def count_myorganizations(trace_id, user_id, invite_status):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Validate
list_error = common_utils.validate_invite_status(trace_id, invite_status)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
try:
count = pm_affiliation.query_userid_key_invite_count(
trace_id, user_id, int(invite_status))
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response_body = {"count": count}
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, response_body)
return common_utils.response(response, pm_logger)
def get_organization(trace_id, organization_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
organization = pm_organizations.get_organization(
trace_id, organization_id, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 組織情報を取得します。
if (not organization):
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# data response
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, organization)
return common_utils.response(response, pm_logger)
def get_list_users(trace_id, organization_id, invite_status):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Validate
if not common_utils.is_null(invite_status):
list_error = common_utils.validate_invite_status(
trace_id, invite_status)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
try:
users = pm_affiliation.query_users_organization_index(
trace_id, organization_id, invite_status, convert_response=True)
except PmError as err:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
# response when do success
response = common_utils.get_response_by_response_body(HTTPStatus.OK, users)
return common_utils.response(response, pm_logger)
def get_awscoop(trace_id, coop_id, project_id, organization_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
awscoop = pm_awsAccountCoops.query_awscoop_filter_organization_project(
trace_id,
coop_id,
organization_id,
project_id,
convert_response=True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 組織情報を取得します。
if (not awscoop):
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# data response
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, awscoop[0])
return common_utils.response(response, pm_logger)
def get_notifymail(trace_id, organization_id, notify_code):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# 全てのチェックを行い、エラーがあった場合はログを出力してエラーレスポンスを返します。
list_error = validate_notifymail(notify_code)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
try:
result = pm_orgNotifyMailDestinations.query_key(
trace_id, organization_id, notify_code, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if (not result):
return common_utils.get_response_by_response_body(HTTPStatus.OK, [])
# return data
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, result)
return common_utils.response(response, pm_logger)
def get_security_check_detail(trace_id,
organization_id,
project_id,
check_history_id=None,
group_filter=None):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リソース関連性のバリデーションチェックを行います。
try:
project = pm_projects.get_projects_by_organization_id(
trace_id, project_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if (not project):
return common_utils.error_common(
MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger)
# 最新チェック結果のチェック履歴ID CheckHistoryIDを取得します。
if check_history_id is None:
try:
lastest_check_result = pm_latestCheckResult.query_key(
trace_id, project_id, organization_id)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
if (not lastest_check_result):
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, [])
return common_utils.response(response, pm_logger)
check_history_id = lastest_check_result["CheckHistoryID"]
else:
try:
lastest_check_result = pm_latestCheckResult.query_key_by_check_history_id(
trace_id, project_id, organization_id, check_history_id)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
if (not lastest_check_result):
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# チェック結果詳細情報を取得します。
try:
if common_utils.is_null(group_filter) is True:
check_result_items = pm_checkResultItems.get_security_check_detail(
trace_id, check_history_id)
else:
check_result_items = pm_checkResultItems.get_security_check_detail(
trace_id, check_history_id,
CommonConst.GROUP_FILTER_TEMPLATE.format(group_filter))
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if (not check_result_items):
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, [])
return common_utils.response(response, pm_logger)
# 個別チェック結果レコードに対して、各チェック結果に作成されたチェック結果ファイルを取得する。
response_body = []
for check_result_item in check_result_items:
try:
data = FileUtils.read_json(trace_id, "S3_CHECK_BUCKET",
check_result_item["ResultJsonPath"])
except PmError as e:
if e.cause_error.response['Error'][
'Code'] == CommonConst.NO_SUCH_KEY:
return common_utils.error_exception(
MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
else:
return common_utils.error_exception(
MsgConst.ERR_S3_709, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
response_body.append(get_response_body(check_result_item, data))
# return response data
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, response_body)
return common_utils.response(response, pm_logger)
def get_security_check_resource(trace_id, coop_id, project_id, organization_id,
check_item_code):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リソース関連性のバリデーションチェックを行います。
try:
awscoop_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not awscoop_item:
return common_utils.error_common(
MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger)
# 最新チェック結果テーブルのチェック履歴IDCheckHistoryIDを取得します。
try:
latest_check_result = pm_latestCheckResult.query_key(
trace_id, project_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not latest_check_result:
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, [])
return common_utils.response(response, pm_logger)
check_history_id = latest_check_result['CheckHistoryID']
# チェック結果詳細情報を取得します。
try:
check_result_items = pm_checkResultItems.get_security_check_detail_by_check_result_and_check_item_code(
trace_id, check_history_id, check_item_code,
awscoop_item['AWSAccount'])
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not check_result_items:
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, [])
return common_utils.response(response, pm_logger)
# 個別チェック結果レコードに対して、各チェック結果に作成されたチェック結果ファイルを取得する。
response_body = []
for check_result_item in check_result_items:
try:
result_json_check_result_item = FileUtils.read_json(
trace_id, "S3_CHECK_BUCKET",
check_result_item["ResultJsonPath"])
except PmError as e:
if e.cause_error.response['Error'][
'Code'] == CommonConst.NO_SUCH_KEY:
return common_utils.error_exception(
MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
else:
return common_utils.error_exception(
MsgConst.ERR_S3_709, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
response_body.append(
get_response_body(check_result_item,
result_json_check_result_item))
# return response data
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, response_body)
return common_utils.response(response, pm_logger)
def get_security_check_summary(user_id):
trace_id = user_id
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# 所属組織リストを取得します。
try:
affiliations = pm_affiliation.query_userid_key_invite(
trace_id, user_id, InvitationStatus.Belong)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if (not affiliations):
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, [])
return common_utils.response(response, pm_logger)
ok_count = 0
ng_count = 0
critical_count = 0
managed_count = 0
error_count = 0
for affiliation in affiliations:
try:
# 最新チェック結果テーブルから組織ID をキーとして、クエリを行います。
list_latest_check_result = pm_latestCheckResult.query_organization_id(
trace_id, affiliation['OrganizationID'])
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
if (not list_latest_check_result):
continue
# 取得した所属組織に対して、所属組織ごとに最新チェック結果のチェック履歴IDを取得します。
for latest_check_result in list_latest_check_result:
try:
list_check_result = pm_checkResults.query_history_index(
trace_id, latest_check_result['CheckHistoryID'])
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
if (not list_check_result):
continue
# チェック結果を合計します。
for check_result in list_check_result:
if common_utils.check_key('OKCount', check_result):
ok_count += check_result['OKCount']
if common_utils.check_key('NGCount', check_result):
ng_count += check_result['NGCount']
if common_utils.check_key('CriticalCount', check_result):
critical_count += check_result['CriticalCount']
if common_utils.check_key('ManagedCount', check_result):
managed_count += check_result['ManagedCount']
if common_utils.check_key('ErrorCount', check_result):
error_count += check_result['ErrorCount']
# return data response
response_body = {
"okCount": int(ok_count),
"ngCount": int(ng_count),
"criticalCount": int(critical_count),
"managedCount": int(managed_count),
"errorCount": int(error_count)
}
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, response_body)
return common_utils.response(response, pm_logger)
def list_item_settings(trace_id, organization_id, project_id, coop_id,
group_filter):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リソース関連性のバリデーションチェックを行います。
# プロジェクトテーブルに、プロジェクトID{project_id}をキーとしてクエリを実行します。
try:
project = pm_projects.get_projects_by_organization_id(
trace_id, project_id, organization_id)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# プロジェクトに該当レコードが存在しなかった場合(取得件数が0件)
if (not project):
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# AWSアカウントAWSAccountは、AWSアカウント連携テーブルに、AWSアカウント連携ID{coop_id}をキーとしてクエリを実行します。
try:
awscoops_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 有効なAWSアカウントが存在しなかった場合(取得件数が0件)
if (not awscoops_item):
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# チェック項目除外情報を取得します。
account_refine_code = CommonConst.ACCOUNT_REFINE_CODE.format(
organization_id, project_id, awscoops_item['AWSAccount'])
try:
exclusion_items = pm_exclusionitems.query_filter_account_refine_code(
trace_id, account_refine_code, group_filter)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# マニュアル評価情報を取得します。
try:
assessment_items = pm_assessmentItems.query_filter_account_refine_code(
trace_id, account_refine_code, group_filter)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# リソース除外情報を取得します。
try:
exclusion_resources = pm_exclusionResources.query_filter_account_refine_code(
trace_id, account_refine_code, group_filter)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# メンバーズ加入アカウントの確認をします
members = common_utils.get_value('Members', awscoops_item, Members.Disable)
if (isinstance(members, Decimal)):
members = int(members)
# セキュリティチェック項目設定一覧の配列を作成します。
security_item_settings = []
list_check_item_code_exclusion = jmespath.search('[*].CheckItemCode',
exclusion_items)
list_check_item_code_assessment = jmespath.search('[*].CheckItemCode',
assessment_items)
list_check_item_code_exclusion_resource = jmespath.search(
'[*].CheckItemCode', exclusion_resources)
for check_item_code in LIST_CHECK_ITEM_CODE:
# リクエストパラメータgroupFilterにてフィルタ文字列が指定されていた場合、その文字列に該当するチェック項目コードを持つチェックだけ配列へ含めます。
if (common_utils.is_null(group_filter) is False
and group_filter not in check_item_code):
continue
# マネージド項目有無managedFlag
managed_flag = ManagedFlag.NotManaged
if (check_item_code in LIST_CHECK_ITEM_CODE_MANAGED):
if members == Members.Enable:
managed_flag = ManagedFlag.Managed
# チェック項目除外有無exclusionFlag
exclusion_flag = ExclusionFlag.Disable
if (check_item_code in list_check_item_code_exclusion):
exclusion_flag = ExclusionFlag.Enable
# マニュアル評価設定有無assessmentFlag
assessment_flag = AssessmentFlag.NotManual
if (check_item_code in LIST_CHECK_ITEM_CODE_ASSESSMENT):
assessment_flag = AssessmentFlag.NotAssessment
if (check_item_code in list_check_item_code_assessment):
assessment_flag = AssessmentFlag.Assessment
# リソース除外設定有無excludedResourceFlag
excluded_resource_flag = ExcludedResourceFlag.Other
if (check_item_code in LIST_CHECK_ITEM_CODE_EXCLUDED_RESOURCE):
excluded_resource_flag = ExcludedResourceFlag.Disable
if (check_item_code in list_check_item_code_exclusion_resource):
excluded_resource_flag = ExcludedResourceFlag.Enable
security_item_setting = {
"checkItemCode": check_item_code,
"managedFlag": managed_flag,
"exclusionFlag": exclusion_flag,
"assessmentFlag": assessment_flag,
"excludedResourceFlag": excluded_resource_flag
}
security_item_settings.append(security_item_setting)
# 作成したSecurityItemSettingの配列をレスポンスとして作成します。
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, security_item_settings)
return common_utils.response(response, pm_logger)
def execute_change_email(apply_id):
pm_logger = common_utils.begin_logger(apply_id, __name__,
inspect.currentframe())
# バリデーションチェックを行います
if common_utils.is_null(apply_id):
return common_utils.error_common(MsgConst.ERR_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# set default value
caller_service_name = 'insightwatch'
# S3から通知メール送信設定ファイルを取得します。
try:
config = FileUtils.read_yaml(apply_id, CommonConst.S3_SETTING_BUCKET,
CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL)
except PmError as e:
pm_logger.error(
"メールアドレス変更通知メール送信設定ファイルの取得に失敗しました。:s3://%s/%s",
common_utils.get_environ(CommonConst.S3_SETTING_BUCKET),
CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL)
common_utils.error_exception(MsgConst.ERR_S3_702,
HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
CommonConst.DEFAULT_RESPONSE_ERROR_PAGE[caller_service_name],
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
# set data response error page default
response_error_page = config[CommonConst.KEY_RESPONSE_ERROR_PAGE.format(
serviceName=caller_service_name)]
# メールアドレス変更申請テーブルから申請レコードを取得します。
try:
email_change_apply_info = pm_emailChangeApply.query_key(
apply_id, apply_id, None)
except PmError:
pm_logger.error("メールアドレス変更申請テーブルでレコード取得に失敗しました。変更申請ID: %s", apply_id)
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_error_page,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
if not email_change_apply_info:
pm_logger.warning("メールアドレス変更申請テーブルでレコードが存在しませんでした。変更申請ID: %s",
apply_id)
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_error_page,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
user_name = email_change_apply_info['UserID']
if common_utils.check_key('CallerServiceName', email_change_apply_info):
caller_service_name = email_change_apply_info['CallerServiceName']
# data response page
response_error_page = config[CommonConst.KEY_RESPONSE_ERROR_PAGE.format(
serviceName=caller_service_name)]
response_execute_change_email = config[
CommonConst.KEY_RESPONSE_EXECUTE_CHANGE_EMAIL.format(
serviceName=caller_service_name)]
# メールアドレス変更申請テーブルから取得した UserID でCognito に合致する該当するユーザー情報を取得します。
try:
user_info = aws_common.get_cognito_user_info_by_user_name(
apply_id, user_name)
except PmError:
pm_logger.error("Cognitoから情報取得に失敗しました。")
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_error_page,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
if not user_info:
pm_logger.warning("Cognitoにユーザーが存在しませんでした。ユーザーID: %s", user_name)
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_error_page,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
before_mail_address = email_change_apply_info['BeforeMailAddress']
after_mail_address = email_change_apply_info['AfterMailAddress']
# get cognito email
cognito_email = jmespath.search("[?Name=='email'].Value | [0]",
user_info['UserAttributes'])
if before_mail_address != cognito_email:
pm_logger.warning("変更前メールアドレスがCognitoのメールアドレスと合致しませんでした。")
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_error_page,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
# Cognitoのメールアドレスを変更する
try:
user_attributes = [{
'Name': 'email',
'Value': after_mail_address
}, {
'Name': 'email_verified',
'Value': 'true'
}]
aws_common.update_cognito_user_attributes(apply_id, user_name,
user_attributes)
except PmError:
pm_logger.error("Cognitoの項目変更に失敗しました。")
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_error_page,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
# get list affiliations
try:
affiliations = pm_affiliation.query_userid_key(apply_id, user_name)
except PmError:
pm_logger.error("ユーザー所属テーブルでレコード取得に失敗しました。")
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_error_page,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
for affiliation in affiliations:
try:
org_notify_mail_destinations = pm_orgNotifyMailDestinations.query_key(
apply_id, affiliation['OrganizationID'],
CommonConst.NOTIFY_CODE, None)
except PmError:
pm_logger.error("組織別通知メール宛先テーブルでレコード取得に失敗しました。")
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_error_page,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
if org_notify_mail_destinations:
destinations_update = []
for destination in org_notify_mail_destinations['Destinations']:
if destination['MailAddress'] == before_mail_address:
destination['MailAddress'] = after_mail_address
destinations_update.append(destination)
# update pm_orgNotifyMailDestinations
try:
attribute = {'Destinations': {"Value": destinations_update}}
pm_orgNotifyMailDestinations.update(
apply_id, org_notify_mail_destinations['OrganizationID'],
org_notify_mail_destinations['NotifyCode'], attribute)
except PmError:
pm_logger.error("組織別通知メール宛先テーブルでレコード更新に失敗しました。")
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_error_page,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
# update pm_affiliation
try:
attribute = {'MailAddress': {"Value": after_mail_address}}
pm_affiliation.update_affiliation(apply_id, affiliation['UserID'],
affiliation['OrganizationID'],
attribute,
affiliation['UpdatedAt'])
except PmError:
pm_logger.error("ユーザー所属テーブルでレコード更新に失敗しました。")
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_error_page,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
# メールアドレス変更申請テーブルで変更申請ID{applyid}をキーにして申請レコードを削除する。
try:
pm_emailChangeApply.delete(apply_id, apply_id)
except PmError:
pm_logger.error("メールアドレス変更申請テーブルでレコード削除に失敗しました。変更申請ID: %s", apply_id)
return common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_error_page,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
# data response
response = common_utils.get_response_by_response_body(
HTTPStatus.OK,
response_execute_change_email,
is_response_json=False,
content_type=CommonConst.CONTENT_TYPE_TEXT_HTML)
return common_utils.response(response, pm_logger)
def update_project(trace_id, project_id, organization_id, data_body):
# Get logging
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Parse JSON
try:
body_object = json.loads(data_body)
project_name = body_object["name"]
description = body_object["description"]
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# Validate
list_error = validate_project(trace_id, project_name)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# Get project
try:
project_item = pm_projects.get_projects_by_organization_id(
trace_id, project_id, organization_id)
except PmError as err:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
if not project_item:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# update project
if common_utils.is_null(description):
description = None
attribute = {
'ProjectName': {
"Value": project_name
},
'Description': {
"Value": description
}
}
updated_at = project_item[0]['UpdatedAt']
try:
pm_projects.update_project(trace_id, project_id, attribute, updated_at)
except PmError as err:
return common_utils.error_exception(MsgConst.ERR_DB_404,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
# Get data update
try:
project_result = pm_projects.get_projects(trace_id,
project_id,
convert_response=True)
except PmError as err:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, project_result[0])
# return data response
return common_utils.response(response, pm_logger)
def create_report(trace_id, email, organization_id, project_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
project = pm_projects.get_projects_by_organization_id(
trace_id, project_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 組織情報を取得します。
if (not project):
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# Parse JSON
try:
body_object = json.loads(data_body)
report_name = body_object["name"]
aws_accounts = body_object["awsAccounts"]
output_file_type = body_object["outputFileType"]
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# Validate
list_error = validate_report(trace_id, report_name, aws_accounts,
output_file_type)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# Create report
report_id = common_utils.get_uuid4()
status = Status.Waiting.value
html_output_status = Status.Waiting.value
excel_output_status = Status.Waiting.value
schema_version = CommonConst.SCHEMA_VERSION
try:
pm_reports.create_report(trace_id, report_id, report_name, email,
aws_accounts, status, None, None, None,
html_output_status, None, None,
excel_output_status, None, None,
schema_version, organization_id, project_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# AWS利用状況情報収集ジョブの設定
# レポート中間ファイル作成ジョブの設定
# レポート出力ジョブの設定
codes = [
'COLLECT_AWS_RESOURCE_INFO', 'OUTPUT_REPORT_JSON',
'OUTPUT_REPORT_EXCEL'
]
job_id = []
for code in codes:
response, job_id = job_report(trace_id, email, report_id, code, job_id)
if response:
# Delete report
pm_reports.delete_reports(trace_id, report_id)
return response
try:
report = pm_reports.query_report(trace_id, report_id, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return data response
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, report)
return common_utils.response(response, pm_logger)
def update_awscoop(trace_id, project_id, organization_id, coop_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Parse JSON
try:
body_object = json.loads(data_body)
aws_account = body_object["awsAccount"]
role_name = body_object["roleName"]
description = body_object["description"]
aws_account_name = body_object['awsAccountName']
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# Validate
list_error = validate_update_awscoop(aws_account, role_name)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# Get data AWSアカウント連携
try:
awscoops_item = pm_awsAccountCoops.get_awscoops_update(
trace_id, coop_id, project_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 組織情報を取得します。
if awscoops_item is None:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# ロールのアクセス確認
if common_utils.is_null(description):
description = None
if common_utils.is_null(aws_account_name):
aws_account_name = None
external_id = awscoops_item['ExternalID']
effective = Effective.Disable.value
members = None
if (checkaccess.check_access_to_aws(trace_id, aws_account, role_name,
external_id)):
effective = Effective.Enable.value
# IAMクライアントを用いて、IAMロールcm-membersportalを取得します。
try:
session = aws_common.create_session_client(trace_id, aws_account,
role_name, external_id)
members = IAMUtils.get_membership_aws_account(
trace_id, session, aws_account)
except PmError as e:
common_utils.write_log_pm_error(e, pm_logger, exc_info=True)
# update project
attribute = {
'AWSAccount': {
"Value": aws_account
},
'RoleName': {
"Value": role_name
},
'Description': {
"Value": description
},
'Effective': {
"Value": effective
},
'AWSAccountName': {
"Value": aws_account_name
}
}
if (members is not None):
attribute['Members'] = {"Value": members}
updated_at = awscoops_item['UpdatedAt']
try:
pm_awsAccountCoops.update_awscoops(trace_id, coop_id, attribute,
updated_at)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# Get data response
try:
awscoops_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id, convert_response=True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return data response
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, awscoops_item)
return common_utils.response(response, pm_logger)
def delete_organization(trace_id, email, organization_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
organization_item = pm_organizations.get_organization(
trace_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if (not organization_item):
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
try:
# delete organization
pm_organizations.delete_organization(trace_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_405,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
try:
# get affiliations get by organization id
affiliation_items = pm_affiliation.query_organization_index(
trace_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
for affiliation in affiliation_items:
try:
# delete affiliations get by organization id
pm_affiliation.delete_affiliation(affiliation["UserID"],
organization_id)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_DB_405, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
# set task informaiton request delete in Organization Tasks
task_id = common_utils.get_uuid4()
target = CommonConst.TARGET_DELETE_ORG_USER.format(
affiliation["UserID"], organization_id)
try:
# create task informaiton request delete in Organization Tasks
pm_organizationTasks.create_organizationTask(
trace_id, task_id, CommonConst.TASK_TYPE_CODE_DELETE_ORG_USER,
target, trace_id, email, Status.Waiting.value, 0, 3)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
try:
# Send message to organization topic task
aws_common.sns_organization_topic(
trace_id, task_id, CommonConst.TASK_TYPE_CODE_DELETE_ORG_USER)
except PmError as e:
common_utils.write_log_pm_error(e, pm_logger, exc_info=True)
# set task informaiton request delete in Organization Tasks
task_id = common_utils.get_uuid4()
try:
# create task informaiton request delete in Organization Tasks
pm_organizationTasks.create_organizationTask(
trace_id, task_id, CommonConst.TASK_TYPE_CODE_DELETE_ORG,
organization_id, trace_id, email, 0, 0, 3)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# Send message to organization topic task
aws_common.sns_organization_topic(trace_id, task_id,
CommonConst.TASK_TYPE_CODE_DELETE_ORG,
organization_id, trace_id)
# response if delete success
response = common_utils.get_response_by_response_body(
HTTPStatus.NO_CONTENT, None)
return common_utils.response(response, pm_logger)
def execute_copy_item_setting(trace_id, organization_id_destination,
project_id_destination, coop_id_destination,
body_object, email, user_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Parse JSON
try:
body_object_json = json.loads(body_object)
organization_id_source = body_object_json['copy_source'][
'organization_id']
project_id_source = body_object_json['copy_source']['project_id']
coop_id_source = body_object_json['copy_source']['coop_id']
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# アクセス権限チェックを行います。コピー元の組織ID
response_authority_source = checkauthority.authority(
trace_id, user_id, organization_id_source, Authority.Editor)
if response_authority_source:
return common_utils.response(response_authority_source, pm_logger)
# アクセス権限チェックを行います。コピー先の組織ID
response_authority_destination = checkauthority.authority(
trace_id, user_id, organization_id_destination, Authority.Editor)
if response_authority_destination:
return common_utils.response(response_authority_destination, pm_logger)
# リソース関連性のバリデーションチェックを行います。
# コピー元のAWSアカウント連携ID{coop_id}をキーとして、AWSアカウント連携テーブルへクエリを実行する。
try:
awscoops_item_source = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id_source)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 有効なAWSアカウントが存在しなかった場合(取得件数が0件)
if not awscoops_item_source:
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# コピー先のAWSアカウント連携ID{coopId}をキーとして、AWSアカウント連携テーブルへクエリを実行する。
try:
awscoops_item_destination = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id_destination)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 有効なAWSアカウントが存在しなかった場合(取得件数が0件)
if not awscoops_item_destination:
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# コピー元のチェック項目除外情報を取得します。
account_refine_code_source = CommonConst.ACCOUNT_REFINE_CODE.format(
organization_id_source, project_id_source,
awscoops_item_source['AWSAccount'])
try:
exclusion_items_source = pm_exclusionitems.query_filter_account_refine_code(
trace_id, account_refine_code_source)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# コピー元のマニュアル評価情報を取得します。
try:
assessment_items_source = pm_assessmentItems.query_filter_account_refine_code(
trace_id, account_refine_code_source)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# PM_AssessmentItemsとPM_ExclusionItems両方のレコードが取得できなかった場合、エラーログを出力してエラーレスポンスを返します。
if len(exclusion_items_source) == 0 and len(assessment_items_source) == 0:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
aws_account_destination = awscoops_item_destination['AWSAccount']
account_refine_code_destination = CommonConst.ACCOUNT_REFINE_CODE.format(
organization_id_destination, project_id_destination,
aws_account_destination)
time_to_live_exclusion_destination = common_utils.get_time_to_live(
CommonConst.EXCLUSION_EXPIRATION_DATE)
# 作成処理は、先に取得した「コピー元のチェック項目除外情報」のレコード数分、繰り返します。
try:
for exclusion_item in exclusion_items_source:
exclusion_item_id_destination = CommonConst.EXCLUSIONITEM_ID.format(
organization_id_destination, project_id_destination,
aws_account_destination, exclusion_item['CheckItemCode'])
pm_exclusionitems.create(
trace_id, exclusion_item_id_destination,
organization_id_destination, project_id_destination,
aws_account_destination, exclusion_item['CheckItemCode'],
time_to_live_exclusion_destination,
common_utils.get_value("ExclusionComment", exclusion_item),
user_id, email, account_refine_code_destination)
except Exception:
return common_utils.error_common(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
pm_logger)
time_to_live_assessment_destination = common_utils.get_time_to_live(
CommonConst.ASSESSMENT_EXPIRATION_DATE)
# 作成処理は、先に取得した「コピー元のマニュアル評価情報」のレコード数分、繰り返します。
try:
for assessment_item in assessment_items_source:
assessment_item_id_destination = CommonConst.ASSESSMENTITEM_ID.format(
organization_id_destination, project_id_destination,
aws_account_destination, assessment_item['CheckItemCode'])
pm_assessmentItems.create(
trace_id, assessment_item_id_destination,
organization_id_destination, project_id_destination,
aws_account_destination, assessment_item['CheckItemCode'],
time_to_live_assessment_destination,
common_utils.get_value("AssessmentComment", assessment_item),
user_id, email, account_refine_code_destination)
except Exception:
return common_utils.error_common(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
pm_logger)
# return response data
response = common_utils.get_response_by_response_body(
HTTPStatus.NO_CONTENT, None)
return common_utils.response(response, pm_logger)
def create_excluded_resources(trace_id, user_id, organization_id, project_id,
coop_id, check_item_code, email, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# AWSアカウントAWSAccountは、AWSアカウント連携テーブルに、AWSアカウント連携ID{coop_id}をキーとしてクエリを実行します。
try:
awscoops_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 有効なAWSアカウントが存在しなかった場合(取得件数が0件)
if (not awscoops_item):
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# チェック項目コード
if check_item_code not in LIST_CHECK_ITEM_CODE_EXCLUDED_RESOURCE:
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# リクエストボディのJSONでパースエラーが発生した場合は、エラーログを出力してエラーレスポンスを返します。
try:
body_object = json.loads(data_body)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
region_name = common_utils.get_value("regionName", body_object, None)
resource_type = common_utils.get_value("resourceType", body_object, None)
resource_name = common_utils.get_value("resourceName", body_object, None)
exclusion_comment = common_utils.get_value("exclusionComment", body_object,
None).strip()
# 全てのチェックを行い、エラーがあった場合はエラーログを出力してエラーレスポンスを返します。
list_error = validate_create_excluded_resources(region_name, resource_type,
resource_name,
exclusion_comment)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
aws_account = awscoops_item['AWSAccount']
check_item_refine_code = CommonConst.CHECK_ITEM_REFINE_CODE.format(
organization_id, project_id, aws_account, check_item_code)
try:
excluded_resource = pm_exclusionResources.query_filter_region_name_and_resource_name(
trace_id, check_item_refine_code, region_name, resource_type,
resource_name)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not excluded_resource:
exclusion_resource_id = common_utils.get_uuid4()
account_refine_code = CommonConst.ACCOUNT_REFINE_CODE.format(
organization_id, project_id, aws_account)
time_to_live_date = date_utils.get_current_date() + timedelta(days=180)
time_to_live = Decimal(time_to_live_date.timestamp())
# リソース除外設定テーブルに除外設定レコードを作成します。
try:
pm_exclusionResources.create(
user_id, exclusion_resource_id, organization_id, project_id,
aws_account, check_item_code, region_name, resource_type,
resource_name, exclusion_comment, email, account_refine_code,
check_item_refine_code, time_to_live)
except Exception as e:
return common_utils.error_exception(
MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
else:
exclusion_resource_id = excluded_resource[0]["ExclusionResourceID"]
attribute = {'ExclusionComment': {"Value": exclusion_comment}}
try:
pm_exclusionResources.update(trace_id, exclusion_resource_id,
attribute)
except Exception as e:
return common_utils.error_exception(
MsgConst.ERR_DB_404, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
try:
excluded_resource_new = pm_exclusionResources.query_key(
trace_id, exclusion_resource_id, True)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return response data
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, excluded_resource_new)
return common_utils.response(response, pm_logger)
def delete_excluded_resources(trace_id, organization_id, project_id,
check_item_code, coop_id, region_name,
resource_type, resource_name):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# validate param query string of delete exclusion resource
list_error = validate_excluded_resources(region_name,
resource_type,
resource_name,
is_query_string=True)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# リソース関連性のバリデーションチェックを行います。
try:
awscoop_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not awscoop_item:
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
check_item_refine_code = CommonConst.CHECK_ITEM_REFINE_CODE.format(
organization_id, project_id, awscoop_item['AWSAccount'],
check_item_code)
# リソース除外設定情報を取得します。
try:
exclusion_resources = pm_exclusionResources.query_check_item_refine_code(
trace_id, check_item_refine_code)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not exclusion_resources:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
patern_filter_data = "[?RegionName == '{0}' && ResourceType == '{1}' && ResourceName == '{2}']".format(
region_name, resource_type, resource_name)
list_exclusion_resource_delete = jmespath.search(patern_filter_data,
exclusion_resources)
if len(list_exclusion_resource_delete) == 0:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# リソース除外設定情報を削除します。
for exclusion_resource_delete in list_exclusion_resource_delete:
try:
pm_exclusionResources.delete(
trace_id, exclusion_resource_delete['ExclusionResourceID'])
except Exception as e:
return common_utils.error_exception(
MsgConst.ERR_DB_405, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
# return response data
response = common_utils.get_response_by_response_body(
HTTPStatus.NO_CONTENT, None)
return common_utils.response(response, pm_logger)
def create_excluesion_item(trace_id, user_id, organization_id, project_id,
email, check_item_code, coop_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リソース関連性のバリデーションチェックを行います。
try:
awscoop_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id)
except Exception as err:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
if not awscoop_item:
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# リクエストボディのJSONでパースエラーが発生した場合は、エラーログを出力してエラーレスポンスを返します。
try:
body_object = json.loads(data_body)
exclusion_comment = body_object["exclusionComment"].strip()
except Exception as err:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, err,
pm_logger, True)
# 全てのチェックを行い、エラーがあった場合はエラーログを出力してエラーレスポンスを返します。
list_error = validate_insert(exclusion_comment)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# チェック項目除外設定テーブルに除外設定レコードを作成します。
aws_account = awscoop_item['AWSAccount']
exclusion_item_id = CommonConst.EXCLUSIONITEM_ID.format(
organization_id, project_id, aws_account, check_item_code)
account_refine_code = CommonConst.ACCOUNT_REFINE_CODE.format(
organization_id, project_id, aws_account)
time_to_live_date = date_utils.get_current_date() + timedelta(days=180)
time_to_live = Decimal(time_to_live_date.timestamp())
try:
pm_exclusionitems.create(trace_id, exclusion_item_id, organization_id,
project_id, aws_account, check_item_code,
time_to_live, exclusion_comment, user_id,
email, account_refine_code)
except Exception as e:
return common_utils.error_common(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
pm_logger)
try:
exclusion_item = pm_exclusionitems.query_key(trace_id,
exclusion_item_id, True)
except Exception as err:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
# return response data
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, exclusion_item)
return common_utils.response(response, pm_logger)
def job_report(trace_id, email, report_id, code, job_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
report_job_def = pm_batchJobDefs.query_report_job_def_key(
trace_id, code)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True), None
if not report_job_def:
pm_logger.error("ジョブ定義情報が取得できませんでした。:" + code)
return common_utils.error_common(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
pm_logger), None
# ログID(UUID(v4))
log_id = common_utils.get_uuid4()
# AWS Batch
job_name = code + "-" + log_id
job_queue = report_job_def['JobQueue']
job_definition = report_job_def['JobDefinition']
parameters = {
"ReportID": "--reportId=" + report_id,
"LogID": "--logId=" + log_id
}
container_overrides = {}
if (common_utils.check_key('Environment', report_job_def)
and len(report_job_def['Environment']) > 0):
container_overrides = report_job_def['Environment']
max_retry = report_job_def['MaxRetry']
try:
# submid job
job_id, parameter = aws_common.submit_job(trace_id, job_name,
job_queue, job_id,
job_definition, parameters,
container_overrides,
max_retry)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_AWS_601,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True), None
# Create ReportJobLogs
user_id = trace_id
# 配列内のオブジェクトとして格納されていたので、job_idのみを抽出する(暫定対応)
job_id_key = job_id[0]['jobId']
date_now = common_utils.get_current_date()
try:
report_log = {
'ReportID': report_id,
'LogID': log_id,
'Code': code,
'UserID': user_id,
'MailAddress': email,
'JobID': job_id_key,
'Parameter': parameter,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
s3_file_name = CommonConst.PATH_REPORT_BATCH.format(
report_id, log_id + ".json")
FileUtils.upload_json(trace_id, "S3_BATCH_LOG_BUCKET", report_log,
s3_file_name)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_S3_701,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True), None
return common_utils.response(None, pm_logger), job_id
def update_authority(trace_id, organization_id, user_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Parse JSON
try:
body_object = json.loads(data_body)
authority = body_object["authority"]
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# Validate
list_error = common_utils.validate_authority(trace_id, authority)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# check the update condition
if user_id == trace_id and authority != Authority.Owner.value:
try:
count = pm_affiliation.query_users_check_authority_count(
trace_id, user_id, organization_id, Authority.Owner)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
if count == 0:
return common_utils.error_common(MsgConst.ERR_REQUEST_203,
HTTPStatus.PRECONDITION_FAILED,
pm_logger)
# get user to update
try:
user = pm_affiliation.query(user_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not user:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# update user authority
attribute = {'Authority': {"Value": authority}}
updated_at = user[0]['UpdatedAt']
try:
pm_affiliation.update_affiliation(trace_id, user_id, organization_id,
attribute, updated_at)
except PmError as err:
return common_utils.error_exception(MsgConst.ERR_DB_404,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
# Get data update
try:
user_result = pm_affiliation.get_affiliation(user_id, organization_id,
True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, user_result)
# return data response
return common_utils.response(response, pm_logger)
def create_organization(trace_id, email, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Parse JSON
try:
body_object = json.loads(data_body)
organization_name = body_object["name"]
contract = body_object["contract"]
contract_status = body_object["contractStatus"]
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# Validate
list_error = validate_insert(organization_name, contract, contract_status)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# Create Organization
organization_id = str(uuid.uuid4())
try:
pm_organizations.create_organization(trace_id, organization_id,
organization_name, contract,
contract_status)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# Create Affiliation
try:
pm_affiliation.create_affiliation(trace_id, email, trace_id,
organization_id,
Authority.Owner.value,
InvitationStatus.Belong.value)
except PmError as e:
# Delete Organizations
pm_organizations.delete_organization(trace_id, organization_id)
# 例外スタックトレースをログに出力する。
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 組織情報を取得します。
try:
organization_item = pm_organizations.get_organization(
trace_id, organization_id, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, organization_item)
# return data response
return common_utils.response(response, pm_logger)
def create_invite(trace_id, organization_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
attributesToGet = "email_verified"
key = "Name"
value = "Value"
# Parse JSON
try:
body_object = json.loads(data_body)
mail_address = body_object["mailAddress"]
authority = body_object["authority"]
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# validate authority
list_error = validate_params_invite(trace_id, mail_address, authority)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# get list cognito users
try:
list_users = aws_common.get_cognito_user_pools(trace_id, mail_address,
attributesToGet)
if len(list_users) == 0:
list_error = []
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_999,
"mail_address", mail_address))
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
list_user_verified = []
for user in list_users:
# get value of key email_verified in attribute
for user_attr in user["Attributes"]:
if common_utils.check_key(
key, user_attr) and user_attr[key] == attributesToGet:
email_verified = user_attr[value]
# check email_verified is true
if email_verified == "true":
list_user_verified.append(user["Username"])
if len(list_user_verified) == 0:
list_error = []
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_999,
"mail_address", mail_address))
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_COGNITO_501,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# get affiliation
try:
user_id = list_user_verified[0]
affiliation = pm_affiliation.get_affiliation(user_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if affiliation and affiliation["InvitationStatus"] != InvitationStatus.Deny:
return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT,
pm_logger)
# get organization
try:
organization = pm_organizations.get_organization(
trace_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not organization:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# create affiliation
try:
pm_affiliation.create_affiliation(trace_id, mail_address, user_id,
organization_id, authority,
InvitationStatus.Invited)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# get affiliation just create new to response
try:
affiliation_created = pm_affiliation.get_affiliation(
user_id, organization_id, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, affiliation_created)
# return data response
return common_utils.response(response, pm_logger)
def create_notifymail(trace_id, organization_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リクエストボディのJSONでパースエラーが発生した場合は、ログを出力してエラーレスポンスを返します。
try:
body_object = json.loads(data_body)
notify_code = body_object["notifyCode"]
users = body_object["users"]
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# 全てのチェックを行い、エラーがあった場合はログを出力してエラーレスポンスを返します。
list_error = validate_notifymail(notify_code, users)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# 宛先ユーザーのメールアドレスを取得します。
destinations = []
for user_id in users:
try:
affiliation = pm_affiliation.get_affiliation(
user_id, organization_id)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
# レコードが取得できなかった場合、そのユーザーは宛先ユーザーから除外します。
if (not affiliation):
continue
# 宛先ユーザー配列は、ユーザーIDとメールアドレスを属性として持つオブジェクトの配列として表現します。
destination = {
"UserID": user_id,
"MailAddress": affiliation['MailAddress']
}
destinations.append(destination)
if len(destinations) == 0:
list_error = []
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_999, "users",
users))
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# 宛先情報を作成します。
try:
pm_orgNotifyMailDestinations.create(trace_id, organization_id,
notify_code, destinations)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 宛先情報を取得します。
try:
result = pm_orgNotifyMailDestinations.query_key(
trace_id, organization_id, notify_code, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, result)
# return data response
return common_utils.response(response, pm_logger)
def execute_force_invites(trace_id, body_object, organization_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# parse json
try:
body_object_json = json.loads(body_object)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
caller_service_name = common_utils.get_value("callerServiceName",
body_object_json, None)
mail_lang = common_utils.get_value("mailLang", body_object_json, None)
mail_address = common_utils.get_value("mailAddress", body_object_json,
None)
authority = common_utils.get_value("authority", body_object_json, None)
# validate param execute invite unregistered
list_error = validate_param_invite_unregistered_user(
trace_id, mail_lang, caller_service_name, mail_address, authority)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# get list cognito users
try:
list_users = aws_common.get_cognito_user_pools(trace_id, mail_address)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_COGNITO_501,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if list_users:
return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT,
pm_logger)
# regist Cognito UserPools
temporary_password = ''
pattern = re.compile(CommonConst.FORMAT_PASSWORD_TEMPORARY)
while pattern.match(temporary_password) is None:
temporary_password = common_utils.get_password_temporary(
CommonConst.NUMBER_CHARACTERS_PASSWORD_TEMPORARY)
user_attributes = [{"Name": "email", "Value": mail_address}]
user_name = common_utils.get_uuid4()
message_action = MessageAction.Suppress
try:
aws_common.process_admin_create_user_pools(trace_id, user_name,
user_attributes,
temporary_password,
message_action)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_COGNITO_501,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# enable confirm email
try:
user_attributes = [{'Name': 'email_verified', 'Value': 'true'}]
aws_common.update_cognito_user_attributes(trace_id, user_name,
user_attributes)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_COGNITO_501,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# get affiliation
try:
affiliation = pm_affiliation.get_affiliation(user_name,
organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if affiliation and affiliation["InvitationStatus"] != InvitationStatus.Deny:
return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT,
pm_logger)
# get organization
try:
organization = pm_organizations.get_organization(
trace_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if len(organization) == 0:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# create affiliation
try:
pm_affiliation.create_affiliation(trace_id, mail_address, user_name,
organization_id, authority,
InvitationStatus.Invited)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# Get data affiliation
try:
affiliation_result = pm_affiliation.get_affiliation(
user_name, organization_id, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# Get data user_attribute
try:
user_attribute = pm_userAttribute.query_key(trace_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# S3から通知メール送信設定ファイルを取得します。
try:
config = FileUtils.read_yaml(trace_id, CommonConst.S3_SETTING_BUCKET,
CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL)
except PmError as e:
pm_logger.error("メール送信設定ファイルの取得に失敗しました。:s3://{0}/{1}".format(
common_utils.get_environ(CommonConst.S3_SETTING_BUCKET),
CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL))
return common_utils.error_exception(MsgConst.ERR_S3_702,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# メッセージ本文を作成します。
path_file_template = config[
CommonConst.KEY_GET_PATH_FILE_TEMPLATE_USER_INVITE_MAIL.format(
language=mail_lang, serviceName=caller_service_name)]
try:
template_body_mail = FileUtils.read_decode(
trace_id, CommonConst.S3_SETTING_BUCKET, path_file_template)
except PmError as e:
pm_logger.error("招待メール本文テンプレートファイルの取得に失敗しました。:s3://{0}/{1}".format(
common_utils.get_environ(CommonConst.S3_SETTING_BUCKET),
path_file_template))
return common_utils.error_exception(MsgConst.ERR_S3_702,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# SESで通知メールを送信します。
bcc_addresses = [mail_address]
user_name_sign_in = common_utils.get_value("UserName", user_attribute,
None)
if not user_name_sign_in:
try:
affiliation_sign_in = pm_affiliation.get_affiliation(
trace_id, organization_id)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
user_name_sign_in = common_utils.get_value("MailAddress",
affiliation_sign_in, None)
organization_name = common_utils.get_value("OrganizationName",
organization, None)
time_zone = date_utils.get_time_zone_by_language(mail_lang)
time_to_live_date = date_utils.get_current_date() + timedelta(days=6)
time_to_live = date_utils.toString(time_to_live_date,
date_utils.PATTERN_YYYYMMDD_SLASH,
time_zone)
template_body_mail = Template(template_body_mail)
context = {
'mailAddress': mail_address,
'userName': user_name_sign_in,
'organizationName': organization_name,
'temporaryPassword': temporary_password,
'timeToLive': time_to_live
}
body_mail = template_body_mail.render(context)
mail_subject = config[CommonConst.KEY_MAIL_SUBJECT_USER_INVITE.format(
language=mail_lang, serviceName=caller_service_name)]
mail_from = config[CommonConst.KEY_INVITE_MAIL_FROM_SERVICE.format(
serviceName=caller_service_name)]
ses_region = config['ses.region']
try:
aws_common.send_email(user_name, ses_region, mail_from, bcc_addresses,
mail_subject, body_mail)
except PmError as e:
pm_logger.error("通知メール送信に失敗しました。")
return common_utils.error_exception(MsgConst.ERR_SES_801,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, affiliation_result)
# return data response
return common_utils.response(response, pm_logger)
def apply_change_email(user_id, mail_before_change, data_body):
pm_logger = common_utils.begin_logger(user_id, __name__,
inspect.currentframe())
# Parse JSON
try:
body_object = json.loads(data_body)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
mail_after_change = common_utils.get_value("mailAddress", body_object,
None)
caller_service_name = common_utils.get_value("callerServiceName",
body_object, None)
mail_lang = common_utils.get_value("mailLang", body_object, None)
# validate
list_errors = validate_param_apply_change_email(user_id, mail_lang,
caller_service_name,
mail_before_change)
if list_errors:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_errors, pm_logger)
# Cognito UserPoolsから変更するメールアドレス{mailaddress}に該当するユーザー情報情報を取得します。
try:
list_users = aws_common.get_cognito_user_pools(user_id,
mail_after_change,
"email")
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_COGNITO_501,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if list_users:
return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT,
pm_logger)
# メールアドレス変更申請テーブルから申請レコードを取得します。
try:
list_email_change_apply = pm_emailChangeApply.query_user_index(user_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if list_email_change_apply:
return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT,
pm_logger)
# メールアドレス変更申請テーブルに申請レコードを作成します。
apply_id = common_utils.get_uuid4()
time_to_live = common_utils.get_time_to_live(
CommonConst.EMAIL_CHANGE_APPLY_EXPIRATION_DATE)
try:
pm_emailChangeApply.create(user_id, apply_id, mail_before_change,
mail_after_change, time_to_live,
caller_service_name)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# get record PM_EmailChangeApply
try:
result = pm_emailChangeApply.query_key(user_id,
apply_id,
convert_response=True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# S3から通知メール送信設定ファイルを取得します。
try:
config = FileUtils.read_yaml(user_id, CommonConst.S3_SETTING_BUCKET,
CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL)
except PmError as e:
pm_logger.error(
"メールアドレス変更通知メール送信設定ファイルの取得に失敗しました。:s3://%s/%s",
common_utils.get_environ(CommonConst.S3_SETTING_BUCKET),
CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL)
return common_utils.error_exception(MsgConst.ERR_S3_702,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
path_file_template = config[
CommonConst.KEY_GET_PATH_FILE_TEMPLATE_MAIL_SERVICE.format(
language=mail_lang, serviceName=caller_service_name)]
# 通知メール本文を作成
try:
template_body_mail = FileUtils.read_decode(
user_id, CommonConst.S3_SETTING_BUCKET, path_file_template)
except PmError as e:
pm_logger.error(
"メールアドレス変更通知メール本文テンプレートファイルの取得に失敗しました。:s3://%s/%s",
common_utils.get_environ(CommonConst.S3_SETTING_BUCKET),
path_file_template)
return common_utils.error_exception(MsgConst.ERR_S3_702,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# SESで通知メールを送信します。
bcc_addresses = [mail_after_change]
template_body_mail = Template(template_body_mail)
body_mail = template_body_mail.render(ApplyID=apply_id)
mail_subject = config[CommonConst.KEY_MAIL_SUBJECT_SERVICE.format(
language=mail_lang, serviceName=caller_service_name)]
mail_form = config[CommonConst.KEY_MAIL_FROM_SERVICE.format(
serviceName=caller_service_name)]
try:
aws_common.send_email(user_id, config['ses.region'], mail_form,
bcc_addresses, mail_subject, body_mail)
except PmError as e:
pm_logger.error("通知メール送信に失敗しました。")
return common_utils.error_exception(MsgConst.ERR_SES_801,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return data response
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, result)
return common_utils.response(response, pm_logger)
def execute_security_check_from_external(trace_id, webhook_path):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
webhook = None
try:
webhooks = pm_securityCheckWebhook.query_webhook_index(
trace_id, webhook_path, convert_response=True)
if (webhooks):
webhook = pm_securityCheckWebhook.query_key(
trace_id, webhooks[0]['id'])
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not webhook:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
if not webhook['Enabled']:
return common_utils.error_common(MsgConst.ERR_REQUEST_203,
HTTPStatus.FORBIDDEN, pm_logger)
user_id = webhook['UserID']
email = webhook['MailAddress']
organization_id = webhook['OrganizationID']
project_id = webhook['ProjectID']
id = webhook['SecurityCheckWebhookID']
try:
histories = pm_securityCheckWebhookCallHistory.query(trace_id, id)
if histories:
yesterday = datetime.now(timezone.utc) - timedelta(days=1)
recentries = list(
filter(
lambda h: datetime.strptime(h['CreatedAt'], '%Y-%m-%d %H:%M:%S.%f').astimezone(timezone.utc) > yesterday and h['ExecutedStatus'] == 'Success',
histories))
if len(recentries) >= webhook['MaxDailyExecutedCount']:
return common_utils.error_common(MsgConst.ERR_REQUEST_203,
HTTPStatus.TOO_MANY_REQUESTS,
pm_logger)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = execute_security_check_with_executed_type(
trace_id, organization_id, project_id, user_id, email,
ExecutedType.External)
executed_status = 'Success' if response[
'statusCode'] == HTTPStatus.CREATED else 'Failure'
try:
pm_securityCheckWebhookCallHistory.create(trace_id, id,
executed_status)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
return response
def update_user_attributes(user_id, data_body):
pm_logger = common_utils.begin_logger(user_id, __name__,
inspect.currentframe())
try:
body_object = json.loads(data_body)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
try:
user = pm_userAttribute.query_key(user_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
user_name = get_data_json_by_key("userName", body_object)
company_name = get_data_json_by_key("companyName", body_object)
department_name = get_data_json_by_key("departmentName", body_object)
company_flg = common_utils.get_value("companyFlg", body_object, None)
country_code = get_data_json_by_key("countryCode", body_object)
caller_service_name = common_utils.get_value("callerServiceName",
body_object, None)
# validate param info user attribute
list_error = validate_info_user_attribute(caller_service_name)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
if user is None:
# Create User
try:
pm_userAttribute.create(user_id, user_name, company_name,
department_name, MailStatus.Normal,
company_flg, country_code,
caller_service_name)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
else:
# Update User
attribute = {
'UserName': {
"Value": user_name
},
'CompanyName': {
"Value": company_name
},
'DepartmentName': {
"Value": department_name
}
}
if company_flg is not None:
attribute['CompanyFlg'] = {"Value": company_flg}
if country_code is not None:
attribute['CountryCode'] = {"Value": country_code}
try:
pm_userAttribute.update(user_id, attribute)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_DB_404, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
# Get data response
try:
user = pm_userAttribute.query_key(user_id, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return data response
response = common_utils.get_response_by_response_body(HTTPStatus.OK, user)
return common_utils.response(response, pm_logger)
def create_assessment_item(trace_id, user_id, organization_id, project_id,
coop_id, check_item_code, email, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# AWSアカウントAWSAccountは、AWSアカウント連携テーブルに、AWSアカウント連携ID{coop_id}をキーとしてクエリを実行します。
try:
awscoops_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 有効なAWSアカウントが存在しなかった場合(取得件数が0件)
if (not awscoops_item):
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# リクエストボディのJSONでパースエラーが発生した場合は、エラーログを出力してエラーレスポンスを返します。
try:
body_object = json.loads(data_body)
assessment_comment = body_object["assessmentComment"].strip()
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# 全てのチェックを行い、エラーがあった場合はエラーログを出力してエラーレスポンスを返します。
list_error = validate_insert_assessment(check_item_code,
assessment_comment)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# 評価結果テーブルに評価レコードを作成します。
aws_account = awscoops_item['AWSAccount']
assessment_item_id = CommonConst.ASSESSMENTITEM_ID.format(
organization_id, project_id, aws_account, check_item_code)
account_refine_code = CommonConst.ACCOUNT_REFINE_CODE.format(
organization_id, project_id, aws_account)
time_to_live_date = date_utils.get_current_date() + timedelta(days=180)
time_to_live = Decimal(time_to_live_date.timestamp())
try:
pm_assessmentItems.create(trace_id, assessment_item_id,
organization_id, project_id, aws_account,
check_item_code, time_to_live,
assessment_comment, user_id, email,
account_refine_code)
except Exception:
return common_utils.error_common(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
pm_logger)
try:
assessment_item = pm_assessmentItems.query_key(trace_id,
assessment_item_id,
True)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return response data
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, assessment_item)
return common_utils.response(response, pm_logger)
