in source/Orchestrator/get_approval_requirement.py [0:0]
def lambda_handler(event, context):
answer = utils.StepFunctionLambdaAnswer()
answer.update({
'workflowdoc': '',
'workflowaccount': '',
'workflowrole': '',
'workflow_data': {
'impact': 'nondestructive',
'approvalrequired': 'false'
}
})
LOGGER.info(event)
if "Finding" not in event or \
"EventType" not in event:
answer.update({
'status':'ERROR',
'message':'Missing required data in request'
})
LOGGER.error(answer.message)
return answer.json()
finding = Finding(event['Finding'])
auto_trigger = _is_automatic_trigger(event['EventType'])
is_destructive = _is_remediation_destructive(finding.standard_shortname, finding.standard_version, finding.standard_control)
is_sensitive = _is_account_sensitive(finding.account_id)
approval_required = 'false'
remediation_impact = 'nondestructive'
use_alt_workflow = 'false'
#
# PUT ADDITIONAL CRITERIA HERE. When done, remediation_impact and approval_required
# must be set per your needs
#----------------------------------------------------------------------------------
if auto_trigger and is_destructive and is_sensitive:
remediation_impact = 'destructive'
approval_required = 'true'
use_alt_workflow = 'true'
#----------------------------------------------------------------------------------
# Is there an alternative workflow configured?
(alt_workflow, alt_account, alt_role) = _get_alternate_workflow(finding.account_id)
# If so, update workflow_data
# ---------------------------
# workflow_data can be modified to suit your needs. This data is passed to the
# alt_workflow. Using the alt_workflow redirects the remediation to your workflow
# only! The normal SHARR workflow will not be executed.
#----------------------------------------------------------------------------------
if alt_workflow and use_alt_workflow:
answer.update({
'workflowdoc': alt_workflow,
'workflowaccount': alt_account,
'workflowrole': alt_role,
'workflow_data': {
'impact': remediation_impact,
'approvalrequired': approval_required
}
})
return answer.json()