aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/load_lambda.py2
-rw-r--r--src/secrets_manager.py31
-rw-r--r--src/transform_lambda.py2
-rw-r--r--terraform/lambda.tf81
-rw-r--r--terraform/s3.tf5
-rw-r--r--test/test_secrets_manager.py19
-rw-r--r--tests/test_extract_lambda.py6
-rw-r--r--tests/test_secrets_manager.py37
8 files changed, 106 insertions, 77 deletions
diff --git a/src/load_lambda.py b/src/load_lambda.py
index 6ee681f..c6a8e60 100644
--- a/src/load_lambda.py
+++ b/src/load_lambda.py
@@ -1,2 +1,2 @@
def lambda_handler():
- pass \ No newline at end of file
+ pass
diff --git a/src/secrets_manager.py b/src/secrets_manager.py
index c0fb61e..3484688 100644
--- a/src/secrets_manager.py
+++ b/src/secrets_manager.py
@@ -4,45 +4,46 @@ import json
def sm_client():
- sm_client = boto3.client('secretsmanager')
+ sm_client = boto3.client("secretsmanager")
yield sm_client
-def create_secret(sm_client, secret_name, cohort_id, user, password, host, database, port):
+
+def create_secret(
+ sm_client, secret_name, cohort_id, user, password, host, database, port
+):
secret = {
"cohort_id": cohort_id,
"user": user,
"password": password,
"host": host,
"database": database,
- "port": port
+ "port": port,
}
response = sm_client.create_secret(
- Name = secret_name,
- SecretString = json.dumps(secret)
+ Name=secret_name, SecretString=json.dumps(secret)
)
print(response)
return response
+
def list_secret(sm_client):
response = sm_client.list_secrets()
- secret_dict = response['SecretList']
+ secret_dict = response["SecretList"]
secret_names = []
for items in secret_dict:
- secret_names.append(items['Name'])
- print(f'{len(secret_names)} secret(s) available')
+ secret_names.append(items["Name"])
+ print(f"{len(secret_names)} secret(s) available")
for name in secret_names:
print(name)
return secret_names
-def retrieve_secrets(sm_client):
- response = sm_client.get_secrets(
-
- )
+def retrieve_secrets(sm_client):
+ response = sm_client.get_secrets()
-#retrieve secret
-#so lambda can access totesy db
-#so lambda connect to the db and then retrieve the data \ No newline at end of file
+# retrieve secret
+# so lambda can access totesy db
+# so lambda connect to the db and then retrieve the data
diff --git a/src/transform_lambda.py b/src/transform_lambda.py
index 6ee681f..c6a8e60 100644
--- a/src/transform_lambda.py
+++ b/src/transform_lambda.py
@@ -1,2 +1,2 @@
def lambda_handler():
- pass \ No newline at end of file
+ pass
diff --git a/terraform/lambda.tf b/terraform/lambda.tf
index 67fd6eb..e33bc79 100644
--- a/terraform/lambda.tf
+++ b/terraform/lambda.tf
@@ -12,12 +12,14 @@ resource "aws_s3_object" "extract_lambda_code" {
}
resource "aws_lambda_function" "extract_lambda" {
- function_name = var.extract_lambda_name
- s3_bucket = aws_s3_bucket.lambda_code_bucket.bucket
- s3_key = aws_s3_object.extract_lambda_code.key
- role = aws_iam_role.multi_service_role.arn
- handler = "extract_lambda.extract"
- runtime = "python3.11"
+ function_name = var.extract_lambda_name
+ s3_bucket = aws_s3_bucket.lambda_code_bucket.bucket
+ s3_key = aws_s3_object.extract_lambda_code.key
+ layers = [aws_lambda_layer_version.lambda_layer.arn]
+ role = aws_iam_role.multi_service_role.arn
+ handler = "extract_lambda.lambda_handler"
+ runtime = "python3.11"
+ source_code_hash = data.archive_file.extract_lambda_zip.output_base64sha256
lifecycle {
create_before_destroy = true
@@ -40,12 +42,14 @@ resource "aws_s3_object" "transform_lambda_code" {
}
resource "aws_lambda_function" "transform_lambda" {
- function_name = var.transform_lambda_name
- s3_bucket = aws_s3_bucket.lambda_code_bucket.bucket
- s3_key = aws_s3_object.transform_lambda_code.key
- role = aws_iam_role.multi_service_role.arn
- handler = "transform_lambda.transform"
- runtime = "python3.11"
+ function_name = var.transform_lambda_name
+ s3_bucket = aws_s3_bucket.lambda_code_bucket.bucket
+ s3_key = aws_s3_object.transform_lambda_code.key
+ layers = [aws_lambda_layer_version.lambda_layer.arn]
+ role = aws_iam_role.multi_service_role.arn
+ handler = "transform_lambda.lambda_handler"
+ runtime = "python3.11"
+ source_code_hash = data.archive_file.transform_lambda_zip.output_base64sha256
lifecycle {
create_before_destroy = true
@@ -68,12 +72,14 @@ resource "aws_s3_object" "load_lambda_code" {
}
resource "aws_lambda_function" "load_lambda" {
- function_name = var.load_lambda_name
- s3_bucket = aws_s3_bucket.lambda_code_bucket.bucket
- s3_key = aws_s3_object.load_lambda_code.key
- role = aws_iam_role.multi_service_role.arn
- handler = "load_lambda.load"
- runtime = "python3.11"
+ function_name = var.load_lambda_name
+ s3_bucket = aws_s3_bucket.lambda_code_bucket.bucket
+ s3_key = aws_s3_object.load_lambda_code.key
+ layers = [aws_lambda_layer_version.lambda_layer.arn]
+ role = aws_iam_role.multi_service_role.arn
+ handler = "load_lambda.lambda_handler"
+ runtime = "python3.11"
+ source_code_hash = data.archive_file.load_lambda_zip.output_base64sha256
lifecycle {
create_before_destroy = true
@@ -82,37 +88,38 @@ resource "aws_lambda_function" "load_lambda" {
depends_on = [aws_s3_object.load_lambda_code]
}
+# Lambda Layer Specification
locals {
- layer_dir = "${path.module}/.."
- requirements = "${path.module}/../requirements.txt"
- layer_zip = "${path.module}/../layer.zip"
+ layer_dir = "lambda_layer"
+ requirements = "requirements.txt"
+ layer_zip = "layer.zip"
+ layer_name = "lambda_layer_dev"
}
resource "null_resource" "prepare_layer" {
- triggers = {
- requirements_hash = filesha1(local.requirements)
- }
provisioner "local-exec" {
command = <<EOT
- mkdir -p ${local.layer_dir}/python/lib/python3.11/site-packages/
- pip install -r ${local.requirements} -t ${local.layer_dir}/python/lib/python3.11/site-packages/
- cd ${local.layer_dir} && zip -r ${local.layer_zip} .
- EOT
- }
+ cd ${local.layer_dir}
+ rm -rf python
+ mkdir python
+ pip3 install -r ${local.requirements} -t python/
+ zip -r ${local.layer_zip} python
+ EOT
+ } #removed / at the end of python in line 99
}
-resource "aws_s3_object" "layer_zip" {
- bucket = aws_s3_bucket.lambda_code_bucket.bucket
- key = "layer.zip"
- source = local.layer_zip
+resource "aws_s3_object" "lambda_layer_zip" {
+ bucket = aws_s3_bucket.lambda_code_bucket.id #bucket instead of id
+ key = "lambda_layer/${local.layer_name}/${local.layer_zip}"
+ source = "${local.layer_dir}/${local.layer_zip}"
depends_on = [null_resource.prepare_layer]
}
resource "aws_lambda_layer_version" "lambda_layer" {
- layer_name = "lambda_layer"
+ layer_name = local.layer_name
compatible_runtimes = ["python3.11"]
- s3_bucket = aws_s3_bucket.lambda_code_bucket.bucket
- s3_key = aws_s3_object.layer_zip.key
+ s3_bucket = aws_s3_bucket.lambda_layer_bucket.id #bucket instead of id
+ s3_key = aws_s3_object.lambda_layer_zip.key
skip_destroy = true
- depends_on = [aws_s3_object.layer_zip]
+ depends_on = [aws_s3_object.lambda_layer_zip]
}
diff --git a/terraform/s3.tf b/terraform/s3.tf
index d5cdee3..b3a863c 100644
--- a/terraform/s3.tf
+++ b/terraform/s3.tf
@@ -12,3 +12,8 @@ resource "aws_s3_bucket" "transform_bucket" {
resource "aws_s3_bucket" "lambda_code_bucket" {
bucket_prefix = "${var.s3_code_bucket_name}-"
}
+
+### LAMBDA LAYER BUCKET
+resource "aws_s3_bucket" "lambda_layer_bucket" {
+ bucket_prefix = "lambda-layer-dev-"
+} \ No newline at end of file
diff --git a/test/test_secrets_manager.py b/test/test_secrets_manager.py
index 86533bc..cb4ec15 100644
--- a/test/test_secrets_manager.py
+++ b/test/test_secrets_manager.py
@@ -2,10 +2,12 @@ from src.secrets_manager import sm_client, create_secret, list_secret
import boto3
from moto import mock_aws
import json
-import pytest
+import pytest
import os
-pytest.fixture(scope='class')
+pytest.fixture(scope="class")
+
+
def mock_aws_credentials():
"""Mocked AWS Credentials for moto."""
os.environ["AWS_ACCESS_KEY_ID"] = "testing"
@@ -14,10 +16,11 @@ def mock_aws_credentials():
os.environ["AWS_SESSION_TOKEN"] = "testing"
os.environ["AWS_DEFAULT_REGION"] = "eu-west-2"
-@pytest.fixture(scope='class')
+
+@pytest.fixture(scope="class")
def mock_sm_client(mock_aws_credentials):
with mock_aws():
- yield boto3.client('secretsmanager')
+ yield boto3.client("secretsmanager")
def test_create_secret_stores_secrets(mock_sm_client):
@@ -29,6 +32,8 @@ def test_create_secret_stores_secrets(mock_sm_client):
port = "test_port"
secret_name = "test_secret"
- response = create_secret(mock_sm_client, secret_name, cohort_id, user, password, host, database, port)
-
- assert response['Name'] == secret_name \ No newline at end of file
+ response = create_secret(
+ mock_sm_client, secret_name, cohort_id, user, password, host, database, port
+ )
+
+ assert response["Name"] == secret_name
diff --git a/tests/test_extract_lambda.py b/tests/test_extract_lambda.py
index 67cb6d3..7707cbf 100644
--- a/tests/test_extract_lambda.py
+++ b/tests/test_extract_lambda.py
@@ -3,6 +3,9 @@ import boto3
from moto import mock_aws
from unittest.mock import patch, MagicMock
from unittest import TestCase
+import os
+import logging
+import json
from src.extract_lambda import (
list_existing_s3_files,
connect_to_database,
@@ -10,9 +13,6 @@ from src.extract_lambda import (
lambda_handler,
process_and_upload_tables,
)
-import os
-import logging
-import json
@pytest.fixture(scope="class")
diff --git a/tests/test_secrets_manager.py b/tests/test_secrets_manager.py
index a30be86..609c572 100644
--- a/tests/test_secrets_manager.py
+++ b/tests/test_secrets_manager.py
@@ -3,10 +3,11 @@ import boto3
import botocore.exceptions
from moto import mock_aws
import json
-import pytest
+import pytest
import os
-@pytest.fixture(scope='function')
+
+@pytest.fixture(scope="function")
def aws_credentials():
"""Mocked AWS Credentials for moto."""
os.environ["AWS_ACCESS_KEY_ID"] = "testing"
@@ -15,12 +16,14 @@ def aws_credentials():
os.environ["AWS_SESSION_TOKEN"] = "testing"
os.environ["AWS_DEFAULT_REGION"] = "eu-west-2"
-@pytest.fixture(scope='function')
+
+@pytest.fixture(scope="function")
def mock_sm_client(aws_credentials):
with mock_aws():
yield boto3.client("secretsmanager")
-@pytest.fixture(scope='function')
+
+@pytest.fixture(scope="function")
def mock_store_secret(mock_sm_client):
secret = {
"cohort_id": "test_cohort_id",
@@ -28,15 +31,18 @@ def mock_store_secret(mock_sm_client):
"password": "test_password",
"host": "test_host",
"database": "test_database",
- "port": "test_port"
+ "port": "test_port",
}
secret_name = "test_secret"
- response = mock_sm_client.create_secret(Name=secret_name, SecretString=json.dumps(secret))
+ response = mock_sm_client.create_secret(
+ Name=secret_name, SecretString=json.dumps(secret)
+ )
return response
+
def test_retrieves_secrets_returns_dictionary(mock_sm_client, mock_store_secret):
secret_name = "test_secret"
@@ -44,8 +50,10 @@ def test_retrieves_secrets_returns_dictionary(mock_sm_client, mock_store_secret)
assert isinstance(result, dict)
-def test_retrieves_secrets_returns_correct_keys_and_values(mock_sm_client, mock_store_secret):
+def test_retrieves_secrets_returns_correct_keys_and_values(
+ mock_sm_client, mock_store_secret
+):
secret_name = "test_secret"
result = retrieve_secrets(mock_sm_client, secret_name)
@@ -57,17 +65,20 @@ def test_retrieves_secrets_returns_correct_keys_and_values(mock_sm_client, mock_
assert result["database"] == "test_database"
assert result["port"] == "test_port"
-def test_retrieves_secrets_raises_error_if_secret_name_incorrect_data_type(mock_sm_client):
- secret_name = [1, 2, 3]
+def test_retrieves_secrets_raises_error_if_secret_name_incorrect_data_type(
+ mock_sm_client,
+):
+ secret_name = [1, 2, 3]
with pytest.raises(botocore.exceptions.ParamValidationError) as error:
retrieve_secrets(mock_sm_client, secret_name)
-def test_retrieves_secrets_raises_error_if_secret_name_does_not_exist(mock_sm_client, mock_store_secret):
- secret_name = 'test_secret_2'
-
+def test_retrieves_secrets_raises_error_if_secret_name_does_not_exist(
+ mock_sm_client, mock_store_secret
+):
+ secret_name = "test_secret_2"
with pytest.raises(botocore.exceptions.ClientError) as error:
- retrieve_secrets(mock_sm_client, secret_name) \ No newline at end of file
+ retrieve_secrets(mock_sm_client, secret_name)
git.ajschof.me — hosted by ajschofield — powered by cgit