def lambda_handler()

in source/ip_retention_handler/remove_expired_ip.py [0:0]

• 40 lines of code
• 13 McCabe index (conditional complexity)

def lambda_handler(event, context):
    """
    Invoke functions to delete expired ips from waf ip set. 
    It is triggered by TTL DynamoDB Stream.
    """
    
    log = logging.getLogger()
    
    try:
        # Set Log Level
        log_level = str(environ['LOG_LEVEL'].upper())
        if log_level not in ['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL']:
            log_level = 'ERROR'
        log.setLevel(log_level)
    
        log.info('[remove_expired_id: lambda_handler] Start')
        log.info("Lambda Handler Event: \n{}".format(event))
        
        response = {}
                
        reip = RemoveExpiredIP(event, log)
        
        # Remove expired ips in the event records
        for record in event['Records']:
            is_ddb_stream_event = reip.is_ddb_stream_event(reip.is_none(record.get('userIdentity',{})))
            
            # Stop if the REMOVE event is not from DDB Stream triggered by DDB TTL
            if not(is_ddb_stream_event) or reip.is_none(record.get('eventName')) != 'REMOVE':
                log.info('[remove_expired_id: lambda_handler] The event is Not the IP removal event from DynamoDB Stream triggered by DynamoDB TTL. Skip. End.')
                return response
                
            ddb_ip_set = reip.is_none(record.get('dynamodb',{}).get('OldImage',{}))
            desiralized_ddb_ip_set = reip.deserialize_ddb_data(ddb_ip_set)
            scope = reip.is_none(str(desiralized_ddb_ip_set.get('Scope')))
            name = reip.is_none(str(desiralized_ddb_ip_set.get('IPSetName')))
            ip_set_id = reip.is_none(str(desiralized_ddb_ip_set.get('IPSetId')))
            ip_retention_period = reip.is_none(str(desiralized_ddb_ip_set.get('IPRetentionPeriodMinute')))
            waf_ip_set = reip.get_ip_set(log, scope, name, ip_set_id)
            description = reip.is_none(waf_ip_set.get('IPSet',{}).get('Description'))
            waf_ip_list = reip.is_none(waf_ip_set.get('IPSet',{}).get('Addresses',[]))
            ddb_ip_list = reip.is_none(desiralized_ddb_ip_set.get('IPAdressList', []))
            keep_ip_list, remove_ip_list = reip.make_ip_list(log, waf_ip_list, ddb_ip_list)
            
            # Stop if None - no need to update ip set
            if len(remove_ip_list) == 0:
                log.info('[remove_expired_id: lambda_handler] No IPs to remove. End.')
                return response

            lock_token = reip.is_none(str(waf_ip_set.get('LockToken')))
            
            response = reip.update_ip_set(log, scope, name, ip_set_id, keep_ip_list, lock_token, description)
            
            # Send email notification to user if sns email is configured and ip set is successfully updated 
            if (environ.get('SNS_EMAIL').lower() == 'yes' and response.get('ResponseMetadata',{}).get('HTTPStatusCode') == 200):
                response = reip.send_notification(log, environ.get('SNS_TOPIC_ARN'), name, ip_set_id, ip_retention_period, context.function_name)
        
            # send anonymous solution metrics
            reip.send_anonymous_usage_data(log, remove_ip_list, name)

    except Exception as error:
        log.error(str(error))
        raise
    
    log.info('[remove_expired_id: lambda_handler] End')
    return response