def update_wafacl()

in lambda/lambda_function.py [0:0]

• 79 lines of code
• 3 McCabe index (conditional complexity)

def update_wafacl(NewSecret, PrevSecret):
    client = boto3.client('wafv2')

    currwafrules = get_wafacl()
    locktoken = currwafrules['LockToken']

    newwafrules = [
        {
        'Name': StackName + 'XOriginVerify',
        'Priority': int(WAFRulePriority),
        'Action': {
            'Allow': {
            }
        },
        'VisibilityConfig': {
        'SampledRequestsEnabled': True,
        'CloudWatchMetricsEnabled': True,
        'MetricName': StackName + 'XOriginVerify'
        },
        'Statement': {
            'OrStatement': {
                'Statements': [
                    {
                    'ByteMatchStatement': {
                        'FieldToMatch': {
                        'SingleHeader': {
                            'Name': HeaderName
                        }
                        },
                        'PositionalConstraint': 'EXACTLY',
                        'SearchString': NewSecret,
                        'TextTransformations': [
                        {
                            'Type': 'NONE',
                            'Priority': 0
                        }
                        ]
                    }
                    },
                    {
                    'ByteMatchStatement': {
                        'FieldToMatch': {
                        'SingleHeader': {
                            'Name': HeaderName
                        }
                        },
                        'PositionalConstraint': 'EXACTLY',
                        'SearchString': PrevSecret,
                        'TextTransformations': [
                        {
                            'Type': 'NONE',
                            'Priority': 0
                        }
                        ]
                    }
                    }
                ]
                }
            }
        }
    ]

    for r in currwafrules['WebACL']['Rules']:
        if int(WAFRulePriority) != int(r['Priority']):
            newwafrules.append(r)
    
    logger.info("Update WAF WebACL Id, %s." % WafAclId)
    response = client.update_web_acl(
    Name = WafAclName,
    Scope = 'REGIONAL',
    Id = WafAclId,
    DefaultAction={
        'Block': {}
        },
    Description='CloudFront Origin Verify Sample',
    LockToken = locktoken,
    VisibilityConfig={
        'SampledRequestsEnabled': True|False,
        'CloudWatchMetricsEnabled': True|False,
        'MetricName': StackName + 'OriginVerify'
    },
    Rules = newwafrules
    )