get_public_key.py

# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0

"""
This module is the get_public_key API handler.
It retrieves the public key generated by a custom resource stored in Secrets Manager.
"""

import boto3
import os
import json
from botocore import config
from botocore.exceptions import ClientError
from vwr.common.sanitize import deep_clean

SECRET_NAME_PREFIX = os.environ["STACK_NAME"]
SOLUTION_ID = os.environ['SOLUTION_ID']
EVENT_ID = os.environ["EVENT_ID"]

user_agent_extra = {"user_agent_extra": SOLUTION_ID}
user_config = config.Config(**user_agent_extra)
client = boto3.client('secretsmanager', config=user_config)

def lambda_handler(event, _):
    """
    This function is the entry handler for Lambda.
    """

    print(event)
    headers = {
        'Content-Type': 'application/json',
        'Access-Control-Allow-Origin': '*'
    }

    client_event_id = deep_clean(event['queryStringParameters']['event_id'])
    if client_event_id != EVENT_ID:
        return {
            "statusCode": 400,
            "headers": headers,
            "body": json.dumps({"error": "Invalid request ID"})
        }

    response = {}
    try:
        get_secret_value_response = client.get_secret_value(SecretId=f"{SECRET_NAME_PREFIX}/jwk-public")
        response = {
            "statusCode": 200,
            "headers": headers,
            "body": get_secret_value_response['SecretString']
        }
    except ClientError as e:
        print(e.response['Error']['Code'])
        raise e

    return response