def create_excluesion_item_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = trace_id organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) email = eventhelper.get_email(event) check_item_code = eventhelper.get_check_item_code(event) coop_id = eventhelper.get_coop_id(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェックを行います。 response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Editor) if response_authority: return common_utils.response(response_authority, pm_logger) # return response data response = checkitemsettings_logic.create_excluesion_item( trace_id, user_id, organization_id, project_id, email, check_item_code, coop_id, event['body']) return common_utils.response(response, pm_logger)
def delete_excluded_resources_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = trace_id organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) check_item_code = eventhelper.get_check_item_code(event) coop_id = eventhelper.get_coop_id(event) region_name = eventhelper.get_region_name(event) resource_type = eventhelper.get_resource_type(event) resource_name = eventhelper.get_resource_name(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェックを行います。 response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Editor) if response_authority: return common_utils.response(response_authority, pm_logger) # リソース除外設定情報を削除します。 response = checkitemsettings_logic.delete_excluded_resources( trace_id, organization_id, project_id, check_item_code, coop_id, region_name, resource_type, resource_name) return common_utils.response(response, pm_logger)
def list_awscoops_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) if (event['queryStringParameters'] and event[ 'queryStringParameters']['effective']): effective = eventhelper.get_effective(event) else: effective = None # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority( trace_id, user_id, organization_id, Authority.Viewer) if response_authority: return common_utils.response(response_authority, pm_logger) response = awscoops_logic.get_list_awscoops(trace_id, organization_id, project_id, effective) return common_utils.response(response, pm_logger)
def query_key(task_id): pm_logger = common_utils.begin_logger(task_id, __name__, inspect.currentframe()) try: key = {"TaskID": task_id} result = DB_utils.query_key(task_id, Tables.PM_ORGANIZATION_TASKS, key) return common_utils.response(result, pm_logger) except PmError as e: pm_logger.error(e) return common_utils.response(None, pm_logger)
def update(task_id, update_attribute, target_update_date): pm_logger = common_utils.begin_logger(task_id, __name__, inspect.currentframe()) try: key = {"TaskID": task_id} DB_utils.update(task_id, Tables.PM_ORGANIZATION_TASKS, key, update_attribute, target_update_date) return common_utils.response(True, pm_logger) except PmError as e: pm_logger.error(e) return common_utils.response(False, pm_logger)
def get_securitycheck_awsacntsummary(user_id, aws_account): trace_id = user_id pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # 所属組織リストを取得します。 try: affiliations = pm_affiliation.query_userid_key_invite( trace_id, user_id, InvitationStatus.Belong) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not affiliations): response = common_utils.get_response_by_response_body( HTTPStatus.OK, []) return common_utils.response(response, pm_logger) response_bodys = [] for affiliation in affiliations: try: # 最新チェック結果テーブルから組織ID をキーとして、クエリを行います。 list_latest_check_result = pm_latestCheckResult.query_organization_id( trace_id, affiliation['OrganizationID']) except PmError as e: return common_utils.error_exception( MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not list_latest_check_result): continue for latest_check_result in list_latest_check_result: try: list_check_result = pm_checkResults.query_history_index_by_awsaccount( trace_id, aws_account, latest_check_result['CheckHistoryID'], True) except PmError as e: return common_utils.error_exception( MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not list_check_result): continue response_bodys.extend(list_check_result) if aws_account is not None: response = common_utils.get_response_by_response_body( HTTPStatus.OK, response_bodys) return common_utils.response(response, pm_logger) response = common_utils.get_response_by_response_body( HTTPStatus.OK, response_bodys) return common_utils.response(response, pm_logger)
def submit_job(trace_id, job_name, job_queue, depends_on, job_definition, parameters, container_overrides, max_retry, is_cw_logger=False): frame = inspect.currentframe() params = common_utils.get_params_function(frame) if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, frame) else: logger = common_utils.begin_logger(trace_id, __name__, frame) job_id = [] aws_batch_job_submit = os.getenv('AWS_BATCH_JOB_SUBMIT', 'ON') if aws_batch_job_submit == 'OFF': job_id = [ { 'jobId': str(uuid.uuid4()) } ] return common_utils.response(job_id, logger), params try: client = boto3.client('batch') except ClientError as e: raise common_utils.write_log_exception(e, logger) try: response = client.submit_job( jobName=job_name, jobQueue=job_queue, dependsOn=depends_on, jobDefinition=job_definition, parameters=parameters, containerOverrides=container_overrides, retryStrategy={ 'attempts': int(max_retry) } ) job_id = [ { 'jobId': response['jobId'] }, ] logger.info("End : submit job success") except ClientError as e: raise common_utils.write_log_exception(e, logger) return common_utils.response(job_id, logger), params
def query_userid_key(trace_id, user_id, organization_id=None, filter_expression=None, convert_response=None, is_cw_logger=False): if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) else: logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) key_conditions = { 'UserID': { 'AttributeValueList': [user_id], 'ComparisonOperator': 'EQ' } } if (organization_id): key_conditions['OrganizationID'] = { 'AttributeValueList': [organization_id], 'ComparisonOperator': 'EQ' } result = DB_utils.query(trace_id, Tables.PM_AFFILIATION, key_conditions, filter_expression, is_cw_logger=is_cw_logger) if result and convert_response: result = common_utils.convert_list_response(trace_id, result, RESPONSE_AFFILIATION, is_cw_logger=is_cw_logger) return common_utils.response(result, logger)
def query_key(trace_id, organization_id, notify_code, convert_response=None, is_cw_logger=False): if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) else: logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) key = {"OrganizationID": organization_id, "NotifyCode": notify_code} result = DB_utils.query_key(trace_id, Tables.PM_ORG_NOTIFY_MAIL_DESTINATIONS, key, is_cw_logger=is_cw_logger) if result and convert_response: result = common_utils.convert_response( trace_id, result, RESPONSE_ORG_NOTIFY_MAIL_DESTINATIONS, is_cw_logger=is_cw_logger) result['destinations'] = common_utils.convert_list_response( trace_id, result['destinations'], RESPONSE_DESTINATIONS, is_cw_logger=is_cw_logger) return common_utils.response(result, logger)
def get_report(trace_id, report_id, organization_id, project_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: report = pm_reports.query_report_filter_organization_project( trace_id, report_id, project_id, organization_id, convert_response=True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 組織情報を取得します。 if (not report): return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # response when do success response = common_utils.get_response_by_response_body( HTTPStatus.OK, report[0]) return common_utils.response(response, pm_logger)
def query_check_history_index(trace_id, check_history_id, sort_code=None, filter_expression=None, is_cw_logger=False): if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) else: logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) key_conditions = { 'CheckHistoryID': { 'AttributeValueList': [check_history_id], 'ComparisonOperator': 'EQ' } } if sort_code is not None: key_conditions['SortCode'] = { 'AttributeValueList': [sort_code], 'ComparisonOperator': 'EQ' } result = DB_utils.query_index(trace_id, Tables.PM_CHECK_RESULT_ITEMS, CHECK_HISTORY_INDEX, key_conditions, filter_expression, is_cw_logger=is_cw_logger) return common_utils.response(result, logger)
def create_check_authority_filter(trace_id, authority): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) filter = Attr('InvitationStatus').eq( InvitationStatus.Belong.value).__and__( Attr("Authority").gte(authority.value)) return common_utils.response(filter, pm_logger)
def query_key(trace_id, table_name, key, is_cw_logger=False): if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) else: logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: table = connect_dynamodb(table_name) result = table.get_item(Key=key) result_item = None if (common_utils.check_key('Item', result)): result_item = result['Item'] return common_utils.response(result_item, logger) except ClientError as e: if retrycheck.check_retryable(e.response): retry_exception = RetryException(cause_error=e) logger.error(retry_exception) logger.exception("error_id: %s", retry_exception.error_id) raise retry_exception else: no_retry_exception = NoRetryException( cause_error=e, message=e.response['Error']['Message']) logger.error(no_retry_exception) raise no_retry_exception
def get_notifyslack(trace_id, organization_id, notify_code): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # 全てのチェックを行い、エラーがあった場合はログを出力してエラーレスポンスを返します。 list_error = validate_notifyslack(notify_code) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # Slack通知設定情報を取得します。 try: result = pm_orgNotifySlack.query_key(trace_id, organization_id, notify_code, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not result: return common_utils.get_response_by_response_body(HTTPStatus.OK, []) # return data response = common_utils.get_response_by_response_body( HTTPStatus.OK, result) return common_utils.response(response, pm_logger)
def get_myorganizations(trace_id, user_id, invite_status): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # Validate list_error = common_utils.validate_invite_status(trace_id, invite_status) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) try: # get list affiliations by email,email get from event affiliations = pm_affiliation.query_userid_key_invite( trace_id, user_id, int(invite_status), True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) result = [] for affiliation in affiliations: try: # get organization by organization id organization = pm_organizations.get_organization( trace_id, affiliation["organizationId"], True) affiliation.pop('organizationId', None) affiliation['organization'] = organization result.append(affiliation) except PmError as e: return common_utils.error_exception( MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return data response = common_utils.get_response_by_response_body( HTTPStatus.OK, affiliations) return common_utils.response(response, pm_logger)
def delete_awscoop(trace_id, coop_id, organization_id, project_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: awscoops = pm_awsAccountCoops.get_awscoops_update( trace_id, coop_id, project_id, organization_id) except PmError as err: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, err, pm_logger, True) if awscoops is None: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) try: pm_awsAccountCoops.delete_awscoops(trace_id, coop_id) except PmError as err: return common_utils.error_exception(MsgConst.ERR_DB_405, HTTPStatus.INTERNAL_SERVER_ERROR, err, pm_logger, True) # response if delete success response = common_utils.get_response_by_response_body( HTTPStatus.NO_CONTENT, None) return common_utils.response(response, pm_logger)
def delete_notifymail(trace_id, organization_id, notify_code): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # 全てのチェックを行い、エラーがあった場合はログを出力してエラーレスポンスを返します。 list_error = validate_notifymail(notify_code) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) try: result = pm_orgNotifyMailDestinations.query_key( trace_id, organization_id, notify_code) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not result): return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) try: pm_orgNotifyMailDestinations.delete(trace_id, organization_id, notify_code) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_404, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return response data response = common_utils.get_response_by_response_body( HTTPStatus.NO_CONTENT, None) return common_utils.response(response, pm_logger)
def sqs_receive_message(trace_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) queue_url = os.environ.get("SQS_ORGANIZATION_QUEUE") try: client = boto3.client("sqs") response = client.receive_message( QueueUrl=queue_url, MaxNumberOfMessages=10 ) messages = None if (common_utils.check_key('Messages', response)): messages = common_utils.response(response['Messages'], pm_logger) return common_utils.response(messages, pm_logger) except ClientError as e: common_utils.write_log_exception(e, pm_logger, True)
def get_user_attributes_handler(event, context): user_id = eventhelper.get_trace_id(event) pm_logger = common_utils.begin_logger(user_id, __name__, inspect.currentframe()) # return data response response = user_logic.get_user_attributes(user_id) return common_utils.response(response, pm_logger)
def query_history_index(trace_id, check_history_id, filter_expression=None, convert_response=None, is_cw_logger=False): if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) else: logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) key_conditions = { 'CheckHistoryID': { 'AttributeValueList': [check_history_id], 'ComparisonOperator': 'EQ' } } result = DB_utils.query_index(trace_id, Tables.PM_CHECK_RESULTS, CHECK_HISTORY_INDEX, key_conditions, filter_expression, is_cw_logger=is_cw_logger) if result and convert_response: result = common_utils.convert_list_response(trace_id, result, RESPONSE_CHECK_RESULTS, RESPONSE_REQUIRED, is_cw_logger=is_cw_logger) return common_utils.response(result, logger)
def query_project_index(trace_id, project_id, user_id=None, filter_expression=None, convert_response=None): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) key_conditions = { 'ProjectID': { 'AttributeValueList': [project_id], 'ComparisonOperator': 'EQ' } } if common_utils.is_null(user_id) is False: key_conditions['UserID'] = { 'AttributeValueList': [user_id], 'ComparisonOperator': 'EQ' } result = DB_utils.query_index(trace_id, Tables.PM_SECURITY_CHECK_WEBHOOK, PROJECT_INDEX, key_conditions, filter_expression) if result and convert_response: result = common_utils.convert_list_response( trace_id, result, RESPONSE_SECURITY_CHECK_WEBHOOK) return common_utils.response(result, pm_logger)
def query_index(trace_id, table_name, index_name, key_conditions, filter_expression, scan_index_forward=True, is_cw_logger=False): if (is_cw_logger): logger = common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe()) else: logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) exclusiveStartKey = None list_data = [] while True: try: result = query_index_db(trace_id, table_name, index_name, key_conditions, filter_expression, scan_index_forward, exclusiveStartKey, is_cw_logger=is_cw_logger) list_data.extend(result['Items']) if common_utils.check_key('LastEvaluatedKey', result) is False: break exclusiveStartKey = result['LastEvaluatedKey'] except Exception as e: logger.error(e) break return common_utils.response(list_data, logger)
def delete_user(trace_id, organization_id, user_id, email): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # check the deletion condition if user_id == trace_id: try: count = pm_affiliation.query_users_check_authority_count( trace_id, user_id, organization_id, Authority.Owner) except PmError as e: return common_utils.error_exception( MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if count == 0: return common_utils.error_common(MsgConst.ERR_REQUEST_203, HTTPStatus.PRECONDITION_FAILED, pm_logger) # get user to delete try: user = pm_affiliation.query(user_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not user: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # delete user try: pm_affiliation.delete_affiliation(user_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_405, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # set task informaiton request delete in Organization Tasks task_id = str(uuid.uuid4()) target = CommonConst.TARGET_DELETE_ORG_USER.format(user_id, organization_id) try: # create task informaiton request delete in Organization Tasks pm_organizationTasks.create_organizationTask( trace_id, task_id, CommonConst.TASK_TYPE_CODE_DELETE_ORG_USER, target, trace_id, email, Status.Waiting.value, 0, 3) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) try: # Send message to organization topic task aws_common.sns_organization_topic( trace_id, task_id, CommonConst.TASK_TYPE_CODE_DELETE_ORG_USER) except PmError as e: common_utils.write_log_pm_error(e, pm_logger, exc_info=True) response = common_utils.get_response_by_response_body( HTTPStatus.NO_CONTENT, None) return common_utils.response(response, pm_logger)
def get_organization_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Viewer) if (response_authority): return common_utils.response(response_authority, pm_logger) # return data response response = organizations_logic.get_organization(trace_id, organization_id) return common_utils.response(response, pm_logger)
def execute_change_email_handler(event, context): apply_id = eventhelper.get_apply_id(event) pm_logger = common_utils.begin_logger(apply_id, __name__, inspect.currentframe()) # return data response response = user_logic.execute_change_email(apply_id) return common_utils.response(response, pm_logger)
def apply_change_email_handler(event, context): user_id = eventhelper.get_trace_id(event) email = eventhelper.get_email(event) pm_logger = common_utils.begin_logger(user_id, __name__, inspect.currentframe()) # return data response response = user_logic.apply_change_email(user_id, email, event['body']) return common_utils.response(response, pm_logger)
def update_organization(trace_id, organization_id, data_body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # Parse JSON try: body_object = json.loads(data_body) organization_name = body_object["name"] except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) # Validate list_error = validate_update(organization_name) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # Databaseから組織情報を取得する try: organization_item = pm_organizations.get_organization( trace_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not organization_item): return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # Update Organization attribute = {'OrganizationName': {"Value": organization_name}} updated_at = organization_item['UpdatedAt'] try: pm_organizations.update_organization(trace_id, organization_id, attribute, updated_at) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_404, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # Get data update try: organization_result = pm_organizations.get_organization( trace_id, organization_id, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) response = common_utils.get_response_by_response_body( HTTPStatus.OK, organization_result) # return data response return common_utils.response(response, pm_logger)
def query_userid_key_count(trace_id, user_id, organization_id=None, filter_expression=None): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) result = query_userid_key(trace_id, user_id, organization_id, filter_expression) return common_utils.response(len(result), pm_logger)
def get_function_name(trace_id, function): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) service_name = common_utils.get_service_name(CommonConst.HYPHEN) stage = common_utils.get_stage(CommonConst.HYPHEN) # Function name result = service_name + stage + function return common_utils.response(result, pm_logger)
def create_notifymail_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Owner) if (response_authority): return common_utils.response(response_authority, pm_logger) # return data response response = notifymail_logic.create_notifymail(trace_id, organization_id, event["body"]) return common_utils.response(response, pm_logger)