def handler(event, context):
claims = event["requestContext"]["authorizer"]["jwt"]["claims"]
email, _, _, is_superuser = get_claims(claims=claims)
# read in data from request path
stackset_id = event["pathParameters"]["id"]
# read in data from environment
state_table = os.environ["dynamodb_state_table_name"]
# get details of the specified stackset
stackset_data = get_stackset_state_data(stackset_id=stackset_id,
table_name=state_table)
if not stackset_data or (stackset_data["email"] != email
and not is_superuser):
return {
"statusCode":
400,
"body":
json.dumps(
{"message": "You're not authorized to modify this instance."}),
"headers": {
"Content-Type": "application/json"
},
}
instances = get_instance_details(stacksets=[stackset_data])
client = boto3.client("ec2", region_name=instances[0]["region"])
client.start_instances(InstanceIds=[instances[0]["instance_id"]])
return {}
def handler(event, context):
# Get auth params
claims = event["requestContext"]["authorizer"]["jwt"]["claims"]
email, _, _, is_superuser = get_claims(claims=claims)
# Get route params
stackset_id = event["pathParameters"]["id"]
# Read env data
state_table = os.environ["dynamodb_state_table_name"]
cleanup_sfn_arn = os.environ["cleanup_sfn_arn"]
# Check if the requester owns the stackset
stackset_data = get_stackset_state_data(stackset_id=stackset_id, table_name=state_table)
if not stackset_data or (stackset_data["email"] != email and not is_superuser):
return {
"statusCode": 400,
"body": json.dumps({"message": "You're not authorized to modify this instance."}),
"headers": {"Content-Type": "application/json"},
}
# Deprovision stackset
owner_email = stackset_data["email"]
response = initiate_stackset_deprovisioning(
stackset_id=stackset_id,
cleanup_sfn_arn=cleanup_sfn_arn,
owner_email=owner_email,
)
logger.info(f"SFN cleanup execution response: {response}")
return {}
def test_get_stackset_state_data_success(state_table, state_table_name):
results = get_stackset_state_data(stackset_id="0001", table_name=state_table_name)
assert "stackset_id" in results
assert "username" in results
assert "email" in results
assert "extension_count" in results
assert "expiry" in results
def handler(event, context):
claims = event["requestContext"]["authorizer"]["jwt"]["claims"]
email, group, _, is_superuser = get_claims(claims=claims)
# read in data from request path
stackset_id = event["pathParameters"]["id"]
# read in data from environment
state_table = os.environ["dynamodb_state_table_name"]
permissions_table = os.environ["dynamodb_permissions_table_name"]
# get details of the specified stackset
stackset_data = get_stackset_state_data(stackset_id=stackset_id,
table_name=state_table)
if not stackset_data or (stackset_data["email"] != email
and not is_superuser):
raise UnauthorizedForInstanceError()
# get user group permissions
permissions = get_permissions_for_group(table_name=permissions_table,
group_name=group)
max_extension_count = permissions["max_extension_count"]
# check user hasn't exceeded the max number of extensions
if not is_superuser and stackset_data[
"extension_count"] >= max_extension_count:
raise InstanceUpdateError(
f"You cannot extend instance lifetime more than {stackset_data['extension_count']} times."
)
new_expiry = stackset_data["expiry"] + timedelta(days=1)
new_extension_count = stackset_data["extension_count"] + 1
client = boto3.client("dynamodb")
client.update_item(
TableName=state_table,
Key={"stacksetID": {
"S": stackset_id
}},
UpdateExpression=
"SET extensionCount = :extensionCount, expiry = :expiry",
ExpressionAttributeValues={
":extensionCount": {
"N": str(new_extension_count)
},
":expiry": {
"S": new_expiry.isoformat()
},
},
)
return {
"stackset_id": stackset_id,
"can_extend": is_superuser
or new_extension_count < max_extension_count,
"expiry": new_expiry.isoformat(),
}
def handler(event, context):
claims = event["requestContext"]["authorizer"]["jwt"]["claims"]
email, group, _, is_superuser = get_claims(claims=claims)
# read in data from request path
stackset_id = event["pathParameters"]["id"]
# Get body params
payload = json.loads(event["body"])
# read in data from environment
state_table = os.environ["dynamodb_state_table_name"]
permissions_table = os.environ["dynamodb_permissions_table_name"]
# get details of the specified stackset
stackset_data = get_stackset_state_data(stackset_id=stackset_id,
table_name=state_table)
if not stackset_data or (stackset_data["email"] != email
and not is_superuser):
raise UnauthorizedForInstanceError()
# Get params the user has permissions for and sanitize input
permissions = get_permissions_for_group(table_name=permissions_table,
group_name=group)
serializer = get_request_serializer(
instance_types=permissions["instance_types"], )
try:
data = serializer.load(payload)
except ValidationError as e:
raise InvalidArgumentsError(message=str(e))
instance_type = data["instance_type"]
update_stackset(stackset_id=stackset_id, InstanceType=instance_type)
return {}
def test_get_stackset_state_data_no_data(state_table, state_table_name):
results = get_stackset_state_data(stackset_id="nonexistent", table_name=state_table_name)
assert results == {}