Initial commit of working lambda function

Author: schwing

.gitignore

@@ -0,0 +1,84 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask instance folder
+instance/
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# IPython Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# dotenv
+.env
+
+# Spyder project settings
+.spyderproject
+
+site-packages/
+lambdawebhook.zip

lambdawebhook/__init__.py

@@ -0,0 +1 @@
+# -*- coding: utf-8 -*-

lambdawebhook/hook.py

@@ -0,0 +1,39 @@
+#!/usr/bin/env python
+import os
+import sys
+import hashlib
+
+# Add the ./site-packages directory to the path for Lambda to load our libs
+sys.path.append(os.path.join(os.path.dirname(__file__), 'lib'))
+import requests  # NOQA
+import hmac  # NOQA
+
+
+def verify_signature(secret, signature, payload):
+    computed_hash = hmac.new(str(secret), payload, hashlib.sha1)
+    computed_signature = '='.join(['sha1', computed_hash.hexdigest()])
+    return hmac.compare_digest(computed_signature, str(signature))
+
+
+def lambda_handler(event, context):
+    print 'Webhook received'
+    print event['secret']
+    verified = verify_signature(event['secret'],
+                                event['x_hub_signature'],
+                                event['payload'])
+    print 'Signature verified: ' + str(verified)
+    if verified:
+        response = requests.post(event['jenkins_url'],
+                                 headers={
+                                    'X-GitHub-Delivery': event['x_github_delivery'],
+                                    'X-GitHub-Event': event['x_github_event'],
+                                    'X-Hub-Signature':  event['x_hub_signature']
+                                 },
+                                 json=event['payload'])
+        return {'status': {response.status_code: response.reason}}
+    else:
+        return {'status': {403: 'Forbidden'}}
+
+
+if __name__ == "__main__":
+    pass

requirements.txt

@@ -0,0 +1,4 @@
+tox
+nose
+httpretty
+requests

setup.py

@@ -0,0 +1,41 @@
+"""
+
+"""
+from setuptools import find_packages, setup
+
+dependencies = ['requests', 'httpretty']
+
+setup(
+    name='lambda-webhook',
+    version='0.1.0',
+    url='https://github.com/pristineio/lambda-webhook',
+    license='MIT',
+    author='John Schwinghammer',
+    author_email='[email protected]',
+    description='',
+    long_description=__doc__,
+    packages=find_packages(exclude=['tests']),
+    include_package_data=True,
+    zip_safe=False,
+    platforms='any',
+    install_requires=dependencies,
+    classifiers=[
+        # As from http://pypi.python.org/pypi?%3Aaction=list_classifiers
+        # 'Development Status :: 1 - Planning',
+        'Development Status :: 2 - Pre-Alpha',
+        # 'Development Status :: 3 - Alpha',
+        # 'Development Status :: 4 - Beta',
+        # 'Development Status :: 5 - Production/Stable',
+        # 'Development Status :: 6 - Mature',
+        # 'Development Status :: 7 - Inactive',
+        'Environment :: Console',
+        'Intended Audience :: System Administrators',
+        'License :: OSI Approved :: MIT License',
+        'Operating System :: POSIX',
+        'Operating System :: MacOS',
+        'Operating System :: Unix',
+        'Programming Language :: Python',
+        'Programming Language :: Python :: 2',
+        'Topic :: Utilities',
+    ]
+)

test/data/testevent.json

@@ -0,0 +1,14 @@
+{
+  "x_github_delivery": "dafdsfs",
+  "x_github_event": "push",
+  "x_hub_signature": "sha1=952548c8f23303f4925411b09b0c5d0c13d0cfb5",
+  "jenkins_url": "https://localhost/github-webhook/",
+  "secret": "testsecret",
+  "payload": {
+    "ref": "refs/heads/master",
+    "created": false,
+    "deleted": false,
+    "forced": false,
+    "base_ref": null
+  }
+}

test/unit_test.py

@@ -0,0 +1,41 @@
+import unittest
+import lambdawebhook.hook
+import os
+import json
+import httpretty
+
+
+def load_test_event():
+    mypath = os.path.dirname(os.path.abspath(__file__))
+    with open(os.path.join(mypath, 'data/testevent.json'), 'r') as eventfile:
+        githubevent = json.load(eventfile)
+        githubevent['payload'] = json.dumps(githubevent['payload'])
+    return githubevent
+
+
+githubevent = load_test_event()
+
+
+class VerifySignatureTestCase(unittest.TestCase):
+    def runTest(self):
+        # This signature is missing the 'sha1=' prefix and will fail validation
+        self.assertFalse(lambdawebhook.hook.verify_signature(str(githubevent['secret']),
+                                                             '952548c8f23303f4925411b09b0c5d0c13d0cfb5',
+                                                             githubevent['payload']))
+        # This signature should validate the payload
+        self.assertTrue(lambdawebhook.hook.verify_signature(str(githubevent['secret']),
+                                                            githubevent['x_hub_signature'],
+                                                            githubevent['payload']))
+
+
+class LambdaHandlerTestCase(unittest.TestCase):
+    @httpretty.activate
+    def runTest(self):
+        # Check return codes
+        httpretty.register_uri(httpretty.POST, 'https://localhost/github-webhook/',
+                               status=200)
+        self.assertEqual(lambdawebhook.hook.lambda_handler(githubevent, ''), {'status': {200: 'OK'}})
+
+        httpretty.register_uri(httpretty.POST, 'https://localhost/github-webhook/',
+                               status=403)
+        self.assertEqual(lambdawebhook.hook.lambda_handler(githubevent, ''), {'status': {403: 'Forbidden'}})

tox.ini

@@ -0,0 +1,22 @@
+# Tox (http://tox.testrun.org/) is a tool for running tests
+# in multiple virtualenvs. This configuration file will run the
+# test suite on all supported python versions. To use it, "pip install tox"
+# and then run "tox" from this directory.
+
+[tox]
+envlist = py27, flake8
+
+[testenv]
+commands=nosetests
+setenv =
+    PYTHONHASHSEED = 0
+deps=
+    nose
+    httpretty
+
+[testenv:flake8]
+basepython = python2.7
+deps =
+    flake8
+commands =
+    flake8 lambdawebhook test --max-line-length=120