def provision(config, session_factory):
func_config = dict(
name=config.get('lambda_name', 'cloud-custodian-mailer'),
description=config.get('lambda_description', 'Cloud Custodian Mailer'),
tags=config.get('lambda_tags', {}),
handler='periodic.dispatch',
runtime=config['runtime'],
memory_size=config['memory'],
timeout=config['timeout'],
role=config['role'],
subnets=config['subnets'],
security_groups=config['security_groups'],
dead_letter_config=config.get('dead_letter_config', {}),
events=[
CloudWatchEventSource(
{
'type': 'periodic',
'schedule': config.get('lambda_schedule',
'rate(5 minutes)')
}, session_factory)
])
archive = get_archive(config)
func = LambdaFunction(func_config, archive)
log.info("Provisioning mailer lambda %s" % (session_factory().region_name))
manager = LambdaManager(session_factory)
manager.publish(func)
def get_function(session_factory, role, buckets=None):
from c7n.mu import (LambdaFunction, custodian_archive, BucketNotification)
config = dict(name='c7n-s3-encrypt',
handler='s3crypt.process_key_event',
memory_size=256,
timeout=15,
role=role,
runtime="python2.7",
description='Custodian S3 Key Encrypt')
if buckets:
config['events'] = [
BucketNotification({}, session_factory, b) for b in buckets
]
archive = custodian_archive()
archive.create()
src = __file__
if src.endswith('.pyc'):
src = src[:-1]
archive.add_file(src, 's3crypt.py')
archive.add_contents('config.json', json.dumps({}))
archive.close()
return LambdaFunction(config, archive)
def get_function(session_factory, options, groups):
config = dict(name='cloud-maid-error-notify',
handler='logsub.process_log_event',
runtime='python2.7',
memory_size=512,
timeout=15,
role=options.role,
description='Maid Error Notify',
events=[
CloudWatchLogSubscription(session_factory, groups,
options.pattern)
])
archive = PythonPackageArchive(
# Directory to lambda file
os.path.join(os.path.dirname(inspect.getabsfile(c7n)), 'logsub.py'),
# Don't include virtualenv deps
lib_filter=lambda x, y, z: ([], []))
archive.create()
archive.add_contents(
'config.json',
json.dumps({
'topic': options.topic,
'subject': options.subject
}))
archive.close()
return LambdaFunction(config, archive)
def get_function(session_factory,
role,
buckets=None,
account_id=None,
tags=None):
from c7n.mu import (LambdaFunction, custodian_archive,
BucketLambdaNotification)
config = dict(name='c7n-s3-encrypt',
handler='s3crypt.process_event',
memory_size=256,
timeout=30,
role=role,
tags=tags or {},
runtime="python2.7",
description='Custodian S3 Key Encrypt')
if buckets:
config['events'] = [
BucketLambdaNotification({'account_s3': account_id},
session_factory, b) for b in buckets
]
archive = custodian_archive()
archive.add_py_file(__file__)
archive.add_contents('config.json', json.dumps({}))
archive.close()
return LambdaFunction(config, archive)
def provision(config, session_factory):
func_config = dict(name='cloud-custodian-mailer',
description='Cloud Custodian Mailer',
handler='periodic.dispatch',
runtime='python2.7',
memory_size=config['memory'],
timeout=config['timeout'],
role=config['role'],
subnets=config['subnets'],
security_groups=config['security_groups'],
dead_letter_config=config.get('dead_letter_config', {}),
events=[
CloudWatchEventSource(
{
'type': 'periodic',
'schedule': 'rate(5 minutes)'
},
session_factory,
prefix="")
])
archive = get_archive(config)
func = LambdaFunction(func_config, archive)
manager = LambdaManager(session_factory)
manager.publish(func)
def get_function(session_factory, name, role, sns_topic, log_groups,
subject="Lambda Error", pattern="Traceback"):
"""Lambda function provisioning.
Self contained within the component, to allow for easier reuse.
"""
# Lazy import to avoid runtime dependency
from c7n.mu import (
LambdaFunction, PythonPackageArchive, CloudWatchLogSubscription)
config = dict(
name=name,
handler='logsub.process_log_event',
runtime='python2.7',
memory_size=512,
timeout=15,
role=role,
description='Custodian Ops Error Notify',
events=[
CloudWatchLogSubscription(
session_factory, log_groups, pattern)])
archive = PythonPackageArchive()
archive.add_py_file(__file__)
archive.add_contents(
'config.json', json.dumps({
'topic': sns_topic,
'subject': subject
}))
archive.close()
return LambdaFunction(config, archive)
def get_function(session_factory,
name,
role,
log_groups,
project,
account_name,
account_id,
pattern="Traceback"):
"""Lambda function provisioning.
Self contained within the component, to allow for easier reuse.
"""
# Lazy import to avoid runtime dependency
import inspect
import os
import c7n
from c7n.mu import (LambdaFunction, PythonPackageArchive,
CloudWatchLogSubscription)
config = dict(name=name,
runtime='python2.7',
memory_size=512,
timeout=15,
role=role,
description='Custodian Sentry Relay',
events=[
CloudWatchLogSubscription(session_factory, log_groups,
pattern)
])
archive = PythonPackageArchive(
# Directory to lambda file
os.path.join(os.path.dirname(inspect.getabsfile(c7n)), 'ufuncs',
'cwl2sentry.py'),
# Don't include virtualenv deps
lib_filter=lambda x, y, z: ([], []))
archive.create()
archive.add_contents(
'config.json',
json.dumps({
'project': project,
'account_name': account_name,
'account_id': account_id
}))
archive.close()
return LambdaFunction(config, archive)
def test_lambda_cross_account(self):
self.patch(CrossAccountAccessFilter, "executor_factory",
MainThreadExecutor)
session_factory = self.replay_flight_data("test_cross_account_lambda")
client = session_factory().client("lambda")
name = "c7n-cross-check"
tmp_dir = tempfile.mkdtemp()
self.addCleanup(os.rmdir, tmp_dir)
archive = PythonPackageArchive()
archive.add_contents("handler.py", LAMBDA_SRC)
archive.close()
func = LambdaFunction(
{
"runtime": "python2.7",
"name": name,
"description": "",
"handler": "handler.handler",
"memory_size": 128,
"timeout": 5,
"role": self.role,
},
archive,
)
manager = LambdaManager(session_factory)
manager.publish(func)
self.addCleanup(manager.remove, func)
client.add_permission(
FunctionName=name,
StatementId="oops",
Principal="*",
Action="lambda:InvokeFunction",
)
p = self.load_policy(
{
"name": "lambda-cross",
"resource": "lambda",
"filters": ["cross-account"],
},
session_factory=session_factory,
)
resources = p.run()
self.assertEqual(len(resources), 1)
self.assertEqual(resources[0]["FunctionName"], name)
def get_function(session_factory,
name,
handler,
role,
log_groups,
project,
account_name,
account_id,
sentry_dsn,
pattern="Traceback"):
"""Lambda function provisioning.
Self contained within the component, to allow for easier reuse.
"""
# Lazy import to avoid runtime dependency
from c7n.mu import (LambdaFunction, PythonPackageArchive,
CloudWatchLogSubscription)
config = dict(name=name,
handler=handler,
runtime='python2.7',
memory_size=512,
timeout=15,
role=role,
description='Custodian Sentry Relay',
events=[
CloudWatchLogSubscription(session_factory, log_groups,
pattern)
])
archive = PythonPackageArchive(os.path.dirname(__file__),
skip='*.pyc',
lib_filter=lambda x, y, z: ([], []))
archive.create()
archive.add_contents(
'config.json',
json.dumps({
'project': project,
'account_name': account_name,
'account_id': account_id,
'sentry_dsn': sentry_dsn,
}))
archive.add_contents('handler.py',
'from c7n_sentry.c7nsentry import process_log_event')
archive.close()
return LambdaFunction(config, archive)
def get_function(session_factory,
name,
role,
sns_topic,
log_groups,
subject="Lambda Error",
pattern="Traceback"):
"""Lambda function provisioning.
Self contained within the component, to allow for easier reuse.
"""
# Lazy import to avoid runtime dependency
import inspect
import os
import c7n
from c7n.mu import (LambdaFunction, PythonPackageArchive,
CloudWatchLogSubscription)
config = dict(name=name,
handler='logsub.process_log_event',
runtime='python2.7',
memory_size=512,
timeout=15,
role=role,
description='Custodian Ops Error Notify',
events=[
CloudWatchLogSubscription(session_factory, log_groups,
pattern)
])
archive = PythonPackageArchive(
# Directory to lambda file
os.path.join(os.path.dirname(inspect.getabsfile(c7n)), 'ufuncs',
'logsub.py'),
# Don't include virtualenv deps
lib_filter=lambda x, y, z: ([], []))
archive.create()
archive.add_contents('config.json',
json.dumps({
'topic': sns_topic,
'subject': subject
}))
archive.close()
return LambdaFunction(config, archive)
def make_func(self, **kw):
func_data = dict(name='test-foo-bar',
handler='index.handler',
memory_size=128,
timeout=3,
role=ROLE,
runtime='python2.7',
description='test')
func_data.update(kw)
archive = PythonPackageArchive()
archive.add_contents(
'index.py',
'''def handler(*a, **kw):\n print("Greetings, program!")''')
archive.close()
self.addCleanup(archive.remove)
return LambdaFunction(func_data, archive)
def get_function(session_factory, name, role, events):
from c7n.mu import (LambdaFunction, PythonPackageArchive)
config = dict(name=name,
handler='helloworld.main',
runtime='python2.7',
memory_size=512,
timeout=15,
role=role,
description='Hello World',
events=events)
archive = PythonPackageArchive()
archive.add_py_file(__file__)
archive.close()
return LambdaFunction(config, archive)
def test_lambda_cross_account(self):
self.patch(CrossAccountAccessFilter, 'executor_factory',
MainThreadExecutor)
session_factory = self.replay_flight_data('test_cross_account_lambda')
client = session_factory().client('lambda')
name = 'c7n-cross-check'
tmp_dir = tempfile.mkdtemp()
self.addCleanup(os.rmdir, tmp_dir)
archive = PythonPackageArchive(tmp_dir, tmp_dir)
archive.create()
archive.add_contents('handler.py', LAMBDA_SRC)
archive.close()
func = LambdaFunction(
{
'runtime': 'python2.7',
'name': name,
'description': '',
'handler': 'handler.handler',
'memory_size': 128,
'timeout': 5,
'role': self.role
}, archive)
manager = LambdaManager(session_factory)
info = manager.publish(func)
self.addCleanup(manager.remove, func)
client.add_permission(FunctionName=name,
StatementId='oops',
Principal='*',
Action='lambda:InvokeFunction')
p = self.load_policy(
{
'name': 'lambda-cross',
'resource': 'lambda',
'filters': ['cross-account']
},
session_factory=session_factory)
resources = p.run()
self.assertEqual(len(resources), 1)
self.assertEqual(resources[0]['FunctionName'], name)
def make_func(self, **kw):
func_data = dict(
name="test-foo-bar",
handler="index.handler",
memory_size=128,
timeout=3,
role='custodian-mu',
runtime="python2.7",
description="test",
)
func_data.update(kw)
archive = PythonPackageArchive()
archive.add_contents(
"index.py",
"""def handler(*a, **kw):\n print("Greetings, program!")""")
archive.close()
self.addCleanup(archive.remove)
return LambdaFunction(func_data, archive)
def get_function(session_factory, name, role, events):
import os
from c7n.mu import (LambdaFunction, PythonPackageArchive)
config = dict(name=name,
handler='helloworld.main',
runtime='python2.7',
memory_size=512,
timeout=15,
role=role,
description='Hello World',
events=events)
archive = PythonPackageArchive(
# Directory to lambda file
os.path.abspath(__file__),
# Don't include virtualenv deps
lib_filter=lambda x, y, z: ([], []))
archive.create()
archive.close()
return LambdaFunction(config, archive)
