def get_object(event, context):
"""
Retrieve objects from s3 based on partition approach
:param event:
:param context:
:return: 200 - Success
400 - Bad Request, 401 - Unauthorized
500 - Error, 503 - Unavailable
"""
try:
partition_approach = validate_request(event)
if isinstance(partition_approach, dict) and \
"invalid" in partition_approach:
return helper.failure_response(partition_approach,
HTTPStatus.BAD_REQUEST)
rtm_module = importlib.import_module(partition_approach.value)
rtm_method_context = getattr(rtm_module, "populate_context")
req_header = rtm_method_context(event)
if "missing_fields" in req_header:
return helper.failure_response(req_header, HTTPStatus.UNAUTHORIZED)
policy_template = helper.get_policy_template(partition_approach.value)
assume_role_policy = plcymgr.get_policy(policy_template, req_header)
sts_creds = helper.get_assumed_role_creds("s3", assume_role_policy)
rtm_method_get = getattr(rtm_module, "get_object")
return rtm_method_get(sts_creds, req_header)
except Exception as ex:
return helper.failure_response(helper.format_exception(ex))
def put_object(sts_creds, req_header):
"""
Uploads objects into s3 bucket/prefix with {tenant_id/user_id}
along with access point per tenant {tenant_id}
:param sts_creds:
:param req_header:
:return: 201 - Success
400 - Bad Request, 401 - Unauthorized
500 - Error, 503 - Unavailable
"""
try:
s3_client = helper.get_boto3_client("s3", sts_creds)
helper.check_create_bucket(s3_client, req_header["bucket_name"])
s3_ctl_client = helper.get_boto3_client("s3control", sts_creds)
helper.check_create_access_point(s3_ctl_client,
req_header["bucket_name"], ACCOUNT_ID,
req_header["access_point_name"])
api_put_resp = s3_client.put_object(Bucket=req_header["bucket_name"],
Key='{0}/{1}'.format(
req_header["prefix"],
req_header["object_key"]),
Body=req_header["object_value"])
if api_put_resp and \
api_put_resp['ResponseMetadata']['HTTPStatusCode'] == HTTPStatus.OK:
return helper.success_response(api_put_resp)
else:
return helper.failure_response("Operation failed. Please retry.",
HTTPStatus.SERVICE_UNAVAILABLE)
except Exception as ex:
return helper.failure_response(helper.format_exception(ex))
def get_object(sts_creds, req_header):
"""
Retrieve objects based on access points per tenant
:param sts_creds:
:param req_header:
:return: 200 - Success
400 - Bad Request, 401 - Unauthorized
500 - Error, 503 - Unavailable
"""
try:
s3_client = helper.get_boto3_client("s3", sts_creds)
s3_ctl_client = helper.get_boto3_client("s3control", sts_creds)
s3_ctl_client.get_access_point(AccountId=ACCOUNT_ID,
Name=req_header["access_point_name"])
api_list_resp = s3_client.list_objects_v2(
Bucket=req_header["access_point_arn"], Prefix=req_header["prefix"])
if api_list_resp and api_list_resp['KeyCount'] > 0:
user_objects = [
obj['Key'].rsplit('/', 1)[-1]
for obj in api_list_resp['Contents']
]
return helper.success_response(user_objects, HTTPStatus.OK)
else:
return helper.failure_response("Operation failed. Please retry.",
HTTPStatus.SERVICE_UNAVAILABLE)
except botocore.exceptions.ClientError as ex:
return helper.failure_response_message(helper.format_exception(ex),
ex.response["Error"]["Code"])
except Exception as ex:
return helper.failure_response(helper.format_exception(ex))
def put_object(sts_creds, req_header):
"""
Store object in bucket, metadata in NoSQL (DynamoDB) with
{tenant_id, user_id} as partition key
:param sts_creds:
:param req_header:
:return: 201 - Success
400 - Bad Request, 401 - Unauthorized
500 - Error, 503 - Unavailable
"""
try:
s3_client = helper.get_boto3_client("s3", sts_creds)
helper.check_create_bucket(s3_client, req_header["bucket_name"])
api_put_resp = s3_client.put_object(Bucket=req_header["bucket_name"],
Key=req_header["key_name"],
Body=req_header["object_value"])
if api_put_resp and \
api_put_resp['ResponseMetadata']['HTTPStatusCode'] == HTTPStatus.OK.value:
api_obj_md = s3_client.head_object(
Bucket=req_header["bucket_name"], Key=req_header["key_name"])
ddb_client = helper.get_boto3_client("dynamodb", sts_creds)
api_put_md = add_metadata_db(ddb_client, req_header, api_obj_md)
return helper.success_response(api_put_md)
else:
return helper.failure_response("Operation failed. Please retry.",
HTTPStatus.SERVICE_UNAVAILABLE)
except Exception as ex:
return helper.failure_response(helper.format_exception(ex))
def get_object(sts_creds, req_header):
"""
Retrieve objects for tenant-specific bucket by AssumeRole()
:param event:
:param context:
:return: 200 - Success
400 - Bad Request, 401 - Unauthorized
500 - Error, 503 - Unavailable
"""
try:
s3_client = helper.get_boto3_client("s3", sts_creds)
api_list_resp = s3_client.list_objects_v2(Bucket=req_header["bucket_name"],
Prefix=req_header["user_id"])
if api_list_resp and api_list_resp['KeyCount'] > 0:
user_objects = [obj['Key'].rsplit('/', 1)[-1]
for obj in api_list_resp['Contents']]
return helper.success_response(user_objects,
HTTPStatus.OK)
else:
return helper.failure_response("Operation failed. Please retry.",
HTTPStatus.SERVICE_UNAVAILABLE)
except botocore.exceptions.ClientError as ex:
return helper.failure_response_message(helper.format_exception(ex),
ex.response["Error"]["Code"])
except Exception as ex:
return helper.failure_response(helper.format_exception(ex))
def put_object(sts_creds, req_header):
"""
Uploads objects and tenant_id/user_id into separate bucket
:param event:
:param context:
:return: 201 - Success
400 - Bad Request, 401 - Unauthorized
500 - Error, 502 - Service Unavailable
"""
try:
s3_client = helper.get_boto3_client("s3", sts_creds)
helper.check_create_bucket(s3_client, req_header["bucket_name"])
api_put_resp = s3_client.put_object(Bucket=req_header["bucket_name"],
Key="{0}/{1}".format(req_header["user_id"],
req_header["object_key"]),
Body=req_header["object_value"])
if api_put_resp and \
api_put_resp["ResponseMetadata"]["HTTPStatusCode"] == HTTPStatus.OK:
return helper.success_response(api_put_resp)
else:
return helper.failure_response("Operation failed. Please retry.",
HTTPStatus.SERVICE_UNAVAILABLE)
except Exception as ex:
return helper.failure_response(helper.format_exception(ex))
def get_object(sts_creds, req_header):
"""
Retrieve objects from NoSQL (DynamoDB) based on
{tenant_id, user_id} as partition key
:param sts_creds:
:param req_header:
:return: 200 - Success
400 - Bad Request, 401 - Unauthorized
500 - Error, 503 - Unavailable
"""
try:
ddb_client = helper.get_boto3_client("dynamodb", sts_creds)
resp_metadata = read_metadata_db(ddb_client, req_header)
user_objects = [
obj['key_name']['S'].rsplit('/', 1)[-1]
for obj in resp_metadata['Items']
]
return helper.success_response(user_objects, HTTPStatus.OK)
except botocore.exceptions.ClientError as ex:
return helper.failure_response_message(helper.format_exception(ex),
ex.response["Error"]["Code"])
except Exception as ex:
return helper.failure_response(helper.format_exception(ex))
def get_object(sts_creds, req_header):
"""
Retrieve objects based on tags
:param sts_creds:
:param req_header:
:return: 200 - Success
400 - Bad Request, 401 - Unauthorized
500 - Error, 503 - Unavailable
"""
try:
s3_client = helper.get_boto3_client("s3", sts_creds)
helper.check_create_bucket(s3_client, req_header["bucket_name"])
api_list_resp = s3_client.list_objects_v2(
Bucket=req_header["bucket_name"],
Prefix=req_header["prefix"],
)
if api_list_resp and api_list_resp['KeyCount'] > 0:
user_objects = []
for obj in api_list_resp['Contents']:
try:
api_tag_resp = s3_client.get_object_tagging(Bucket=req_header["bucket_name"],
Key=obj['Key'])
if api_tag_resp and \
api_tag_resp["ResponseMetadata"]["HTTPStatusCode"] == HTTPStatus.OK.value:
user_objects.append(obj['Key'].rsplit('/', 1)[-1])
except botocore.exceptions.ClientError as ex:
if ex.response["Error"]["Code"] == "AccessDenied":
# boto3 throws an exception, so do nothing
pass
else:
raise ex
return helper.success_response(user_objects,
HTTPStatus.OK)
else:
return helper.failure_response("Operation failed. Please retry.",
HTTPStatus.SERVICE_UNAVAILABLE)
except botocore.exceptions.ClientError as ex:
return helper.failure_response_message(helper.format_exception(ex),
ex.response["Error"]["Code"])
except Exception as ex:
return helper.failure_response(helper.format_exception(ex))
