def create(trace_id, check_result_item_id, check_history_id, check_result_id,
check_item_code, organization_id, organization_name, project_id,
project_name, aws_account_coop_id, aws_account, sort_code,
check_result, result_json_path, result_csv_path, executed_date_time,
time_to_live, aws_account_name, assessment_flag, exclusion_flag):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
data_create = {
'CheckResultItemID': check_result_item_id,
'CheckHistoryID': check_history_id,
'CheckResultID': check_result_id,
'CheckItemCode': check_item_code,
'OrganizationID': organization_id,
'OrganizationName': organization_name,
'ProjectID': project_id,
'ProjectName': project_name,
'AWSAccountCoopID': aws_account_coop_id,
'AWSAccount': aws_account,
'SortCode': sort_code,
'CheckResult': check_result,
'ResultJsonPath': result_json_path,
'ResultCsvPath': result_csv_path,
'ExecutedDateTime': executed_date_time,
'TimeToLive': time_to_live,
'AssessmentFlag': assessment_flag,
'ExclusionFlag': exclusion_flag,
'CreatedAt': date_now,
'UpdatedAt': date_now,
"AWSAccountName": aws_account_name
}
condition_expression = Attr("CheckResultItemID").not_exists()
DB_utils.create(trace_id, Tables.PM_CHECK_RESULT_ITEMS, data_create,
condition_expression)
def update_organization(trace_id, organization_id, update_attribute,
target_update_date):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
key = {"OrganizationID": organization_id}
DB_utils.update(trace_id, Tables.PM_ORGANIZATIONS, key, update_attribute,
target_update_date)
def create_report(trace_id, report_id, report_name, generate_user,
aws_accounts, status, resource_info_path, json_output_path,
json_output_time, html_output_status, html_path,
html_output_time, excel_output_status, excel_path,
excel_output_time, schema_version, organization_id,
project_id):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
create_report = {
'ReportID': report_id,
'ReportName': report_name,
'GenerateUser': generate_user,
'AWSAccounts': aws_accounts,
'ReportStatus': status,
'ResourceInfoPath': resource_info_path,
'JsonOutputPath': json_output_path,
'JsonOutputTime': json_output_time,
'HTMLOutputStatus': html_output_status,
'HTMLPath': html_path,
'HTMLOutputTime': html_output_time,
'ExcelOutputStatus': excel_output_status,
'ExcelPath': excel_path,
'ExcelOutputTime': excel_output_time,
'SchemaVersion': schema_version,
'OrganizationID': organization_id,
'ProjectID': project_id,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("ReportID").not_exists()
DB_utils.create(trace_id, Tables.PM_REPORTS, create_report,
condition_expression)
def create(trace_id,
organization_id,
notify_code,
webhook_url,
mentions,
is_cw_logger=False):
if (is_cw_logger):
common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
if common_utils.is_null(mentions):
mentions = None
date_now = common_utils.get_current_date()
org_notify_slack = {
"OrganizationID": organization_id,
"NotifyCode": notify_code,
"WebhookURL": webhook_url,
"Mentions": mentions,
"CreatedAt": date_now,
"UpdatedAt": date_now
}
DB_utils.create(trace_id,
Tables.PM_ORG_NOTIFY_SLACK,
org_notify_slack,
is_cw_logger=is_cw_logger)
def create(user_id, exclusion_resource_id, organization_id, project_id,
aws_account, check_item_code, region_name, resource_type,
resource_name, exclusion_comment, email, account_refine_code,
check_item_refine_code, time_to_live):
common_utils.begin_logger(user_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
if len(exclusion_comment) == 0:
exclusion_comment = None
create_exclusion_resources = {
'ExclusionResourceID': exclusion_resource_id,
'OrganizationID': organization_id,
'ProjectID': project_id,
'AWSAccount': aws_account,
'CheckItemCode': check_item_code,
'RegionName': region_name,
'ResourceType': resource_type,
'ResourceName': resource_name,
'ExclusionComment': exclusion_comment,
'UserID': user_id,
'MailAddress': email,
'AccountRefineCode': account_refine_code,
'CheckItemRefineCode': check_item_refine_code,
'TimeToLive': time_to_live,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
DB_utils.create(user_id, Tables.PM_EXCLUSION_RESOURCES,
create_exclusion_resources)
def update_affiliation(trace_id, user_id, organization_id, update_attribute,
target_update_date):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
key = {"UserID": user_id, "OrganizationID": organization_id}
DB_utils.update(trace_id, Tables.PM_AFFILIATION, key, update_attribute,
target_update_date)
def update(trace_id,
exclusion_item_id,
update_attribute,
target_update_date=None):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
key = {"ExclusionItemID": exclusion_item_id}
DB_utils.update(trace_id, Tables.PM_EXCLUSION_ITEMS, key, update_attribute,
target_update_date)
def update(trace_id,
assessment_item_id,
update_attribute,
target_update_date=None):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
key = {"AssessmentItemID": assessment_item_id}
DB_utils.update(trace_id, Tables.PM_ASSESSMENT_ITEMS, key,
update_attribute, target_update_date)
def delete(trace_id, security_check_webhook_id, create_at):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
key = {
"SecurityCheckWebhookID": security_check_webhook_id,
"CreatedAt": create_at
}
DB_utils.delete(trace_id, Tables.PM_SECURITY_CHECK_WEBHOOK_CALL_HISTORY,
key)
def update(task_id, update_attribute, target_update_date):
pm_logger = common_utils.begin_logger(task_id, __name__,
inspect.currentframe())
try:
key = {"TaskID": task_id}
DB_utils.update(task_id, Tables.PM_ORGANIZATION_TASKS, key,
update_attribute, target_update_date)
return common_utils.response(True, pm_logger)
except PmError as e:
pm_logger.error(e)
return common_utils.response(False, pm_logger)
def update(trace_id, check_result_id, update_attribute, is_cw_logger=False):
if (is_cw_logger):
common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
key = {"CheckResultID": check_result_id}
DB_utils.update(trace_id,
Tables.PM_CHECK_RESULTS,
key,
update_attribute,
is_cw_logger=is_cw_logger)
def create(trace_id, organization_id, notify_code, destinations):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
create_notify = {
'OrganizationID': organization_id,
'NotifyCode': notify_code,
'Destinations': destinations,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
DB_utils.create(trace_id, Tables.PM_ORG_NOTIFY_MAIL_DESTINATIONS,
create_notify)
def create(trace_id, security_check_webhook_id, executed_status):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
data_create = {
'SecurityCheckWebhookID': security_check_webhook_id,
'CreatedAt': date_now,
'ExecutedStatus': executed_status
}
condition_expression = Attr('SecurityCheckWebhookID').not_exists().__and__(
Attr('CreatedAt').not_exists())
DB_utils.create(trace_id, Tables.PM_SECURITY_CHECK_WEBHOOK_CALL_HISTORY,
data_create, condition_expression)
def create(trace_id,
check_result_id,
check_history_id,
check_rule_code,
organization_id,
organization_name,
project_id,
project_name,
aws_account_coop_id,
aws_account,
sort_code,
ok_count,
critical_count,
ng_count,
executed_date_time,
time_to_live,
aws_account_name,
is_cw_logger=False):
if (is_cw_logger):
common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
data_create = {
'CheckResultID': check_result_id,
'CheckHistoryID': check_history_id,
'CheckRuleCode': check_rule_code,
'OrganizationID': organization_id,
'OrganizationName': organization_name,
'ProjectID': project_id,
'ProjectName': project_name,
'AWSAccountCoopID': aws_account_coop_id,
'AWSAccount': aws_account,
'SortCode': sort_code,
'OKCount': ok_count,
'CriticalCount': critical_count,
'NGCount': ng_count,
'ExecutedDateTime': executed_date_time,
'TimeToLive': time_to_live,
'CreatedAt': date_now,
'UpdatedAt': date_now,
'AWSAccountName': aws_account_name
}
condition_expression = Attr("CheckResultID").not_exists()
DB_utils.create(trace_id,
Tables.PM_CHECK_RESULTS,
data_create,
condition_expression,
is_cw_logger=is_cw_logger)
def create_daily_check(trace_id, awsaccount):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
now_utc = datetime.utcnow()
date_format = now_utc.strftime("%Y-%m-%d")
unixtime = calendar.timegm(now_utc.utctimetuple())
ttl = 60 * 60 * 24 * 3
create_daily_check = {
"AWSAccount": awsaccount,
'ExecutedDate': date_format,
'TTL': unixtime + ttl
}
condition_expression = Attr("AWSAccountID").not_exists().__and__(
Attr("ExecutedDate").not_exists())
DB_utils.create(trace_id, Tables.PM_DAILY_CHECK_EXECUTED_AWSACCOUNTS,
create_daily_check, condition_expression)
def query_key(trace_id,
organization_id,
notify_code,
convert_response=None,
is_cw_logger=False):
if (is_cw_logger):
logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
key = {"OrganizationID": organization_id, "NotifyCode": notify_code}
result = DB_utils.query_key(trace_id,
Tables.PM_ORG_NOTIFY_MAIL_DESTINATIONS,
key,
is_cw_logger=is_cw_logger)
if result and convert_response:
result = common_utils.convert_response(
trace_id,
result,
RESPONSE_ORG_NOTIFY_MAIL_DESTINATIONS,
is_cw_logger=is_cw_logger)
result['destinations'] = common_utils.convert_list_response(
trace_id,
result['destinations'],
RESPONSE_DESTINATIONS,
is_cw_logger=is_cw_logger)
return common_utils.response(result, logger)
def query_check_history_index(trace_id,
check_history_id,
sort_code=None,
filter_expression=None,
is_cw_logger=False):
if (is_cw_logger):
logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
key_conditions = {
'CheckHistoryID': {
'AttributeValueList': [check_history_id],
'ComparisonOperator': 'EQ'
}
}
if sort_code is not None:
key_conditions['SortCode'] = {
'AttributeValueList': [sort_code],
'ComparisonOperator': 'EQ'
}
result = DB_utils.query_index(trace_id,
Tables.PM_CHECK_RESULT_ITEMS,
CHECK_HISTORY_INDEX,
key_conditions,
filter_expression,
is_cw_logger=is_cw_logger)
return common_utils.response(result, logger)
def query_history_index(trace_id,
check_history_id,
filter_expression=None,
convert_response=None,
is_cw_logger=False):
if (is_cw_logger):
logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
key_conditions = {
'CheckHistoryID': {
'AttributeValueList': [check_history_id],
'ComparisonOperator': 'EQ'
}
}
result = DB_utils.query_index(trace_id,
Tables.PM_CHECK_RESULTS,
CHECK_HISTORY_INDEX,
key_conditions,
filter_expression,
is_cw_logger=is_cw_logger)
if result and convert_response:
result = common_utils.convert_list_response(trace_id,
result,
RESPONSE_CHECK_RESULTS,
RESPONSE_REQUIRED,
is_cw_logger=is_cw_logger)
return common_utils.response(result, logger)
def create_organization(trace_id, organization_id, organization_name, contract,
contract_status):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
create_organization = {
'OrganizationID': organization_id,
'OrganizationName': organization_name,
'Contract': contract,
'ContractStatus': contract_status,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("OrganizationID").not_exists()
DB_utils.create(trace_id, Tables.PM_ORGANIZATIONS, create_organization,
condition_expression)
def query_project_index(trace_id,
project_id,
user_id=None,
filter_expression=None,
convert_response=None):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
key_conditions = {
'ProjectID': {
'AttributeValueList': [project_id],
'ComparisonOperator': 'EQ'
}
}
if common_utils.is_null(user_id) is False:
key_conditions['UserID'] = {
'AttributeValueList': [user_id],
'ComparisonOperator': 'EQ'
}
result = DB_utils.query_index(trace_id, Tables.PM_SECURITY_CHECK_WEBHOOK,
PROJECT_INDEX, key_conditions,
filter_expression)
if result and convert_response:
result = common_utils.convert_list_response(
trace_id, result, RESPONSE_SECURITY_CHECK_WEBHOOK)
return common_utils.response(result, pm_logger)
def query_userid_key(trace_id,
user_id,
organization_id=None,
filter_expression=None,
convert_response=None,
is_cw_logger=False):
if (is_cw_logger):
logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
key_conditions = {
'UserID': {
'AttributeValueList': [user_id],
'ComparisonOperator': 'EQ'
}
}
if (organization_id):
key_conditions['OrganizationID'] = {
'AttributeValueList': [organization_id],
'ComparisonOperator': 'EQ'
}
result = DB_utils.query(trace_id,
Tables.PM_AFFILIATION,
key_conditions,
filter_expression,
is_cw_logger=is_cw_logger)
if result and convert_response:
result = common_utils.convert_list_response(trace_id,
result,
RESPONSE_AFFILIATION,
is_cw_logger=is_cw_logger)
return common_utils.response(result, logger)
def create(trace_id, apply_id, before_mail_address, after_mail_address,
time_to_live, caller_service_name):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なカラムを作成することを避けるため
date_now = common_utils.get_current_date()
create_email_change_apply = {
'ApplyID': apply_id,
'UserID': trace_id,
'BeforeMailAddress': before_mail_address,
'AfterMailAddress': after_mail_address,
'TimeToLive': time_to_live,
'CallerServiceName': caller_service_name,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
DB_utils.create(trace_id, Tables.PM_EMAIL_CHANGE_APPLY,
create_email_change_apply)
def create_projects(trace_id, project_id, project_name, description,
organization_id):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
date_now = common_utils.get_current_date()
# 不要なクラムを作成することを避けるため
create_projects = {
'ProjectID': project_id,
'ProjectName': project_name,
'Description': description,
'OrganizationID': organization_id,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("ProjectID").not_exists()
DB_utils.create(trace_id, Tables.PM_PROJECTS, create_projects,
condition_expression)
def update(trace_id,
check_history_id,
update_attribute,
target_update_date,
is_cw_logger=False):
if (is_cw_logger):
common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
key = {"CheckHistoryID": check_history_id}
DB_utils.update(trace_id,
Tables.PM_CHECK_HISTORY,
key,
update_attribute,
target_update_date,
is_cw_logger=is_cw_logger)
def query_key(trace_id, assessment_item_id, convert_response=None):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
key = {"AssessmentItemID": assessment_item_id}
result = DB_utils.query_key(trace_id, Tables.PM_ASSESSMENT_ITEMS, key)
if result is not None and convert_response:
result = common_utils.convert_response(
trace_id, result, RESPONSE_ASSESSMENT)
return common_utils.response(result, pm_logger)
def query_key(trace_id, apply_id, convert_response=None):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
key = {"ApplyID": apply_id}
result = DB_utils.query_key(trace_id, Tables.PM_EMAIL_CHANGE_APPLY, key)
if convert_response:
result = common_utils.convert_response(trace_id, result,
RESPONSE_EMAIL_CHANGE_APPLY)
return common_utils.response(result, pm_logger)
def query_key(trace_id, exclusion_resource_id, convert_response=None):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
key = {"ExclusionResourceID": exclusion_resource_id}
result = DB_utils.query_key(trace_id, Tables.PM_EXCLUSION_RESOURCES, key)
if result is not None and convert_response:
result = common_utils.convert_response(trace_id, result,
RESPONSE_EXCLUSION_RESOURCES)
return common_utils.response(result, pm_logger)
def update_awscoops(trace_id,
coop_id,
update_attribute,
target_update_date=None,
is_cw_logger=False):
if (is_cw_logger):
common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
key = {"CoopID": coop_id}
DB_utils.update(trace_id,
Tables.PM_AWSACCOUNTCOOPS,
key,
update_attribute,
target_update_date,
is_cw_logger=is_cw_logger)
def create_affiliation(trace_id, email, user_id, organization_id, authority,
invitation_status):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
create_affiliation = {
"MailAddress": email,
"UserID": user_id,
"OrganizationID": organization_id,
"Authority": authority,
"InvitationStatus": invitation_status,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("UserID").not_exists().__and__(
Attr("OrganizationID").not_exists())
DB_utils.create(trace_id, Tables.PM_AFFILIATION, create_affiliation,
condition_expression)
def create_report_job_def(trace_id, code, job_definition, job_queue, max_retry,
environment):
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 不要なクラムを作成することを避けるため
date_now = common_utils.get_current_date()
create_report_job_def = {
'Code': code,
'JobDefinition': job_definition,
'JobQueue': job_queue,
'MaxRetry': max_retry,
'Environment': environment,
'CreatedAt': date_now,
'UpdatedAt': date_now
}
condition_expression = Attr("Code").not_exists()
DB_utils.create(trace_id, Tables.PM_BATCH_JOB_DEFS, create_report_job_def,
condition_expression)