def handler(event, context): claims = event["requestContext"]["authorizer"]["jwt"]["claims"] email, _, _, is_superuser = get_claims(claims=claims) # read in data from request path stackset_id = event["pathParameters"]["id"] # read in data from environment state_table = os.environ["dynamodb_state_table_name"] # get details of the specified stackset stackset_data = get_stackset_state_data(stackset_id=stackset_id, table_name=state_table) if not stackset_data or (stackset_data["email"] != email and not is_superuser): return { "statusCode": 400, "body": json.dumps( {"message": "You're not authorized to modify this instance."}), "headers": { "Content-Type": "application/json" }, } instances = get_instance_details(stacksets=[stackset_data]) client = boto3.client("ec2", region_name=instances[0]["region"]) client.start_instances(InstanceIds=[instances[0]["instance_id"]]) return {}
def handler(event, context): # Get auth params claims = event["requestContext"]["authorizer"]["jwt"]["claims"] email, _, _, is_superuser = get_claims(claims=claims) # Get route params stackset_id = event["pathParameters"]["id"] # Read env data state_table = os.environ["dynamodb_state_table_name"] cleanup_sfn_arn = os.environ["cleanup_sfn_arn"] # Check if the requester owns the stackset stackset_data = get_stackset_state_data(stackset_id=stackset_id, table_name=state_table) if not stackset_data or (stackset_data["email"] != email and not is_superuser): return { "statusCode": 400, "body": json.dumps({"message": "You're not authorized to modify this instance."}), "headers": {"Content-Type": "application/json"}, } # Deprovision stackset owner_email = stackset_data["email"] response = initiate_stackset_deprovisioning( stackset_id=stackset_id, cleanup_sfn_arn=cleanup_sfn_arn, owner_email=owner_email, ) logger.info(f"SFN cleanup execution response: {response}") return {}
def test_get_stackset_state_data_success(state_table, state_table_name): results = get_stackset_state_data(stackset_id="0001", table_name=state_table_name) assert "stackset_id" in results assert "username" in results assert "email" in results assert "extension_count" in results assert "expiry" in results
def handler(event, context): claims = event["requestContext"]["authorizer"]["jwt"]["claims"] email, group, _, is_superuser = get_claims(claims=claims) # read in data from request path stackset_id = event["pathParameters"]["id"] # read in data from environment state_table = os.environ["dynamodb_state_table_name"] permissions_table = os.environ["dynamodb_permissions_table_name"] # get details of the specified stackset stackset_data = get_stackset_state_data(stackset_id=stackset_id, table_name=state_table) if not stackset_data or (stackset_data["email"] != email and not is_superuser): raise UnauthorizedForInstanceError() # get user group permissions permissions = get_permissions_for_group(table_name=permissions_table, group_name=group) max_extension_count = permissions["max_extension_count"] # check user hasn't exceeded the max number of extensions if not is_superuser and stackset_data[ "extension_count"] >= max_extension_count: raise InstanceUpdateError( f"You cannot extend instance lifetime more than {stackset_data['extension_count']} times." ) new_expiry = stackset_data["expiry"] + timedelta(days=1) new_extension_count = stackset_data["extension_count"] + 1 client = boto3.client("dynamodb") client.update_item( TableName=state_table, Key={"stacksetID": { "S": stackset_id }}, UpdateExpression= "SET extensionCount = :extensionCount, expiry = :expiry", ExpressionAttributeValues={ ":extensionCount": { "N": str(new_extension_count) }, ":expiry": { "S": new_expiry.isoformat() }, }, ) return { "stackset_id": stackset_id, "can_extend": is_superuser or new_extension_count < max_extension_count, "expiry": new_expiry.isoformat(), }
def handler(event, context): claims = event["requestContext"]["authorizer"]["jwt"]["claims"] email, group, _, is_superuser = get_claims(claims=claims) # read in data from request path stackset_id = event["pathParameters"]["id"] # Get body params payload = json.loads(event["body"]) # read in data from environment state_table = os.environ["dynamodb_state_table_name"] permissions_table = os.environ["dynamodb_permissions_table_name"] # get details of the specified stackset stackset_data = get_stackset_state_data(stackset_id=stackset_id, table_name=state_table) if not stackset_data or (stackset_data["email"] != email and not is_superuser): raise UnauthorizedForInstanceError() # Get params the user has permissions for and sanitize input permissions = get_permissions_for_group(table_name=permissions_table, group_name=group) serializer = get_request_serializer( instance_types=permissions["instance_types"], ) try: data = serializer.load(payload) except ValidationError as e: raise InvalidArgumentsError(message=str(e)) instance_type = data["instance_type"] update_stackset(stackset_id=stackset_id, InstanceType=instance_type) return {}
def test_get_stackset_state_data_no_data(state_table, state_table_name): results = get_stackset_state_data(stackset_id="nonexistent", table_name=state_table_name) assert results == {}