def count_myorganizations(trace_id, user_id, invite_status): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # Validate list_error = common_utils.validate_invite_status(trace_id, invite_status) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) try: count = pm_affiliation.query_userid_key_invite_count( trace_id, user_id, int(invite_status)) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) response_body = {"count": count} response = common_utils.get_response_by_response_body( HTTPStatus.OK, response_body) return common_utils.response(response, pm_logger)
def get_organization(trace_id, organization_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: organization = pm_organizations.get_organization( trace_id, organization_id, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 組織情報を取得します。 if (not organization): return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # data response response = common_utils.get_response_by_response_body( HTTPStatus.OK, organization) return common_utils.response(response, pm_logger)
def get_list_users(trace_id, organization_id, invite_status): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # Validate if not common_utils.is_null(invite_status): list_error = common_utils.validate_invite_status( trace_id, invite_status) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) try: users = pm_affiliation.query_users_organization_index( trace_id, organization_id, invite_status, convert_response=True) except PmError as err: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, err, pm_logger, True) # response when do success response = common_utils.get_response_by_response_body(HTTPStatus.OK, users) return common_utils.response(response, pm_logger)
def get_awscoop(trace_id, coop_id, project_id, organization_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: awscoop = pm_awsAccountCoops.query_awscoop_filter_organization_project( trace_id, coop_id, organization_id, project_id, convert_response=True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 組織情報を取得します。 if (not awscoop): return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # data response response = common_utils.get_response_by_response_body( HTTPStatus.OK, awscoop[0]) return common_utils.response(response, pm_logger)
def get_notifymail(trace_id, organization_id, notify_code): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # 全てのチェックを行い、エラーがあった場合はログを出力してエラーレスポンスを返します。 list_error = validate_notifymail(notify_code) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) try: result = pm_orgNotifyMailDestinations.query_key( trace_id, organization_id, notify_code, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not result): return common_utils.get_response_by_response_body(HTTPStatus.OK, []) # return data response = common_utils.get_response_by_response_body( HTTPStatus.OK, result) return common_utils.response(response, pm_logger)
def get_security_check_detail(trace_id, organization_id, project_id, check_history_id=None, group_filter=None): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # リソース関連性のバリデーションチェックを行います。 try: project = pm_projects.get_projects_by_organization_id( trace_id, project_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not project): return common_utils.error_common( MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # 最新チェック結果のチェック履歴ID CheckHistoryIDを取得します。 if check_history_id is None: try: lastest_check_result = pm_latestCheckResult.query_key( trace_id, project_id, organization_id) except PmError as e: return common_utils.error_exception( MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not lastest_check_result): response = common_utils.get_response_by_response_body( HTTPStatus.OK, []) return common_utils.response(response, pm_logger) check_history_id = lastest_check_result["CheckHistoryID"] else: try: lastest_check_result = pm_latestCheckResult.query_key_by_check_history_id( trace_id, project_id, organization_id, check_history_id) except PmError as e: return common_utils.error_exception( MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not lastest_check_result): return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # チェック結果詳細情報を取得します。 try: if common_utils.is_null(group_filter) is True: check_result_items = pm_checkResultItems.get_security_check_detail( trace_id, check_history_id) else: check_result_items = pm_checkResultItems.get_security_check_detail( trace_id, check_history_id, CommonConst.GROUP_FILTER_TEMPLATE.format(group_filter)) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not check_result_items): response = common_utils.get_response_by_response_body( HTTPStatus.OK, []) return common_utils.response(response, pm_logger) # 個別チェック結果レコードに対して、各チェック結果に作成されたチェック結果ファイルを取得する。 response_body = [] for check_result_item in check_result_items: try: data = FileUtils.read_json(trace_id, "S3_CHECK_BUCKET", check_result_item["ResultJsonPath"]) except PmError as e: if e.cause_error.response['Error'][ 'Code'] == CommonConst.NO_SUCH_KEY: return common_utils.error_exception( MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) else: return common_utils.error_exception( MsgConst.ERR_S3_709, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) response_body.append(get_response_body(check_result_item, data)) # return response data response = common_utils.get_response_by_response_body( HTTPStatus.OK, response_body) return common_utils.response(response, pm_logger)
def get_security_check_resource(trace_id, coop_id, project_id, organization_id, check_item_code): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # リソース関連性のバリデーションチェックを行います。 try: awscoop_item = pm_awsAccountCoops.query_awscoop_coop_key( trace_id, coop_id) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not awscoop_item: return common_utils.error_common( MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # 最新チェック結果テーブルのチェック履歴IDCheckHistoryIDを取得します。 try: latest_check_result = pm_latestCheckResult.query_key( trace_id, project_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not latest_check_result: response = common_utils.get_response_by_response_body( HTTPStatus.OK, []) return common_utils.response(response, pm_logger) check_history_id = latest_check_result['CheckHistoryID'] # チェック結果詳細情報を取得します。 try: check_result_items = pm_checkResultItems.get_security_check_detail_by_check_result_and_check_item_code( trace_id, check_history_id, check_item_code, awscoop_item['AWSAccount']) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not check_result_items: response = common_utils.get_response_by_response_body( HTTPStatus.OK, []) return common_utils.response(response, pm_logger) # 個別チェック結果レコードに対して、各チェック結果に作成されたチェック結果ファイルを取得する。 response_body = [] for check_result_item in check_result_items: try: result_json_check_result_item = FileUtils.read_json( trace_id, "S3_CHECK_BUCKET", check_result_item["ResultJsonPath"]) except PmError as e: if e.cause_error.response['Error'][ 'Code'] == CommonConst.NO_SUCH_KEY: return common_utils.error_exception( MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) else: return common_utils.error_exception( MsgConst.ERR_S3_709, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) response_body.append( get_response_body(check_result_item, result_json_check_result_item)) # return response data response = common_utils.get_response_by_response_body( HTTPStatus.OK, response_body) return common_utils.response(response, pm_logger)
def get_security_check_summary(user_id): trace_id = user_id pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # 所属組織リストを取得します。 try: affiliations = pm_affiliation.query_userid_key_invite( trace_id, user_id, InvitationStatus.Belong) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not affiliations): response = common_utils.get_response_by_response_body( HTTPStatus.OK, []) return common_utils.response(response, pm_logger) ok_count = 0 ng_count = 0 critical_count = 0 managed_count = 0 error_count = 0 for affiliation in affiliations: try: # 最新チェック結果テーブルから組織ID をキーとして、クエリを行います。 list_latest_check_result = pm_latestCheckResult.query_organization_id( trace_id, affiliation['OrganizationID']) except PmError as e: return common_utils.error_exception( MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not list_latest_check_result): continue # 取得した所属組織に対して、所属組織ごとに最新チェック結果のチェック履歴IDを取得します。 for latest_check_result in list_latest_check_result: try: list_check_result = pm_checkResults.query_history_index( trace_id, latest_check_result['CheckHistoryID']) except PmError as e: return common_utils.error_exception( MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not list_check_result): continue # チェック結果を合計します。 for check_result in list_check_result: if common_utils.check_key('OKCount', check_result): ok_count += check_result['OKCount'] if common_utils.check_key('NGCount', check_result): ng_count += check_result['NGCount'] if common_utils.check_key('CriticalCount', check_result): critical_count += check_result['CriticalCount'] if common_utils.check_key('ManagedCount', check_result): managed_count += check_result['ManagedCount'] if common_utils.check_key('ErrorCount', check_result): error_count += check_result['ErrorCount'] # return data response response_body = { "okCount": int(ok_count), "ngCount": int(ng_count), "criticalCount": int(critical_count), "managedCount": int(managed_count), "errorCount": int(error_count) } response = common_utils.get_response_by_response_body( HTTPStatus.OK, response_body) return common_utils.response(response, pm_logger)
def list_item_settings(trace_id, organization_id, project_id, coop_id, group_filter): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # リソース関連性のバリデーションチェックを行います。 # プロジェクトテーブルに、プロジェクトID{project_id}をキーとしてクエリを実行します。 try: project = pm_projects.get_projects_by_organization_id( trace_id, project_id, organization_id) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # プロジェクトに該当レコードが存在しなかった場合(取得件数が0件) if (not project): return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # AWSアカウントAWSAccountは、AWSアカウント連携テーブルに、AWSアカウント連携ID{coop_id}をキーとしてクエリを実行します。 try: awscoops_item = pm_awsAccountCoops.query_awscoop_coop_key( trace_id, coop_id) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 有効なAWSアカウントが存在しなかった場合(取得件数が0件) if (not awscoops_item): return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # チェック項目除外情報を取得します。 account_refine_code = CommonConst.ACCOUNT_REFINE_CODE.format( organization_id, project_id, awscoops_item['AWSAccount']) try: exclusion_items = pm_exclusionitems.query_filter_account_refine_code( trace_id, account_refine_code, group_filter) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # マニュアル評価情報を取得します。 try: assessment_items = pm_assessmentItems.query_filter_account_refine_code( trace_id, account_refine_code, group_filter) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # リソース除外情報を取得します。 try: exclusion_resources = pm_exclusionResources.query_filter_account_refine_code( trace_id, account_refine_code, group_filter) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # メンバーズ加入アカウントの確認をします members = common_utils.get_value('Members', awscoops_item, Members.Disable) if (isinstance(members, Decimal)): members = int(members) # セキュリティチェック項目設定一覧の配列を作成します。 security_item_settings = [] list_check_item_code_exclusion = jmespath.search('[*].CheckItemCode', exclusion_items) list_check_item_code_assessment = jmespath.search('[*].CheckItemCode', assessment_items) list_check_item_code_exclusion_resource = jmespath.search( '[*].CheckItemCode', exclusion_resources) for check_item_code in LIST_CHECK_ITEM_CODE: # リクエストパラメータgroupFilterにてフィルタ文字列が指定されていた場合、その文字列に該当するチェック項目コードを持つチェックだけ配列へ含めます。 if (common_utils.is_null(group_filter) is False and group_filter not in check_item_code): continue # マネージド項目有無managedFlag managed_flag = ManagedFlag.NotManaged if (check_item_code in LIST_CHECK_ITEM_CODE_MANAGED): if members == Members.Enable: managed_flag = ManagedFlag.Managed # チェック項目除外有無exclusionFlag exclusion_flag = ExclusionFlag.Disable if (check_item_code in list_check_item_code_exclusion): exclusion_flag = ExclusionFlag.Enable # マニュアル評価設定有無assessmentFlag assessment_flag = AssessmentFlag.NotManual if (check_item_code in LIST_CHECK_ITEM_CODE_ASSESSMENT): assessment_flag = AssessmentFlag.NotAssessment if (check_item_code in list_check_item_code_assessment): assessment_flag = AssessmentFlag.Assessment # リソース除外設定有無excludedResourceFlag excluded_resource_flag = ExcludedResourceFlag.Other if (check_item_code in LIST_CHECK_ITEM_CODE_EXCLUDED_RESOURCE): excluded_resource_flag = ExcludedResourceFlag.Disable if (check_item_code in list_check_item_code_exclusion_resource): excluded_resource_flag = ExcludedResourceFlag.Enable security_item_setting = { "checkItemCode": check_item_code, "managedFlag": managed_flag, "exclusionFlag": exclusion_flag, "assessmentFlag": assessment_flag, "excludedResourceFlag": excluded_resource_flag } security_item_settings.append(security_item_setting) # 作成したSecurityItemSettingの配列をレスポンスとして作成します。 response = common_utils.get_response_by_response_body( HTTPStatus.OK, security_item_settings) return common_utils.response(response, pm_logger)
def execute_change_email(apply_id): pm_logger = common_utils.begin_logger(apply_id, __name__, inspect.currentframe()) # バリデーションチェックを行います if common_utils.is_null(apply_id): return common_utils.error_common(MsgConst.ERR_201, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # set default value caller_service_name = 'insightwatch' # S3から通知メール送信設定ファイルを取得します。 try: config = FileUtils.read_yaml(apply_id, CommonConst.S3_SETTING_BUCKET, CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) except PmError as e: pm_logger.error( "メールアドレス変更通知メール送信設定ファイルの取得に失敗しました。:s3://%s/%s", common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) common_utils.error_exception(MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) return common_utils.get_response_by_response_body( HTTPStatus.OK, CommonConst.DEFAULT_RESPONSE_ERROR_PAGE[caller_service_name], is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # set data response error page default response_error_page = config[CommonConst.KEY_RESPONSE_ERROR_PAGE.format( serviceName=caller_service_name)] # メールアドレス変更申請テーブルから申請レコードを取得します。 try: email_change_apply_info = pm_emailChangeApply.query_key( apply_id, apply_id, None) except PmError: pm_logger.error("メールアドレス変更申請テーブルでレコード取得に失敗しました。変更申請ID: %s", apply_id) return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) if not email_change_apply_info: pm_logger.warning("メールアドレス変更申請テーブルでレコードが存在しませんでした。変更申請ID: %s", apply_id) return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) user_name = email_change_apply_info['UserID'] if common_utils.check_key('CallerServiceName', email_change_apply_info): caller_service_name = email_change_apply_info['CallerServiceName'] # data response page response_error_page = config[CommonConst.KEY_RESPONSE_ERROR_PAGE.format( serviceName=caller_service_name)] response_execute_change_email = config[ CommonConst.KEY_RESPONSE_EXECUTE_CHANGE_EMAIL.format( serviceName=caller_service_name)] # メールアドレス変更申請テーブルから取得した UserID でCognito に合致する該当するユーザー情報を取得します。 try: user_info = aws_common.get_cognito_user_info_by_user_name( apply_id, user_name) except PmError: pm_logger.error("Cognitoから情報取得に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) if not user_info: pm_logger.warning("Cognitoにユーザーが存在しませんでした。ユーザーID: %s", user_name) return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) before_mail_address = email_change_apply_info['BeforeMailAddress'] after_mail_address = email_change_apply_info['AfterMailAddress'] # get cognito email cognito_email = jmespath.search("[?Name=='email'].Value | [0]", user_info['UserAttributes']) if before_mail_address != cognito_email: pm_logger.warning("変更前メールアドレスがCognitoのメールアドレスと合致しませんでした。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # Cognitoのメールアドレスを変更する try: user_attributes = [{ 'Name': 'email', 'Value': after_mail_address }, { 'Name': 'email_verified', 'Value': 'true' }] aws_common.update_cognito_user_attributes(apply_id, user_name, user_attributes) except PmError: pm_logger.error("Cognitoの項目変更に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # get list affiliations try: affiliations = pm_affiliation.query_userid_key(apply_id, user_name) except PmError: pm_logger.error("ユーザー所属テーブルでレコード取得に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) for affiliation in affiliations: try: org_notify_mail_destinations = pm_orgNotifyMailDestinations.query_key( apply_id, affiliation['OrganizationID'], CommonConst.NOTIFY_CODE, None) except PmError: pm_logger.error("組織別通知メール宛先テーブルでレコード取得に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) if org_notify_mail_destinations: destinations_update = [] for destination in org_notify_mail_destinations['Destinations']: if destination['MailAddress'] == before_mail_address: destination['MailAddress'] = after_mail_address destinations_update.append(destination) # update pm_orgNotifyMailDestinations try: attribute = {'Destinations': {"Value": destinations_update}} pm_orgNotifyMailDestinations.update( apply_id, org_notify_mail_destinations['OrganizationID'], org_notify_mail_destinations['NotifyCode'], attribute) except PmError: pm_logger.error("組織別通知メール宛先テーブルでレコード更新に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # update pm_affiliation try: attribute = {'MailAddress': {"Value": after_mail_address}} pm_affiliation.update_affiliation(apply_id, affiliation['UserID'], affiliation['OrganizationID'], attribute, affiliation['UpdatedAt']) except PmError: pm_logger.error("ユーザー所属テーブルでレコード更新に失敗しました。") return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # メールアドレス変更申請テーブルで変更申請ID{applyid}をキーにして申請レコードを削除する。 try: pm_emailChangeApply.delete(apply_id, apply_id) except PmError: pm_logger.error("メールアドレス変更申請テーブルでレコード削除に失敗しました。変更申請ID: %s", apply_id) return common_utils.get_response_by_response_body( HTTPStatus.OK, response_error_page, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) # data response response = common_utils.get_response_by_response_body( HTTPStatus.OK, response_execute_change_email, is_response_json=False, content_type=CommonConst.CONTENT_TYPE_TEXT_HTML) return common_utils.response(response, pm_logger)
def update_project(trace_id, project_id, organization_id, data_body): # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # Parse JSON try: body_object = json.loads(data_body) project_name = body_object["name"] description = body_object["description"] except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) # Validate list_error = validate_project(trace_id, project_name) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # Get project try: project_item = pm_projects.get_projects_by_organization_id( trace_id, project_id, organization_id) except PmError as err: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, err, pm_logger, True) if not project_item: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # update project if common_utils.is_null(description): description = None attribute = { 'ProjectName': { "Value": project_name }, 'Description': { "Value": description } } updated_at = project_item[0]['UpdatedAt'] try: pm_projects.update_project(trace_id, project_id, attribute, updated_at) except PmError as err: return common_utils.error_exception(MsgConst.ERR_DB_404, HTTPStatus.INTERNAL_SERVER_ERROR, err, pm_logger, True) # Get data update try: project_result = pm_projects.get_projects(trace_id, project_id, convert_response=True) except PmError as err: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, err, pm_logger, True) response = common_utils.get_response_by_response_body( HTTPStatus.OK, project_result[0]) # return data response return common_utils.response(response, pm_logger)
def create_report(trace_id, email, organization_id, project_id, data_body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: project = pm_projects.get_projects_by_organization_id( trace_id, project_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 組織情報を取得します。 if (not project): return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # Parse JSON try: body_object = json.loads(data_body) report_name = body_object["name"] aws_accounts = body_object["awsAccounts"] output_file_type = body_object["outputFileType"] except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) # Validate list_error = validate_report(trace_id, report_name, aws_accounts, output_file_type) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # Create report report_id = common_utils.get_uuid4() status = Status.Waiting.value html_output_status = Status.Waiting.value excel_output_status = Status.Waiting.value schema_version = CommonConst.SCHEMA_VERSION try: pm_reports.create_report(trace_id, report_id, report_name, email, aws_accounts, status, None, None, None, html_output_status, None, None, excel_output_status, None, None, schema_version, organization_id, project_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # AWS利用状況情報収集ジョブの設定 # レポート中間ファイル作成ジョブの設定 # レポート出力ジョブの設定 codes = [ 'COLLECT_AWS_RESOURCE_INFO', 'OUTPUT_REPORT_JSON', 'OUTPUT_REPORT_EXCEL' ] job_id = [] for code in codes: response, job_id = job_report(trace_id, email, report_id, code, job_id) if response: # Delete report pm_reports.delete_reports(trace_id, report_id) return response try: report = pm_reports.query_report(trace_id, report_id, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return data response response = common_utils.get_response_by_response_body( HTTPStatus.CREATED, report) return common_utils.response(response, pm_logger)
def update_awscoop(trace_id, project_id, organization_id, coop_id, data_body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # Parse JSON try: body_object = json.loads(data_body) aws_account = body_object["awsAccount"] role_name = body_object["roleName"] description = body_object["description"] aws_account_name = body_object['awsAccountName'] except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) # Validate list_error = validate_update_awscoop(aws_account, role_name) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # Get data AWSアカウント連携 try: awscoops_item = pm_awsAccountCoops.get_awscoops_update( trace_id, coop_id, project_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 組織情報を取得します。 if awscoops_item is None: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # ロールのアクセス確認 if common_utils.is_null(description): description = None if common_utils.is_null(aws_account_name): aws_account_name = None external_id = awscoops_item['ExternalID'] effective = Effective.Disable.value members = None if (checkaccess.check_access_to_aws(trace_id, aws_account, role_name, external_id)): effective = Effective.Enable.value # IAMクライアントを用いて、IAMロールcm-membersportalを取得します。 try: session = aws_common.create_session_client(trace_id, aws_account, role_name, external_id) members = IAMUtils.get_membership_aws_account( trace_id, session, aws_account) except PmError as e: common_utils.write_log_pm_error(e, pm_logger, exc_info=True) # update project attribute = { 'AWSAccount': { "Value": aws_account }, 'RoleName': { "Value": role_name }, 'Description': { "Value": description }, 'Effective': { "Value": effective }, 'AWSAccountName': { "Value": aws_account_name } } if (members is not None): attribute['Members'] = {"Value": members} updated_at = awscoops_item['UpdatedAt'] try: pm_awsAccountCoops.update_awscoops(trace_id, coop_id, attribute, updated_at) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # Get data response try: awscoops_item = pm_awsAccountCoops.query_awscoop_coop_key( trace_id, coop_id, convert_response=True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return data response response = common_utils.get_response_by_response_body( HTTPStatus.OK, awscoops_item) return common_utils.response(response, pm_logger)
def delete_organization(trace_id, email, organization_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: organization_item = pm_organizations.get_organization( trace_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if (not organization_item): return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) try: # delete organization pm_organizations.delete_organization(trace_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_405, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) try: # get affiliations get by organization id affiliation_items = pm_affiliation.query_organization_index( trace_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) for affiliation in affiliation_items: try: # delete affiliations get by organization id pm_affiliation.delete_affiliation(affiliation["UserID"], organization_id) except PmError as e: return common_utils.error_exception( MsgConst.ERR_DB_405, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # set task informaiton request delete in Organization Tasks task_id = common_utils.get_uuid4() target = CommonConst.TARGET_DELETE_ORG_USER.format( affiliation["UserID"], organization_id) try: # create task informaiton request delete in Organization Tasks pm_organizationTasks.create_organizationTask( trace_id, task_id, CommonConst.TASK_TYPE_CODE_DELETE_ORG_USER, target, trace_id, email, Status.Waiting.value, 0, 3) except PmError as e: return common_utils.error_exception( MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) try: # Send message to organization topic task aws_common.sns_organization_topic( trace_id, task_id, CommonConst.TASK_TYPE_CODE_DELETE_ORG_USER) except PmError as e: common_utils.write_log_pm_error(e, pm_logger, exc_info=True) # set task informaiton request delete in Organization Tasks task_id = common_utils.get_uuid4() try: # create task informaiton request delete in Organization Tasks pm_organizationTasks.create_organizationTask( trace_id, task_id, CommonConst.TASK_TYPE_CODE_DELETE_ORG, organization_id, trace_id, email, 0, 0, 3) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # Send message to organization topic task aws_common.sns_organization_topic(trace_id, task_id, CommonConst.TASK_TYPE_CODE_DELETE_ORG, organization_id, trace_id) # response if delete success response = common_utils.get_response_by_response_body( HTTPStatus.NO_CONTENT, None) return common_utils.response(response, pm_logger)
def execute_copy_item_setting(trace_id, organization_id_destination, project_id_destination, coop_id_destination, body_object, email, user_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # Parse JSON try: body_object_json = json.loads(body_object) organization_id_source = body_object_json['copy_source'][ 'organization_id'] project_id_source = body_object_json['copy_source']['project_id'] coop_id_source = body_object_json['copy_source']['coop_id'] except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) # アクセス権限チェックを行います。コピー元の組織ID response_authority_source = checkauthority.authority( trace_id, user_id, organization_id_source, Authority.Editor) if response_authority_source: return common_utils.response(response_authority_source, pm_logger) # アクセス権限チェックを行います。コピー先の組織ID response_authority_destination = checkauthority.authority( trace_id, user_id, organization_id_destination, Authority.Editor) if response_authority_destination: return common_utils.response(response_authority_destination, pm_logger) # リソース関連性のバリデーションチェックを行います。 # コピー元のAWSアカウント連携ID{coop_id}をキーとして、AWSアカウント連携テーブルへクエリを実行する。 try: awscoops_item_source = pm_awsAccountCoops.query_awscoop_coop_key( trace_id, coop_id_source) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 有効なAWSアカウントが存在しなかった場合(取得件数が0件) if not awscoops_item_source: return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # コピー先のAWSアカウント連携ID{coopId}をキーとして、AWSアカウント連携テーブルへクエリを実行する。 try: awscoops_item_destination = pm_awsAccountCoops.query_awscoop_coop_key( trace_id, coop_id_destination) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 有効なAWSアカウントが存在しなかった場合(取得件数が0件) if not awscoops_item_destination: return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # コピー元のチェック項目除外情報を取得します。 account_refine_code_source = CommonConst.ACCOUNT_REFINE_CODE.format( organization_id_source, project_id_source, awscoops_item_source['AWSAccount']) try: exclusion_items_source = pm_exclusionitems.query_filter_account_refine_code( trace_id, account_refine_code_source) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # コピー元のマニュアル評価情報を取得します。 try: assessment_items_source = pm_assessmentItems.query_filter_account_refine_code( trace_id, account_refine_code_source) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # PM_AssessmentItemsとPM_ExclusionItems両方のレコードが取得できなかった場合、エラーログを出力してエラーレスポンスを返します。 if len(exclusion_items_source) == 0 and len(assessment_items_source) == 0: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) aws_account_destination = awscoops_item_destination['AWSAccount'] account_refine_code_destination = CommonConst.ACCOUNT_REFINE_CODE.format( organization_id_destination, project_id_destination, aws_account_destination) time_to_live_exclusion_destination = common_utils.get_time_to_live( CommonConst.EXCLUSION_EXPIRATION_DATE) # 作成処理は、先に取得した「コピー元のチェック項目除外情報」のレコード数分、繰り返します。 try: for exclusion_item in exclusion_items_source: exclusion_item_id_destination = CommonConst.EXCLUSIONITEM_ID.format( organization_id_destination, project_id_destination, aws_account_destination, exclusion_item['CheckItemCode']) pm_exclusionitems.create( trace_id, exclusion_item_id_destination, organization_id_destination, project_id_destination, aws_account_destination, exclusion_item['CheckItemCode'], time_to_live_exclusion_destination, common_utils.get_value("ExclusionComment", exclusion_item), user_id, email, account_refine_code_destination) except Exception: return common_utils.error_common(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, pm_logger) time_to_live_assessment_destination = common_utils.get_time_to_live( CommonConst.ASSESSMENT_EXPIRATION_DATE) # 作成処理は、先に取得した「コピー元のマニュアル評価情報」のレコード数分、繰り返します。 try: for assessment_item in assessment_items_source: assessment_item_id_destination = CommonConst.ASSESSMENTITEM_ID.format( organization_id_destination, project_id_destination, aws_account_destination, assessment_item['CheckItemCode']) pm_assessmentItems.create( trace_id, assessment_item_id_destination, organization_id_destination, project_id_destination, aws_account_destination, assessment_item['CheckItemCode'], time_to_live_assessment_destination, common_utils.get_value("AssessmentComment", assessment_item), user_id, email, account_refine_code_destination) except Exception: return common_utils.error_common(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, pm_logger) # return response data response = common_utils.get_response_by_response_body( HTTPStatus.NO_CONTENT, None) return common_utils.response(response, pm_logger)
def create_excluded_resources(trace_id, user_id, organization_id, project_id, coop_id, check_item_code, email, data_body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # AWSアカウントAWSAccountは、AWSアカウント連携テーブルに、AWSアカウント連携ID{coop_id}をキーとしてクエリを実行します。 try: awscoops_item = pm_awsAccountCoops.query_awscoop_coop_key( trace_id, coop_id) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 有効なAWSアカウントが存在しなかった場合(取得件数が0件) if (not awscoops_item): return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # チェック項目コード if check_item_code not in LIST_CHECK_ITEM_CODE_EXCLUDED_RESOURCE: return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # リクエストボディのJSONでパースエラーが発生した場合は、エラーログを出力してエラーレスポンスを返します。 try: body_object = json.loads(data_body) except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) region_name = common_utils.get_value("regionName", body_object, None) resource_type = common_utils.get_value("resourceType", body_object, None) resource_name = common_utils.get_value("resourceName", body_object, None) exclusion_comment = common_utils.get_value("exclusionComment", body_object, None).strip() # 全てのチェックを行い、エラーがあった場合はエラーログを出力してエラーレスポンスを返します。 list_error = validate_create_excluded_resources(region_name, resource_type, resource_name, exclusion_comment) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) aws_account = awscoops_item['AWSAccount'] check_item_refine_code = CommonConst.CHECK_ITEM_REFINE_CODE.format( organization_id, project_id, aws_account, check_item_code) try: excluded_resource = pm_exclusionResources.query_filter_region_name_and_resource_name( trace_id, check_item_refine_code, region_name, resource_type, resource_name) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not excluded_resource: exclusion_resource_id = common_utils.get_uuid4() account_refine_code = CommonConst.ACCOUNT_REFINE_CODE.format( organization_id, project_id, aws_account) time_to_live_date = date_utils.get_current_date() + timedelta(days=180) time_to_live = Decimal(time_to_live_date.timestamp()) # リソース除外設定テーブルに除外設定レコードを作成します。 try: pm_exclusionResources.create( user_id, exclusion_resource_id, organization_id, project_id, aws_account, check_item_code, region_name, resource_type, resource_name, exclusion_comment, email, account_refine_code, check_item_refine_code, time_to_live) except Exception as e: return common_utils.error_exception( MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) else: exclusion_resource_id = excluded_resource[0]["ExclusionResourceID"] attribute = {'ExclusionComment': {"Value": exclusion_comment}} try: pm_exclusionResources.update(trace_id, exclusion_resource_id, attribute) except Exception as e: return common_utils.error_exception( MsgConst.ERR_DB_404, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) try: excluded_resource_new = pm_exclusionResources.query_key( trace_id, exclusion_resource_id, True) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return response data response = common_utils.get_response_by_response_body( HTTPStatus.CREATED, excluded_resource_new) return common_utils.response(response, pm_logger)
def delete_excluded_resources(trace_id, organization_id, project_id, check_item_code, coop_id, region_name, resource_type, resource_name): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # validate param query string of delete exclusion resource list_error = validate_excluded_resources(region_name, resource_type, resource_name, is_query_string=True) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # リソース関連性のバリデーションチェックを行います。 try: awscoop_item = pm_awsAccountCoops.query_awscoop_coop_key( trace_id, coop_id) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not awscoop_item: return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) check_item_refine_code = CommonConst.CHECK_ITEM_REFINE_CODE.format( organization_id, project_id, awscoop_item['AWSAccount'], check_item_code) # リソース除外設定情報を取得します。 try: exclusion_resources = pm_exclusionResources.query_check_item_refine_code( trace_id, check_item_refine_code) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not exclusion_resources: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) patern_filter_data = "[?RegionName == '{0}' && ResourceType == '{1}' && ResourceName == '{2}']".format( region_name, resource_type, resource_name) list_exclusion_resource_delete = jmespath.search(patern_filter_data, exclusion_resources) if len(list_exclusion_resource_delete) == 0: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # リソース除外設定情報を削除します。 for exclusion_resource_delete in list_exclusion_resource_delete: try: pm_exclusionResources.delete( trace_id, exclusion_resource_delete['ExclusionResourceID']) except Exception as e: return common_utils.error_exception( MsgConst.ERR_DB_405, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return response data response = common_utils.get_response_by_response_body( HTTPStatus.NO_CONTENT, None) return common_utils.response(response, pm_logger)
def create_excluesion_item(trace_id, user_id, organization_id, project_id, email, check_item_code, coop_id, data_body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # リソース関連性のバリデーションチェックを行います。 try: awscoop_item = pm_awsAccountCoops.query_awscoop_coop_key( trace_id, coop_id) except Exception as err: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, err, pm_logger, True) if not awscoop_item: return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # リクエストボディのJSONでパースエラーが発生した場合は、エラーログを出力してエラーレスポンスを返します。 try: body_object = json.loads(data_body) exclusion_comment = body_object["exclusionComment"].strip() except Exception as err: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, err, pm_logger, True) # 全てのチェックを行い、エラーがあった場合はエラーログを出力してエラーレスポンスを返します。 list_error = validate_insert(exclusion_comment) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # チェック項目除外設定テーブルに除外設定レコードを作成します。 aws_account = awscoop_item['AWSAccount'] exclusion_item_id = CommonConst.EXCLUSIONITEM_ID.format( organization_id, project_id, aws_account, check_item_code) account_refine_code = CommonConst.ACCOUNT_REFINE_CODE.format( organization_id, project_id, aws_account) time_to_live_date = date_utils.get_current_date() + timedelta(days=180) time_to_live = Decimal(time_to_live_date.timestamp()) try: pm_exclusionitems.create(trace_id, exclusion_item_id, organization_id, project_id, aws_account, check_item_code, time_to_live, exclusion_comment, user_id, email, account_refine_code) except Exception as e: return common_utils.error_common(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, pm_logger) try: exclusion_item = pm_exclusionitems.query_key(trace_id, exclusion_item_id, True) except Exception as err: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, err, pm_logger, True) # return response data response = common_utils.get_response_by_response_body( HTTPStatus.CREATED, exclusion_item) return common_utils.response(response, pm_logger)
def job_report(trace_id, email, report_id, code, job_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) try: report_job_def = pm_batchJobDefs.query_report_job_def_key( trace_id, code) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True), None if not report_job_def: pm_logger.error("ジョブ定義情報が取得できませんでした。:" + code) return common_utils.error_common(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, pm_logger), None # ログID(UUID(v4)) log_id = common_utils.get_uuid4() # AWS Batch job_name = code + "-" + log_id job_queue = report_job_def['JobQueue'] job_definition = report_job_def['JobDefinition'] parameters = { "ReportID": "--reportId=" + report_id, "LogID": "--logId=" + log_id } container_overrides = {} if (common_utils.check_key('Environment', report_job_def) and len(report_job_def['Environment']) > 0): container_overrides = report_job_def['Environment'] max_retry = report_job_def['MaxRetry'] try: # submid job job_id, parameter = aws_common.submit_job(trace_id, job_name, job_queue, job_id, job_definition, parameters, container_overrides, max_retry) except PmError as e: return common_utils.error_exception(MsgConst.ERR_AWS_601, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True), None # Create ReportJobLogs user_id = trace_id # 配列内のオブジェクトとして格納されていたので、job_idのみを抽出する(暫定対応) job_id_key = job_id[0]['jobId'] date_now = common_utils.get_current_date() try: report_log = { 'ReportID': report_id, 'LogID': log_id, 'Code': code, 'UserID': user_id, 'MailAddress': email, 'JobID': job_id_key, 'Parameter': parameter, 'CreatedAt': date_now, 'UpdatedAt': date_now } s3_file_name = CommonConst.PATH_REPORT_BATCH.format( report_id, log_id + ".json") FileUtils.upload_json(trace_id, "S3_BATCH_LOG_BUCKET", report_log, s3_file_name) except PmError as e: return common_utils.error_exception(MsgConst.ERR_S3_701, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True), None return common_utils.response(None, pm_logger), job_id
def update_authority(trace_id, organization_id, user_id, data_body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # Parse JSON try: body_object = json.loads(data_body) authority = body_object["authority"] except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) # Validate list_error = common_utils.validate_authority(trace_id, authority) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # check the update condition if user_id == trace_id and authority != Authority.Owner.value: try: count = pm_affiliation.query_users_check_authority_count( trace_id, user_id, organization_id, Authority.Owner) except PmError as e: return common_utils.error_exception( MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if count == 0: return common_utils.error_common(MsgConst.ERR_REQUEST_203, HTTPStatus.PRECONDITION_FAILED, pm_logger) # get user to update try: user = pm_affiliation.query(user_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not user: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # update user authority attribute = {'Authority': {"Value": authority}} updated_at = user[0]['UpdatedAt'] try: pm_affiliation.update_affiliation(trace_id, user_id, organization_id, attribute, updated_at) except PmError as err: return common_utils.error_exception(MsgConst.ERR_DB_404, HTTPStatus.INTERNAL_SERVER_ERROR, err, pm_logger, True) # Get data update try: user_result = pm_affiliation.get_affiliation(user_id, organization_id, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) response = common_utils.get_response_by_response_body( HTTPStatus.OK, user_result) # return data response return common_utils.response(response, pm_logger)
def create_organization(trace_id, email, data_body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # Parse JSON try: body_object = json.loads(data_body) organization_name = body_object["name"] contract = body_object["contract"] contract_status = body_object["contractStatus"] except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) # Validate list_error = validate_insert(organization_name, contract, contract_status) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # Create Organization organization_id = str(uuid.uuid4()) try: pm_organizations.create_organization(trace_id, organization_id, organization_name, contract, contract_status) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # Create Affiliation try: pm_affiliation.create_affiliation(trace_id, email, trace_id, organization_id, Authority.Owner.value, InvitationStatus.Belong.value) except PmError as e: # Delete Organizations pm_organizations.delete_organization(trace_id, organization_id) # 例外スタックトレースをログに出力する。 return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 組織情報を取得します。 try: organization_item = pm_organizations.get_organization( trace_id, organization_id, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) response = common_utils.get_response_by_response_body( HTTPStatus.CREATED, organization_item) # return data response return common_utils.response(response, pm_logger)
def create_invite(trace_id, organization_id, data_body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) attributesToGet = "email_verified" key = "Name" value = "Value" # Parse JSON try: body_object = json.loads(data_body) mail_address = body_object["mailAddress"] authority = body_object["authority"] except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) # validate authority list_error = validate_params_invite(trace_id, mail_address, authority) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # get list cognito users try: list_users = aws_common.get_cognito_user_pools(trace_id, mail_address, attributesToGet) if len(list_users) == 0: list_error = [] list_error.append( common_utils.get_error_validate(MsgConst.ERR_VAL_999, "mail_address", mail_address)) return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) list_user_verified = [] for user in list_users: # get value of key email_verified in attribute for user_attr in user["Attributes"]: if common_utils.check_key( key, user_attr) and user_attr[key] == attributesToGet: email_verified = user_attr[value] # check email_verified is true if email_verified == "true": list_user_verified.append(user["Username"]) if len(list_user_verified) == 0: list_error = [] list_error.append( common_utils.get_error_validate(MsgConst.ERR_VAL_999, "mail_address", mail_address)) return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) except PmError as e: return common_utils.error_exception(MsgConst.ERR_COGNITO_501, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # get affiliation try: user_id = list_user_verified[0] affiliation = pm_affiliation.get_affiliation(user_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if affiliation and affiliation["InvitationStatus"] != InvitationStatus.Deny: return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT, pm_logger) # get organization try: organization = pm_organizations.get_organization( trace_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not organization: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # create affiliation try: pm_affiliation.create_affiliation(trace_id, mail_address, user_id, organization_id, authority, InvitationStatus.Invited) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # get affiliation just create new to response try: affiliation_created = pm_affiliation.get_affiliation( user_id, organization_id, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) response = common_utils.get_response_by_response_body( HTTPStatus.CREATED, affiliation_created) # return data response return common_utils.response(response, pm_logger)
def create_notifymail(trace_id, organization_id, data_body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # リクエストボディのJSONでパースエラーが発生した場合は、ログを出力してエラーレスポンスを返します。 try: body_object = json.loads(data_body) notify_code = body_object["notifyCode"] users = body_object["users"] except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) # 全てのチェックを行い、エラーがあった場合はログを出力してエラーレスポンスを返します。 list_error = validate_notifymail(notify_code, users) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # 宛先ユーザーのメールアドレスを取得します。 destinations = [] for user_id in users: try: affiliation = pm_affiliation.get_affiliation( user_id, organization_id) except PmError as e: return common_utils.error_exception( MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # レコードが取得できなかった場合、そのユーザーは宛先ユーザーから除外します。 if (not affiliation): continue # 宛先ユーザー配列は、ユーザーIDとメールアドレスを属性として持つオブジェクトの配列として表現します。 destination = { "UserID": user_id, "MailAddress": affiliation['MailAddress'] } destinations.append(destination) if len(destinations) == 0: list_error = [] list_error.append( common_utils.get_error_validate(MsgConst.ERR_VAL_999, "users", users)) return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # 宛先情報を作成します。 try: pm_orgNotifyMailDestinations.create(trace_id, organization_id, notify_code, destinations) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 宛先情報を取得します。 try: result = pm_orgNotifyMailDestinations.query_key( trace_id, organization_id, notify_code, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) response = common_utils.get_response_by_response_body( HTTPStatus.CREATED, result) # return data response return common_utils.response(response, pm_logger)
def execute_force_invites(trace_id, body_object, organization_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # parse json try: body_object_json = json.loads(body_object) except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) caller_service_name = common_utils.get_value("callerServiceName", body_object_json, None) mail_lang = common_utils.get_value("mailLang", body_object_json, None) mail_address = common_utils.get_value("mailAddress", body_object_json, None) authority = common_utils.get_value("authority", body_object_json, None) # validate param execute invite unregistered list_error = validate_param_invite_unregistered_user( trace_id, mail_lang, caller_service_name, mail_address, authority) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # get list cognito users try: list_users = aws_common.get_cognito_user_pools(trace_id, mail_address) except PmError as e: return common_utils.error_exception(MsgConst.ERR_COGNITO_501, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if list_users: return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT, pm_logger) # regist Cognito UserPools temporary_password = '' pattern = re.compile(CommonConst.FORMAT_PASSWORD_TEMPORARY) while pattern.match(temporary_password) is None: temporary_password = common_utils.get_password_temporary( CommonConst.NUMBER_CHARACTERS_PASSWORD_TEMPORARY) user_attributes = [{"Name": "email", "Value": mail_address}] user_name = common_utils.get_uuid4() message_action = MessageAction.Suppress try: aws_common.process_admin_create_user_pools(trace_id, user_name, user_attributes, temporary_password, message_action) except PmError as e: return common_utils.error_exception(MsgConst.ERR_COGNITO_501, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # enable confirm email try: user_attributes = [{'Name': 'email_verified', 'Value': 'true'}] aws_common.update_cognito_user_attributes(trace_id, user_name, user_attributes) except PmError as e: return common_utils.error_exception(MsgConst.ERR_COGNITO_501, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # get affiliation try: affiliation = pm_affiliation.get_affiliation(user_name, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if affiliation and affiliation["InvitationStatus"] != InvitationStatus.Deny: return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT, pm_logger) # get organization try: organization = pm_organizations.get_organization( trace_id, organization_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if len(organization) == 0: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # create affiliation try: pm_affiliation.create_affiliation(trace_id, mail_address, user_name, organization_id, authority, InvitationStatus.Invited) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # Get data affiliation try: affiliation_result = pm_affiliation.get_affiliation( user_name, organization_id, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # Get data user_attribute try: user_attribute = pm_userAttribute.query_key(trace_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # S3から通知メール送信設定ファイルを取得します。 try: config = FileUtils.read_yaml(trace_id, CommonConst.S3_SETTING_BUCKET, CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) except PmError as e: pm_logger.error("メール送信設定ファイルの取得に失敗しました。:s3://{0}/{1}".format( common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL)) return common_utils.error_exception(MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # メッセージ本文を作成します。 path_file_template = config[ CommonConst.KEY_GET_PATH_FILE_TEMPLATE_USER_INVITE_MAIL.format( language=mail_lang, serviceName=caller_service_name)] try: template_body_mail = FileUtils.read_decode( trace_id, CommonConst.S3_SETTING_BUCKET, path_file_template) except PmError as e: pm_logger.error("招待メール本文テンプレートファイルの取得に失敗しました。:s3://{0}/{1}".format( common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), path_file_template)) return common_utils.error_exception(MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # SESで通知メールを送信します。 bcc_addresses = [mail_address] user_name_sign_in = common_utils.get_value("UserName", user_attribute, None) if not user_name_sign_in: try: affiliation_sign_in = pm_affiliation.get_affiliation( trace_id, organization_id) except PmError as e: return common_utils.error_exception( MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) user_name_sign_in = common_utils.get_value("MailAddress", affiliation_sign_in, None) organization_name = common_utils.get_value("OrganizationName", organization, None) time_zone = date_utils.get_time_zone_by_language(mail_lang) time_to_live_date = date_utils.get_current_date() + timedelta(days=6) time_to_live = date_utils.toString(time_to_live_date, date_utils.PATTERN_YYYYMMDD_SLASH, time_zone) template_body_mail = Template(template_body_mail) context = { 'mailAddress': mail_address, 'userName': user_name_sign_in, 'organizationName': organization_name, 'temporaryPassword': temporary_password, 'timeToLive': time_to_live } body_mail = template_body_mail.render(context) mail_subject = config[CommonConst.KEY_MAIL_SUBJECT_USER_INVITE.format( language=mail_lang, serviceName=caller_service_name)] mail_from = config[CommonConst.KEY_INVITE_MAIL_FROM_SERVICE.format( serviceName=caller_service_name)] ses_region = config['ses.region'] try: aws_common.send_email(user_name, ses_region, mail_from, bcc_addresses, mail_subject, body_mail) except PmError as e: pm_logger.error("通知メール送信に失敗しました。") return common_utils.error_exception(MsgConst.ERR_SES_801, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) response = common_utils.get_response_by_response_body( HTTPStatus.CREATED, affiliation_result) # return data response return common_utils.response(response, pm_logger)
def apply_change_email(user_id, mail_before_change, data_body): pm_logger = common_utils.begin_logger(user_id, __name__, inspect.currentframe()) # Parse JSON try: body_object = json.loads(data_body) except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) mail_after_change = common_utils.get_value("mailAddress", body_object, None) caller_service_name = common_utils.get_value("callerServiceName", body_object, None) mail_lang = common_utils.get_value("mailLang", body_object, None) # validate list_errors = validate_param_apply_change_email(user_id, mail_lang, caller_service_name, mail_before_change) if list_errors: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_errors, pm_logger) # Cognito UserPoolsから変更するメールアドレス{mailaddress}に該当するユーザー情報情報を取得します。 try: list_users = aws_common.get_cognito_user_pools(user_id, mail_after_change, "email") except PmError as e: return common_utils.error_exception(MsgConst.ERR_COGNITO_501, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if list_users: return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT, pm_logger) # メールアドレス変更申請テーブルから申請レコードを取得します。 try: list_email_change_apply = pm_emailChangeApply.query_user_index(user_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if list_email_change_apply: return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT, pm_logger) # メールアドレス変更申請テーブルに申請レコードを作成します。 apply_id = common_utils.get_uuid4() time_to_live = common_utils.get_time_to_live( CommonConst.EMAIL_CHANGE_APPLY_EXPIRATION_DATE) try: pm_emailChangeApply.create(user_id, apply_id, mail_before_change, mail_after_change, time_to_live, caller_service_name) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # get record PM_EmailChangeApply try: result = pm_emailChangeApply.query_key(user_id, apply_id, convert_response=True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # S3から通知メール送信設定ファイルを取得します。 try: config = FileUtils.read_yaml(user_id, CommonConst.S3_SETTING_BUCKET, CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) except PmError as e: pm_logger.error( "メールアドレス変更通知メール送信設定ファイルの取得に失敗しました。:s3://%s/%s", common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), CommonConst.NOTIFY_CONFIG_CIS_RESULT_MAIL) return common_utils.error_exception(MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) path_file_template = config[ CommonConst.KEY_GET_PATH_FILE_TEMPLATE_MAIL_SERVICE.format( language=mail_lang, serviceName=caller_service_name)] # 通知メール本文を作成 try: template_body_mail = FileUtils.read_decode( user_id, CommonConst.S3_SETTING_BUCKET, path_file_template) except PmError as e: pm_logger.error( "メールアドレス変更通知メール本文テンプレートファイルの取得に失敗しました。:s3://%s/%s", common_utils.get_environ(CommonConst.S3_SETTING_BUCKET), path_file_template) return common_utils.error_exception(MsgConst.ERR_S3_702, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # SESで通知メールを送信します。 bcc_addresses = [mail_after_change] template_body_mail = Template(template_body_mail) body_mail = template_body_mail.render(ApplyID=apply_id) mail_subject = config[CommonConst.KEY_MAIL_SUBJECT_SERVICE.format( language=mail_lang, serviceName=caller_service_name)] mail_form = config[CommonConst.KEY_MAIL_FROM_SERVICE.format( serviceName=caller_service_name)] try: aws_common.send_email(user_id, config['ses.region'], mail_form, bcc_addresses, mail_subject, body_mail) except PmError as e: pm_logger.error("通知メール送信に失敗しました。") return common_utils.error_exception(MsgConst.ERR_SES_801, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return data response response = common_utils.get_response_by_response_body( HTTPStatus.CREATED, result) return common_utils.response(response, pm_logger)
def execute_security_check_from_external(trace_id, webhook_path): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) webhook = None try: webhooks = pm_securityCheckWebhook.query_webhook_index( trace_id, webhook_path, convert_response=True) if (webhooks): webhook = pm_securityCheckWebhook.query_key( trace_id, webhooks[0]['id']) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) if not webhook: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) if not webhook['Enabled']: return common_utils.error_common(MsgConst.ERR_REQUEST_203, HTTPStatus.FORBIDDEN, pm_logger) user_id = webhook['UserID'] email = webhook['MailAddress'] organization_id = webhook['OrganizationID'] project_id = webhook['ProjectID'] id = webhook['SecurityCheckWebhookID'] try: histories = pm_securityCheckWebhookCallHistory.query(trace_id, id) if histories: yesterday = datetime.now(timezone.utc) - timedelta(days=1) recentries = list( filter( lambda h: datetime.strptime(h['CreatedAt'], '%Y-%m-%d %H:%M:%S.%f').astimezone(timezone.utc) > yesterday and h['ExecutedStatus'] == 'Success', histories)) if len(recentries) >= webhook['MaxDailyExecutedCount']: return common_utils.error_common(MsgConst.ERR_REQUEST_203, HTTPStatus.TOO_MANY_REQUESTS, pm_logger) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) response = execute_security_check_with_executed_type( trace_id, organization_id, project_id, user_id, email, ExecutedType.External) executed_status = 'Success' if response[ 'statusCode'] == HTTPStatus.CREATED else 'Failure' try: pm_securityCheckWebhookCallHistory.create(trace_id, id, executed_status) except PmError as e: return common_utils.error_exception(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) return response
def update_user_attributes(user_id, data_body): pm_logger = common_utils.begin_logger(user_id, __name__, inspect.currentframe()) try: body_object = json.loads(data_body) except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) try: user = pm_userAttribute.query_key(user_id) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) user_name = get_data_json_by_key("userName", body_object) company_name = get_data_json_by_key("companyName", body_object) department_name = get_data_json_by_key("departmentName", body_object) company_flg = common_utils.get_value("companyFlg", body_object, None) country_code = get_data_json_by_key("countryCode", body_object) caller_service_name = common_utils.get_value("callerServiceName", body_object, None) # validate param info user attribute list_error = validate_info_user_attribute(caller_service_name) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) if user is None: # Create User try: pm_userAttribute.create(user_id, user_name, company_name, department_name, MailStatus.Normal, company_flg, country_code, caller_service_name) except PmError as e: return common_utils.error_exception( MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) else: # Update User attribute = { 'UserName': { "Value": user_name }, 'CompanyName': { "Value": company_name }, 'DepartmentName': { "Value": department_name } } if company_flg is not None: attribute['CompanyFlg'] = {"Value": company_flg} if country_code is not None: attribute['CountryCode'] = {"Value": country_code} try: pm_userAttribute.update(user_id, attribute) except PmError as e: return common_utils.error_exception( MsgConst.ERR_DB_404, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # Get data response try: user = pm_userAttribute.query_key(user_id, True) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return data response response = common_utils.get_response_by_response_body(HTTPStatus.OK, user) return common_utils.response(response, pm_logger)
def create_assessment_item(trace_id, user_id, organization_id, project_id, coop_id, check_item_code, email, data_body): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # AWSアカウントAWSAccountは、AWSアカウント連携テーブルに、AWSアカウント連携ID{coop_id}をキーとしてクエリを実行します。 try: awscoops_item = pm_awsAccountCoops.query_awscoop_coop_key( trace_id, coop_id) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 有効なAWSアカウントが存在しなかった場合(取得件数が0件) if (not awscoops_item): return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # リクエストボディのJSONでパースエラーが発生した場合は、エラーログを出力してエラーレスポンスを返します。 try: body_object = json.loads(data_body) assessment_comment = body_object["assessmentComment"].strip() except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) # 全てのチェックを行い、エラーがあった場合はエラーログを出力してエラーレスポンスを返します。 list_error = validate_insert_assessment(check_item_code, assessment_comment) if list_error: return common_utils.error_validate(MsgConst.ERR_REQUEST_201, HTTPStatus.UNPROCESSABLE_ENTITY, list_error, pm_logger) # 評価結果テーブルに評価レコードを作成します。 aws_account = awscoops_item['AWSAccount'] assessment_item_id = CommonConst.ASSESSMENTITEM_ID.format( organization_id, project_id, aws_account, check_item_code) account_refine_code = CommonConst.ACCOUNT_REFINE_CODE.format( organization_id, project_id, aws_account) time_to_live_date = date_utils.get_current_date() + timedelta(days=180) time_to_live = Decimal(time_to_live_date.timestamp()) try: pm_assessmentItems.create(trace_id, assessment_item_id, organization_id, project_id, aws_account, check_item_code, time_to_live, assessment_comment, user_id, email, account_refine_code) except Exception: return common_utils.error_common(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, pm_logger) try: assessment_item = pm_assessmentItems.query_key(trace_id, assessment_item_id, True) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return response data response = common_utils.get_response_by_response_body( HTTPStatus.CREATED, assessment_item) return common_utils.response(response, pm_logger)