def put_object(s3_client, bucket, file_name, file_data): """ Upload some data to private S3 object with `file_name` key. :param s3_client: S3 boto3 client :param bucket: S3 bucket name where to put data to :param file_name: S3 full path where to put data to (Key) :param file_data: `dict` or `str` of data to put. `Dict` will be transformed to string using pretty json.dumps(). :return: `S3.Client.put_object` Response dict """ content_type = mimetypes.guess_type(file_name)[0] if isinstance(file_data, dict): payload = jsonDumps(file_data) elif isinstance(file_data, str): payload = file_data elif isinstance(file_data, BytesIO): payload = file_data payload.seek(0) else: raise Exception( f"Failed to detect file_data type for {file_name}\n{file_data}" ) s3_client.put_object( Bucket=bucket, Key=file_name, ACL='private', ContentType=content_type if content_type is not None else '', Body=payload, )
def lambda_handler(event, context): set_logging(level=logging.DEBUG) config = Config() #logging.debug("Client token: " + event['authorizationToken']) logging.debug("Method ARN: " + event['methodArn']) if event['authorizationToken'] != config.api.token: raise Exception('Unauthorized') principalId = 'hammer-api-user' tmp = event['methodArn'].split(':') apiGatewayArnTmp = tmp[5].split('/') awsAccountId = tmp[4] policy = AuthPolicy(principalId, awsAccountId) policy.restApiId = apiGatewayArnTmp[0] policy.region = tmp[3] policy.stage = apiGatewayArnTmp[1] # a quick hack to allow GET calls to /identify/{request_id}, request_id is hex string # rewrite this solution to more generic variant if len(apiGatewayArnTmp) == 5: full_path = '/identify/' + apiGatewayArnTmp[4] policy.allowMethod(HttpVerb.GET, full_path) policy.allowMethod(HttpVerb.POST, '/identify') policy.allowMethod(HttpVerb.POST, '/remediate') authResponse = policy.build() logging.debug(jsonDumps(authResponse)) return authResponse
def as_string(self): """ For comparison between Issues :return: string representation of Issue """ items = self.as_dict() # remove elements related to reporting del items['timestamps'] del items['jira_details'] return jsonDumps(items, sort_keys=True)
def put_bucket_policy(s3_client, bucket, policy): """ Replaces a policy on a bucket. If the bucket already has a policy, the one in this request completely replaces it. :param s3_client: S3 boto3 client :param bucket: S3 bucket name where to update policy on :param policy: `dict` or `str` with policy. `Dict` will be transformed to string using pretty json.dumps(). :return: nothing """ policy_json = jsonDumps(policy) if isinstance(policy, dict) else policy s3_client.put_bucket_policy(Bucket=bucket, Policy=policy_json)
def put_queue_policy(sqs_client, queue_url, policy): """ Replaces a policy on a queue. If the queue already has a policy, the one in this request completely replaces it. :param sqs_client: SQS boto3 client :param queue_url: SQS queue url where to update policy on :param policy: `dict` or `str` with policy. `Dict` will be transformed to string using pretty json.dumps(). :return: nothing """ policy_json = jsonDumps(policy) if isinstance(policy, dict) else policy sqs_client.set_queue_attributes(QueueUrl=queue_url, Attributes={'Policy': policy_json})
def acl(self): """ :return: pretty formatted string with S3 bucket ACL """ return jsonDumps(self._acl)
def policy(self): """ :return: pretty formatted string with S3 bucket policy """ return jsonDumps(self._policy)
def policy(self): """ :return: pretty formatted string with SQS Queue policy """ return jsonDumps(self._policy)