from __future__ import print_function
import urllib3
from botocore.exceptions import ClientError
import boto3
import json
import os
def handler(event, context):
print("log -- Event: %s " % json.dumps(event))
codecommit = boto3.client('codecommit')
# Variables
repo = event['ResourceProperties']['Repo']
repoConfig = event['ResourceProperties']['RepoConfig']
masterbranch = 'master'
devbranch = 'development'
if event['RequestType'] == 'Create':
print("log -- Create Event ")
try:
# Read in files for Dockerfile Analysis
buildspecPath = os.environ['LAMBDA_TASK_ROOT'] + "/buildspec_dockerfile.yml"
buildspec = open(buildspecPath).read()
hadolintConfigPath = os.environ['LAMBDA_TASK_ROOT'] + "/hadolint.yml"
hadolintConfig = open(hadolintConfigPath).read()
# Read in files for Secrets Analysis
buildspecPathSecrets = os.environ['LAMBDA_TASK_ROOT'] + "/buildspec_secrets.yml"
buildspecSecrets = open(buildspecPathSecrets).read()
secretsConfigPath = os.environ['LAMBDA_TASK_ROOT'] + "/secrets_config.json"
secretsConfig = open(secretsConfigPath).read()
# Read in files for Vulnerability Scanning
buildspecPathVuln = os.environ['LAMBDA_TASK_ROOT'] + "/buildspec_vuln.yml"
buildspecVuln = open(buildspecPathVuln).read()
# Read in files for Push Stage
buildspecPathPush = os.environ['LAMBDA_TASK_ROOT'] + "/buildspec_push.yml"
buildspecPush = open(buildspecPathPush).read()
# Read in file for Python app
DockerfilePath = os.environ['LAMBDA_TASK_ROOT'] + "/Dockerfile"
Dockerfile = open(DockerfilePath).read()
AppPath = os.environ['LAMBDA_TASK_ROOT'] + "/index.py"
App = open(AppPath).read()
ReqPath = os.environ['LAMBDA_TASK_ROOT'] + "/requirements.txt"
Req = open(ReqPath).read()
# Add Dockerfile buildspec file to configs repo
commit = codecommit.put_file(
repositoryName=repoConfig,
branchName=masterbranch,
fileContent=buildspec,
filePath='buildspec_dockerfile.yml',
commitMessage='Initial Commit',
name='Your Lambda Helper'
)
commit2 = codecommit.put_file(
repositoryName=repoConfig,
branchName=masterbranch,
parentCommitId=commit['commitId'],
fileContent=hadolintConfig,
filePath='hadolint.yml',
commitMessage='Added Hadolint Configuration',
name='Your Lambda Helper'
)
commit3 = codecommit.put_file(
repositoryName=repoConfig,
branchName=masterbranch,
parentCommitId=commit2['commitId'],
fileContent=buildspecSecrets,
filePath='buildspec_secrets.yml',
commitMessage='Added Secrets BuildSpec file',
name='Your Lambda Helper'
)
commit4 = codecommit.put_file(
repositoryName=repoConfig,
branchName=masterbranch,
parentCommitId=commit3['commitId'],
fileContent=secretsConfig,
filePath='secrets_config.json',
commitMessage='Added Secrets Configuration file',
name='Your Lambda Helper'
)
commit5 = codecommit.put_file(
repositoryName=repoConfig,
branchName=masterbranch,
parentCommitId=commit4['commitId'],
fileContent=buildspecVuln,
filePath='buildspec_vuln.yml',
commitMessage='Added Build Spec for Vulnerability Scanning Stage',
name='Your Lambda Helper'
)
codecommit.put_file(
repositoryName=repoConfig,
branchName=masterbranch,
parentCommitId=commit5['commitId'],
fileContent=buildspecPush,
filePath='buildspec_push.yml',
commitMessage='Added Push BuildSpec file',
name='Your Lambda Helper'
)
# Add Dockerfile to application repo
commita = codecommit.put_file(
repositoryName=repo,
branchName=devbranch,
fileContent=Dockerfile,
filePath='Dockerfile',
commitMessage='Initial Commit',
name='Your Lambda Helper'
)
commitb = codecommit.put_file(
repositoryName=repo,
branchName=devbranch,
parentCommitId=commita['commitId'],
fileContent=App,
filePath='/app/index.py',
commitMessage='Added Python App file',
name='Your Lambda Helper'
)
codecommit.put_file(
repositoryName=repo,
branchName=devbranch,
parentCommitId=commitb['commitId'],
fileContent=Req,
filePath='requirements.txt',
commitMessage='Added requirements file',
name='Your Lambda Helper'
)
codecommit.create_branch(
repositoryName=repo,
branchName=masterbranch,
commitId=commita['commitId']
)
codecommit.update_default_branch(
repositoryName=repo,
defaultBranchName=devbranch
)
response = sendResponse(event, context, "SUCCESS", { "Message": "Initial commits - Success" })
except ClientError as e:
print(e)
#TODO - below "Initial commits - Error" should be executed only for ClientError. indentation issue?
response = sendResponse(event, context, "SUCCESS", { "Message": "Initial commits - Error" })
elif event['RequestType'] == 'Update':
print("log -- Update Event")
try:
response = sendResponse(event, context, "SUCCESS", { "Message": "Initial commits - Success" })
except ClientError as e:
print(e)
response = sendResponse(event, context, "SUCCESS", { "Message": "Initial commits - Error" })
elif event['RequestType'] == 'Delete':
print("log -- Delete Event")
response = sendResponse(event, context, "SUCCESS", { "Message": "Deletion successful!" })
else:
print("log -- FAILED")
response = sendResponse(event, context, "FAILED", { "Message": "Unexpected event received from CloudFormation" })
return response
def sendResponse(event, context, responseStatus, responseData):
responseBody = json.dumps({
"Status": responseStatus,
"Reason": "See the details in CloudWatch Log Stream: " + context.log_stream_name,
"PhysicalResourceId": context.log_stream_name,
"StackId": event['StackId'],
"RequestId": event['RequestId'],
"LogicalResourceId": event['LogicalResourceId'],
"Data": responseData
})
encoded_data = responseBody.encode('utf-8')
hdr = {'Content-Type': ''}
http = urllib3.PoolManager()
response= http.urlopen('PUT', event['ResponseURL'],body=encoded_data, headers=hdr)
resp_body = response.data.decode('utf-8')
print("Status code: {}".format(response.status))
print("Status message: {}".format(resp_body))
return responseBody