Merge branch 'v2' into chore/add-init-export

Author: rubenfonseca

.gitignore

@@ -305,5 +305,8 @@ site/
 !404.html
 !docs/overrides/*.html
 
+# CDK
+.cdk
+
 !.github/workflows/lib
 examples/**/sam/.aws-sam

aws_lambda_powertools/__init__.py

@@ -1,8 +1,8 @@
 # -*- coding: utf-8 -*-
 
-"""Top-level package for Lambda Python Powertools."""
-
+from pathlib import Path
 
+"""Top-level package for Lambda Python Powertools."""
 from .logging import Logger
 from .metrics import Metrics, single_metric
 from .package_logger import set_package_logger_handler
@@ -16,4 +16,6 @@
     "Tracer",
 ]
 
+PACKAGE_PATH = Path(__file__).parent
+
 set_package_logger_handler()

aws_lambda_powertools/event_handler/api_gateway.py

@@ -15,6 +15,7 @@
 from aws_lambda_powertools.event_handler import content_types
 from aws_lambda_powertools.event_handler.exceptions import NotFoundError, ServiceError
 from aws_lambda_powertools.shared import constants
+from aws_lambda_powertools.shared.cookies import Cookie
 from aws_lambda_powertools.shared.functions import resolve_truthy_env_var_choice
 from aws_lambda_powertools.shared.json_encoder import Encoder
 from aws_lambda_powertools.utilities.data_classes import (
@@ -124,10 +125,11 @@ def __init__(
 
     def to_dict(self) -> Dict[str, str]:
         """Builds the configured Access-Control http headers"""
-        headers = {
+        headers: Dict[str, str] = {
             "Access-Control-Allow-Origin": self.allow_origin,
             "Access-Control-Allow-Headers": ",".join(sorted(self.allow_headers)),
         }
+
         if self.expose_headers:
             headers["Access-Control-Expose-Headers"] = ",".join(self.expose_headers)
         if self.max_age is not None:
@@ -145,7 +147,8 @@ def __init__(
         status_code: int,
         content_type: Optional[str],
         body: Union[str, bytes, None],
-        headers: Optional[Dict] = None,
+        headers: Optional[Dict[str, Union[str, List[str]]]] = None,
+        cookies: Optional[List[Cookie]] = None,
     ):
         """
 
@@ -158,13 +161,16 @@ def __init__(
             provided http headers
         body: Union[str, bytes, None]
             Optionally set the response body. Note: bytes body will be automatically base64 encoded
-        headers: dict
-            Optionally set specific http headers. Setting "Content-Type" hear would override the `content_type` value.
+        headers: dict[str, Union[str, List[str]]]
+            Optionally set specific http headers. Setting "Content-Type" here would override the `content_type` value.
+        cookies: list[Cookie]
+            Optionally set cookies.
         """
         self.status_code = status_code
         self.body = body
         self.base64_encoded = False
-        self.headers: Dict = headers or {}
+        self.headers: Dict[str, Union[str, List[str]]] = headers if headers else {}
+        self.cookies = cookies or []
         if content_type:
             self.headers.setdefault("Content-Type", content_type)
 
@@ -196,7 +202,8 @@ def _add_cors(self, cors: CORSConfig):
 
     def _add_cache_control(self, cache_control: str):
         """Set the specified cache control headers for 200 http responses. For non-200 `no-cache` is used."""
-        self.response.headers["Cache-Control"] = cache_control if self.response.status_code == 200 else "no-cache"
+        cache_control = cache_control if self.response.status_code == 200 else "no-cache"
+        self.response.headers["Cache-Control"] = cache_control
 
     def _compress(self):
         """Compress the response body, but only if `Accept-Encoding` headers includes gzip."""
@@ -226,11 +233,12 @@ def build(self, event: BaseProxyEvent, cors: Optional[CORSConfig] = None) -> Dic
             logger.debug("Encoding bytes response with base64")
             self.response.base64_encoded = True
             self.response.body = base64.b64encode(self.response.body).decode()
+
         return {
             "statusCode": self.response.status_code,
-            "headers": self.response.headers,
             "body": self.response.body,
             "isBase64Encoded": self.response.base64_encoded,
+            **event.header_serializer().serialize(headers=self.response.headers, cookies=self.response.cookies),
         }
 
 
@@ -596,7 +604,7 @@ def _path_starts_with(path: str, prefix: str):
 
     def _not_found(self, method: str) -> ResponseBuilder:
         """Called when no matching route was found and includes support for the cors preflight response"""
-        headers = {}
+        headers: Dict[str, Union[str, List[str]]] = {}
         if self._cors:
             logger.debug("CORS is enabled, updating headers.")
             headers.update(self._cors.to_dict())

aws_lambda_powertools/shared/cookies.py

@@ -0,0 +1,118 @@
+from datetime import datetime
+from enum import Enum
+from io import StringIO
+from typing import List, Optional
+
+
+class SameSite(Enum):
+    """
+    SameSite allows a server to define a cookie attribute making it impossible for
+    the browser to send this cookie along with cross-site requests. The main
+    goal is to mitigate the risk of cross-origin information leakage, and provide
+    some protection against cross-site request forgery attacks.
+
+    See https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00 for details.
+    """
+
+    DEFAULT_MODE = ""
+    LAX_MODE = "Lax"
+    STRICT_MODE = "Strict"
+    NONE_MODE = "None"
+
+
+def _format_date(timestamp: datetime) -> str:
+    # Specification example: Wed, 21 Oct 2015 07:28:00 GMT
+    return timestamp.strftime("%a, %d %b %Y %H:%M:%S GMT")
+
+
+class Cookie:
+    """
+    A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an
+    HTTP response or the Cookie header of an HTTP request.
+
+    See https://tools.ietf.org/html/rfc6265 for details.
+    """
+
+    def __init__(
+        self,
+        name: str,
+        value: str,
+        path: str = "",
+        domain: str = "",
+        secure: bool = True,
+        http_only: bool = False,
+        max_age: Optional[int] = None,
+        expires: Optional[datetime] = None,
+        same_site: Optional[SameSite] = None,
+        custom_attributes: Optional[List[str]] = None,
+    ):
+        """
+
+        Parameters
+        ----------
+        name: str
+            The name of this cookie, for example session_id
+        value: str
+            The cookie value, for instance an uuid
+        path: str
+            The path for which this cookie is valid. Optional
+        domain: str
+            The domain for which this cookie is valid. Optional
+        secure: bool
+            Marks the cookie as secure, only sendable to the server with an encrypted request over the HTTPS protocol
+        http_only: bool
+            Enabling this attribute makes the cookie inaccessible to the JavaScript `Document.cookie` API
+        max_age: Optional[int]
+            Defines the period of time after which the cookie is invalid. Use negative values to force cookie deletion.
+        expires: Optional[datetime]
+            Defines a date where the permanent cookie expires.
+        same_site: Optional[SameSite]
+            Determines if the cookie should be sent to third party websites
+        custom_attributes: Optional[List[str]]
+            List of additional custom attributes to set on the cookie
+        """
+        self.name = name
+        self.value = value
+        self.path = path
+        self.domain = domain
+        self.secure = secure
+        self.expires = expires
+        self.max_age = max_age
+        self.http_only = http_only
+        self.same_site = same_site
+        self.custom_attributes = custom_attributes
+
+    def __str__(self) -> str:
+        payload = StringIO()
+        payload.write(f"{self.name}={self.value}")
+
+        if self.path:
+            payload.write(f"; Path={self.path}")
+
+        if self.domain:
+            payload.write(f"; Domain={self.domain}")
+
+        if self.expires:
+            payload.write(f"; Expires={_format_date(self.expires)}")
+
+        if self.max_age:
+            if self.max_age > 0:
+                payload.write(f"; MaxAge={self.max_age}")
+            else:
+                # negative or zero max-age should be set to 0
+                payload.write("; MaxAge=0")
+
+        if self.http_only:
+            payload.write("; HttpOnly")
+
+        if self.secure:
+            payload.write("; Secure")
+
+        if self.same_site:
+            payload.write(f"; SameSite={self.same_site.value}")
+
+        if self.custom_attributes:
+            for attr in self.custom_attributes:
+                payload.write(f"; {attr}")
+
+        return payload.getvalue()

aws_lambda_powertools/shared/headers_serializer.py

@@ -0,0 +1,113 @@
+import warnings
+from collections import defaultdict
+from typing import Any, Dict, List, Union
+
+from aws_lambda_powertools.shared.cookies import Cookie
+
+
+class BaseHeadersSerializer:
+    """
+    Helper class to correctly serialize headers and cookies for Amazon API Gateway,
+    ALB and Lambda Function URL response payload.
+    """
+
+    def serialize(self, headers: Dict[str, Union[str, List[str]]], cookies: List[Cookie]) -> Dict[str, Any]:
+        """
+        Serializes headers and cookies according to the request type.
+        Returns a dict that can be merged with the response payload.
+
+        Parameters
+        ----------
+        headers: Dict[str, List[str]]
+            A dictionary of headers to set in the response
+        cookies: List[str]
+            A list of cookies to set in the response
+        """
+        raise NotImplementedError()
+
+
+class HttpApiHeadersSerializer(BaseHeadersSerializer):
+    def serialize(self, headers: Dict[str, Union[str, List[str]]], cookies: List[Cookie]) -> Dict[str, Any]:
+        """
+        When using HTTP APIs or LambdaFunctionURLs, everything is taken care automatically for us.
+        We can directly assign a list of cookies and a dict of headers to the response payload, and the
+        runtime will automatically serialize them correctly on the output.
+
+        https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-lambda.html#http-api-develop-integrations-lambda.proxy-format
+        https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-lambda.html#http-api-develop-integrations-lambda.response
+        """
+
+        # Format 2.0 doesn't have multiValueHeaders or multiValueQueryStringParameters fields.
+        # Duplicate headers are combined with commas and included in the headers field.
+        combined_headers: Dict[str, str] = {}
+        for key, values in headers.items():
+            if isinstance(values, str):
+                combined_headers[key] = values
+            else:
+                combined_headers[key] = ", ".join(values)
+
+        return {"headers": combined_headers, "cookies": list(map(str, cookies))}
+
+
+class MultiValueHeadersSerializer(BaseHeadersSerializer):
+    def serialize(self, headers: Dict[str, Union[str, List[str]]], cookies: List[Cookie]) -> Dict[str, Any]:
+        """
+        When using REST APIs, headers can be encoded using the `multiValueHeaders` key on the response.
+        This is also the case when using an ALB integration with the `multiValueHeaders` option enabled.
+        The solution covers headers with just one key or multiple keys.
+
+        https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-lambda-proxy-integrations.html#api-gateway-simple-proxy-for-lambda-output-format
+        https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-functions.html#multi-value-headers-response
+        """
+        payload: Dict[str, List[str]] = defaultdict(list)
+
+        for key, values in headers.items():
+            if isinstance(values, str):
+                payload[key].append(values)
+            else:
+                for value in values:
+                    payload[key].append(value)
+
+        if cookies:
+            payload.setdefault("Set-Cookie", [])
+            for cookie in cookies:
+                payload["Set-Cookie"].append(str(cookie))
+
+        return {"multiValueHeaders": payload}
+
+
+class SingleValueHeadersSerializer(BaseHeadersSerializer):
+    def serialize(self, headers: Dict[str, Union[str, List[str]]], cookies: List[Cookie]) -> Dict[str, Any]:
+        """
+        The ALB integration has `multiValueHeaders` disabled by default.
+        If we try to set multiple headers with the same key, or more than one cookie, print a warning.
+
+        https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-functions.html#respond-to-load-balancer
+        """
+        payload: Dict[str, Dict[str, str]] = {}
+        payload.setdefault("headers", {})
+
+        if cookies:
+            if len(cookies) > 1:
+                warnings.warn(
+                    "Can't encode more than one cookie in the response. Sending the last cookie only. "
+                    "Did you enable multiValueHeaders on the ALB Target Group?"
+                )
+
+            # We can only send one cookie, send the last one
+            payload["headers"]["Set-Cookie"] = str(cookies[-1])
+
+        for key, values in headers.items():
+            if isinstance(values, str):
+                payload["headers"][key] = values
+            else:
+                if len(values) > 1:
+                    warnings.warn(
+                        f"Can't encode more than one header value for the same key ('{key}') in the response. "
+                        "Did you enable multiValueHeaders on the ALB Target Group?"
+                    )
+
+                # We can only set one header per key, send the last one
+                payload["headers"][key] = values[-1]
+
+        return payload

aws_lambda_powertools/tracing/tracer.py

@@ -354,7 +354,8 @@ def capture_method(
         """Decorator to create subsegment for arbitrary functions
 
         It also captures both response and exceptions as metadata
-        and creates a subsegment named `## <method_name>`
+        and creates a subsegment named `## <method_module.method_qualifiedname>`
+        # see here: [Qualified name for classes and functions](https://peps.python.org/pep-3155/)
 
         When running [async functions concurrently](https://docs.python.org/3/library/asyncio-task.html#id6),
         methods may impact each others subsegment, and can trigger
@@ -508,7 +509,8 @@ async def async_tasks():
                 functools.partial(self.capture_method, capture_response=capture_response, capture_error=capture_error),
             )
 
-        method_name = f"{method.__name__}"
+        # Example: app.ClassA.get_all  # noqa E800
+        method_name = f"{method.__module__}.{method.__qualname__}"
 
         capture_response = resolve_truthy_env_var_choice(
             env=os.getenv(constants.TRACER_CAPTURE_RESPONSE_ENV, "true"), choice=capture_response

aws_lambda_powertools/utilities/batch/__init__.py

@@ -13,16 +13,13 @@
     batch_processor,
 )
 from aws_lambda_powertools.utilities.batch.exceptions import ExceptionInfo
-from aws_lambda_powertools.utilities.batch.sqs import PartialSQSProcessor, sqs_batch_processor
 
 __all__ = (
     "BatchProcessor",
     "BasePartialProcessor",
     "ExceptionInfo",
     "EventType",
     "FailureResponse",
-    "PartialSQSProcessor",
     "SuccessResponse",
     "batch_processor",
-    "sqs_batch_processor",
 )