def deactivate

def deactivate_tenant()

in server/TenantManagementService/tenant-management.py [0:0]
41 lines of code
5 McCabe index (conditional complexity)

def deactivate_tenant(event, context):
    table_tenant_details = __getTenantManagementTable(event)
    
    url_disable_users = os.environ['DISABLE_USERS_BY_TENANT']
    url_deprovision_tenant = os.environ['DEPROVISION_TENANT']
    stage_name = event['requestContext']['stage']
    host = event['headers']['Host']
    auth = utils.get_auth(host, region)
    headers = utils.get_headers(event)

    requesting_tenant_id = event['requestContext']['authorizer']['tenantId']    
    user_role = event['requestContext']['authorizer']['userRole']

    
    tenant_id = event['pathParameters']['tenantid']
    tracer.put_annotation(key="TenantId", value=tenant_id)
    
    logger.log_with_tenant_context(event, "Request received to deactivate tenant")
    
    if ((auth_manager.isTenantAdmin(user_role) and tenant_id == requesting_tenant_id) or auth_manager.isSystemAdmin(user_role)):
        response = table_tenant_details.update_item(
            Key={
                'tenantId': tenant_id,
            },
            UpdateExpression="set isActive = :isActive",
            ExpressionAttributeValues={
                    ':isActive': False
                },
            ReturnValues="ALL_NEW"
            )             
        
        logger.log_with_tenant_context(event, response)

        if (response["Attributes"]["dedicatedTenancy"].upper() == "TRUE"):
            update_details = {}
            update_details['tenantId'] = tenant_id            
            update_user_response = __invoke_deprovision_tenant(update_details, headers, auth, host, stage_name, url_deprovision_tenant)

        
        update_details = {}
        update_details['userPoolId'] = response["Attributes"]['userPoolId']
        update_details['tenantId'] = tenant_id
        update_details['requestingTenantId'] = requesting_tenant_id
        update_details['userRole'] = user_role
        update_user_response = __invoke_disable_users(update_details, headers, auth, host, stage_name, url_disable_users)
        logger.log_with_tenant_context(event, update_user_response)

        logger.log_with_tenant_context(event, "Request completed to deactivate tenant")
        return utils.create_success_response("Tenant Deactivated")
    else:
        logger.log_with_tenant_context(event, "Request completed as unauthorized. Only tenant admin or system admin can deactivate tenant!")        
        return utils.create_unauthorized_response()