def validate_excluded_resources(region_name,
resource_type,
resource_name,
is_query_string=False):
list_error = []
region_name_key = 'regionName'
resource_name_key = 'resourceName'
resource_type_key = 'resourceType'
if is_query_string is True:
region_name_key = 'region_name'
resource_name_key = 'resource_name'
resource_type_key = 'resource_type'
# validate region_name
if common_utils.is_null(region_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
region_name_key, region_name))
# validate resource_name
if common_utils.is_null(resource_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
resource_name_key, resource_name))
# validate resource_type
if common_utils.is_null(resource_type):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
resource_type_key, resource_type))
return list_error
def validate_notifymail(notify_code, users=None):
list_error = []
# 通知コード
if common_utils.is_null(notify_code):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "notifyCode",
notify_code))
elif notify_code not in LIST_NOTIFY_CODE:
params = []
params.append(', '.join(LIST_NOTIFY_CODE))
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_302, "notifyCode",
notify_code, params))
# 宛先ユーザ
if users is not None:
if not common_utils.is_list(users):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_204, "users",
users))
elif len(users) == 0:
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "users",
users))
return list_error
def validate_param_apply_change_email(trace_id, mail_lang, caller_service_name,
mail_address):
list_errors = []
# validate language
list_error_language = common_utils.validate_language(mail_lang,
param_name="mailLang")
if list_error_language:
list_errors.extend(list_error_language)
# validate callerServiceName
if common_utils.is_null(caller_service_name):
list_errors.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
"callerServiceName",
caller_service_name))
elif caller_service_name not in LIST_SERVICE_NAME:
params = []
params.append(', '.join(LIST_SERVICE_NAME))
list_errors.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_302,
"callerServiceName",
caller_service_name, params))
# validate mailAddress
if common_utils.is_null(mail_address):
list_errors.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
"mailAddress", mail_address))
return list_errors
def validate_update(organization_name):
list_error = []
# 組織名
if common_utils.is_null(organization_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "name",
organization_name))
elif not common_utils.is_str(organization_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_202, "name",
organization_name))
return list_error
def validate_project(trace_id, project_name):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
list_error = []
if common_utils.is_null(project_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "name",
project_name))
elif not common_utils.is_str(project_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_202, "name",
project_name))
return common_utils.response(list_error, pm_logger)
def validate_params_invite(trace_id, mail_address, authority):
list_error = []
if common_utils.is_null(mail_address):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
"mail_address", mail_address))
if common_utils.validate_authority(trace_id, authority):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "authority",
authority))
return list_error
def validate_output_report(trace_id, file_type):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
list_error = []
# レポート出力するファイル形式
if common_utils.is_null(file_type):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "fileType",
file_type))
elif file_type not in LIST_TYPE:
params = []
params.append(', '.join(LIST_TYPE))
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_302, "fileType",
file_type, params))
return common_utils.response(list_error, pm_logger)
def validate_insert_assessment(check_item_code, assessment_comment):
list_error = []
# チェック項目コード
if check_item_code not in LIST_CHECK_ITEM_CODE_ASSESSMENT:
params = []
params.append(', '.join(LIST_CHECK_ITEM_CODE_ASSESSMENT))
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_302,
"checkItemCode", check_item_code,
params))
# 手動評価コメント
if len(assessment_comment) > CommonConst.ASSESSMENT_COMMENT_MAX_LENGTH:
list_error.append(
common_utils.get_error_validate(
MsgConst.ERR_VAL_303, "assessmentComment", assessment_comment,
[CommonConst.ASSESSMENT_COMMENT_MAX_LENGTH]))
return list_error
def validate_insert(exclusion_comment):
list_error = []
# チェック項目除外コメント
if len(exclusion_comment) > CommonConst.EXCLUSION_COMMENT_MAX_LENGTH:
list_error.append(
common_utils.get_error_validate(
MsgConst.ERR_VAL_303, "exclusionComment", exclusion_comment,
[CommonConst.EXCLUSION_COMMENT_MAX_LENGTH]))
return list_error
def validate_insert(organization_name, contract, contract_status):
list_error = []
# 組織名
if common_utils.is_null(organization_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "name",
organization_name))
elif not common_utils.is_str(organization_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_202, "name",
organization_name))
# 契約種別
if common_utils.is_null(contract):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "contract",
contract))
elif not common_utils.is_number(contract):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_201, "contract",
contract))
# 契約状態
if common_utils.is_null(contract_status):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
"contractStatus", contract_status))
elif not common_utils.is_number(contract_status):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_201,
"contractStatus", contract_status))
return list_error
def validate_info_user_attribute(caller_service_name):
list_error = []
# validate callerServiceName
if caller_service_name is not None and caller_service_name not in LIST_SERVICE_NAME:
params = []
params.append(', '.join(LIST_SERVICE_NAME))
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_302,
"callerServiceName",
caller_service_name, params))
return list_error
def validate_create_excluded_resources(region_name, resource_type,
resource_name, exclusion_comment):
# リージョン名, リソース名
list_error = validate_excluded_resources(region_name, resource_type,
resource_name)
# チェック項目除外コメント
if len(exclusion_comment) > CommonConst.EXCLUSION_COMMENT_MAX_LENGTH:
list_error.append(
common_utils.get_error_validate(
MsgConst.ERR_VAL_303, "exclusionComment", exclusion_comment,
[CommonConst.EXCLUSION_COMMENT_MAX_LENGTH]))
return list_error
def validate_notifyslack(notify_code, webhook_url=None):
list_error = []
# 通知コード
if common_utils.is_null(notify_code):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "notifyCode",
notify_code))
elif notify_code not in LIST_NOTIFY_CODE:
params = []
params.append(', '.join(LIST_NOTIFY_CODE))
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_302, "notifyCode",
notify_code, params))
# webhookUrl
if webhook_url is not None:
if len(webhook_url) == 0:
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
"webhookUrl", webhook_url))
return list_error
def validate_param_invite_unregistered_user(trace_id, mail_lang,
caller_service_name, mail_address,
authority):
list_error = []
# validate mailLang
list_error_language = common_utils.validate_language(mail_lang,
param_name="mailLang")
if list_error_language:
list_error.extend(list_error_language)
# validate callerServiceName
if common_utils.is_null(caller_service_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
"callerServiceName",
caller_service_name))
elif caller_service_name not in LIST_SERVICE_NAME:
params = []
params.append(', '.join(LIST_SERVICE_NAME))
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_302,
"callerServiceName",
caller_service_name, params))
# validate mailAddress
if common_utils.is_null(mail_address):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
"mailAddress", mail_address))
# validate authority
list_error_authority = common_utils.validate_authority(trace_id, authority)
if list_error_authority:
list_error.extend(list_error_authority)
return list_error
def validate_update_awscoop(aws_account, role_name):
list_error = []
# AWSアカウントID
if common_utils.is_null(aws_account):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "awsAccount",
aws_account))
elif not common_utils.is_str(aws_account):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_202, "awsAccount",
aws_account))
# ロール名
if common_utils.is_null(role_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "roleName",
role_name))
elif not common_utils.is_str(role_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_202, "roleName",
role_name))
return list_error
def validate_report(trace_id, report_name, aws_accounts, output_file_type):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
list_error = []
# レポート名
if common_utils.is_null(report_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101, "name",
report_name))
elif not common_utils.is_str(report_name):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_202, "name",
report_name))
# AWSアカウントID
if not common_utils.is_list(aws_accounts):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_204,
"awsAccounts", aws_accounts))
elif len(aws_accounts) == 0:
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
"awsAccounts", aws_accounts))
# レポート出力するファイル形式
if common_utils.is_null(output_file_type):
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_101,
"outputFileType",
output_file_type))
elif output_file_type not in LIST_TYPE:
params = []
params.append(', '.join(LIST_TYPE))
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_302,
"outputFileType", output_file_type,
params))
return common_utils.response(list_error, pm_logger)
def create_notifymail(trace_id, organization_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
# リクエストボディのJSONでパースエラーが発生した場合は、ログを出力してエラーレスポンスを返します。
try:
body_object = json.loads(data_body)
notify_code = body_object["notifyCode"]
users = body_object["users"]
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# 全てのチェックを行い、エラーがあった場合はログを出力してエラーレスポンスを返します。
list_error = validate_notifymail(notify_code, users)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# 宛先ユーザーのメールアドレスを取得します。
destinations = []
for user_id in users:
try:
affiliation = pm_affiliation.get_affiliation(
user_id, organization_id)
except PmError as e:
return common_utils.error_exception(
MsgConst.ERR_402, HTTPStatus.INTERNAL_SERVER_ERROR, e,
pm_logger, True)
# レコードが取得できなかった場合、そのユーザーは宛先ユーザーから除外します。
if (not affiliation):
continue
# 宛先ユーザー配列は、ユーザーIDとメールアドレスを属性として持つオブジェクトの配列として表現します。
destination = {
"UserID": user_id,
"MailAddress": affiliation['MailAddress']
}
destinations.append(destination)
if len(destinations) == 0:
list_error = []
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_999, "users",
users))
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# 宛先情報を作成します。
try:
pm_orgNotifyMailDestinations.create(trace_id, organization_id,
notify_code, destinations)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# 宛先情報を取得します。
try:
result = pm_orgNotifyMailDestinations.query_key(
trace_id, organization_id, notify_code, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, result)
# return data response
return common_utils.response(response, pm_logger)
def create_invite(trace_id, organization_id, data_body):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
attributesToGet = "email_verified"
key = "Name"
value = "Value"
# Parse JSON
try:
body_object = json.loads(data_body)
mail_address = body_object["mailAddress"]
authority = body_object["authority"]
except Exception as e:
return common_utils.error_exception(MsgConst.ERR_REQUEST_202,
HTTPStatus.BAD_REQUEST, e,
pm_logger, True)
# validate authority
list_error = validate_params_invite(trace_id, mail_address, authority)
if list_error:
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
# get list cognito users
try:
list_users = aws_common.get_cognito_user_pools(trace_id, mail_address,
attributesToGet)
if len(list_users) == 0:
list_error = []
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_999,
"mail_address", mail_address))
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
list_user_verified = []
for user in list_users:
# get value of key email_verified in attribute
for user_attr in user["Attributes"]:
if common_utils.check_key(
key, user_attr) and user_attr[key] == attributesToGet:
email_verified = user_attr[value]
# check email_verified is true
if email_verified == "true":
list_user_verified.append(user["Username"])
if len(list_user_verified) == 0:
list_error = []
list_error.append(
common_utils.get_error_validate(MsgConst.ERR_VAL_999,
"mail_address", mail_address))
return common_utils.error_validate(MsgConst.ERR_REQUEST_201,
HTTPStatus.UNPROCESSABLE_ENTITY,
list_error, pm_logger)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_COGNITO_501,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# get affiliation
try:
user_id = list_user_verified[0]
affiliation = pm_affiliation.get_affiliation(user_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if affiliation and affiliation["InvitationStatus"] != InvitationStatus.Deny:
return common_utils.error_common(MsgConst.ERR_302, HTTPStatus.CONFLICT,
pm_logger)
# get organization
try:
organization = pm_organizations.get_organization(
trace_id, organization_id)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
if not organization:
return common_utils.error_common(MsgConst.ERR_301,
HTTPStatus.NOT_FOUND, pm_logger)
# create affiliation
try:
pm_affiliation.create_affiliation(trace_id, mail_address, user_id,
organization_id, authority,
InvitationStatus.Invited)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_DB_403,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
# get affiliation just create new to response
try:
affiliation_created = pm_affiliation.get_affiliation(
user_id, organization_id, True)
except PmError as e:
return common_utils.error_exception(MsgConst.ERR_402,
HTTPStatus.INTERNAL_SERVER_ERROR,
e, pm_logger, True)
response = common_utils.get_response_by_response_body(
HTTPStatus.CREATED, affiliation_created)
# return data response
return common_utils.response(response, pm_logger)