def check_access_to_aws(trace_id,
account,
role_name,
external_id,
policies=['ReadOnlyAccess']):
global ROLE_ARN_TEMPLATE
global sts_client
if not sts_client:
sts_client = boto3.client('sts')
pm_logger = pm_log_adapter.create_pm_logger(__name__, trace_id,
inspect.currentframe())
param = {
'account': account,
'role_name': role_name,
'external_id': external_id,
'policies': policies
}
pm_logger.info("start param %s", param)
role_arn = ROLE_ARN_TEMPLATE.format(account=account, role_name=role_name)
try:
assume_role_object = sts_client.assume_role(
RoleArn=role_arn,
RoleSessionName='premem_session_{trace_id}'.format(
trace_id=trace_id),
DurationSeconds=1500,
ExternalId=external_id)
except ClientError as e:
no_retry_exception = NoRetryException(cause_error=e,
message="Credentialの取得に失敗しました。")
pm_logger.warn(no_retry_exception)
pm_logger.exception("error_id: %s", no_retry_exception.error_id)
return False
credentials = assume_role_object['Credentials']
iam_client = boto3.client(
'iam',
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken'])
try:
attach_policies = list_attach_role_policies(trace_id, iam_client,
role_name)
except ClientError as e:
no_retry_exception = NoRetryException(cause_error=e,
message="Policyの取得に失敗しました。")
pm_logger.warn(no_retry_exception)
pm_logger.exception("error_id: %s", no_retry_exception.error_id)
return False
for policy in policies:
if not (policy in attach_policies):
pm_logger.warn("{policy} は {role}に含まれていません".format(policy=policy,
role=role_arn))
return False
pm_logger.info("end")
return True
def create(trace_id,
table_name,
create_data,
condition_expression=None,
is_cw_logger=False):
if (is_cw_logger):
logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
table = connect_dynamodb(table_name)
if (condition_expression is None):
table.put_item(Item=create_data)
else:
table.put_item(Item=create_data,
ConditionExpression=condition_expression)
logger.info(table_name.value + "正常に作成しました。")
except ClientError as e:
if retrycheck.check_retryable(e.response):
retry_exception = RetryException(cause_error=e)
logger.error(retry_exception)
logger.exception("error_id: %s", retry_exception.error_id)
raise retry_exception
else:
no_retry_exception = NoRetryException(
cause_error=e, message=e.response['Error']['Message'])
logger.error(no_retry_exception)
raise no_retry_exception
def query_key(trace_id, table_name, key, is_cw_logger=False):
if (is_cw_logger):
logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
table = connect_dynamodb(table_name)
result = table.get_item(Key=key)
result_item = None
if (common_utils.check_key('Item', result)):
result_item = result['Item']
return common_utils.response(result_item, logger)
except ClientError as e:
if retrycheck.check_retryable(e.response):
retry_exception = RetryException(cause_error=e)
logger.error(retry_exception)
logger.exception("error_id: %s", retry_exception.error_id)
raise retry_exception
else:
no_retry_exception = NoRetryException(
cause_error=e, message=e.response['Error']['Message'])
logger.error(no_retry_exception)
raise no_retry_exception
def update(trace_id,
table_name,
key,
update_attribute,
target_update_date=None,
is_cw_logger=False):
if (is_cw_logger):
logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
date_now = common_utils.get_current_date()
update_attribute['UpdatedAt'] = {'Value': date_now}
update_expression = 'SET '
update_expression_attribute_values = {
':UpdatedAt': update_attribute['UpdatedAt']['Value']
}
first_row = True
for update_key in update_attribute.keys():
update_value_key = ":{}".format(update_key)
update_value = " {} = {}".format(update_key, update_value_key)
if (first_row):
update_expression += update_value
first_row = False
else:
update_expression += ", {}".format(update_value)
update_expression_attribute_values[
update_value_key] = update_attribute[update_key]['Value']
condition_expression = Attr('UpdatedAt').eq(target_update_date)
try:
table = connect_dynamodb(table_name)
if target_update_date:
table.update_item(
Key=key,
ExpressionAttributeValues=update_expression_attribute_values,
UpdateExpression=update_expression,
ConditionExpression=condition_expression)
else:
table.update_item(
Key=key,
ExpressionAttributeValues=update_expression_attribute_values,
UpdateExpression=update_expression)
logger.info(table_name.value + "を正常に更新しました。")
except ClientError as e:
if retrycheck.check_retryable(e.response):
retry_exception = RetryException(cause_error=e)
logger.error(retry_exception)
logger.exception("error_id: %s", retry_exception.error_id)
raise retry_exception
else:
no_retry_exception = NoRetryException(
cause_error=e, message=e.response['Error']['Message'])
logger.error(no_retry_exception)
raise no_retry_exception
def query_index_db(trace_id,
table_name,
index_name,
key_conditions,
filter_expression,
scan_index_forward=True,
exclusiveStartKey=None,
is_cw_logger=False):
if (is_cw_logger):
logger = common_utils.begin_cw_logger(trace_id, __name__,
inspect.currentframe())
else:
logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
table = connect_dynamodb(table_name)
if exclusiveStartKey is None:
if filter_expression:
result = table.query(IndexName=index_name,
KeyConditions=key_conditions,
FilterExpression=filter_expression,
ScanIndexForward=scan_index_forward)
else:
result = table.query(IndexName=index_name,
KeyConditions=key_conditions,
ScanIndexForward=scan_index_forward)
else:
if filter_expression:
result = table.query(IndexName=index_name,
KeyConditions=key_conditions,
FilterExpression=filter_expression,
ExclusiveStartKey=exclusiveStartKey,
ScanIndexForward=scan_index_forward)
else:
result = table.query(IndexName=index_name,
KeyConditions=key_conditions,
ExclusiveStartKey=exclusiveStartKey,
ScanIndexForward=scan_index_forward)
# return data
return common_utils.response(result, logger)
except ClientError as e:
if retrycheck.check_retryable(e.response):
retry_exception = RetryException(cause_error=e)
logger.error(retry_exception)
logger.exception("error_id: %s", retry_exception.error_id)
raise retry_exception
else:
no_retry_exception = NoRetryException(
cause_error=e, message=e.response['Error']['Message'])
logger.error(no_retry_exception)
raise no_retry_exception
def delete(trace_id, table_name, key):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
table = connect_dynamodb(table_name)
table.delete_item(Key=key)
pm_logger.info(table_name.value + "を削除しました。")
return True
except ClientError as e:
if retrycheck.check_retryable(e.response):
retry_exception = RetryException(cause_error=e)
pm_logger.error(retry_exception)
pm_logger.exception("error_id: %s", retry_exception.error_id)
raise retry_exception
else:
no_retry_exception = NoRetryException(
cause_error=e, message=e.response['Error']['Message'])
pm_logger.error(no_retry_exception)
raise no_retry_exception
def scan(trace_id, table_name, limit, exclusiveStartKey=None):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
table = connect_dynamodb(table_name)
if exclusiveStartKey is None:
result = table.scan(Limit=limit)
else:
result = table.scan(Limit=limit,
ExclusiveStartKey=exclusiveStartKey)
# return data
return common_utils.response(result, pm_logger)
except ClientError as e:
if retrycheck.check_retryable(e.response):
retry_exception = RetryException(cause_error=e)
pm_logger.error(retry_exception)
pm_logger.exception("error_id: %s", retry_exception.error_id)
raise retry_exception
else:
no_retry_exception = NoRetryException(
cause_error=e, message=e.response['Error']['Message'])
pm_logger.error(no_retry_exception)
raise no_retry_exception
def query_count(trace_id, table_name, key_conditions, filter_expression):
pm_logger = common_utils.begin_logger(trace_id, __name__,
inspect.currentframe())
try:
table = connect_dynamodb(table_name)
if filter_expression:
result = table.query(Select='COUNT',
KeyConditions=key_conditions,
FilterExpression=filter_expression)
else:
result = table.query(Select='COUNT', KeyConditions=key_conditions)
return common_utils.response(result, result['Count'])
except ClientError as e:
if retrycheck.check_retryable(e.response):
retry_exception = RetryException(cause_error=e)
pm_logger.error(retry_exception)
pm_logger.exception("error_id: %s", retry_exception.error_id)
raise retry_exception
else:
no_retry_exception = NoRetryException(
cause_error=e, message=e.response['Error']['Message'])
pm_logger.error(no_retry_exception)
raise no_retry_exception