def provision(config, session_factory): func_config = dict( name=config.get('lambda_name', 'cloud-custodian-mailer'), description=config.get('lambda_description', 'Cloud Custodian Mailer'), tags=config.get('lambda_tags', {}), handler='periodic.dispatch', runtime=config['runtime'], memory_size=config['memory'], timeout=config['timeout'], role=config['role'], subnets=config['subnets'], security_groups=config['security_groups'], dead_letter_config=config.get('dead_letter_config', {}), events=[ CloudWatchEventSource( { 'type': 'periodic', 'schedule': config.get('lambda_schedule', 'rate(5 minutes)') }, session_factory) ]) archive = get_archive(config) func = LambdaFunction(func_config, archive) log.info("Provisioning mailer lambda %s" % (session_factory().region_name)) manager = LambdaManager(session_factory) manager.publish(func)
def get_function(session_factory, role, buckets=None): from c7n.mu import (LambdaFunction, custodian_archive, BucketNotification) config = dict(name='c7n-s3-encrypt', handler='s3crypt.process_key_event', memory_size=256, timeout=15, role=role, runtime="python2.7", description='Custodian S3 Key Encrypt') if buckets: config['events'] = [ BucketNotification({}, session_factory, b) for b in buckets ] archive = custodian_archive() archive.create() src = __file__ if src.endswith('.pyc'): src = src[:-1] archive.add_file(src, 's3crypt.py') archive.add_contents('config.json', json.dumps({})) archive.close() return LambdaFunction(config, archive)
def get_function(session_factory, options, groups): config = dict(name='cloud-maid-error-notify', handler='logsub.process_log_event', runtime='python2.7', memory_size=512, timeout=15, role=options.role, description='Maid Error Notify', events=[ CloudWatchLogSubscription(session_factory, groups, options.pattern) ]) archive = PythonPackageArchive( # Directory to lambda file os.path.join(os.path.dirname(inspect.getabsfile(c7n)), 'logsub.py'), # Don't include virtualenv deps lib_filter=lambda x, y, z: ([], [])) archive.create() archive.add_contents( 'config.json', json.dumps({ 'topic': options.topic, 'subject': options.subject })) archive.close() return LambdaFunction(config, archive)
def get_function(session_factory, role, buckets=None, account_id=None, tags=None): from c7n.mu import (LambdaFunction, custodian_archive, BucketLambdaNotification) config = dict(name='c7n-s3-encrypt', handler='s3crypt.process_event', memory_size=256, timeout=30, role=role, tags=tags or {}, runtime="python2.7", description='Custodian S3 Key Encrypt') if buckets: config['events'] = [ BucketLambdaNotification({'account_s3': account_id}, session_factory, b) for b in buckets ] archive = custodian_archive() archive.add_py_file(__file__) archive.add_contents('config.json', json.dumps({})) archive.close() return LambdaFunction(config, archive)
def provision(config, session_factory): func_config = dict(name='cloud-custodian-mailer', description='Cloud Custodian Mailer', handler='periodic.dispatch', runtime='python2.7', memory_size=config['memory'], timeout=config['timeout'], role=config['role'], subnets=config['subnets'], security_groups=config['security_groups'], dead_letter_config=config.get('dead_letter_config', {}), events=[ CloudWatchEventSource( { 'type': 'periodic', 'schedule': 'rate(5 minutes)' }, session_factory, prefix="") ]) archive = get_archive(config) func = LambdaFunction(func_config, archive) manager = LambdaManager(session_factory) manager.publish(func)
def get_function(session_factory, name, role, sns_topic, log_groups, subject="Lambda Error", pattern="Traceback"): """Lambda function provisioning. Self contained within the component, to allow for easier reuse. """ # Lazy import to avoid runtime dependency from c7n.mu import ( LambdaFunction, PythonPackageArchive, CloudWatchLogSubscription) config = dict( name=name, handler='logsub.process_log_event', runtime='python2.7', memory_size=512, timeout=15, role=role, description='Custodian Ops Error Notify', events=[ CloudWatchLogSubscription( session_factory, log_groups, pattern)]) archive = PythonPackageArchive() archive.add_py_file(__file__) archive.add_contents( 'config.json', json.dumps({ 'topic': sns_topic, 'subject': subject })) archive.close() return LambdaFunction(config, archive)
def get_function(session_factory, name, role, log_groups, project, account_name, account_id, pattern="Traceback"): """Lambda function provisioning. Self contained within the component, to allow for easier reuse. """ # Lazy import to avoid runtime dependency import inspect import os import c7n from c7n.mu import (LambdaFunction, PythonPackageArchive, CloudWatchLogSubscription) config = dict(name=name, runtime='python2.7', memory_size=512, timeout=15, role=role, description='Custodian Sentry Relay', events=[ CloudWatchLogSubscription(session_factory, log_groups, pattern) ]) archive = PythonPackageArchive( # Directory to lambda file os.path.join(os.path.dirname(inspect.getabsfile(c7n)), 'ufuncs', 'cwl2sentry.py'), # Don't include virtualenv deps lib_filter=lambda x, y, z: ([], [])) archive.create() archive.add_contents( 'config.json', json.dumps({ 'project': project, 'account_name': account_name, 'account_id': account_id })) archive.close() return LambdaFunction(config, archive)
def test_lambda_cross_account(self): self.patch(CrossAccountAccessFilter, "executor_factory", MainThreadExecutor) session_factory = self.replay_flight_data("test_cross_account_lambda") client = session_factory().client("lambda") name = "c7n-cross-check" tmp_dir = tempfile.mkdtemp() self.addCleanup(os.rmdir, tmp_dir) archive = PythonPackageArchive() archive.add_contents("handler.py", LAMBDA_SRC) archive.close() func = LambdaFunction( { "runtime": "python2.7", "name": name, "description": "", "handler": "handler.handler", "memory_size": 128, "timeout": 5, "role": self.role, }, archive, ) manager = LambdaManager(session_factory) manager.publish(func) self.addCleanup(manager.remove, func) client.add_permission( FunctionName=name, StatementId="oops", Principal="*", Action="lambda:InvokeFunction", ) p = self.load_policy( { "name": "lambda-cross", "resource": "lambda", "filters": ["cross-account"], }, session_factory=session_factory, ) resources = p.run() self.assertEqual(len(resources), 1) self.assertEqual(resources[0]["FunctionName"], name)
def get_function(session_factory, name, handler, role, log_groups, project, account_name, account_id, sentry_dsn, pattern="Traceback"): """Lambda function provisioning. Self contained within the component, to allow for easier reuse. """ # Lazy import to avoid runtime dependency from c7n.mu import (LambdaFunction, PythonPackageArchive, CloudWatchLogSubscription) config = dict(name=name, handler=handler, runtime='python2.7', memory_size=512, timeout=15, role=role, description='Custodian Sentry Relay', events=[ CloudWatchLogSubscription(session_factory, log_groups, pattern) ]) archive = PythonPackageArchive(os.path.dirname(__file__), skip='*.pyc', lib_filter=lambda x, y, z: ([], [])) archive.create() archive.add_contents( 'config.json', json.dumps({ 'project': project, 'account_name': account_name, 'account_id': account_id, 'sentry_dsn': sentry_dsn, })) archive.add_contents('handler.py', 'from c7n_sentry.c7nsentry import process_log_event') archive.close() return LambdaFunction(config, archive)
def get_function(session_factory, name, role, sns_topic, log_groups, subject="Lambda Error", pattern="Traceback"): """Lambda function provisioning. Self contained within the component, to allow for easier reuse. """ # Lazy import to avoid runtime dependency import inspect import os import c7n from c7n.mu import (LambdaFunction, PythonPackageArchive, CloudWatchLogSubscription) config = dict(name=name, handler='logsub.process_log_event', runtime='python2.7', memory_size=512, timeout=15, role=role, description='Custodian Ops Error Notify', events=[ CloudWatchLogSubscription(session_factory, log_groups, pattern) ]) archive = PythonPackageArchive( # Directory to lambda file os.path.join(os.path.dirname(inspect.getabsfile(c7n)), 'ufuncs', 'logsub.py'), # Don't include virtualenv deps lib_filter=lambda x, y, z: ([], [])) archive.create() archive.add_contents('config.json', json.dumps({ 'topic': sns_topic, 'subject': subject })) archive.close() return LambdaFunction(config, archive)
def make_func(self, **kw): func_data = dict(name='test-foo-bar', handler='index.handler', memory_size=128, timeout=3, role=ROLE, runtime='python2.7', description='test') func_data.update(kw) archive = PythonPackageArchive() archive.add_contents( 'index.py', '''def handler(*a, **kw):\n print("Greetings, program!")''') archive.close() self.addCleanup(archive.remove) return LambdaFunction(func_data, archive)
def get_function(session_factory, name, role, events): from c7n.mu import (LambdaFunction, PythonPackageArchive) config = dict(name=name, handler='helloworld.main', runtime='python2.7', memory_size=512, timeout=15, role=role, description='Hello World', events=events) archive = PythonPackageArchive() archive.add_py_file(__file__) archive.close() return LambdaFunction(config, archive)
def test_lambda_cross_account(self): self.patch(CrossAccountAccessFilter, 'executor_factory', MainThreadExecutor) session_factory = self.replay_flight_data('test_cross_account_lambda') client = session_factory().client('lambda') name = 'c7n-cross-check' tmp_dir = tempfile.mkdtemp() self.addCleanup(os.rmdir, tmp_dir) archive = PythonPackageArchive(tmp_dir, tmp_dir) archive.create() archive.add_contents('handler.py', LAMBDA_SRC) archive.close() func = LambdaFunction( { 'runtime': 'python2.7', 'name': name, 'description': '', 'handler': 'handler.handler', 'memory_size': 128, 'timeout': 5, 'role': self.role }, archive) manager = LambdaManager(session_factory) info = manager.publish(func) self.addCleanup(manager.remove, func) client.add_permission(FunctionName=name, StatementId='oops', Principal='*', Action='lambda:InvokeFunction') p = self.load_policy( { 'name': 'lambda-cross', 'resource': 'lambda', 'filters': ['cross-account'] }, session_factory=session_factory) resources = p.run() self.assertEqual(len(resources), 1) self.assertEqual(resources[0]['FunctionName'], name)
def make_func(self, **kw): func_data = dict( name="test-foo-bar", handler="index.handler", memory_size=128, timeout=3, role='custodian-mu', runtime="python2.7", description="test", ) func_data.update(kw) archive = PythonPackageArchive() archive.add_contents( "index.py", """def handler(*a, **kw):\n print("Greetings, program!")""") archive.close() self.addCleanup(archive.remove) return LambdaFunction(func_data, archive)
def get_function(session_factory, name, role, events): import os from c7n.mu import (LambdaFunction, PythonPackageArchive) config = dict(name=name, handler='helloworld.main', runtime='python2.7', memory_size=512, timeout=15, role=role, description='Hello World', events=events) archive = PythonPackageArchive( # Directory to lambda file os.path.abspath(__file__), # Don't include virtualenv deps lib_filter=lambda x, y, z: ([], [])) archive.create() archive.close() return LambdaFunction(config, archive)