From 8c8314848c67a07e810ce521645a7cf4fec78aee Mon Sep 17 00:00:00 2001 From: "shimoda.m@nds-tyo.co.jp" Date: Mon, 4 Jul 2022 10:46:53 +0900 Subject: [PATCH] =?UTF-8?q?feat:=20S3=E3=81=AE=E6=93=8D=E4=BD=9C=E3=82=92?= =?UTF-8?q?=E6=B1=8E=E7=94=A8=E7=9A=84=E3=81=AB=E3=80=81SSM=E3=81=AE?= =?UTF-8?q?=E5=8F=96=E5=BE=97=E5=87=A6=E7=90=86=E3=82=82=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../check-view-option/aws/s3.py | 10 +-- .../check-view-option/aws/ssm.py | 31 ++++++++ .../check-view-option/constants.py | 13 +++- .../check-view-option/exceptions.py | 6 ++ .../check-view-option/main.py | 70 +++++++++++++++++-- 5 files changed, 115 insertions(+), 15 deletions(-) create mode 100644 lambda/check-view-secutiry-option/check-view-option/aws/ssm.py diff --git a/lambda/check-view-secutiry-option/check-view-option/aws/s3.py b/lambda/check-view-secutiry-option/check-view-option/aws/s3.py index 6ace3816..8d512b71 100644 --- a/lambda/check-view-secutiry-option/check-view-option/aws/s3.py +++ b/lambda/check-view-secutiry-option/check-view-option/aws/s3.py @@ -1,7 +1,5 @@ import boto3 import environments -import exceptions -from botocore.exceptions import ClientError from constants import AWS_RESOURCE_S3, S3_RESPONSE_BODY @@ -23,9 +21,5 @@ class ConfigBucket: def __init__(self) -> None: self.__s3_resource = S3Resource(environments.CONFIG_BUCKET_NAME) - def read_check_target_schema_names(self): - try: - return self.__s3_resource.get_object(environments.CHECK_TARGET_SCHEMA_NAMES_PATH) - except ClientError as error: - if error.response['Error']['Code'] == 'NoSuchKey': - raise exceptions.FileNotFoundException('E-02-01', f'チェック対象スキーマ名ファイルの読み込みに失敗しました エラー内容:{error}') + def check_target_schema_names(self): + return self.__s3_resource.get_object(environments.CHECK_TARGET_SCHEMA_NAMES_PATH) diff --git a/lambda/check-view-secutiry-option/check-view-option/aws/ssm.py b/lambda/check-view-secutiry-option/check-view-option/aws/ssm.py new file mode 100644 index 00000000..528b4516 --- /dev/null +++ b/lambda/check-view-secutiry-option/check-view-option/aws/ssm.py @@ -0,0 +1,31 @@ +import boto3 +import environments +from constants import (AWS_RESOURCE_SSM, SSM_PARAMETER_RESPONSE, + SSM_PARAMETER_VALUE) + + +class SSMClient: + + def __init__(self) -> None: + self.__ssm_client = boto3.client(AWS_RESOURCE_SSM) + + def get_ssm_params(self, parameter_key: str, with_decryption: bool): + response = self.__ssm_client.get_parameter(Name=parameter_key, WithDecryption=with_decryption) + parameter_value = response[SSM_PARAMETER_RESPONSE][SSM_PARAMETER_VALUE] + return parameter_value + + +class SSMParameterStore: + __ssm_client: SSMClient = None + + def __init__(self) -> None: + self.__ssm_client = SSMClient() + + def db_host(self): + return self.__ssm_client.get_ssm_params(environments.PARAM_NAME_DB_HOST, True) + + def db_user_name(self): + return self.__ssm_client.get_ssm_params(environments.PARAM_NAME_DB_USER_NAME, True) + + def db_user_password(self): + return self.__ssm_client.get_ssm_params(environments.PARAM_NAME_DB_USER_PASSWORD, True) diff --git a/lambda/check-view-secutiry-option/check-view-option/constants.py b/lambda/check-view-secutiry-option/check-view-option/constants.py index 2ef6a079..3336997b 100644 --- a/lambda/check-view-secutiry-option/check-view-option/constants.py +++ b/lambda/check-view-secutiry-option/check-view-option/constants.py @@ -16,8 +16,19 @@ PARAM_NAME_DB_USER_NAME = 'PARAM_NAME_DB_USER_NAME' PARAM_NAME_DB_USER_PASSWORD = 'PARAM_NAME_DB_USER_PASSWORD' TZ = 'TZ' -# system var +# aws AWS_RESOURCE_S3 = 's3' +AWS_RESOURCE_SSM = 'ssm' S3_RESPONSE_BODY = 'Body' +SSM_PARAMETER_RESPONSE = 'Parameter' +SSM_PARAMETER_NAME = 'Name' +SSM_PARAMETER_VALUE = 'Value' +RESPONSE_ERROR = 'Error' +RESPONSE_ERROR_CODE = 'Code' +RESPONSE_CODE_NO_SUCH_KEY = 'NoSuchKey' +RESPONSE_CODE_PARAMETER_NOT_FOUND = 'ParameterNotFound' + +# system var UTF8 = 'utf-8' LAUNCH_ON_LOCAL = 'local' +CHECK_TARGET_SCHEMAS = 'check_target_schemas' diff --git a/lambda/check-view-secutiry-option/check-view-option/exceptions.py b/lambda/check-view-secutiry-option/check-view-option/exceptions.py index 131a0126..d3afb381 100644 --- a/lambda/check-view-secutiry-option/check-view-option/exceptions.py +++ b/lambda/check-view-secutiry-option/check-view-option/exceptions.py @@ -8,4 +8,10 @@ class MeDaCaException(Exception, metaclass=ABCMeta): class FileNotFoundException(MeDaCaException): + """S3のファイルが見つからない場合の例外""" + pass + + +class ParameterNotFoundException(MeDaCaException): + """パラメータストアのキーが見つからない場合の例外""" pass diff --git a/lambda/check-view-secutiry-option/check-view-option/main.py b/lambda/check-view-secutiry-option/check-view-option/main.py index b870a3bf..51586e65 100644 --- a/lambda/check-view-secutiry-option/check-view-option/main.py +++ b/lambda/check-view-secutiry-option/check-view-option/main.py @@ -2,30 +2,88 @@ Viewセキュリティオプション付与チェック用Lambda関数のエントリーポイント """ +import json + +import botocore + from aws.s3 import ConfigBucket -from exceptions import MeDaCaException +from aws.ssm import SSMParameterStore +from constants import (CHECK_TARGET_SCHEMAS, RESPONSE_CODE_NO_SUCH_KEY, + RESPONSE_CODE_PARAMETER_NOT_FOUND, RESPONSE_ERROR, + RESPONSE_ERROR_CODE) +from exceptions import (FileNotFoundException, MeDaCaException, + ParameterNotFoundException) from medaca_logger import MeDaCaLogger def handler(event, context): logger = MeDaCaLogger.get_logger() - try: logger.info('I-01-01', '処理開始 Viewセキュリティオプション付与チェック') - logger.info('I-01-02', 'チェック対象スキーマ名ファイルを読み込み 開始') - config_bucket = ConfigBucket() - check_target_schema_names = config_bucket.read_check_target_schema_names() - print(check_target_schema_names) + logger.info('I-02-02', 'チェック対象スキーマ名ファイルを読み込み 開始') + check_target_schemas = read_check_target_schemas() + logger.info('I-02-02', f'チェック対象スキーマ名ファイルを読み込み 終了 チェック対象スキーマ名:{check_target_schemas}') + # print(check_target_schemas) + logger.info('I-03-01', 'データベースへの接続開始 開始') + # DB接続のためのパラメータ取得 + db_host, db_user_name, db_user_password = read_db_param_from_parameter_store() + # print(db_host, db_user_name, db_user_password) + logger.info('I-03-01', 'データベースへの接続開始 終了') except MeDaCaException as e: logger.exception(e.error_id, e) raise e except Exception as e: logger.exception('E-99', f'想定外のエラーが発生しました エラー内容:{e}') + raise e finally: logger.info('I-06-01', '処理終了 Viewセキュリティオプション付与チェック') +def read_check_target_schemas() -> list: + """設定ファイル[チェック対象スキーマ名ファイル]を読み込む + + Raises: + exceptions.FileNotFoundException: ファイルが読み込めなかったエラー + Exception: 想定外のエラー + + Returns: + list: チェック対象のスキーマ名のリスト + """ + try: + config_bucket = ConfigBucket() + check_target_schema_names = config_bucket.check_target_schema_names() + return json.loads(check_target_schema_names)[CHECK_TARGET_SCHEMAS] + except botocore.exceptions.ClientError as e: + if e.response[RESPONSE_ERROR][RESPONSE_ERROR_CODE] == RESPONSE_CODE_NO_SUCH_KEY: + raise FileNotFoundException('E-02-01', f'チェック対象スキーマ名ファイルの読み込みに失敗しました エラー内容:{e}') + else: + raise Exception(e) + + +def read_db_param_from_parameter_store() -> tuple: + """パラメータストアからDB接続情報を取得する + + Raises: + FileNotFoundException: _description_ + Exception: 想定外のエラー + + Returns: + tuple: DB接続情報 + """ + try: + parameter_store = SSMParameterStore() + db_host = parameter_store.db_host() + db_user_name = parameter_store.db_user_name() + db_user_password = parameter_store.db_user_password() + return db_host, db_user_name, db_user_password + except botocore.exceptions.ClientError as e: + if e.response[RESPONSE_ERROR][RESPONSE_ERROR_CODE] == RESPONSE_CODE_PARAMETER_NOT_FOUND: + raise ParameterNotFoundException('E-03-02', f'パラメータストアの取得に失敗しました エラー内容:{e}') + else: + raise Exception(e) + + # ローカル実行用 if __name__ == '__main__': handler({}, {})