def put_object(s3_client, bucket, file_name, file_data):
"""
Upload some data to private S3 object with `file_name` key.
:param s3_client: S3 boto3 client
:param bucket: S3 bucket name where to put data to
:param file_name: S3 full path where to put data to (Key)
:param file_data: `dict` or `str` of data to put. `Dict` will be transformed to string using pretty json.dumps().
:return: `S3.Client.put_object` Response dict
"""
content_type = mimetypes.guess_type(file_name)[0]
if isinstance(file_data, dict):
payload = jsonDumps(file_data)
elif isinstance(file_data, str):
payload = file_data
elif isinstance(file_data, BytesIO):
payload = file_data
payload.seek(0)
else:
raise Exception(
f"Failed to detect file_data type for {file_name}\n{file_data}"
)
s3_client.put_object(
Bucket=bucket,
Key=file_name,
ACL='private',
ContentType=content_type if content_type is not None else '',
Body=payload,
)
def lambda_handler(event, context):
set_logging(level=logging.DEBUG)
config = Config()
#logging.debug("Client token: " + event['authorizationToken'])
logging.debug("Method ARN: " + event['methodArn'])
if event['authorizationToken'] != config.api.token:
raise Exception('Unauthorized')
principalId = 'hammer-api-user'
tmp = event['methodArn'].split(':')
apiGatewayArnTmp = tmp[5].split('/')
awsAccountId = tmp[4]
policy = AuthPolicy(principalId, awsAccountId)
policy.restApiId = apiGatewayArnTmp[0]
policy.region = tmp[3]
policy.stage = apiGatewayArnTmp[1]
# a quick hack to allow GET calls to /identify/{request_id}, request_id is hex string
# rewrite this solution to more generic variant
if len(apiGatewayArnTmp) == 5:
full_path = '/identify/' + apiGatewayArnTmp[4]
policy.allowMethod(HttpVerb.GET, full_path)
policy.allowMethod(HttpVerb.POST, '/identify')
policy.allowMethod(HttpVerb.POST, '/remediate')
authResponse = policy.build()
logging.debug(jsonDumps(authResponse))
return authResponse
def as_string(self):
"""
For comparison between Issues
:return: string representation of Issue """
items = self.as_dict()
# remove elements related to reporting
del items['timestamps']
del items['jira_details']
return jsonDumps(items, sort_keys=True)
def put_bucket_policy(s3_client, bucket, policy):
"""
Replaces a policy on a bucket. If the bucket already has a policy, the one in this request completely replaces it.
:param s3_client: S3 boto3 client
:param bucket: S3 bucket name where to update policy on
:param policy: `dict` or `str` with policy. `Dict` will be transformed to string using pretty json.dumps().
:return: nothing
"""
policy_json = jsonDumps(policy) if isinstance(policy, dict) else policy
s3_client.put_bucket_policy(Bucket=bucket, Policy=policy_json)
def put_queue_policy(sqs_client, queue_url, policy):
"""
Replaces a policy on a queue. If the queue already has a policy, the one in this request completely replaces it.
:param sqs_client: SQS boto3 client
:param queue_url: SQS queue url where to update policy on
:param policy: `dict` or `str` with policy. `Dict` will be transformed to string using pretty json.dumps().
:return: nothing
"""
policy_json = jsonDumps(policy) if isinstance(policy, dict) else policy
sqs_client.set_queue_attributes(QueueUrl=queue_url,
Attributes={'Policy': policy_json})
def acl(self):
"""
:return: pretty formatted string with S3 bucket ACL
"""
return jsonDumps(self._acl)
def policy(self):
"""
:return: pretty formatted string with S3 bucket policy
"""
return jsonDumps(self._policy)
def policy(self):
"""
:return: pretty formatted string with SQS Queue policy
"""
return jsonDumps(self._policy)
