def post_k8s()

in src/lambdas/custodian_api_handler/handlers/job_handler.py [0:0]

• 64 lines of code
• 11 McCabe index (conditional complexity)

    def post_k8s(self, event: K8sJobPostModel, _tap: TenantsAccessPayload):
        platform = self._platform_service.get_nullable(
            hash_key=event.platform_id)
        if not platform or (
                event.customer and platform.customer != event.customer):
            return build_response(
                code=HTTPStatus.NOT_FOUND,
                content=f'Active platform: {event.platform_id} not found'
            )
        tenant = self._obtain_tenant(platform.tenant_name, _tap,
                                     event.customer)
        if not self._environment_service.allow_simultaneous_jobs_for_one_tenant():
            lock = TenantSettingJobLock(tenant.name)
            if job_id := lock.locked_for({platform.platform_id}):
                return build_response(
                    code=HTTPStatus.FORBIDDEN,
                    content=f'Job {job_id} is already running '
                            f'for tenant {tenant.name}'
                )
        standard_rulesets, lic, licensed_rulesets = self._get_rulesets_for_scan(
            tenant=tenant,
            domain=RuleDomain.KUBERNETES,
            license_key=event.license_key,
            ruleset_names=set(event.iter_rulesets())
        )

        credentials_key = None  # TODO K8S validate whether long-lived token exists, validate whether it belongs to a cluster?
        if event.token:
            _LOG.debug('Temp token was provided. Saving to ssm')
            credentials_key = self._ssm.prepare_name(tenant.name)
            self._ssm.create_secret(
                secret_name=credentials_key,
                secret_value=event.token,
                ttl=1800  # should be enough for on-prem
            )

        ttl_days = self._environment_service.jobs_time_to_live_days()
        ttl = None
        if ttl_days:
            ttl = timedelta(days=ttl_days)

        job = self._job_service.create(
            customer_name=tenant.customer_name,
            tenant_name=tenant.name,
            regions=[],
            rulesets=self._serialize_rulesets(standard_rulesets, lic, licensed_rulesets),
            ttl=ttl,
            platform_id=platform.id,
            affected_license=lic.license_key if lic else None
        )
        self._job_service.save(job)
        envs = self._assemble_service.build_job_envs(
            tenant=tenant,
            job_id=job.id,
            platform_id=platform.id,
            credentials_key=credentials_key,
            job_lifetime_minutes=event.timeout_minutes,
            affected_licenses=lic.tenant_license_key(tenant.customer_name) if lic else None
        )
        bid = self._submit_job_to_batch(tenant=tenant, job=job, envs=envs)
        self._job_service.update(job, bid)
        TenantSettingJobLock(tenant.name).acquire(job.id,
                                                  {platform.platform_id})
        return build_response(
            code=HTTPStatus.CREATED,
            content=self._job_service.dto(job)
        )