def _generate_template(portfolio, product, lambda_arn, uuid): region_list = get_available_regions('ec2') if os.path.isfile(os.path.join(manifest_folder, product.skeleton_file)): portfolio_index = manifest.portfolios.index(portfolio) product_index = manifest.portfolios[portfolio_index].products.index( product) product_name = manifest.portfolios[portfolio_index].products[ product_index].name logger.info("Generating the product template for {} from {}".format( product_name, os.path.join(manifest_folder, product.skeleton_file))) j2loader = jinja2.FileSystemLoader(manifest_folder) j2env = jinja2.Environment(loader=j2loader) j2template = j2env.get_template(product.skeleton_file) j2result = j2template.render(manifest=manifest, portfolio_index=portfolio_index, product_index=product_index, lambda_arn=lambda_arn, uuid=uuid, regions=region_list) generated_avm_template = os.path.join( manifest_folder, product.skeleton_file + ".template") template_copy = os.path.join(manifest_folder, product.skeleton_file + ".template.copy") logger.info("Writing the generated product template to {}".format( generated_avm_template)) with open(generated_avm_template, "w") as fh, open(template_copy, "w") as copy: fh.write(j2result) copy.write(j2result) return generated_avm_template else: logger.error( "Missing skeleton_file for portfolio:{} and product:{} in Manifest file" .format(portfolio.name, product.name)) sys.exit(1)
def config_deployer(event): try: s3 = S3(logger) # set variables source_bucket_name = event.get('bucket_config', {}).get('source_bucket_name') key_name = event.get('bucket_config', {}).get('source_s3_key') destination_bucket_name = event.get('bucket_config', {}).get('destination_bucket_name') input_zip_file_name = key_name.split( "/")[-1] if "/" in key_name else key_name output_zip_file_name = event.get('bucket_config', {}).get('destination_s3_key') alias_name = event.get('kms_config', {}).get('kms_key_alias') policy = event.get('kms_config', {}).get('kms_key_policy') flag_value = event.get('metrics_flag') base_path = '/tmp/lz' input_file_path = base_path + "/" + input_zip_file_name extract_path = base_path + "/" + 'extract' output_path = base_path + "/" + 'out' exclude_j2_files = [] # Check if the emails are Unique unique_email_validator(event.get('email_list')) # Search for existing KMS key alias key_id = find_alias(alias_name) # if alias name not found in the list, create a new alias with new target key if not key_id: key_id = create_cmk_with_alias(alias_name, policy) logger.info('Key ID created: {}'.format(key_id)) else: logger.info('Key ID: {} found attached with alias: {}'.format( key_id, alias_name)) logger.info('Updating KMS key policy') update_key_policy(key_id, policy) # Encrypt configuration bucket s3.put_bucket_encryption(destination_bucket_name, key_id) # Download the file from Solutions S3 bucket make_dir(base_path) s3.download_file(source_bucket_name, key_name, input_file_path) # Unzip the config zip file unzip_function(input_zip_file_name, base_path, extract_path) # Find and replace the variable in Manifest file for item in event.get('find_replace'): f = item.get('file_name') parameters = item.get('parameters') if f == 'manifest.yaml.j2': parameters['guardduty_region_list'] = get_available_regions( 'guardduty') parameters['config_region_list'] = get_available_regions( 'config') parameters['sns_region_list'] = get_available_regions('sns') parameters.update({ 'nested_ou_delimiter': update_alphanum_with_char( parameters.get('nested_ou_delimiter')) }) exclude_j2_files.append(f) filename, file_extension = os.path.splitext(f) destination_file_path = extract_path + "/" + filename if file_extension == '.j2' else extract_path + "/" + f find_replace(extract_path, f, destination_file_path, parameters) # Zip the contents exclude = ['zip'] + exclude_j2_files make_dir(output_path) zip_function(output_zip_file_name, extract_path, output_path, exclude) # Upload the file in the customer S3 bucket local_file = output_path + "/" + output_zip_file_name remote_file = output_zip_file_name s3.upload_file(destination_bucket_name, local_file, remote_file) # create SSM parameters to send anonymous data if opted in put_ssm_parameter('/org/primary/metrics_flag', flag_value) put_ssm_parameter('/org/primary/customer_uuid', str(uuid4())) return None except Exception as e: message = { 'FILE': __file__.split('/')[-1], 'METHOD': inspect.stack()[0][3], 'EXCEPTION': str(e) } logger.exception(message) raise