRESS,
"UserID": USER_ID,
"Authority": AFFILIATION_TEMPLATE_AUTHORITY,
"OrganizationID": ORGANIZATION_ID,
"InvitationStatus": AFFILIATION_TEMPLATE_INVITATION_STATUS,
"CreatedAt": common_utils.get_current_date(),
"UpdatedAt": common_utils.get_current_date()
},
{
"MailAddress": AFFILIATION_TEMPLATE_ADDRESS,
"UserID": USER_ID,
"Authority": AFFILIATION_TEMPLATE_AUTHORITY,
"OrganizationID": copy.deepcopy(DataCommon.ORGANIZATION_ID_TEST.format(str(1))),
"InvitationStatus": AFFILIATION_TEMPLATE_INVITATION_STATUS,
"CreatedAt": common_utils.get_current_date(),
"UpdatedAt": common_utils.get_current_date()
}
]
def create_organization(trace_id, organization_id, organization_name, contract,
contract_status):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
create_organization = {
'OrganizationID': organization_id,
'OrganizationName': organization_name,
'Contract': contract,
'ContractStatus': contract_status,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("OrganizationID").not_exists()
DB_utils.create(trace_id, Tables.PM_ORGANIZATIONS, create_organization,
condition_expression)
def create(trace_id, apply_id, before_mail_address, after_mail_address,
time_to_live, caller_service_name):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なカラムを作成することを避けるため
date_now = common_utils.get_current_date()
create_email_change_apply = {
'ApplyID': apply_id,
'UserID': trace_id,
'BeforeMailAddress': before_mail_address,
'AfterMailAddress': after_mail_address,
'TimeToLive': time_to_live,
'CallerServiceName': caller_service_name,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
DB_utils.create(trace_id, Tables.PM_EMAIL_CHANGE_APPLY,
create_email_change_apply)
def create_projects(trace_id, project_id, project_name, description,
organization_id):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
# 不要なクラムを作成することを避けるため
create_projects = {
'ProjectID': project_id,
'ProjectName': project_name,
'Description': description,
'OrganizationID': organization_id,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("ProjectID").not_exists()
DB_utils.create(trace_id, Tables.PM_PROJECTS, create_projects,
condition_expression)
def create_report_job_def(trace_id, code, job_definition, job_queue, max_retry,
environment):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
create_report_job_def = {
'Code': code,
'JobDefinition': job_definition,
'JobQueue': job_queue,
'MaxRetry': max_retry,
'Environment': environment,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("Code").not_exists()
DB_utils.create(trace_id, Tables.PM_BATCH_JOB_DEFS, create_report_job_def,
condition_expression)
def create_affiliation(trace_id, email, user_id, organization_id, authority,
invitation_status):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
create_affiliation = {
"MailAddress": email,
"UserID": user_id,
"OrganizationID": organization_id,
"Authority": authority,
"InvitationStatus": invitation_status,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("UserID").not_exists().__and__(
Attr("OrganizationID").not_exists())
DB_utils.create(trace_id, Tables.PM_AFFILIATION, create_affiliation,
condition_expression)
def execute_check_job_launcher(trace_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# プロジェクト一覧の取得
list_project, segment = pm_projects.get_projects_effective_enable(trace_id)
count_submit_job = 0
for project in list_project:
# ログID(UUID(v4))
project_id = project['ProjectID']
organization_id = project['OrganizationID']
# チェック履歴テーブルに新規のチェック履歴レコードを作成します。
try:
check_history_id = common_utils.get_uuid4()
executed_date_time = common_utils.get_current_date()
pm_checkHistory.create(trace_id, check_history_id, organization_id,
project_id, "CHECK_SECURITY", 0, None,
"AUTO", None, executed_date_time, None,
CommonConst.SYSTEM)
except PmError as e:
pm_logger.error("チェック履歴レコード作成に失敗しました。: ProjectID=%s", project_id)
pm_logger.error(e)
# セキュリティチェック処理ジョブの設定
# セキュリティチェック結果集計処理ジョブの設定
# セキュリティチェック結果レポート出力処理ジョブの設定
LIST_CODE_CHECK_SECURITY = [
'CHECK_SECURITY_EXEC', 'CHECK_SECURITY_AGGREGATE',
'CHECK_SECURITY_REPORT'
]
job_id = []
for code_security in LIST_CODE_CHECK_SECURITY:
result, job_id = job_check_security(trace_id, project_id,
check_history_id,
code_security, job_id)
if result is True:
count_submit_job += 1
# ジョブサブミット実績をログに出力する。
pm_logger.info("チェック処理ジョブをサブミットしました。: 取得回数=%s、ジョブサブミット件数=%s", segment,
count_submit_job)
return True
def test_create_project_success(self):
test_user_id = affiliation_template_user_id.format(str(1))
test_organization_id = project_organization_id_template.format(str(1))
date_now = common_utils.get_current_date()
# handler
path_parameters = {"organization_id": test_organization_id}
project_create[
"organization_id"] = project_organization_id_template.format(
str(1))
event = event_create.get_event_object(
trace_id=test_user_id,
path_parameters=path_parameters,
body=json.dumps(project_create))
response = projects.create_project_handler(event, {})
# Get data response
response_body = json.loads(response['body'])
id = response_body['id']
name = response_body['name']
description = response_body['description']
organization_id = response_body['organizationId']
created_at = response_body['createdAt']
updated_at = response_body['updatedAt']
status_code = response['statusCode']
# Check data response
self.assertEqual(name, project_create['name'])
self.assertEqual(description, project_create['description'])
self.assertEqual(organization_id, project_create['organization_id'])
self.assertGreaterEqual(created_at, date_now)
self.assertGreaterEqual(updated_at, date_now)
self.assertEqual(status_code, HTTPStatus.CREATED.value)
# Check data organization in database
project_database = pm_projects.get_projects(
test_user_id, id, convert_response=True)[0]
self.assertEqual(name, project_database['name'])
self.assertEqual(description, project_database['description'])
self.assertEqual(organization_id, project_database['organizationId'])
self.assertGreaterEqual(project_database['createdAt'], date_now)
self.assertGreaterEqual(project_database['updatedAt'], date_now)
pm_projects.delete_projects(test_user_id, id)
def test_update_project_success(self):
test_organization_id = template_organization_id.format(str(1))
test_project_id = template_project_id.format(str(1))
test_user_id = affiliation_template_user_id.format(str(1))
date_now = common_utils.get_current_date()
# handler
path_parameters = {
"project_id": test_project_id,
"organization_id": test_organization_id
}
event_mock = event_create.get_event_object(
path_parameters=path_parameters,
trace_id=test_user_id,
body=json.dumps(project_update))
response = projects.update_project_handler(event_mock, {})
# Get data response
response_body = json.loads(response['body'])
id = response_body['id']
name = response_body['name']
description = response_body['description']
createdAt = response_body['createdAt']
updatedAt = response_body['updatedAt']
status_code = response['statusCode']
# Get data in database
projects_database = pm_projects.get_projects(
trace_id, test_project_id)
# Check data
self.assertEqual(id, test_project_id)
self.assertEqual(name, projects_database[0]["ProjectName"])
self.assertEqual(description,
projects_database[0]['Description'])
self.assertEqual(createdAt,
projects_database[0]['CreatedAt'])
self.assertEqual(updatedAt,
projects_database[0]['UpdatedAt'])
self.assertGreaterEqual(projects_database[0]['UpdatedAt'],
date_now)
self.assertEqual(status_code, HTTPStatus.OK.value)
def create(trace_id, assessment_item_id, organization_id, project_id,
aws_account, check_item_code, time_to_live, assessment_comment,
user_id, email, account_refine_code):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
if len(assessment_comment) == 0:
assessment_comment = None
create_assessment = {
'AssessmentItemID': assessment_item_id,
'OrganizationID': organization_id,
'ProjectID': project_id,
'AWSAccount': aws_account,
'CheckItemCode': check_item_code,
'AssessmentComment': assessment_comment,
'UserID': user_id,
'MailAddress': email,
'AccountRefineCode': account_refine_code,
'TimeToLive': time_to_live,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
DB_utils.create(trace_id, Tables.PM_ASSESSMENT_ITEMS, create_assessment)
def create(trace_id, security_check_webhook_id, webhook_path, user_id,
mail_address, organization_id, project_id,
max_daily_executed_count):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
data_create = {
'SecurityCheckWebhookID': security_check_webhook_id,
'WebhookPath': webhook_path,
'UserID': user_id,
'MailAddress': mail_address,
'OrganizationID': organization_id,
'ProjectID': project_id,
'MaxDailyExecutedCount': max_daily_executed_count,
'Enabled': True,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr('SecurityCheckWebhookID').not_exists().__and__(
Attr('WebhookPath').not_exists())
DB_utils.create(trace_id, Tables.PM_SECURITY_CHECK_WEBHOOK, data_create,
condition_expression)
def create(trace_id,
organization_id,
project_id,
check_history_id,
is_cw_logger=False):
if (is_cw_logger):
common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
data_create = {
'OrganizationID': organization_id,
'ProjectID': project_id,
'CheckHistoryID': check_history_id,
'CreatedAt': date_now,
}
DB_utils.create(trace_id,
Tables.PM_LATEST_CHECK_RESULT,
data_create,
is_cw_logger=is_cw_logger)
def create(user_id, user_name, company_name, department_name, mail_status,
company_flg, country_code, caller_service_name):
common_utils.begin_logger(user_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
create_user = {
'UserID': user_id,
'UserName': user_name,
'CompanyName': company_name,
'DepartmentName': department_name,
'MailStatus': mail_status,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
if company_flg is not None:
create_user['CompanyFlg'] = company_flg
if country_code is not None:
create_user['CountryCode'] = country_code
if caller_service_name is not None:
create_user['CallerServiceName'] = caller_service_name
condition_expression = Attr("UserID").not_exists()
DB_utils.create(user_id, Tables.PM_USER_ATTRIBUTE, create_user,
condition_expression)
def create(trace_id, check_history_id, organization_id, project_id, check_code,
check_status, error_code, executed_type, report_file_path,
executed_date_time, time_to_live, execute_user_id):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
create_check_history = {
'CheckHistoryID': check_history_id,
'OrganizationID': organization_id,
'ProjectID': project_id,
'CheckCode': check_code,
'CheckStatus': check_status,
'ErrorCode': error_code,
'ExecutedType': executed_type,
'ReportFilePath': report_file_path,
'ExecutedDateTime': executed_date_time,
'ExecuteUserID': execute_user_id,
'TimeToLive': time_to_live,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("CheckHistoryID").not_exists()
DB_utils.create(trace_id, Tables.PM_CHECK_HISTORY, create_check_history,
condition_expression)
def create_awscoops(trace_id, coop_id, aws_account, aws_account_name,
role_name, external_id, description, effective,
organization_id, project_id):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
# 不要なクラムを作成することを避けるため
create_awscoops = {
'CoopID': coop_id,
'AWSAccount': aws_account,
'AWSAccountName': aws_account_name,
'RoleName': role_name,
'ExternalID': external_id,
'Description': description,
'Effective': effective,
'OrganizationID': organization_id,
'ProjectID': project_id,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("CoopID").not_exists()
DB_utils.create(trace_id, Tables.PM_AWSACCOUNTCOOPS, create_awscoops,
condition_expression)
def create_organizationTask(trace_id,
task_id,
code,
target,
user_id,
email,
status,
retry_count,
max_retry,
is_cw_logger=False):
if (is_cw_logger):
common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
create_organization_task = {
"TaskID": task_id,
"Code": code,
"Target": target,
"UserID": user_id,
"MailAddress": email,
"TaskStatus": status,
"RetryCount": retry_count,
"MaxRetry": max_retry,
"MessageID": None,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("TaskID").not_exists()
DB_utils.create(trace_id,
Tables.PM_ORGANIZATION_TASKS,
create_organization_task,
condition_expression,
is_cw_logger=is_cw_logger)
