Switching remaining uses of boto to boto3. (#809)

lemur/plugins/lemur_aws/s3.py

@@ -6,21 +6,29 @@
     :license: Apache, see LICENSE for more details.
 .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
 """
-from boto.s3.key import Key
-from lemur.plugins.lemur_aws.sts import assume_service
+from flask import current_app
+
+from .sts import sts_client
 
 
-def write_to_s3(account_number, bucket_name, key, data, encrypt=True):
+@sts_client('s3', 'resource')
+def write_to_s3(resource, bucket_name, prefix, data, encrypt=True):
     """
     Use STS to write to an S3 bucket
-
-    :param account_number:
-    :param bucket_name:
-    :param data:
     """
-    conn = assume_service(account_number, 's3')
-    b = conn.get_bucket(bucket_name, validate=False)  # validate=False removes need for ListObjects permission
+    bucket = resource.Bucket(bucket_name)
+    current_app.logger.debug('Persisting data to S3. Bucket: {0} Prefix: {1}'.format(bucket_name, prefix))
 
-    k = Key(bucket=b, name=key)
-    k.set_contents_from_string(data, encrypt_key=encrypt)
-    k.set_canned_acl("bucket-owner-read")
+    if encrypt:
+        bucket.put_object(
+            Key=prefix,
+            Body=data.encode('utf-8'),
+            ACL='bucket-owner-full-control',
+            ServerSideEncryption='AES256'
+        )
+    else:
+        bucket.put_object(
+            Key=prefix,
+            Body=data.encode('utf-8'),
+            ACL='bucket-owner-full-control'
+        )

lemur/plugins/lemur_aws/sts.py

@@ -7,46 +7,11 @@
 """
 from functools import wraps
 
-import boto
-import boto.ec2.elb
 import boto3
 
 from flask import current_app
 
 
-def assume_service(account_number, service, region='us-east-1'):
-    conn = boto.connect_sts()
-
-    role = conn.assume_role('arn:aws:iam::{0}:role/{1}'.format(
-        account_number, current_app.config.get('LEMUR_INSTANCE_PROFILE', 'Lemur')), 'blah')
-
-    if service in 'iam':
-        return boto.connect_iam(
-            aws_access_key_id=role.credentials.access_key,
-            aws_secret_access_key=role.credentials.secret_key,
-            security_token=role.credentials.session_token)
-
-    elif service in 'elb':
-        return boto.ec2.elb.connect_to_region(
-            region,
-            aws_access_key_id=role.credentials.access_key,
-            aws_secret_access_key=role.credentials.secret_key,
-            security_token=role.credentials.session_token)
-
-    elif service in 'vpc':
-        return boto.connect_vpc(
-            aws_access_key_id=role.credentials.access_key,
-            aws_secret_access_key=role.credentials.secret_key,
-            security_token=role.credentials.session_token)
-
-    elif service in 's3':
-        return boto.s3.connect_to_region(
-            region,
-            aws_access_key_id=role.credentials.access_key,
-            aws_secret_access_key=role.credentials.secret_key,
-            security_token=role.credentials.session_token)
-
-
 def sts_client(service, service_type='client'):
     def decorator(f):
         @wraps(f)