def delete_schedule(self, request_user: UserModel, tenant: TenantModel, aws_environment: AwsEnvironmentModel,
event_id: int):
self.logger.info("START: delete")
if not request_user.is_belong_to_tenant(tenant):
raise PermissionDenied("request user is not belong to tenant. user_id:{} tenant_id:{}"
.format(request_user.id, tenant.id))
if not request_user.has_aws_env(aws_environment):
raise PermissionDenied("request user doesn't have aws environments. id:{}".format(request_user.id))
EventRepository.delete(event_id)
self.logger.info("END: delete")
def billing_graph(self, request_user: UserModel, aws: AwsEnvironmentModel,
start_time, end_time, period, stat):
self.logger.info("START: graph")
# 使用できるAWSアカウントか
if not request_user.has_aws_env(aws):
raise PermissionDenied(
"request user can't use aws account. user_id: {}, aws_id: {}".
format(request_user.id, aws.id))
# 請求情報を取得する権限を持っているか
if not request_user.can_fetch_billing():
raise PermissionDenied(
"request user can't fetch aws_environments. id:{}".format(
request_user.id))
# 請求情報のリストメトリクスを一覧で取得
metrics = CloudWatch(aws,
'us-east-1').list_metrics('AWS/Billing',
'EstimatedCharges', [])
# APIの引数を充足
# ここは配列じゃなくて辞書型にして、どのサービスかわかるように!
metric_data_queries = []
for metric in metrics:
metric_data_queries.append(
dict(metric_name=metric['MetricName'],
dimensions=metric['Dimensions']))
params = dict(name_space='AWS/Billing',
period=period,
stat=stat,
start_time=start_time,
end_time=end_time,
metric_data_queries=metric_data_queries)
monitor_graphs = CloudWatch(aws,
'us-east-1').get_multi_charts(**params)
self.logger.info("END: graph")
# 成型を行う config内から情報を絞りこむ
# 総計はserviceがUSDとなるので、これをTotalに変換
def pick_service_name(dimensions):
return next((dimension['Value'] for dimension in dimensions
if dimension['Name'] == 'ServiceName'), 'Total')
result = map(
lambda graph: dict(service=pick_service_name(graph['config'][
'dimensions']),
timestamps=graph['timestamps'],
values=graph['values']), monitor_graphs)
return list(result)
def fetch_schedules(self, request_user: UserModel, tenant: TenantModel, aws_environment: AwsEnvironmentModel,
resource: Resource):
self.logger.info("START: fetch_schedules")
if not request_user.is_belong_to_tenant(tenant):
raise PermissionDenied("request user is not belong to tenant. user_id:{} tenant_id:{}"
.format(request_user.id, tenant.id))
if not request_user.has_aws_env(aws_environment):
raise PermissionDenied("request user doesn't have aws environments. id:{}".format(request_user.id))
schedules = EventRepository.fetch_schedules_by_resource(resource, aws_environment)
self.logger.info("END: fetch_schedules")
return schedules
def fetch_monitors(self, request_user: UserModel, aws: AwsEnvironmentModel,
resource: Resource):
self.logger.info("START: fetch_monitors")
# 使用できるAWSアカウントか
if not request_user.has_aws_env(aws):
raise PermissionDenied(
"request user can't use aws account. user_id: {}, aws_id: {}".
format(request_user.id, aws.id))
monitors = CloudWatch(
aws, resource.region).describe_resource_monitors(resource)
self.logger.info("END: fetch_monitors")
return monitors
def stop_resource(self, request_user: UserModel,
aws_environment: AwsEnvironmentModel,
resource: Resource):
self.logger.info("START: stop_resource")
tenant = aws_environment.tenant
if not request_user.is_belong_to_tenant(tenant):
raise PermissionDenied(
"request user is not belong to tenant. user_id:{} tenant_id:{}"
.format(request_user.id, tenant.id))
if not request_user.has_aws_env(aws_environment):
raise PermissionDenied(
"request user doesn't have aws environments. id:{}".format(
request_user.id))
resource.stop(aws_environment)
self.logger.info("END: stop_resource")
def run_command(self, request_user: UserModel,
aws_environment: AwsEnvironmentModel, command: Command):
self.logger.info("START: run_command")
tenant = aws_environment.tenant
if not request_user.is_belong_to_tenant(tenant):
raise PermissionDenied(
"request user is not belong to tenant. user_id:{} tenant_id:{}"
.format(request_user.id, tenant.id))
if not request_user.has_aws_env(aws_environment):
raise PermissionDenied(
"request user doesn't have aws environments. id:{}".format(
request_user.id))
command.run(aws_environment)
self.logger.info("END: run_command")
return command
def create_backup(self, request_user: UserModel,
aws_environment: AwsEnvironmentModel, resource: Resource,
no_reboot: bool):
self.logger.info("START: create_backup")
tenant = aws_environment.tenant
if not request_user.is_belong_to_tenant(tenant):
raise PermissionDenied(
"request user is not belong to tenant. user_id:{} tenant_id:{}"
.format(request_user.id, tenant.id))
if not request_user.has_aws_env(aws_environment):
raise PermissionDenied(
"request user doesn't have aws environments. id:{}".format(
request_user.id))
backup_id = resource.create_backup(aws_environment,
no_reboot=no_reboot)
self.logger.info("END: create_backup")
return backup_id
def graph(self, request_user: UserModel, resource: Resource,
aws: AwsEnvironmentModel, monitor_graph: MonitorGraph):
self.logger.info("START: graph")
# 使用できるAWSアカウントか
if not request_user.has_aws_env(aws):
raise PermissionDenied(
"request user can't use aws account. user_id: {}, aws_id: {}".
format(request_user.id, aws.id))
if monitor_graph.metric_name not in resource.get_metrics():
raise ObjectDoesNotExist(
"service doesn't have metric service_type: {} metric: {}".
format(resource.get_service_name(), monitor_graph.metric_name))
monitor_graph = CloudWatch(aws, resource.region).get_chart(
monitor_graph, resource)
self.logger.info("END: graph")
return monitor_graph
def describe_document(self, request_user: UserModel,
aws_environment: AwsEnvironmentModel, region: str,
document_name: str):
self.logger.info("START: describe_document")
tenant = aws_environment.tenant
if not request_user.is_belong_to_tenant(tenant):
raise PermissionDenied(
"request user is not belong to tenant. user_id:{} tenant_id:{}"
.format(request_user.id, tenant.id))
if not request_user.has_aws_env(aws_environment):
raise PermissionDenied(
"request user doesn't have aws environments. id:{}".format(
request_user.id))
ssm = Ssm(aws_environment=aws_environment, region=region)
document = ssm.describe_document(document_name)
self.logger.info("END: describe_document")
return document
def fetch_documents(self, request_user: UserModel,
aws_environment: AwsEnvironmentModel, region: str):
self.logger.info("START: fetch_documents")
tenant = aws_environment.tenant
if not request_user.is_belong_to_tenant(tenant):
raise PermissionDenied(
"request user is not belong to tenant. user_id:{} tenant_id:{}"
.format(request_user.id, tenant.id))
if not request_user.has_aws_env(aws_environment):
raise PermissionDenied(
"request user doesn't have aws environments. id:{}".format(
request_user.id))
ssm = Ssm(aws_environment=aws_environment, region=region)
documents = []
for generator in ssm.list_documents():
documents.extend(generator)
self.logger.info("END: fetch_documents")
return documents
def fetch_resources(self, request_user: UserModel,
aws_environment: AwsEnvironmentModel,
region: str) -> list:
self.logger.info("START: fetch resources")
if not request_user.is_belong_to_tenant(aws_environment.tenant):
raise PermissionDenied(
"request user is not belong to tenant. user_id:{} tenant_id:{}"
.format(request_user.id, aws_environment.tenant.id))
if not request_user.has_aws_env(aws_environment):
raise PermissionDenied(
"request user doesn't have aws environments. id:{}".format(
request_user.id))
tagging = ResourceGroupTagging(aws_environment=aws_environment,
region=region)
self.logger.info("ResourceGroupTagging Client Created.")
resources = []
resources_status = None
for get_resources in tagging.get_resources(
Resource.get_all_services()):
self.logger.info("got resource tags")
if resources_status is None and get_resources:
resources_status = CloudWatch(
aws_environment=aws_environment,
region=region).get_resources_status()
self.logger.info("got cloudwatch alarms")
for get_resource in get_resources:
self.logger.info("resource tag convert response")
# アラームがなければ未設定とする
get_resource.status = resources_status[get_resource.get_service_name()].\
get(get_resource.resource_id, "UNSET")
resources.append(get_resource)
self.logger.info("END: fetch resources")
return resources
def save_monitor(self, request_user: UserModel, resource: Resource,
aws: AwsEnvironmentModel) -> Resource:
self.logger.info("START: save_monitor")
# 使用できるAWSアカウントか
if not request_user.has_aws_env(aws):
raise PermissionDenied(
"request user can't use aws account. user_id: {}, aws_id: {}".
format(request_user.id, aws.id))
# SNS連携許可
self.logger.info("sns add permission... aws: {}".format(aws.id))
sns = Sns(resource.region)
sns.add_permission(aws)
self.logger.info("sns add permission... DONE")
# アラーム作成
self.logger.info("cloudwatch put metric alarms ...")
CloudWatch(aws, resource.region).put_metric_alarms(resource, sns.arn)
self.logger.info("cloudwatch put metric alarms ... DONE")
self.logger.info("END: save_monitor")
return resource
