From 45b78e3dceae5d1d5ea7e8bcae4c6dcb08f59377 Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Wed, 16 Oct 2024 18:14:42 +0300 Subject: [PATCH 1/3] use python 3.12 runtime --- python/n_vault/template.py | 2 +- rust/src/template.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/python/n_vault/template.py b/python/n_vault/template.py index f896cc25..a35e74ce 100644 --- a/python/n_vault/template.py +++ b/python/n_vault/template.py @@ -311,7 +311,7 @@ }}, "Handler": "index.handler", "MemorySize": 128, - "Runtime": "python3.10", + "Runtime": "python3.12", "Timeout": 300, "Role": {{ "Fn::GetAtt": [ diff --git a/rust/src/template.rs b/rust/src/template.rs index 7ca1bd63..9ac43ba7 100644 --- a/rust/src/template.rs +++ b/rust/src/template.rs @@ -321,7 +321,7 @@ static TEMPLATE_STRING: LazyLock = LazyLock::new(|| { }, "Handler": "index.handler", "MemorySize": 128, - "Runtime": "python3.10", + "Runtime": "python3.12", "Timeout": 300, "Role": { "Fn::GetAtt": [ From 15eba4ae80b3c0ed3ae5104253aad4b517e6406b Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Wed, 16 Oct 2024 18:14:51 +0300 Subject: [PATCH 2/3] update python code --- python/n_vault/template.py | 28 ++++++++++++++-------------- rust/src/template.rs | 28 ++++++++++++++-------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/python/n_vault/template.py b/python/n_vault/template.py index a35e74ce..ade25f8e 100644 --- a/python/n_vault/template.py +++ b/python/n_vault/template.py @@ -327,28 +327,28 @@ "Fn::Join": [ "\\n", [ - "import json", - "import logging", - "import boto3", "import base64", + "import boto3", "import cfnresponse", + "import logging", "log = logging.getLogger()", "log.setLevel(logging.INFO)", "kms = boto3.client('kms')", "SUCCESS = 'SUCCESS'", "FAILED = 'FAILED'", "def handler(event, context):", - " ciphertext = event['ResourceProperties']['Ciphertext']", - " responseData = {{}}", - " try:", - " responseData['Plaintext'] = kms.decrypt(CiphertextBlob=base64.b64decode(ciphertext)).get('Plaintext').decode()", - " log.info('Decrypt successful!')", - " cfnresponse.send(event, context, SUCCESS, responseData, event['LogicalResourceId'])", - " except Exception as e:", - " error_msg = 'Failed to decrypt: ' + repr(e)", - " log.error(error_msg)", - " cfnresponse.send(event, context, FAILED, responseData, event['LogicalResourceId'])", - " raise Exception(error_msg)" + " ciphertext = event['ResourceProperties']['Ciphertext']", + " resource_id = event.get('LogicalResourceId')", + " response_data = {{}}", + " try:", + " response_data['Plaintext'] = kms.decrypt(CiphertextBlob=base64.b64decode(ciphertext)).get('Plaintext').decode()", + " log.info('Decrypt successful!')", + " cfnresponse.send(event, context, SUCCESS, response_data, resource_id)", + " except Exception as e:", + " error_msg = 'Failed to decrypt: ' + repr(e)", + " log.error(error_msg)", + " cfnresponse.send(event, context, FAILED, response_data, resource_id)", + " raise Exception(error_msg)" ] ] }} diff --git a/rust/src/template.rs b/rust/src/template.rs index 9ac43ba7..036860a4 100644 --- a/rust/src/template.rs +++ b/rust/src/template.rs @@ -337,28 +337,28 @@ static TEMPLATE_STRING: LazyLock = LazyLock::new(|| { "Fn::Join": [ "\n", [ - "import json", - "import logging", - "import boto3", "import base64", + "import boto3", "import cfnresponse", + "import logging", "log = logging.getLogger()", "log.setLevel(logging.INFO)", "kms = boto3.client('kms')", "SUCCESS = 'SUCCESS'", "FAILED = 'FAILED'", "def handler(event, context):", - " ciphertext = event['ResourceProperties']['Ciphertext']", - " responseData = {}", - " try:", - " responseData['Plaintext'] = kms.decrypt(CiphertextBlob=base64.b64decode(ciphertext)).get('Plaintext').decode()", - " log.info('Decrypt successful!')", - " cfnresponse.send(event, context, SUCCESS, responseData, event['LogicalResourceId'])", - " except Exception as e:", - " error_msg = 'Failed to decrypt: ' + repr(e)", - " log.error(error_msg)", - " cfnresponse.send(event, context, FAILED, responseData, event['LogicalResourceId'])", - " raise Exception(error_msg)" + " ciphertext = event['ResourceProperties']['Ciphertext']", + " resource_id = event.get('LogicalResourceId')", + " response_data = {}", + " try:", + " response_data['Plaintext'] = kms.decrypt(CiphertextBlob=base64.b64decode(ciphertext)).get('Plaintext').decode()", + " log.info('Decrypt successful!')", + " cfnresponse.send(event, context, SUCCESS, response_data, resource_id)", + " except Exception as e:", + " error_msg = 'Failed to decrypt: ' + repr(e)", + " log.error(error_msg)", + " cfnresponse.send(event, context, FAILED, response_data, resource_id)", + " raise Exception(error_msg)" ] ] } From dc4f5f3bc721322dec5b3841b274b3cf5bd49959 Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Wed, 16 Oct 2024 19:03:55 +0300 Subject: [PATCH 3/3] bump template version --- python/n_vault/template.py | 2 +- rust/src/template.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/python/n_vault/template.py b/python/n_vault/template.py index ade25f8e..c02c30c8 100644 --- a/python/n_vault/template.py +++ b/python/n_vault/template.py @@ -1,4 +1,4 @@ -VAULT_STACK_VERSION = 26 +VAULT_STACK_VERSION = 27 TEMPLATE_STRING = f""" {{ diff --git a/rust/src/template.rs b/rust/src/template.rs index 036860a4..30b3d8ba 100644 --- a/rust/src/template.rs +++ b/rust/src/template.rs @@ -1,7 +1,7 @@ use std::sync::LazyLock; /// Cloudformation stack version. -pub const VAULT_STACK_VERSION: u32 = 26; +pub const VAULT_STACK_VERSION: u32 = 27; /// Return Cloudformation stack template JSON. /// Workaround for accessing string inside `LazyLock`.