Adding shared library and github templates

Joshua Leaverton · Joshua Leaverton · commit d7e42d69c77c · 2020-07-08T19:27:38.000-04:00
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,42 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior.
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Please complete the following information about the solution:**
+- [ ] Version: [e.g. v1.0.0]
+
+To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0021) - Video On Demand workflow with AWS Step Functions, MediaConvert, MediaPackage, S3, CloudFront and DynamoDB. Version **v5.0.0**_". If the description does not contain the version information, you can look at the mappings section of the template:
+
+```yaml
+Mappings:
+  SourceCode:
+    General:
+      S3Bucket: "solutions"
+      KeyPrefix: "video-on-demand-on-aws/v5.0.0"
+```
+
+- [ ] Region: [e.g. us-east-1]
+- [ ] Was the solution modified from the version published on this repository?
+- [ ] If the answer to the previous question was yes, are the changes available on GitHub?
+- [ ] Have you checked your [service quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) for the sevices this solution uses?
+- [ ] Were there any errors in the CloudWatch Logs?
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem (please **DO NOT include sensitive information**).
+
+**Additional context**
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,17 @@
+---
+name: Feature request
+about: Suggest an idea for this solution
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the feature you'd like**
+A clear and concise description of what you want to happen.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,5 @@
+*Issue #, if available:*
+
+*Description of changes:*
+
+By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
diff --git a/source/lib/solution_metrics.py b/source/lib/solution_metrics.py
@@ -0,0 +1,49 @@
+###############################################################################
+#  Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.    #
+#                                                                             #
+#  Licensed under the Apache License, Version 2.0 (the "License").            #
+#  You may not use this file except in compliance with the License.
+#  A copy of the License is located at                                        #
+#                                                                             #
+#      http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                             #
+#  or in the "license" file accompanying this file. This file is distributed  #
+#  on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express #
+#  or implied. See the License for the specific language governing permissions#
+#  and limitations under the License.                                         #
+###############################################################################
+
+import os
+import requests
+from json import dumps
+from datetime import datetime
+
+
+def send_metrics(data,
+                 uuid=os.getenv('UUID'),
+                 solution_id=os.getenv('SOLUTION_ID'),
+                 url=os.getenv('METRICS_URL')):
+    """Sends anonymous customer metrics to s3 via API gateway owned and
+        managed by the Solutions Builder team.
+
+    Args:
+        data - anonymous customer metrics to be sent
+        uuid - uuid of the solution
+        solution_id: unique id of the solution
+        url: url for API Gateway via which data is sent
+
+    Return: status code returned by https post request
+    """
+    try:
+        metrics_data = {
+            "Solution": solution_id,
+            "UUID": uuid,
+            "TimeStamp": str(datetime.utcnow().isoformat()),
+            "Data": data
+            }
+        json_data = dumps(metrics_data)
+        headers = {'content-type': 'application/json'}
+        response = requests.post(url, data=json_data, headers=headers)
+        return response
+    except:
+        pass
diff --git a/source/lib/waflibv2.py b/source/lib/waflibv2.py
@@ -0,0 +1,243 @@
+######################################################################################################################
+#  Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.                                           #
+#                                                                                                                    #
+#  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance    #
+#  with the License. A copy of the License is located at                                                             #
+#                                                                                                                    #
+#      http://www.apache.org/licenses/LICENSE-2.0                                                                    #
+#                                                                                                                    #
+#  or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES #
+#  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions    #
+#  and limitations under the License.                                                                                #
+######################################################################################################################
+import os
+import boto3
+import logging
+from botocore.config import Config
+from ipaddress import ip_address
+import sys
+from backoff import on_exception, expo
+
+API_CALL_NUM_RETRIES = 5
+MAX_TIME = 10
+client = boto3.client('wafv2', config=Config(retries={'max_attempts': API_CALL_NUM_RETRIES}))
+
+class WAFLIBv2(object):
+
+    def __init__(self):
+        return
+
+    # Parse arn into ip_set_id
+    def arn_to_id(self, arn):
+        if arn == None:
+            return None
+        tmp = arn.split('/')
+        return tmp.pop()
+    
+    # Determine network version for source_ip
+    def which_ip_version(self, log, source_ip):
+        if source_ip == None:
+            return None
+        try:
+            source_ip = source_ip.strip()
+            ip_type = "IPV%s"%ip_address(source_ip).version
+            return ip_type
+        except Exception as e:
+            log.error("Source ip %s is not IPV4 or IPV6.", str(source_ip))
+            log.error(str(e))
+            return None
+    
+    # Append correct cidr to source_ip
+    def set_ip_cidr(self, log, source_ip):
+        if source_ip == None:
+            return None
+        try:
+            source_ip = source_ip.strip()
+            ip_type = "IPV%s"%ip_address(source_ip).version
+        except Exception as e:
+            log.error("Source ip %s is not IPV4 or IPV6.", str(source_ip))
+            log.error(str(e))
+            return None
+        
+        ip_class = "32" if ip_type == "IPV4" else "128"
+        return str(source_ip)+"/"+str(ip_class)
+
+    # Retrieve IPSet based on ip_set_id
+    @on_exception(expo, client.exceptions.WAFInternalErrorException, max_time=MAX_TIME)
+    def get_ip_set(self, log, scope, name, arn):
+        try:
+            log.info("[waflib:get_ip_set] Start")
+            ip_set_id = self.arn_to_id(arn)
+            response = client.get_ip_set(
+                Scope=scope,
+                Name=name,
+                Id=ip_set_id
+            )
+            log.info("[waflib:get_ip_set] End")
+            return response
+        except Exception as e:
+            log.error("Failed to get IPSet %s", str(ip_set_id))
+            log.error(str(e))
+            return None
+
+    # Retrieve addresses based on ip_set_id
+    @on_exception(expo, client.exceptions.WAFInternalErrorException, max_time=MAX_TIME)
+    def get_addresses(self, log, scope, name, arn):
+        try:
+            response = self.get_ip_set(log, scope, name, arn)
+            addresses = response["IPSet"]["Addresses"]
+            return addresses
+        except Exception as e:
+            log.error("Failed to get addresses for ARN %s", str(arn))
+            log.error(str(e))
+            return None
+
+    # Update addresses in an IPSet
+    @on_exception(expo,
+                  (client.exceptions.WAFInternalErrorException,
+                   client.exceptions.WAFOptimisticLockException,
+                   client.exceptions.WAFLimitsExceededException),
+                  max_time=MAX_TIME)
+    def update_ip_set(self, log, scope, name, ip_set_arn, addresses):
+        log.info("[waflib:update_ip_set] Start")
+        if (ip_set_arn is None or name is None):
+            log.error("No IPSet found for: %s ", str(ip_set_arn))
+            return None
+
+        try:
+            # convert from arn to ip_set_id
+            ip_set_id = self.arn_to_id(ip_set_arn)
+
+            # retrieve the ipset to get a locktoken
+            ip_set = self.get_ip_set(log, scope, name, ip_set_arn)
+            lock_token = ip_set['LockToken']
+            description = ip_set['IPSet']['Description']
+            log.info("Updating IPSet with description: %s", str(description))
+
+            response = client.update_ip_set(
+                Scope=scope,
+                Name=name,
+                Description=description,
+                Id=ip_set_id,
+                Addresses=addresses,
+                LockToken=lock_token
+            )
+
+            new_ip_set = self.get_ip_set(log, scope, name, ip_set_id)
+            log.info("[waflib:update_ip_set] End")
+            return new_ip_set
+        except Exception as e:
+            log.error(e)
+            log.error("Failed to update IPSet: %s", str(ip_set_id))
+            return None
+            
+    
+    # Put Log Configuration for webacl
+    @on_exception(expo, client.exceptions.WAFInternalErrorException, max_time=MAX_TIME)
+    def put_logging_configuration(self, log, web_acl_arn, delivery_stream_arn):
+        try:
+            response = client.put_logging_configuration(
+                LoggingConfiguration={
+                    'ResourceArn': web_acl_arn,
+                    'LogDestinationConfigs': [delivery_stream_arn]
+                }
+            )
+            return response
+        except Exception as e:
+            log.error("Failed to configure log for WebAcl: %s", str(web_acl_arn))
+            log.error(str(e))
+            return None
+
+    # Delete Log Configuration for webacl
+    @on_exception(expo, client.exceptions.WAFInternalErrorException, max_time=MAX_TIME)
+    def delete_logging_configuration(self, log, web_acl_arn):
+        try:
+            response = client.delete_logging_configuration(
+                ResourceArn=web_acl_arn
+            )
+            return response
+        except Exception as e:
+            log.error("Failed to delete log for WebAcl: %s", str(web_acl_arn))
+            log.error(str(e))
+            return None
+
+    # List webacls
+    @on_exception(expo, client.exceptions.WAFInternalErrorException, max_time=MAX_TIME)
+    def list_web_acls(self, log, scope):
+        try:
+            response = client.list_web_acls(
+                Scope=scope
+            )
+            return response
+        except Exception as e:
+            log.error("Failed to list WebAcld in scope: %s", str(scope))
+            log.error(str(e))
+            return None
+            
+
+    #################################################################
+    # Following functions only used for testing, not in WAF Solution
+    #################################################################
+
+    @on_exception(expo,
+                  (client.exceptions.WAFInternalErrorException,
+                   client.exceptions.WAFOptimisticLockException,
+                   client.exceptions.WAFLimitsExceededException),
+                  max_time=MAX_TIME)
+    def create_ip_set(self, log, scope, name, description, version, addresses):
+        try:
+            response = client.create_ip_set(
+                Scope=scope,
+                Name=name,
+                Description=description,
+                IPAddressVersion=version,
+                Addresses=addresses
+            )
+            return response
+        except Exception as e:
+            log.error("Failed to create IPSet: %s", str(name))
+            log.error(str(e))
+            return None
+
+    @on_exception(expo,
+                  (client.exceptions.WAFInternalErrorException,
+                   client.exceptions.WAFOptimisticLockException,
+                   client.exceptions.WAFAssociatedItemException),
+                  max_time=MAX_TIME)
+    def delete_ip_set(self, log, scope, name, ip_set_id):
+        try:
+            response = self.get_ip_set(log, scope, name, ip_set_id)          
+            if response is not None:
+                lock_token = response['LockToken']
+                response = client.delete_ip_set(
+                    Scope=scope,
+                    Name=name,
+                    LockToken=lock_token,
+                    Id=ip_set_id
+                )
+            return response
+        except Exception as e:
+            log.error("Failed to delete IPSet: %s", str(name))
+            log.error(str(e))
+            return None
+
+    @on_exception(expo, client.exceptions.WAFInternalErrorException, max_time=MAX_TIME)
+    def list_ip_sets(self, log, scope, marker=None):
+        try:
+            response = None
+            if marker == None:
+                response = client.list_ip_sets(
+                    Scope=scope,
+                    Limit=50
+                )
+            else:
+                response = client.list_ip_sets(
+                    Scope=scope,
+                    NextMarker=marker,
+                    Limit=50
+                )
+            return response
+        except Exception as e:
+            log.error("Failed to list IPSets in scope: %s", str(scope))
+            log.error(str(e))
+            return None
