feat: S3の操作を汎用的に、SSMの取得処理も追加

2022-07-04 10:46:53 +09:00 · 2022-07-04 10:46:53 +09:00 · 8c8314848c
commit 8c8314848c
parent c19cf90a03
5 changed files with 115 additions and 15 deletions
--- a/lambda/check-view-secutiry-option/check-view-option/aws/s3.py
+++ b/lambda/check-view-secutiry-option/check-view-option/aws/s3.py
@ -1,7 +1,5 @@
 import boto3
 import environments
-import exceptions
-from botocore.exceptions import ClientError
 from constants import AWS_RESOURCE_S3, S3_RESPONSE_BODY


@ -23,9 +21,5 @@ class ConfigBucket:
    def __init__(self) -> None:
        self.__s3_resource = S3Resource(environments.CONFIG_BUCKET_NAME)

-    def read_check_target_schema_names(self):
-        try:
-            return self.__s3_resource.get_object(environments.CHECK_TARGET_SCHEMA_NAMES_PATH)
-        except ClientError as error:
-            if error.response['Error']['Code'] == 'NoSuchKey':
-                raise exceptions.FileNotFoundException('E-02-01', f'チェック対象スキーマ名ファイルの読み込みに失敗しました　エラー内容：{error}')
+    def check_target_schema_names(self):
+        return self.__s3_resource.get_object(environments.CHECK_TARGET_SCHEMA_NAMES_PATH)
--- a/lambda/check-view-secutiry-option/check-view-option/aws/ssm.py
+++ b/lambda/check-view-secutiry-option/check-view-option/aws/ssm.py
@ -0,0 +1,31 @@
+import boto3
+import environments
+from constants import (AWS_RESOURCE_SSM, SSM_PARAMETER_RESPONSE,
+                       SSM_PARAMETER_VALUE)
+
+
+class SSMClient:
+
+    def __init__(self) -> None:
+        self.__ssm_client = boto3.client(AWS_RESOURCE_SSM)
+
+    def get_ssm_params(self, parameter_key: str, with_decryption: bool):
+        response = self.__ssm_client.get_parameter(Name=parameter_key, WithDecryption=with_decryption)
+        parameter_value = response[SSM_PARAMETER_RESPONSE][SSM_PARAMETER_VALUE]
+        return parameter_value
+
+
+class SSMParameterStore:
+    __ssm_client: SSMClient = None
+
+    def __init__(self) -> None:
+        self.__ssm_client = SSMClient()
+
+    def db_host(self):
+        return self.__ssm_client.get_ssm_params(environments.PARAM_NAME_DB_HOST, True)
+
+    def db_user_name(self):
+        return self.__ssm_client.get_ssm_params(environments.PARAM_NAME_DB_USER_NAME, True)
+
+    def db_user_password(self):
+        return self.__ssm_client.get_ssm_params(environments.PARAM_NAME_DB_USER_PASSWORD, True)
--- a/lambda/check-view-secutiry-option/check-view-option/constants.py
+++ b/lambda/check-view-secutiry-option/check-view-option/constants.py
@ -16,8 +16,19 @@ PARAM_NAME_DB_USER_NAME = 'PARAM_NAME_DB_USER_NAME'
 PARAM_NAME_DB_USER_PASSWORD = 'PARAM_NAME_DB_USER_PASSWORD'
 TZ = 'TZ'

-# system var
+# aws
 AWS_RESOURCE_S3 = 's3'
+AWS_RESOURCE_SSM = 'ssm'
 S3_RESPONSE_BODY = 'Body'
+SSM_PARAMETER_RESPONSE = 'Parameter'
+SSM_PARAMETER_NAME = 'Name'
+SSM_PARAMETER_VALUE = 'Value'
+RESPONSE_ERROR = 'Error'
+RESPONSE_ERROR_CODE = 'Code'
+RESPONSE_CODE_NO_SUCH_KEY = 'NoSuchKey'
+RESPONSE_CODE_PARAMETER_NOT_FOUND = 'ParameterNotFound'
+
+# system var
 UTF8 = 'utf-8'
 LAUNCH_ON_LOCAL = 'local'
+CHECK_TARGET_SCHEMAS = 'check_target_schemas'
--- a/lambda/check-view-secutiry-option/check-view-option/exceptions.py
+++ b/lambda/check-view-secutiry-option/check-view-option/exceptions.py
@ -8,4 +8,10 @@ class MeDaCaException(Exception, metaclass=ABCMeta):


 class FileNotFoundException(MeDaCaException):
+    """S3のファイルが見つからない場合の例外"""
+    pass
+
+
+class ParameterNotFoundException(MeDaCaException):
+    """パラメータストアのキーが見つからない場合の例外"""
    pass
--- a/lambda/check-view-secutiry-option/check-view-option/main.py
+++ b/lambda/check-view-secutiry-option/check-view-option/main.py
@ -2,30 +2,88 @@
 Viewセキュリティオプション付与チェック用Lambda関数のエントリーポイント
 """

+import json
+
+import botocore
+
 from aws.s3 import ConfigBucket
-from exceptions import MeDaCaException
+from aws.ssm import SSMParameterStore
+from constants import (CHECK_TARGET_SCHEMAS, RESPONSE_CODE_NO_SUCH_KEY,
+                       RESPONSE_CODE_PARAMETER_NOT_FOUND, RESPONSE_ERROR,
+                       RESPONSE_ERROR_CODE)
+from exceptions import (FileNotFoundException, MeDaCaException,
+                        ParameterNotFoundException)
 from medaca_logger import MeDaCaLogger


 def handler(event, context):
    logger = MeDaCaLogger.get_logger()
-
    try:
        logger.info('I-01-01', '処理開始　Viewセキュリティオプション付与チェック')
-        logger.info('I-01-02', 'チェック対象スキーマ名ファイルを読み込み 開始')
-        config_bucket = ConfigBucket()
-        check_target_schema_names = config_bucket.read_check_target_schema_names()
-        print(check_target_schema_names)
+        logger.info('I-02-02', 'チェック対象スキーマ名ファイルを読み込み 開始')
+        check_target_schemas = read_check_target_schemas()
+        logger.info('I-02-02', f'チェック対象スキーマ名ファイルを読み込み 終了　チェック対象スキーマ名：{check_target_schemas}')
+        # print(check_target_schemas)
+        logger.info('I-03-01', 'データベースへの接続開始 開始')
+        # DB接続のためのパラメータ取得
+        db_host, db_user_name, db_user_password = read_db_param_from_parameter_store()
+        # print(db_host, db_user_name, db_user_password)
+        logger.info('I-03-01', 'データベースへの接続開始 終了')

    except MeDaCaException as e:
        logger.exception(e.error_id, e)
        raise e
    except Exception as e:
        logger.exception('E-99', f'想定外のエラーが発生しました　エラー内容：{e}')
+        raise e
    finally:
        logger.info('I-06-01', '処理終了　Viewセキュリティオプション付与チェック')


+def read_check_target_schemas() -> list:
+    """設定ファイル[チェック対象スキーマ名ファイル]を読み込む
+
+    Raises:
+        exceptions.FileNotFoundException: ファイルが読み込めなかったエラー
+        Exception: 想定外のエラー
+
+    Returns:
+        list: チェック対象のスキーマ名のリスト
+    """
+    try:
+        config_bucket = ConfigBucket()
+        check_target_schema_names = config_bucket.check_target_schema_names()
+        return json.loads(check_target_schema_names)[CHECK_TARGET_SCHEMAS]
+    except botocore.exceptions.ClientError as e:
+        if e.response[RESPONSE_ERROR][RESPONSE_ERROR_CODE] == RESPONSE_CODE_NO_SUCH_KEY:
+            raise FileNotFoundException('E-02-01', f'チェック対象スキーマ名ファイルの読み込みに失敗しました　エラー内容：{e}')
+        else:
+            raise Exception(e)
+
+
+def read_db_param_from_parameter_store() -> tuple:
+    """パラメータストアからDB接続情報を取得する
+
+    Raises:
+        FileNotFoundException: _description_
+        Exception: 想定外のエラー
+
+    Returns:
+        tuple: DB接続情報
+    """
+    try:
+        parameter_store = SSMParameterStore()
+        db_host = parameter_store.db_host()
+        db_user_name = parameter_store.db_user_name()
+        db_user_password = parameter_store.db_user_password()
+        return db_host, db_user_name, db_user_password
+    except botocore.exceptions.ClientError as e:
+        if e.response[RESPONSE_ERROR][RESPONSE_ERROR_CODE] == RESPONSE_CODE_PARAMETER_NOT_FOUND:
+            raise ParameterNotFoundException('E-03-02', f'パラメータストアの取得に失敗しました　エラー内容：{e}')
+        else:
+            raise Exception(e)
+
+
 # ローカル実行用
 if __name__ == '__main__':
    handler({}, {})