def test_authority_true(self): with patch('premembers.common.checkauthority.check_authority', return_value=True): response = checkauthority.authority(trace_id, user_id, organization_id, Authority["Owner"]) self.assertEqual(response, None)
def delete_excluded_resources_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = trace_id organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) check_item_code = eventhelper.get_check_item_code(event) coop_id = eventhelper.get_coop_id(event) region_name = eventhelper.get_region_name(event) resource_type = eventhelper.get_resource_type(event) resource_name = eventhelper.get_resource_name(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェックを行います。 response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Editor) if response_authority: return common_utils.response(response_authority, pm_logger) # リソース除外設定情報を削除します。 response = checkitemsettings_logic.delete_excluded_resources( trace_id, organization_id, project_id, check_item_code, coop_id, region_name, resource_type, resource_name) return common_utils.response(response, pm_logger)
def create_excluesion_item_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = trace_id organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) email = eventhelper.get_email(event) check_item_code = eventhelper.get_check_item_code(event) coop_id = eventhelper.get_coop_id(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェックを行います。 response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Editor) if response_authority: return common_utils.response(response_authority, pm_logger) # return response data response = checkitemsettings_logic.create_excluesion_item( trace_id, user_id, organization_id, project_id, email, check_item_code, coop_id, event['body']) return common_utils.response(response, pm_logger)
def list_awscoops_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) if (event['queryStringParameters'] and event[ 'queryStringParameters']['effective']): effective = eventhelper.get_effective(event) else: effective = None # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority( trace_id, user_id, organization_id, Authority.Viewer) if response_authority: return common_utils.response(response_authority, pm_logger) response = awscoops_logic.get_list_awscoops(trace_id, organization_id, project_id, effective) return common_utils.response(response, pm_logger)
def test_authority_false(self): with patch('premembers.common.checkauthority.check_authority', return_value=False): response = checkauthority.authority(trace_id, user_id, organization_id, Authority["Owner"]) status_code = response['statusCode'] response_body = json.loads(response['body']) err_101 = MsgConst.ERR_101 self.assertEqual(status_code, HTTPStatus.FORBIDDEN.value) self.assertEqual(response_body['code'], err_101['code']) self.assertEqual(response_body['message'], err_101['message']) self.assertEqual(response_body['description'], err_101['description'])
def test_authority_error(self): with patch('premembers.common.checkauthority.check_authority' ) as mock_check_authority: mock_check_authority.side_effect = PmError() response = checkauthority.authority(trace_id, user_id, organization_id, Authority["Owner"]) status_code = response['statusCode'] response_body = json.loads(response['body']) err_402 = MsgConst.ERR_402 self.assertEqual(status_code, HTTPStatus.INTERNAL_SERVER_ERROR.value) self.assertEqual(response_body['code'], err_402['code']) self.assertEqual(response_body['message'], err_402['message']) self.assertEqual(response_body['description'], err_402['description'])
def get_organization_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Viewer) if (response_authority): return common_utils.response(response_authority, pm_logger) # return data response response = organizations_logic.get_organization(trace_id, organization_id) return common_utils.response(response, pm_logger)
def create_notifymail_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Owner) if (response_authority): return common_utils.response(response_authority, pm_logger) # return data response response = notifymail_logic.create_notifymail(trace_id, organization_id, event["body"]) return common_utils.response(response, pm_logger)
def get_notifyslack_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) notify_code = eventhelper.get_notify_code(event) pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Owner) if response_authority: return common_utils.response(response_authority, pm_logger) # return data response response = notifymail_logic.get_notifyslack(trace_id, organization_id, notify_code) return common_utils.response(response, pm_logger)
def list_reports_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Viewer) if response_authority: return common_utils.response(response_authority, pm_logger) response = reports_logic.get_list_reports(trace_id, organization_id, project_id) return common_utils.response(response, pm_logger)
def get_security_check_report_url(trace_id, user_id, history_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # チェック履歴情報を取得します。 try: check_history = pm_checkHistory.get_check_history_by_status( trace_id, history_id, CheckStatus.ReportCompleted) except PmError as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 該当するレコードが存在しない場合(取得件数が0件) if len(check_history) == 0: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) # 取得したチェック履歴情報より組織IDを取得する organization_id = check_history[0]['OrganizationID'] # アクセス権限チェックを行います response_authority = checkauthority.authority( trace_id, user_id, organization_id, Authority.Viewer) if response_authority: return common_utils.response(response_authority, pm_logger) # 有効期限が作成から1時間となる署名付きURLを作成します。 try: signed_url = aws_common.generate_presigned_url( trace_id, common_utils.get_environ('S3_CHECK_BUCKET'), check_history[0]['ReportFilePath']) except PmError as e: return common_utils.error_exception(MsgConst.ERR_999, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # return data response response_body = {"URL": signed_url} response = common_utils.get_response_by_response_body( HTTPStatus.OK, response_body) return common_utils.response(response, pm_logger)
def create_report_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) email = eventhelper.get_email(event) organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Editor) if response_authority: return common_utils.response(response_authority, pm_logger) # Create report response = reports_logic.create_report(trace_id, email, organization_id, project_id, event["body"]) return common_utils.response(response, pm_logger)
def create_project_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Owner) if (response_authority): return common_utils.response(response_authority, pm_logger) # create project response = projects_logic.create_project(trace_id, organization_id, event['body']) return common_utils.response(response, pm_logger)
def get_security_check_webhook_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_query_organization_id(event) project_id = eventhelper.get_query_project_id(event) pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェックを行います。 response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Editor) if response_authority: return common_utils.response(response_authority, pm_logger) response = awschecks_logic.get_security_check_webhook_by_ids( trace_id, user_id, organization_id, project_id) return common_utils.response(response, pm_logger)
def list_projects_handler(event, context): # Get data request trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Viewer) if (response_authority): return common_utils.response(response_authority, pm_logger) # return response data response = projects_logic.get_list_project(trace_id, organization_id) return common_utils.response(response, pm_logger)
def execute_force_invites_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = trace_id organization_id = eventhelper.get_organization_id(event) body = event['body'] # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Owner) if (response_authority): return common_utils.response(response_authority, pm_logger) # return response data response = organizations_logic.execute_force_invites( trace_id, body, organization_id) return common_utils.response(response, pm_logger)
def delete_awscoop_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) coop_id = eventhelper.get_coop_id(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority( trace_id, user_id, organization_id, Authority.Owner) if response_authority: return common_utils.response(response_authority, pm_logger) # delete awscoop response = awscoops_logic.delete_awscoop(trace_id, coop_id, organization_id, project_id) return common_utils.response(response, pm_logger)
def generate_security_check_webhook_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) email = eventhelper.get_email(event) body = eventhelper.parse_body(event) organization_id = body['organizationId'] project_id = body['projectId'] pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェックを行います。 response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Editor) if response_authority: return common_utils.response(response_authority, pm_logger) response = awschecks_logic.generate_security_check_webhook( trace_id, organization_id, project_id, user_id, email) return common_utils.response(response, pm_logger)
def delete_user_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id_sign_in = eventhelper.get_trace_id(event) user_id = eventhelper.get_user_id(event) organization_id = eventhelper.get_organization_id(event) email = eventhelper.get_email(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id_sign_in, organization_id, Authority.Owner) if (response_authority): return common_utils.response(response_authority, pm_logger) # return response data response = organizations_logic.delete_user(trace_id, organization_id, user_id, email) return common_utils.response(response, pm_logger)
def request_output_report_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) email = eventhelper.get_email(event) organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) report_id = eventhelper.get_report_id(event) file_type = eventhelper.get_file_type(event) pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェック response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Editor) if response_authority: return common_utils.response(response_authority, pm_logger) # export report response = reports_logic.request_output_report(trace_id, email, organization_id, project_id, report_id, file_type) return common_utils.response(response, pm_logger)
def list_item_settings_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = trace_id organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) coop_id = eventhelper.get_coop_id(event) group_filter = eventhelper.get_group_filter(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェックを行います。 response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Editor) if response_authority: return common_utils.response(response_authority, pm_logger) # return response data response = checkitemsettings_logic.list_item_settings( trace_id, organization_id, project_id, coop_id, group_filter) return common_utils.response(response, pm_logger)
def execute_security_check_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) email = eventhelper.get_email(event) organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェックを行います。 response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Editor) if response_authority: return common_utils.response(response_authority, pm_logger) # return response data response = awschecks_logic.execute_security_check(trace_id, organization_id, project_id, user_id, email) return common_utils.response(response, pm_logger)
def get_security_check_detail_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = eventhelper.get_trace_id(event) organization_id = eventhelper.get_organization_id(event) project_id = eventhelper.get_project_id(event) check_history_id = eventhelper.get_check_history_id(event) group_filter = eventhelper.get_group_filter(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェックを行います。 response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Viewer) if response_authority: return common_utils.response(response_authority, pm_logger) # return response data response = awschecks_logic.get_security_check_detail( trace_id, organization_id, project_id, check_history_id, group_filter) return common_utils.response(response, pm_logger)
def get_security_check_resource_handler(event, context): trace_id = eventhelper.get_trace_id(event) user_id = trace_id organization_id = eventhelper.get_organization_id(event) coop_id = eventhelper.get_coop_id(event) project_id = eventhelper.get_project_id(event) check_item_code = eventhelper.get_check_item_code(event) # Get logging pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # アクセス権限チェックを行います。 response_authority = checkauthority.authority(trace_id, user_id, organization_id, Authority.Viewer) if response_authority: return common_utils.response(response_authority, pm_logger) # return response data response = awschecks_logic.get_security_check_resource( trace_id, coop_id, project_id, organization_id, check_item_code) return common_utils.response(response, pm_logger)
def execute_copy_item_setting(trace_id, organization_id_destination, project_id_destination, coop_id_destination, body_object, email, user_id): pm_logger = common_utils.begin_logger(trace_id, __name__, inspect.currentframe()) # Parse JSON try: body_object_json = json.loads(body_object) organization_id_source = body_object_json['copy_source'][ 'organization_id'] project_id_source = body_object_json['copy_source']['project_id'] coop_id_source = body_object_json['copy_source']['coop_id'] except Exception as e: return common_utils.error_exception(MsgConst.ERR_REQUEST_202, HTTPStatus.BAD_REQUEST, e, pm_logger, True) # アクセス権限チェックを行います。コピー元の組織ID response_authority_source = checkauthority.authority( trace_id, user_id, organization_id_source, Authority.Editor) if response_authority_source: return common_utils.response(response_authority_source, pm_logger) # アクセス権限チェックを行います。コピー先の組織ID response_authority_destination = checkauthority.authority( trace_id, user_id, organization_id_destination, Authority.Editor) if response_authority_destination: return common_utils.response(response_authority_destination, pm_logger) # リソース関連性のバリデーションチェックを行います。 # コピー元のAWSアカウント連携ID{coop_id}をキーとして、AWSアカウント連携テーブルへクエリを実行する。 try: awscoops_item_source = pm_awsAccountCoops.query_awscoop_coop_key( trace_id, coop_id_source) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 有効なAWSアカウントが存在しなかった場合(取得件数が0件) if not awscoops_item_source: return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # コピー先のAWSアカウント連携ID{coopId}をキーとして、AWSアカウント連携テーブルへクエリを実行する。 try: awscoops_item_destination = pm_awsAccountCoops.query_awscoop_coop_key( trace_id, coop_id_destination) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # 有効なAWSアカウントが存在しなかった場合(取得件数が0件) if not awscoops_item_destination: return common_utils.error_common(MsgConst.ERR_AWS_401, HTTPStatus.UNPROCESSABLE_ENTITY, pm_logger) # コピー元のチェック項目除外情報を取得します。 account_refine_code_source = CommonConst.ACCOUNT_REFINE_CODE.format( organization_id_source, project_id_source, awscoops_item_source['AWSAccount']) try: exclusion_items_source = pm_exclusionitems.query_filter_account_refine_code( trace_id, account_refine_code_source) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # コピー元のマニュアル評価情報を取得します。 try: assessment_items_source = pm_assessmentItems.query_filter_account_refine_code( trace_id, account_refine_code_source) except Exception as e: return common_utils.error_exception(MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e, pm_logger, True) # PM_AssessmentItemsとPM_ExclusionItems両方のレコードが取得できなかった場合、エラーログを出力してエラーレスポンスを返します。 if len(exclusion_items_source) == 0 and len(assessment_items_source) == 0: return common_utils.error_common(MsgConst.ERR_301, HTTPStatus.NOT_FOUND, pm_logger) aws_account_destination = awscoops_item_destination['AWSAccount'] account_refine_code_destination = CommonConst.ACCOUNT_REFINE_CODE.format( organization_id_destination, project_id_destination, aws_account_destination) time_to_live_exclusion_destination = common_utils.get_time_to_live( CommonConst.EXCLUSION_EXPIRATION_DATE) # 作成処理は、先に取得した「コピー元のチェック項目除外情報」のレコード数分、繰り返します。 try: for exclusion_item in exclusion_items_source: exclusion_item_id_destination = CommonConst.EXCLUSIONITEM_ID.format( organization_id_destination, project_id_destination, aws_account_destination, exclusion_item['CheckItemCode']) pm_exclusionitems.create( trace_id, exclusion_item_id_destination, organization_id_destination, project_id_destination, aws_account_destination, exclusion_item['CheckItemCode'], time_to_live_exclusion_destination, common_utils.get_value("ExclusionComment", exclusion_item), user_id, email, account_refine_code_destination) except Exception: return common_utils.error_common(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, pm_logger) time_to_live_assessment_destination = common_utils.get_time_to_live( CommonConst.ASSESSMENT_EXPIRATION_DATE) # 作成処理は、先に取得した「コピー元のマニュアル評価情報」のレコード数分、繰り返します。 try: for assessment_item in assessment_items_source: assessment_item_id_destination = CommonConst.ASSESSMENTITEM_ID.format( organization_id_destination, project_id_destination, aws_account_destination, assessment_item['CheckItemCode']) pm_assessmentItems.create( trace_id, assessment_item_id_destination, organization_id_destination, project_id_destination, aws_account_destination, assessment_item['CheckItemCode'], time_to_live_assessment_destination, common_utils.get_value("AssessmentComment", assessment_item), user_id, email, account_refine_code_destination) except Exception: return common_utils.error_common(MsgConst.ERR_DB_403, HTTPStatus.INTERNAL_SERVER_ERROR, pm_logger) # return response data response = common_utils.get_response_by_response_body( HTTPStatus.NO_CONTENT, None) return common_utils.response(response, pm_logger)