aws - lambda - add action set-xray-tracing (#7722)

cloud-custodian · Oct 16, 2022 · 4c43870 · 4c43870
1 parent fe36121
commit 4c43870
Show file tree

Hide file tree

Showing 10 changed files with 402 additions and 2 deletions.
diff --git a/c7n/resources/awslambda.py b/c7n/resources/awslambda.py
@@ -17,8 +17,8 @@
 from c7n import query
 from c7n.resources.iam import CheckPermissions
 from c7n.tags import universal_augment
-from c7n.utils import local_session, type_schema, select_keys, get_human_size, parse_date
-
+from c7n.utils import local_session, type_schema, select_keys, get_human_size, parse_date, get_retry
+from botocore.config import Config
 from .securityhub import PostFinding
 
 ErrAccessDenied = "AccessDeniedException"
@@ -255,6 +255,64 @@ class KmsFilter(KmsRelatedFilter):
     RelatedIdsExpression = 'KMSKeyArn'
 
 
+@AWSLambda.action_registry.register('set-xray-tracing')
+class LambdaEnableXrayTracing(Action):
+    """
+        This action allows for enable Xray tracing to Active
+       :example:
+       .. code-block:: yaml
+           actions:
+             - type: enable-xray-tracing
+    """
+
+    schema = type_schema(
+        'set-xray-tracing',
+        **{'state': {'default': True, 'type': 'boolean'}}
+    )
+    permissions = ("lambda:UpdateFunctionConfiguration",)
+
+    def get_mode_val(self, state):
+        if state:
+            return "Active"
+        return "PassThrough"
+
+    def process(self, resources):
+        """
+            Enables the Xray Tracing for the function.
+
+            Args:
+                resources: AWS lamdba resources
+            Returns:
+                None
+        """
+        config = Config(
+            retries={
+                'max_attempts': 8,
+                'mode': 'standard'
+            }
+        )
+        client = local_session(self.manager.session_factory).client('lambda', config=config)
+        updateState = self.data.get('state', True)
+        retry = get_retry(('TooManyRequestsException', 'ResourceConflictException'))
+
+        mode = self.get_mode_val(updateState)
+        for resource in resources:
+            state = bool(resource["TracingConfig"]["Mode"] == "Active")
+            if updateState != state:
+                function_name = resource["FunctionName"]
+                self.log.info(f"Set Xray tracing to {mode} for lambda {function_name}")
+                try:
+                    retry(
+                        client.update_function_configuration,
+                        FunctionName=function_name,
+                        TracingConfig={
+                            'Mode': mode
+                        }
+                    )
+                except client.exceptions.ResourceNotFoundException:
+                    continue
+
+
 @AWSLambda.action_registry.register('post-finding')
 class LambdaPostFinding(PostFinding):
 

diff --git a/tests/data/placebo/test_set_xray_tracing_false/lambda.GetFunction_1.json b/tests/data/placebo/test_set_xray_tracing_false/lambda.GetFunction_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Configuration": {
+            "FunctionName": "function1",
+            "FunctionArn": "arn:aws:lambda:us-east-1:123456789:function:function1",
+            "Runtime": "python2.7",
+            "Role": "arn:aws:iam::123456789:role/lambdaToLogs",
+            "Handler": "lambda_function.handler",
+            "CodeSize": 648,
+            "Description": "",
+            "Timeout": 3,
+            "MemorySize": 128,
+            "LastModified": "2022-08-30T05:44:25.000+0000",
+            "CodeSha256": "bdHO4LM2pZ8deuK4MAbhonLEoXxppbY143gxzeu7alo=",
+            "Version": "$LATEST",
+            "TracingConfig": {
+                "Mode": "PassThrough"
+            },
+            "RevisionId": "0c21fdc9-123-42b0-123-fcbda77a2f33",
+            "State": "Active",
+            "LastUpdateStatus": "Successful",
+            "PackageType": "Zip",
+            "Architectures": [
+                "x86_64"
+            ],
+            "EphemeralStorage": {
+                "Size": 512
+            }
+        }
+    }
+}
diff --git a/tests/data/placebo/test_set_xray_tracing_false/lambda.ListFunctions_1.json b/tests/data/placebo/test_set_xray_tracing_false/lambda.ListFunctions_1.json
@@ -0,0 +1,57 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "function1",
+                "FunctionArn": "arn:aws:lambda:us-east-1:1234567890:function:fucntion1",
+                "Runtime": "python2.7",
+                "Role": "arn:aws:iam::1234567890:role/lambdaToLogs",
+                "Handler": "lambda_function.handler",
+                "CodeSize": 648,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-08-30T05:44:11.000+0000",
+                "CodeSha256": "bdHO4LM212345euK4MAbhonLEoXxppbY143gxzeu7alo=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "Active"
+                },
+                "RevisionId": "a8484fd4-123-4c2b-1234-0427546404c4",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ],
+                "EphemeralStorage": {
+                    "Size": 512
+                }
+            },
+            {
+                "FunctionName": "fucntion2",
+                "FunctionArn": "arn:aws:lambda:us-east-1:1234567890:function:fucntio2",
+                "Role": "arn:aws:iam::1234567890:role/service-role/new-role-swx9g08r",
+                "CodeSize": 0,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-08-30T05:18:05.000+0000",
+                "CodeSha256": "53b69ebf3aa1easdf2073982ecd2d6433a46e579958c0e15b77945513d95dcb",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "Active"
+                },
+                "RevisionId": "47ebc507-134-4202-123-ccf8a3cac45e",
+                "PackageType": "Image",
+                "ImageConfigResponse": {},
+                "Architectures": [
+                    "x86_64"
+                ],
+                "EphemeralStorage": {
+                    "Size": 512
+                }
+            }
+        ]
+    }
+}
diff --git a/tests/data/placebo/test_set_xray_tracing_false/lambda.UpdateFunctionConfiguration_1.json b/tests/data/placebo/test_set_xray_tracing_false/lambda.UpdateFunctionConfiguration_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "FunctionName": "function1",
+        "FunctionArn": "arn:aws:lambda:us-east-1:1234567890:function:function1",
+        "Runtime": "python2.7",
+        "Role": "arn:aws:iam::124567890:role/lambdaToLogs",
+        "Handler": "lambda_function.handler",
+        "CodeSize": 648,
+        "Description": "",
+        "Timeout": 3,
+        "MemorySize": 128,
+        "LastModified": "2022-08-30T05:44:25.000+0000",
+        "CodeSha256": "bdHO4LM212345euK4MAbhonLEoXxppbY143gxzeu7alo=",
+        "Version": "$LATEST",
+        "TracingConfig": {
+            "Mode": "PassThrough"
+        },
+        "RevisionId": "c709d6d7-12345-4445-12345-1eaa55164924",
+        "State": "Active",
+        "LastUpdateStatus": "InProgress",
+        "LastUpdateStatusReason": "The function is being created.",
+        "LastUpdateStatusReasonCode": "Creating",
+        "PackageType": "Zip",
+        "Architectures": [
+            "x86_64"
+        ],
+        "EphemeralStorage": {
+            "Size": 512
+        }
+    }
+}
diff --git a/tests/data/placebo/test_set_xray_tracing_false/tagging.GetResources_1.json b/tests/data/placebo/test_set_xray_tracing_false/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:1234567890:function:function1",
+                "Tags": [
+                    {
+                        "Key": "aws:cloudformation:logical-id",
+                        "Value": "function1"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/data/placebo/test_set_xray_tracing_true/lambda.GetFunction_1.json b/tests/data/placebo/test_set_xray_tracing_true/lambda.GetFunction_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Configuration": {
+            "FunctionName": "function1",
+            "FunctionArn": "arn:aws:lambda:us-east-1:123456789:function:function1",
+            "Runtime": "python2.7",
+            "Role": "arn:aws:iam::123456789:role/lambdaToLogs",
+            "Handler": "lambda_function.handler",
+            "CodeSize": 648,
+            "Description": "",
+            "Timeout": 3,
+            "MemorySize": 128,
+            "LastModified": "2022-08-30T05:44:25.000+0000",
+            "CodeSha256": "bdHO4LM2pZ8deuK4MAbhonLEoXxppbY143gxzeu7alo=",
+            "Version": "$LATEST",
+            "TracingConfig": {
+                "Mode": "Active"
+            },
+            "RevisionId": "0c21fdc9-123-42b0-123-fcbda77a2f33",
+            "State": "Active",
+            "LastUpdateStatus": "Successful",
+            "PackageType": "Zip",
+            "Architectures": [
+                "x86_64"
+            ],
+            "EphemeralStorage": {
+                "Size": 512
+            }
+        }
+    }
+}
diff --git a/tests/data/placebo/test_set_xray_tracing_true/lambda.ListFunctions_1.json b/tests/data/placebo/test_set_xray_tracing_true/lambda.ListFunctions_1.json
@@ -0,0 +1,57 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "function1",
+                "FunctionArn": "arn:aws:lambda:us-east-1:1234567890:function:fucntion1",
+                "Runtime": "python2.7",
+                "Role": "arn:aws:iam::1234567890:role/lambdaToLogs",
+                "Handler": "lambda_function.handler",
+                "CodeSize": 648,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-08-30T05:44:11.000+0000",
+                "CodeSha256": "bdHO4LM212345euK4MAbhonLEoXxppbY143gxzeu7alo=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "a8484fd4-123-4c2b-1234-0427546404c4",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ],
+                "EphemeralStorage": {
+                    "Size": 512
+                }
+            },
+            {
+                "FunctionName": "fucntion2",
+                "FunctionArn": "arn:aws:lambda:us-east-1:1234567890:function:fucntio2",
+                "Role": "arn:aws:iam::1234567890:role/service-role/new-role-swx9g08r",
+                "CodeSize": 0,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-08-30T05:18:05.000+0000",
+                "CodeSha256": "53b69ebf3aa1easdf2073982ecd2d6433a46e579958c0e15b77945513d95dcb",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "Active"
+                },
+                "RevisionId": "47ebc507-134-4202-123-ccf8a3cac45e",
+                "PackageType": "Image",
+                "ImageConfigResponse": {},
+                "Architectures": [
+                    "x86_64"
+                ],
+                "EphemeralStorage": {
+                    "Size": 512
+                }
+            }
+        ]
+    }
+}
diff --git a/tests/data/placebo/test_set_xray_tracing_true/lambda.UpdateFunctionConfiguration_1.json b/tests/data/placebo/test_set_xray_tracing_true/lambda.UpdateFunctionConfiguration_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "FunctionName": "function1",
+        "FunctionArn": "arn:aws:lambda:us-east-1:1234567890:function:function1",
+        "Runtime": "python2.7",
+        "Role": "arn:aws:iam::124567890:role/lambdaToLogs",
+        "Handler": "lambda_function.handler",
+        "CodeSize": 648,
+        "Description": "",
+        "Timeout": 3,
+        "MemorySize": 128,
+        "LastModified": "2022-08-30T05:44:25.000+0000",
+        "CodeSha256": "bdHO4LM212345euK4MAbhonLEoXxppbY143gxzeu7alo=",
+        "Version": "$LATEST",
+        "TracingConfig": {
+            "Mode": "Active"
+        },
+        "RevisionId": "c709d6d7-12345-4445-12345-1eaa55164924",
+        "State": "Active",
+        "LastUpdateStatus": "InProgress",
+        "LastUpdateStatusReason": "The function is being created.",
+        "LastUpdateStatusReasonCode": "Creating",
+        "PackageType": "Zip",
+        "Architectures": [
+            "x86_64"
+        ],
+        "EphemeralStorage": {
+            "Size": 512
+        }
+    }
+}
diff --git a/tests/data/placebo/test_set_xray_tracing_true/tagging.GetResources_1.json b/tests/data/placebo/test_set_xray_tracing_true/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:1234567890:function:function1",
+                "Tags": [
+                    {
+                        "Key": "aws:cloudformation:logical-id",
+                        "Value": "function1"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}