def get_notifyslack(trace_id, organization_id, notify_code):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# 全てのチェックを行い、エラーがあった場合はログを出力してエラーレスポンスを返します。
list_error = validate_notifyslack(notify_code)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# Slack通知設定情報を取得します。
try:
result = pm_orgNotifySlack.query_key(trace_id, organization_id,
notify_code, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not result:
return common_utils.get_response_by_response_body(HTTPStatus.OK, [])
# return data
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, result)
return common_utils.response(response, pm_logger)
def get_securitycheck_awsacntsummary(user_id, aws_account):
trace_id = user_id
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# 所属組織リストを取得します。
try:
affiliations = pm_affiliation.query_userid_key_invite(
trace_id, user_id, InvitationStatus.Belong)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if (not affiliations):
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, [])
return common_utils.response(response, pm_logger)
response_bodys = []
for affiliation in affiliations:
try:
# 最新チェック結果テーブルから組織ID をキーとして、クエリを行います。
list_latest_check_result = pm_latestCheckResult.query_organization_id(
trace_id, affiliation['OrganizationID'])
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
if (not list_latest_check_result):
continue
for latest_check_result in list_latest_check_result:
try:
list_check_result = pm_checkResults.query_history_index_by_awsaccount(
trace_id, aws_account,
latest_check_result['CheckHistoryID'], True)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
if (not list_check_result):
continue
response_bodys.extend(list_check_result)
if aws_account is not None:
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, response_bodys)
return common_utils.response(response, pm_logger)
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, response_bodys)
return common_utils.response(response, pm_logger)
def get_report(trace_id, report_id, organization_id, project_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
report = pm_reports.query_report_filter_organization_project(
trace_id,
report_id,
project_id,
organization_id,
convert_response=True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 組織情報を取得します。
if (not report):
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# response when do success
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, report[0])
return common_utils.response(response, pm_logger)
def delete_awscoop(trace_id, coop_id, organization_id, project_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
awscoops = pm_awsAccountCoops.get_awscoops_update(
trace_id, coop_id, project_id, organization_id)
except PmError as err:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
if awscoops is None:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
try:
pm_awsAccountCoops.delete_awscoops(trace_id, coop_id)
except PmError as err:
return common_utils.error_exception(MsgConst.ERR_DB_405,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
# response if delete success
response = common_utils.get_response_by_response_body(
HTTPStatus.NO_CONTENT, None)
return common_utils.response(response, pm_logger)
def get_myorganizations(trace_id, user_id, invite_status):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Validate
list_error = common_utils.validate_invite_status(trace_id, invite_status)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
try:
# get list affiliations by email,email get from event
affiliations = pm_affiliation.query_userid_key_invite(
trace_id, user_id, int(invite_status), True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
result = []
for affiliation in affiliations:
try:
# get organization by organization id
organization = pm_organizations.get_organization(
trace_id, affiliation["organizationId"], True)
affiliation.pop('organizationId', None)
affiliation['organization'] = organization
result.append(affiliation)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
# return data
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, affiliations)
return common_utils.response(response, pm_logger)
def delete_notifymail(trace_id, organization_id, notify_code):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# 全てのチェックを行い、エラーがあった場合はログを出力してエラーレスポンスを返します。
list_error = validate_notifymail(notify_code)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
try:
result = pm_orgNotifyMailDestinations.query_key(
trace_id, organization_id, notify_code)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if (not result):
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
try:
pm_orgNotifyMailDestinations.delete(trace_id, organization_id,
notify_code)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_404,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return response data
response = common_utils.get_response_by_response_body(
HTTPStatus.NO_CONTENT, None)
return common_utils.response(response, pm_logger)
def delete_user(trace_id, organization_id, user_id, email):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# check the deletion condition
if user_id == trace_id:
try:
count = pm_affiliation.query_users_check_authority_count(
trace_id, user_id, organization_id, Authority.Owner)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
if count == 0:
return common_utils.error_common(MsgConst.ERR_REQUEST_203,
HTTPStatus.PRECONDITION_FAILED,
pm_logger)
# get user to delete
try:
user = pm_affiliation.query(user_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not user:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# delete user
try:
pm_affiliation.delete_affiliation(user_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_405,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# set task informaiton request delete in Organization Tasks
task_id = str(uuid.uuid4())
target = CommonConst.TARGET_DELETE_ORG_USER.format(user_id,
organization_id)
try:
# create task informaiton request delete in Organization Tasks
pm_organizationTasks.create_organizationTask(
trace_id, task_id, CommonConst.TASK_TYPE_CODE_DELETE_ORG_USER,
target, trace_id, email, Status.Waiting.value, 0, 3)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
try:
# Send message to organization topic task
aws_common.sns_organization_topic(
trace_id, task_id, CommonConst.TASK_TYPE_CODE_DELETE_ORG_USER)
except PmError as e:
common_utils.write_log_pm_error(e, pm_logger, exc_info=True)
response = common_utils.get_response_by_response_body(
HTTPStatus.NO_CONTENT, None)
return common_utils.response(response, pm_logger)
def update_organization(trace_id, organization_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Parse JSON
try:
body_object = json.loads(data_body)
organization_name = body_object["name"]
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# Validate
list_error = validate_update(organization_name)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# Databaseから組織情報を取得する
try:
organization_item = pm_organizations.get_organization(
trace_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if (not organization_item):
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# Update Organization
attribute = {'OrganizationName': {"Value": organization_name}}
updated_at = organization_item['UpdatedAt']
try:
pm_organizations.update_organization(trace_id, organization_id,
attribute, updated_at)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_404,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# Get data update
try:
organization_result = pm_organizations.get_organization(
trace_id, organization_id, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, organization_result)
# return data response
return common_utils.response(response, pm_logger)
def execute_security_check_with_executed_type(trace_id, organization_id,
project_id, user_id, email,
executed_type):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リソース関連性のバリデーションチェックを行います。
try:
project = pm_projects.get_projects_by_organization_id(
trace_id, project_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not project:
return common_utils.error_common(
MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger)
try:
check_history_id = common_utils.get_uuid4()
executed_date_time = common_utils.get_current_date()
pm_checkHistory.create(trace_id, check_history_id, organization_id,
project_id, CHECK_SECURITY, CheckStatus.Waiting,
None, executed_type, None, executed_date_time,
None, user_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
try:
topic_arn = common_utils.get_environ(
CommonConst.SECURITYCHECK_EXECUTE_TOPIC)
subject = "USER : {0}".format(user_id)
message = {
'CheckHistoryId': check_history_id
}
# Publish message
aws_common.aws_sns(trace_id, subject, json.dumps(message), topic_arn)
except PmError as e:
common_utils.write_log_pm_error(e, pm_logger, exc_info=True)
try:
check_history = pm_checkHistory.query_key(trace_id, check_history_id,
True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return data response
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, check_history)
return common_utils.response(response, pm_logger)
def get_user_attributes(user_id):
pm_logger = common_utils.begin_logger(user_id, __name__,
inspect.currentframe())
try:
user = pm_userAttribute.query_key(user_id, True)
if user is None:
user = {}
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# data response
response = common_utils.get_response_by_response_body(HTTPStatus.OK, user)
return common_utils.response(response, pm_logger)
def create_awscoops(trace_id, project_id, organization_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
project = pm_projects.get_projects_by_organization_id(
trace_id, project_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 組織情報を取得します。
if (not project):
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# Create AWSアカウント連携
coop_id = str(uuid.uuid4())
aws_account = CommonConst.UNKNOWN
aws_account_name = None
role_name = None
external_id = str(uuid.uuid4())
description = None
effective = Effective.UnConfirmed.value
try:
pm_awsAccountCoops.create_awscoops(trace_id, coop_id, aws_account,
aws_account_name, role_name,
external_id, description, effective,
organization_id, project_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# Get data response
try:
awscoops_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id, convert_response=True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return data response
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, awscoops_item)
return common_utils.response(response, pm_logger)
def list_security_check_reports(trace_id, organization_id, project_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
result = pm_checkHistory.query_project_index_by_organization_id(
trace_id, organization_id, project_id, convert_response=True)
except PmError as err:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
# return response data
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, result)
return common_utils.response(response, pm_logger)
def get_list_project(trace_id, organization_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
list_projects_result = pm_projects.query_organization_index(
trace_id, organization_id, convert_response=True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# data response
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, list_projects_result)
return common_utils.response(response, pm_logger)
def get_list_reports(trace_id, organization_id, project_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
reports = pm_reports.query_reports_filter_organization(
trace_id, project_id, organization_id, convert_response=True)
except PmError as err:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
# response when do success
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, reports)
return common_utils.response(response, pm_logger)
def update_security_check_webhook(trace_id, webhook_path, user_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
has_webhook_path = 'webhookPath' in data_body
has_enabled = 'enabled' in data_body
webhook = None
try:
webhooks = pm_securityCheckWebhook.query_webhook_index(
trace_id, webhook_path)
if webhooks:
webhook = webhooks[0]
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not webhook:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
if webhook['UserID'] != user_id:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
if has_webhook_path:
attribute = {'WebhookPath': {"Value": common_utils.get_uuid4()}}
elif has_enabled:
attribute = {'Enabled': {"Value": data_body['enabled']}}
else:
return common_utils.error_common(MsgConst.ERR_REQUEST_201,
HTTPStatus.BAD_REQUEST, pm_logger)
updated_at = webhook['UpdatedAt']
try:
pm_securityCheckWebhook.update(
trace_id, webhook['SecurityCheckWebhookID'], attribute, updated_at)
webhook = pm_securityCheckWebhook.query_key(
trace_id, webhook['SecurityCheckWebhookID'], convert_response=True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_404,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, webhook)
return common_utils.response(response, pm_logger)
def delete_project(trace_id, email, project_id, organization_id):
# Get logging
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
project = pm_projects.get_projects_by_organization_id(
trace_id, project_id, organization_id, convert_response=True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 組織情報を取得します。
if (not project):
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# プロジェクト削除の条件を満たしているかチェックを行います。現時点ではチェックすべき項目はありません。
# 現時点ではチェックすべき項目はありません。
# Delete project
try:
pm_projects.delete_projects(trace_id, project_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_405,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# Create task
task_id = str(uuid.uuid4())
user_id = trace_id
try:
pm_organizationTasks.create_organizationTask(trace_id, task_id,
"DELETE_PRJ", project_id,
user_id, email,
Status.Waiting.value, 0,
3)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
aws_common.sns_organization_topic(trace_id, task_id, "DELETE_PRJ")
# data response
response = common_utils.get_response_by_response_body(
HTTPStatus.NO_CONTENT, None)
return common_utils.response(response, pm_logger)
def create_notifyslack(trace_id, organization_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リクエストボディのJSONでパースエラーが発生した場合は、ログを出力してエラーレスポンスを返します。
try:
body_object = json.loads(data_body)
notify_code = body_object['notifyCode']
webhook_url = body_object['webhookUrl']
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
mentions = None
if common_utils.check_key('mentions', body_object):
mentions = body_object['mentions']
# バリデーションチェックを行います。
list_error = validate_notifyslack(notify_code, webhook_url)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# Slack通知設定情報を作成します。
try:
pm_orgNotifySlack.create(trace_id, organization_id, notify_code,
webhook_url, mentions)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# get record created
try:
org_notify_slack_created = pm_orgNotifySlack.query_key(
trace_id, organization_id, notify_code, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return data
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, org_notify_slack_created)
return common_utils.response(response, pm_logger)
def delete_assessment_item(trace_id, organization_id, project_id,
check_item_code, coop_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リソース関連性のバリデーションチェックを行います。
try:
awscoop_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not awscoop_item:
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# マニュアル評価情報を取得します。
assessment_item_id = CommonConst.ASSESSMENTITEM_ID.format(
organization_id, project_id, awscoop_item['AWSAccount'],
check_item_code)
try:
assessment_item = pm_assessmentItems.query_key(trace_id,
assessment_item_id)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not assessment_item:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# マニュアル評価情報を削除します。
try:
pm_assessmentItems.delete(trace_id, assessment_item_id)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_DB_405,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return response data
response = common_utils.get_response_by_response_body(
HTTPStatus.NO_CONTENT, None)
return common_utils.response(response, pm_logger)
def create_project(trace_id, organization_id, data_body):
# Get logging
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Parse JSON
try:
body_object = json.loads(data_body)
project_name = body_object["name"]
description = body_object["description"]
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# Validate
list_error = validate_project(trace_id, project_name)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# Create Project
project_id = str(uuid.uuid4())
if common_utils.is_null(description):
description = None
try:
pm_projects.create_projects(trace_id, project_id, project_name,
description, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
try:
project_item = pm_projects.get_projects(trace_id,
project_id,
convert_response=True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return data response
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, project_item[0])
return common_utils.response(response, pm_logger)
def request_output_report(trace_id, email, organization_id, project_id,
report_id, file_type):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Validate
list_error = validate_output_report(trace_id, file_type)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# レポートテーブルから、レポート情報を取得します。
try:
# get report
report = pm_reports.query_report_filter_organization_project(
trace_id, report_id, project_id, organization_id,
ReportStatus.ConvertFinish.value)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if (not report):
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# 指定のファイル形式のレポートがすでに作成済みか確認します。
if (report[0]['ExcelOutputStatus'] != ExcelStatus.Waiting.value):
return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT,
pm_logger)
# レポート出力ジョブの設定
job_id = []
code = 'OUTPUT_REPORT_EXCEL'
response, job_id = job_report(trace_id, email, report_id, code, job_id)
if response:
return common_utils.response(response, pm_logger)
# 取得したジョブIDをレスポンス(ステータスコード:201)として返します。
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, job_id[0])
return common_utils.response(response, pm_logger)
def change_invite(trace_id, organization_id, user_id, invite):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# get affiliation
try:
affiliation = pm_affiliation.query_affiliation_filter_invite(
trace_id, user_id, organization_id, InvitationStatus.Invited)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not affiliation:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# update invite
attribute = {'InvitationStatus': {"Value": invite}}
updated_at = affiliation[0]['UpdatedAt']
try:
pm_affiliation.update_affiliation(trace_id, user_id, organization_id,
attribute, updated_at)
except PmError as err:
return common_utils.error_exception(MsgConst.ERR_DB_404,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
# Get data update
try:
affiliation_result = pm_affiliation.get_affiliation(
user_id, organization_id, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, affiliation_result)
# return data response
return common_utils.response(response, pm_logger)
def delete_report(trace_id, email, report_id, organization_id, project_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
# get report
report_item = pm_reports.query_report_filter_organization_project(
trace_id, report_id, project_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if (not report_item):
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
try:
# delete report
pm_reports.delete_reports(trace_id, report_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_405,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
task_id = common_utils.get_uuid4()
try:
# create task informaiton request delete in Organization Tasks
pm_organizationTasks.create_organizationTask(trace_id, task_id,
task_code, report_id,
trace_id, email, 0, 0, 3)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# Send message to organization topic task
aws_common.sns_organization_topic(trace_id, task_id, task_code)
# response if delete success
response = common_utils.get_response_by_response_body(
HTTPStatus.NO_CONTENT, None)
return common_utils.response(response, pm_logger)
def get_security_check_report_url(trace_id, user_id, history_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# チェック履歴情報を取得します。
try:
check_history = pm_checkHistory.get_check_history_by_status(
trace_id, history_id, CheckStatus.ReportCompleted)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 該当するレコードが存在しない場合(取得件数が0件)
if len(check_history) == 0:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# 取得したチェック履歴情報より組織IDを取得する
organization_id = check_history[0]['OrganizationID']
# アクセス権限チェックを行います
response_authority = checkauthority.authority(
trace_id, user_id, organization_id, Authority.Viewer)
if response_authority:
return common_utils.response(response_authority, pm_logger)
# 有効期限が作成から1時間となる署名付きURLを作成します。
try:
signed_url = aws_common.generate_presigned_url(
trace_id, common_utils.get_environ('S3_CHECK_BUCKET'),
check_history[0]['ReportFilePath'])
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_999,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# return data response
response_body = {"URL": signed_url}
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, response_body)
return common_utils.response(response, pm_logger)
def get_report_url(trace_id, report_id, organization_id, project_id,
file_type):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Validate
list_error = validate_output_report(trace_id, file_type)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
try:
report = pm_reports.query_report_filter_organization_project(
trace_id, report_id, project_id, organization_id,
ReportStatus.ConvertFinish)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not report:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
if report[0]["ExcelOutputStatus"] != ExcelStatus.Finish:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
try:
excel_path = report[0]["ExcelPath"]
bucket = os.environ.get("S3_REPORT_BUCKET")
url = aws_common.generate_presigned_url(trace_id, bucket, excel_path)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_999,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response_body = {"URL": url}
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, response_body)
return common_utils.response(response, pm_logger)
def generate_security_check_webhook(trace_id, organization_id, project_id,
user_id, email):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リソース関連性のバリデーションチェックを行います。
try:
project = pm_projects.get_projects_by_organization_id(
trace_id, project_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not project:
return common_utils.error_common(
MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger)
try:
webhooks = pm_securityCheckWebhook.query_project_index(
trace_id, project_id, user_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if webhooks:
return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT,
pm_logger)
try:
security_check_webhook_id = common_utils.get_uuid4()
webhook_path = common_utils.get_uuid4()
pm_securityCheckWebhook.create(trace_id, security_check_webhook_id,
webhook_path, user_id, email,
organization_id, project_id, 3)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, {'webhookPath': webhook_path})
return common_utils.response(response, pm_logger)
def count_myorganizations(trace_id, user_id, invite_status):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Validate
list_error = common_utils.validate_invite_status(trace_id, invite_status)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
try:
count = pm_affiliation.query_userid_key_invite_count(
trace_id, user_id, int(invite_status))
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response_body = {"count": count}
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, response_body)
return common_utils.response(response, pm_logger)
def get_organization(trace_id, organization_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
organization = pm_organizations.get_organization(
trace_id, organization_id, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 組織情報を取得します。
if (not organization):
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# data response
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, organization)
return common_utils.response(response, pm_logger)
def get_assessment_item(trace_id, organization_id, project_id, coop_id,
check_item_code):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# AWSアカウントAWSAccountは、AWSアカウント連携テーブルに、AWSアカウント連携ID{coop_id}をキーとしてクエリを実行します。
try:
awscoops_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 有効なAWSアカウントが存在しなかった場合(取得件数が0件)
if (not awscoops_item):
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# マニュアル評価情報を取得します。
assessment_item_id = CommonConst.ASSESSMENTITEM_ID.format(
organization_id, project_id, awscoops_item['AWSAccount'],
check_item_code)
try:
assessment_item = pm_assessmentItems.query_key(trace_id,
assessment_item_id,
True)
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 該当レコードが存在しなかった場合(取得件数が0件)
if (not assessment_item):
assessment_item = []
# 取得したチェック項目除外情報をレスポンス(ステータスコード:200)として返します。
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, assessment_item)
return common_utils.response(response, pm_logger)
def get_excluesion_item(trace_id, organization_id, project_id, check_item_code,
coop_id):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リソース関連性のバリデーションチェックを行います。
try:
awscoop_item = pm_awsAccountCoops.query_awscoop_coop_key(
trace_id, coop_id)
except Exception as err:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
if not awscoop_item:
return common_utils.error_common(MsgConst.ERR_AWS_401,
HTTPStatus.UNPROCESSABLE_ENTITY,
pm_logger)
# チェック項目除外情報を取得します。
exclusion_item_id = CommonConst.EXCLUSIONITEM_ID.format(
organization_id, project_id, awscoop_item['AWSAccount'],
check_item_code)
try:
exclusion_item = pm_exclusionitems.query_key(trace_id,
exclusion_item_id, True)
except Exception as err:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
if not exclusion_item:
exclusion_item = []
# return response data
response = common_utils.get_response_by_response_body(
HTTPStatus.OK, exclusion_item)
return common_utils.response(response, pm_logger)
def get_list_users(trace_id, organization_id, invite_status):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# Validate
if not common_utils.is_null(invite_status):
list_error = common_utils.validate_invite_status(
trace_id, invite_status)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
try:
users = pm_affiliation.query_users_organization_index(
trace_id, organization_id, invite_status, convert_response=True)
except PmError as err:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
err, pm_logger, True)
# response when do success
response = common_utils.get_response_by_response_body(HTTPStatus.OK, users)
return common_utils.response(response, pm_logger)
