def begin(rbody, environment="dev", useragent="unknown", apiid=""):
log.debug("begin entry: {}, {}, {}, {}".format(rbody, environment, useragent, apiid))
stage = environment
apiid = apiid
if stage == "dev":
glue.setDebug()
rbody = glue.addToReqBody(rbody, "stage", stage)
rbody = glue.addToReqBody(rbody, "apiid", apiid)
rbody = glue.addToReqBody(rbody, "useragent", useragent)
getWFKey(stage)
return rbody
def cleanup(event, context):
"""
This is the entry point for the cleanup cron
cloudwatch cron expression: 23 4 * * ? *
( 04:23 every day )
:param event: the AWS lambda event that triggered this
:param context: the AWS lambda context for this
"""
with open("version", "r") as vfn:
version = vfn.read()
ep = EnvParam()
environment = ep.getParam("environment", True)
if "dev" == environment:
glue.setDebug()
log.info("chaim cleanup v{}: entered".format(version))
log.info("environment: {}".format(environment))
getWFKey(stage=environment)
doCleanup(event, context, version)
def snsreq(event, context):
"""This is the entry point for the SNS chaim handler
:param event: the AWS lambda event that triggered this
:param context: the AWS lambda context for this
"""
ep = EnvParam()
environment = ep.getParam("environment", True)
if environment in ("dev", "api"):
glue.setDebug()
apiid = ep.getParam("APIID", True)
log.debug("apiid from environment: {}".format(apiid))
with open("version", "r") as vfn:
version = vfn.read()
body = event['Records'][0]['Sns']['Message']
log.debug("incoming body: {}".format(body))
rbody = chaim.begin(body, environment, "slack", apiid)
verstr = "chaim-snsreq-" + environment + " " + version
log.info(verstr + " entered.")
log.debug("sns req: {}".format(rbody))
doSnsReq(rbody, context, verstr, ep, environment)
def rotate(event, context):
try:
ep = EnvParam()
env = ep.getParam("environment")
if env in ["dev", "test"]:
glue.setDebug()
enckeyname = ep.getParam("KEYNAME")
iamusername = ep.getParam("CHAIMUSER")
log.info("Rotating access key for {}".format(iamusername))
log.debug("enckeyname: {}".format(enckeyname))
log.debug("iamusername: {}".format(iamusername))
iam = IamClient(iamusername)
user = iam.getKeys()
if user is False:
log.debug("getkeys is false, yet: {}".format(iam.user["keys"]))
key = iam.rotateKeys()
if isinstance(key, dict) and "AccessKey" in key:
log.debug("new key: {}".format(key))
accesskeyid = key["AccessKey"]["AccessKeyId"]
secretkeyid = key["AccessKey"]["SecretAccessKey"]
ps = ParamStore()
ret = ps.putEStringParam("/sre/chaim/accesskeyid", accesskeyid,
"alias/" + enckeyname)
if ret is None:
raise AccessKeyError(
"Failed to store encrypted parameter 'accesskeyid'")
log.debug("storing key ret: {}".format(ret))
ret = ps.putEStringParam("/sre/chaim/secretkeyid", secretkeyid,
"alias/" + enckeyname)
if ret is None:
raise AccessKeyError(
"Failed to store encrypted parameter 'secretkeyid'")
log.debug("storing secret ret: {}".format(ret))
log.info("access key rotated for {}".format(iamusername))
else:
emsg = "Rotate failed to generate a new key: {}".format(key)
raise (AccessKeyError(emsg))
except Exception as e:
log.error("rotate: {}: {}".format(type(e).__name__, e))
def test_logleveldebug():
lvl = glue.log.getEffectiveLevel()
glue.setDebug()
assert (lvl is 20) and (10 is glue.log.getEffectiveLevel())