diff --git a/.gitignore b/.gitignore index 65e6a105..a85e0c0b 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ lambda/mbj-newdwh2021-staging-NoticeToSlack/package-lock.json lambda/mbj-newdwh2021-staging-NoticeToSlack/node_modules/* lambda/mbj-newdwh2021-staging-PublishFromLog/package-lock.json lambda/mbj-newdwh2021-staging-PublishFromLog/node_modules/* -__pycache__/ \ No newline at end of file +__pycache__/ +.env \ No newline at end of file diff --git a/lambda/check-view-secutiry-option/check-view-option/aws/s3.py b/lambda/check-view-secutiry-option/check-view-option/aws/s3.py new file mode 100644 index 00000000..6ace3816 --- /dev/null +++ b/lambda/check-view-secutiry-option/check-view-option/aws/s3.py @@ -0,0 +1,31 @@ +import boto3 +import environments +import exceptions +from botocore.exceptions import ClientError +from constants import AWS_RESOURCE_S3, S3_RESPONSE_BODY + + +class S3Resource: + + def __init__(self, bucket_name: str) -> None: + self.__s3_resource = boto3.resource(AWS_RESOURCE_S3) + self.__s3_bucket = self.__s3_resource.Bucket(bucket_name) + + def get_object(self, object_key: str): + s3_object = self.__s3_bucket.Object(object_key) + response = s3_object.get() + return response[S3_RESPONSE_BODY].read() + + +class ConfigBucket: + __s3_resource: S3Resource = None + + def __init__(self) -> None: + self.__s3_resource = S3Resource(environments.CONFIG_BUCKET_NAME) + + def read_check_target_schema_names(self): + try: + return self.__s3_resource.get_object(environments.CHECK_TARGET_SCHEMA_NAMES_PATH) + except ClientError as error: + if error.response['Error']['Code'] == 'NoSuchKey': + raise exceptions.FileNotFoundException('E-02-01', f'チェック対象スキーマ名ファイルの読み込みに失敗しました エラー内容:{error}') diff --git a/lambda/check-view-secutiry-option/check-view-option/constants.py b/lambda/check-view-secutiry-option/check-view-option/constants.py index 23f2fbc7..1672c5a4 100644 --- a/lambda/check-view-secutiry-option/check-view-option/constants.py +++ b/lambda/check-view-secutiry-option/check-view-option/constants.py @@ -1,3 +1,23 @@ +# logger LOG_FORMAT = '[%(levelname)s]\t%(asctime)s\t%(message)s\n' LOG_DATE_FORMAT = '%Y-%m-%d %H:%M:%S' DEFAULT_TIMEZONE = "Asia/Tokyo" +LOG_LEVEL = 'LOG_LEVEL' +LOG_LEVEL_INFO = 'INFO' + +# environments +CHECK_TARGET_SCHEMA_NAMES_PATH = 'CHECK_TARGET_SCHEMA_NAMES_PATH' +CONFIG_BUCKET_NAME = 'CONFIG_BUCKET_NAME' +LOG_LEVEL = 'LOG_LEVEL' +MBJ_NOTICE_TOPIC = 'MBJ_NOTICE_TOPIC' +NDS_NOTICE_TOPIC = 'NDS_NOTICE_TOPIC' +NOTICE_MAIL_BODY_TEMPLATE_PATH = 'NOTICE_MAIL_BODY_TEMPLATE_PATH' +NOTICE_MAIL_TITLE_TEMPLATE_PATH = 'NOTICE_MAIL_TITLE_TEMPLATE_PATH' +PARAM_NAME_DB_HOST = 'PARAM_NAME_DB_HOST' +PARAM_NAME_DB_USER_NAME = 'PARAM_NAME_DB_USER_NAME' +PARAM_NAME_DB_USER_PASSWORD = 'PARAM_NAME_DB_USER_PASSWORD' + +# system var +AWS_RESOURCE_S3 = 's3' +S3_RESPONSE_BODY = 'Body' +UTF8 = 'utf-8' diff --git a/lambda/check-view-secutiry-option/check-view-option/environments.py b/lambda/check-view-secutiry-option/check-view-option/environments.py index c1d95246..56edb18c 100644 --- a/lambda/check-view-secutiry-option/check-view-option/environments.py +++ b/lambda/check-view-secutiry-option/check-view-option/environments.py @@ -1,3 +1,19 @@ import os -LOG_LEVEL = os.environ.get('LOG_LEVEL', 'INFO') +from constants import (CHECK_TARGET_SCHEMA_NAMES_PATH, CONFIG_BUCKET_NAME, + LOG_LEVEL, LOG_LEVEL_INFO, MBJ_NOTICE_TOPIC, + NDS_NOTICE_TOPIC, NOTICE_MAIL_BODY_TEMPLATE_PATH, + NOTICE_MAIL_TITLE_TEMPLATE_PATH, PARAM_NAME_DB_HOST, + PARAM_NAME_DB_USER_NAME, PARAM_NAME_DB_USER_PASSWORD) + +LOG_LEVEL = os.environ.get(LOG_LEVEL, LOG_LEVEL_INFO) +CHECK_TARGET_SCHEMA_NAMES_PATH = os.environ[CHECK_TARGET_SCHEMA_NAMES_PATH] +CONFIG_BUCKET_NAME = os.environ[CONFIG_BUCKET_NAME] +MBJ_NOTICE_TOPIC = os.environ[MBJ_NOTICE_TOPIC] +NDS_NOTICE_TOPIC = os.environ[NDS_NOTICE_TOPIC] +NOTICE_MAIL_BODY_TEMPLATE_PATH = os.environ[NOTICE_MAIL_BODY_TEMPLATE_PATH] +NOTICE_MAIL_TITLE_TEMPLATE_PATH = os.environ[NOTICE_MAIL_TITLE_TEMPLATE_PATH] + +PARAM_NAME_DB_HOST = os.environ[PARAM_NAME_DB_HOST] +PARAM_NAME_DB_USER_NAME = os.environ[PARAM_NAME_DB_USER_NAME] +PARAM_NAME_DB_USER_PASSWORD = os.environ[PARAM_NAME_DB_USER_PASSWORD] diff --git a/lambda/check-view-secutiry-option/check-view-option/main.py b/lambda/check-view-secutiry-option/check-view-option/main.py index d39b4ce4..b870a3bf 100644 --- a/lambda/check-view-secutiry-option/check-view-option/main.py +++ b/lambda/check-view-secutiry-option/check-view-option/main.py @@ -2,17 +2,28 @@ Viewセキュリティオプション付与チェック用Lambda関数のエントリーポイント """ -from exceptions import FileNotFoundException, MeDaCaException +from aws.s3 import ConfigBucket +from exceptions import MeDaCaException from medaca_logger import MeDaCaLogger def handler(event, context): logger = MeDaCaLogger.get_logger() + try: - logger.info('lambda handle') - raise FileNotFoundException('E-02-01', 'ファイル見つかりません') + logger.info('I-01-01', '処理開始 Viewセキュリティオプション付与チェック') + logger.info('I-01-02', 'チェック対象スキーマ名ファイルを読み込み 開始') + config_bucket = ConfigBucket() + check_target_schema_names = config_bucket.read_check_target_schema_names() + print(check_target_schema_names) + except MeDaCaException as e: - logger.exception(f'exception: {e.error_id} {e}') + logger.exception(e.error_id, e) + raise e + except Exception as e: + logger.exception('E-99', f'想定外のエラーが発生しました エラー内容:{e}') + finally: + logger.info('I-06-01', '処理終了 Viewセキュリティオプション付与チェック') # ローカル実行用 diff --git a/lambda/check-view-secutiry-option/check-view-option/medaca_logger.py b/lambda/check-view-secutiry-option/check-view-option/medaca_logger.py index 5ab4eb3e..b46d893e 100644 --- a/lambda/check-view-secutiry-option/check-view-option/medaca_logger.py +++ b/lambda/check-view-secutiry-option/check-view-option/medaca_logger.py @@ -8,9 +8,9 @@ from environments import LOG_LEVEL class SingletonLogger: - # インスタンス生成 - @staticmethod - def __internal_new__() -> logging.Logger: + __logger: logging.Logger = None + + def __init__(self) -> None: # logger設定 logger = logging.getLogger() formatter = logging.Formatter( @@ -27,15 +27,34 @@ class SingletonLogger: handler.setFormatter(formatter) level = logging.getLevelName(LOG_LEVEL) logger.setLevel(level) - return logger + + self.__logger = logger + + def debug(self, log_id: str, msg: str): + self._log(logging.DEBUG, log_id, msg) + + def info(self, log_id: str, msg: str): + self._log(logging.INFO, log_id, msg) + + def warning(self, log_id: str, msg: str): + self._log(logging.WARNING, log_id, msg) + + def error(self, log_id: str, msg: str): + self._log(logging.ERROR, log_id, msg) + + def exception(self, log_id: str, msg: str): + self._log(logging.ERROR, log_id, msg, exc_info=True) + + def _log(self, log_level: int, log_id: str, msg: str, exc_info=False): + self.__logger.log(log_level, f'{log_id} {msg}', exc_info=exc_info) class MeDaCaLogger: __unique_instance: logging.Logger = None @staticmethod - def get_logger(): + def get_logger() -> SingletonLogger: # インスタンス未生成の場合、唯一のインスタンスを生成する if not MeDaCaLogger.__unique_instance: - MeDaCaLogger.__unique_instance = SingletonLogger.__internal_new__() + MeDaCaLogger.__unique_instance = SingletonLogger() return MeDaCaLogger.__unique_instance diff --git a/lambda/sap-data-decrypt/datadecrypt/main.py b/lambda/sap-data-decrypt/datadecrypt/main.py index ec4d24ae..f1f2de59 100644 --- a/lambda/sap-data-decrypt/datadecrypt/main.py +++ b/lambda/sap-data-decrypt/datadecrypt/main.py @@ -1,12 +1,12 @@ -import logging -import os -import boto3 -import gnupg import datetime import logging +import os +import traceback from abc import * from zoneinfo import ZoneInfo -import traceback + +import boto3 +import gnupg # 環境変数 SECRET_KEY_FILE_BUCKET_NAME = os.environ["SECRET_KEY_FILE_BUCKET_NAME"] @@ -42,8 +42,12 @@ sns_client = boto3.client('sns') # logger設定 logger = logging.getLogger() + + def custome_time(*arg): return datetime.datetime.now(ZoneInfo("Asia/Tokyo")).timetuple() + + formatter = logging.Formatter( '[%(levelname)s]\t%(asctime)s\t%(message)s\n', '%Y-%m-%d %H:%M:%S' @@ -136,7 +140,8 @@ def handler(event, context): 'Key': s3_event.file_path } backup_file_key = f'{s3_event.data_source_name}/{execute_date}/{s3_event.file_name}' - logger.info(f'I-07-04 PGP暗号化ファイル移動 移動元:{s3_event.bucket_name}/{s3_event.file_path} 移動先:{SAP_DATA_BACKUP_BUCKET_NAME}/{backup_file_key}') + logger.info( + f'I-07-04 PGP暗号化ファイル移動 移動元:{s3_event.bucket_name}/{s3_event.file_path} 移動先:{SAP_DATA_BACKUP_BUCKET_NAME}/{backup_file_key}') backup_file_obj = s3_resource.Object(SAP_DATA_BACKUP_BUCKET_NAME, backup_file_key) backup_file_obj.copy(copy_source) s3_client.delete_object(Bucket=s3_event.bucket_name, Key=s3_event.file_path) @@ -172,7 +177,8 @@ def create_status_file(s3_event, extension) -> None: result_error_key = s3_event.data_source_name + DIRECTORY_RECV + result_error_file_name result_error_obj = s3_resource.Object(s3_event.bucket_name, result_error_key) result_error_obj.put(Body='') - logger.error(f'E-ERR-01 recvディレクトリにエラーファイルを作成しました ファイル名:{result_error_file_name} 出力先:{s3_event.bucket_name}/{result_error_key}') + logger.error( + f'E-ERR-01 recvディレクトリにエラーファイルを作成しました ファイル名:{result_error_file_name} 出力先:{s3_event.bucket_name}/{result_error_key}') except Exception as e: logger.error(f'E-96 エラーステータスファイルの作成に失敗しました エラー内容:{e}') traceback.print_exc() @@ -191,7 +197,8 @@ def move_encrypt_file(s3_event) -> None: error_obj = s3_resource.Object(s3_event.bucket_name, error_key) error_obj.copy(copy_source) s3_client.delete_object(Bucket=s3_event.bucket_name, Key=s3_event.file_path) - logger.error(f'E-ERR-02 recv_errorディレクトリにファイルを移動しました 移動元:{s3_event.bucket_name}/{s3_event.file_path} 移動先:{s3_event.bucket_name}/{error_key}') + logger.error( + f'E-ERR-02 recv_errorディレクトリにファイルを移動しました 移動元:{s3_event.bucket_name}/{s3_event.file_path} 移動先:{s3_event.bucket_name}/{error_key}') except Exception as e: logger.error(f'E-97 PGP暗号化ファイルの移動に失敗しました エラー内容:{e}') traceback.print_exc() diff --git a/s3/config/view_check/check_target_schemas.json b/s3/config/view_check/check_target_schemas.json new file mode 100644 index 00000000..4a7df05b --- /dev/null +++ b/s3/config/view_check/check_target_schemas.json @@ -0,0 +1,3 @@ +{ + "check_target_schemas": ["custom01", "custom02", "custom03"] +}