From 4093f4669a220afc0d498364f7143ab06b93495e Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Sat, 20 May 2017 11:09:55 -0700
Subject: [PATCH] Switching remaining uses of boto to boto3. (#809)

---
 lemur/plugins/lemur_aws/s3.py       | 32 ++++++++++++++++----------
 lemur/plugins/lemur_aws/sts.py      | 35 -----------------------------
 lemur/plugins/lemur_email/plugin.py | 23 ++++++++++++++++---
 setup.py                            |  1 -
 4 files changed, 40 insertions(+), 51 deletions(-)

diff --git a/lemur/plugins/lemur_aws/s3.py b/lemur/plugins/lemur_aws/s3.py
index 0f445e43..7aba77f4 100644
--- a/lemur/plugins/lemur_aws/s3.py
+++ b/lemur/plugins/lemur_aws/s3.py
@@ -6,21 +6,29 @@
     :license: Apache, see LICENSE for more details.
 .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
 """
-from boto.s3.key import Key
-from lemur.plugins.lemur_aws.sts import assume_service
+from flask import current_app
+
+from .sts import sts_client
 
 
-def write_to_s3(account_number, bucket_name, key, data, encrypt=True):
+@sts_client('s3', 'resource')
+def write_to_s3(resource, bucket_name, prefix, data, encrypt=True):
     """
     Use STS to write to an S3 bucket
-
-    :param account_number:
-    :param bucket_name:
-    :param data:
     """
-    conn = assume_service(account_number, 's3')
-    b = conn.get_bucket(bucket_name, validate=False)  # validate=False removes need for ListObjects permission
+    bucket = resource.Bucket(bucket_name)
+    current_app.logger.debug('Persisting data to S3. Bucket: {0} Prefix: {1}'.format(bucket_name, prefix))
 
-    k = Key(bucket=b, name=key)
-    k.set_contents_from_string(data, encrypt_key=encrypt)
-    k.set_canned_acl("bucket-owner-read")
+    if encrypt:
+        bucket.put_object(
+            Key=prefix,
+            Body=data.encode('utf-8'),
+            ACL='bucket-owner-full-control',
+            ServerSideEncryption='AES256'
+        )
+    else:
+        bucket.put_object(
+            Key=prefix,
+            Body=data.encode('utf-8'),
+            ACL='bucket-owner-full-control'
+        )
diff --git a/lemur/plugins/lemur_aws/sts.py b/lemur/plugins/lemur_aws/sts.py
index 79c055cb..0ef1c3f8 100644
--- a/lemur/plugins/lemur_aws/sts.py
+++ b/lemur/plugins/lemur_aws/sts.py
@@ -7,46 +7,11 @@
 """
 from functools import wraps
 
-import boto
-import boto.ec2.elb
 import boto3
 
 from flask import current_app
 
 
-def assume_service(account_number, service, region='us-east-1'):
-    conn = boto.connect_sts()
-
-    role = conn.assume_role('arn:aws:iam::{0}:role/{1}'.format(
-        account_number, current_app.config.get('LEMUR_INSTANCE_PROFILE', 'Lemur')), 'blah')
-
-    if service in 'iam':
-        return boto.connect_iam(
-            aws_access_key_id=role.credentials.access_key,
-            aws_secret_access_key=role.credentials.secret_key,
-            security_token=role.credentials.session_token)
-
-    elif service in 'elb':
-        return boto.ec2.elb.connect_to_region(
-            region,
-            aws_access_key_id=role.credentials.access_key,
-            aws_secret_access_key=role.credentials.secret_key,
-            security_token=role.credentials.session_token)
-
-    elif service in 'vpc':
-        return boto.connect_vpc(
-            aws_access_key_id=role.credentials.access_key,
-            aws_secret_access_key=role.credentials.secret_key,
-            security_token=role.credentials.session_token)
-
-    elif service in 's3':
-        return boto.s3.connect_to_region(
-            region,
-            aws_access_key_id=role.credentials.access_key,
-            aws_secret_access_key=role.credentials.secret_key,
-            security_token=role.credentials.session_token)
-
-
 def sts_client(service, service_type='client'):
     def decorator(f):
         @wraps(f)
diff --git a/lemur/plugins/lemur_email/plugin.py b/lemur/plugins/lemur_email/plugin.py
index 85a2e075..ab27d45d 100644
--- a/lemur/plugins/lemur_email/plugin.py
+++ b/lemur/plugins/lemur_email/plugin.py
@@ -6,7 +6,7 @@
 
 .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
 """
-import boto.ses
+import boto3
 from flask import current_app
 from flask_mail import Message
 
@@ -54,8 +54,25 @@ def send_via_ses(subject, body, targets):
     :param targets:
     :return:
     """
-    conn = boto.connect_ses()
-    conn.send_email(current_app.config.get("LEMUR_EMAIL"), subject, body, targets, format='html')
+    client = boto3.client('ses')
+    client.send_email(
+        Source=current_app.config.get('LEMUR_EMAIL'),
+        Destination={
+            'ToAddresses': targets
+        },
+        Message={
+            'Subject': {
+                'Data': subject,
+                'Charset': 'string'
+            },
+            'Body': {
+                'Html': {
+                    'Data': body,
+                    'Charset': 'string'
+                }
+            }
+        }
+    )
 
 
 class EmailNotificationPlugin(ExpirationNotificationPlugin):
diff --git a/setup.py b/setup.py
index 98b76a80..9850c50d 100644
--- a/setup.py
+++ b/setup.py
@@ -58,7 +58,6 @@ install_requires = [
     'inflection==0.3.1',
     'future==0.16.0',
     'boto3==1.4.4',
-    'boto==2.45.0',  # we might make this optional
     'acme==0.14.1',
     'retrying==1.3.3',
     'tabulate==0.7.7',