def run(args, config, start, end):
"""Perform the requested command"""
use_color = args.use_color
account = get_account(config['accounts'], args.account)
if 'elasticsearch' in config:
try:
from cloudtracker.datasources.es import ElasticSearch
except ImportError:
exit(
"Elasticsearch support not installed. Install with support via "
"'pip install git+https://github.com/duo-labs/cloudtracker.git#egg=cloudtracker[es1]' for "
"elasticsearch 1 support, or "
"'pip install git+https://github.com/duo-labs/cloudtracker.git#egg=cloudtracker[es6]' for "
"elasticsearch 6 support")
datasource = ElasticSearch(config['elasticsearch'], start, end)
else:
logging.debug("Using Athena")
from cloudtracker.datasources.athena import Athena
datasource = Athena(config['athena'], account, start, end, args)
# Read AWS actions
aws_api_list = read_aws_api_list()
# Read cloudtrail_supported_events
global cloudtrail_supported_actions
ct_actions_path = pkg_resources.resource_filename(
__name__, "data/{}".format("cloudtrail_supported_actions.txt"))
cloudtrail_supported_actions = {}
with open(ct_actions_path) as f:
lines = f.readlines()
for line in lines:
(service, event) = line.rstrip().split(":")
cloudtrail_supported_actions[normalize_api_call(service, event)] = True
account_iam = get_account_iam(account)
if args.list:
actor_type = args.list
if actor_type == 'users':
allowed_actors = get_allowed_users(account_iam)
performed_actors = datasource.get_performed_users()
elif actor_type == 'roles':
allowed_actors = get_allowed_roles(account_iam)
performed_actors = datasource.get_performed_roles()
else:
exit("ERROR: --list argument must be one of 'users' or 'roles'")
print_actor_diff(performed_actors, allowed_actors, use_color)
else:
if args.destaccount:
destination_account = get_account(config['accounts'],
args.destaccount)
else:
destination_account = account
destination_iam = get_account_iam(destination_account)
search_query = datasource.get_search_query()
if args.user:
username = args.user
user_iam = get_user_iam(username, account_iam)
print("Getting info on {}, user created {}".format(
args.user, user_iam['CreateDate']))
if args.destrole:
dest_role_iam = get_role_iam(args.destrole, destination_iam)
print("Getting info for AssumeRole into {}".format(
args.destrole))
allowed_actions = get_role_allowed_actions(
aws_api_list, dest_role_iam, destination_iam)
performed_actions = datasource.get_performed_event_names_by_user_in_role(
search_query, user_iam, dest_role_iam)
else:
allowed_actions = get_user_allowed_actions(
aws_api_list, user_iam, account_iam)
performed_actions = datasource.get_performed_event_names_by_user(
search_query, user_iam)
elif args.role:
rolename = args.role
role_iam = get_role_iam(rolename, account_iam)
print("Getting info for role {}".format(rolename))
if args.destrole:
dest_role_iam = get_role_iam(args.destrole, destination_iam)
print("Getting info for AssumeRole into {}".format(
args.destrole))
allowed_actions = get_role_allowed_actions(
aws_api_list, dest_role_iam, destination_iam)
performed_actions = datasource.get_performed_event_names_by_role_in_role(
search_query, role_iam, dest_role_iam)
else:
allowed_actions = get_role_allowed_actions(
aws_api_list, role_iam, account_iam)
performed_actions = datasource.get_performed_event_names_by_role(
search_query, role_iam)
else:
exit("ERROR: Must specify a user or a role")
printfilter = {}
printfilter['show_unknown'] = args.show_unknown
printfilter['show_benign'] = args.show_benign
printfilter['show_used'] = args.show_used
print_diff(performed_actions, allowed_actions, printfilter, use_color)
def run(args, config, start, end):
"""Perform the requested command"""
use_color = args.use_color
from cloudtracker.datasources.es import ElasticSearch
datasource = ElasticSearch(config['elasticsearch'], start, end)
account = get_account(config['accounts'], args.account)
# Read AWS actions
aws_api_list = read_aws_api_list()
# Read cloudtrail_supported_events
global cloudtrail_supported_actions
cloudtrail_supported_actions = {}
with open("cloudtrail_supported_actions.txt") as f:
lines = f.readlines()
for line in lines:
(service, event) = line.rstrip().split(":")
cloudtrail_supported_actions[normalize_api_call(service, event)] = True
account_iam = get_account_iam(account)
if args.list:
actor_type = args.list
if actor_type == 'users':
allowed_actors = get_allowed_users(account_iam)
performed_actors = datasource.get_performed_users()
elif actor_type == 'roles':
allowed_actors = get_allowed_roles(account_iam)
performed_actors = datasource.get_performed_roles()
else:
exit("ERROR: --list argument must be one of 'users' or 'roles'")
print_actor_diff(performed_actors, allowed_actors, use_color)
else:
if args.destaccount:
destination_account = get_account(config['accounts'],
args.destaccount)
else:
destination_account = account
destination_iam = get_account_iam(destination_account)
search_query = datasource.get_search_query()
if args.user:
username = args.user
user_iam = get_user_iam(username, account_iam)
print "Getting info on {}, user created {}".format(
args.user, user_iam['CreateDate'])
if args.destrole:
dest_role_iam = get_role_iam(args.destrole, destination_iam)
print "Getting info for AssumeRole into {}".format(
args.destrole)
allowed_actions = get_role_allowed_actions(
aws_api_list, dest_role_iam, destination_iam)
performed_actions = datasource.get_performed_event_names_by_user_in_role(
search_query, user_iam, dest_role_iam)
else:
allowed_actions = get_user_allowed_actions(
aws_api_list, user_iam, account_iam)
performed_actions = datasource.get_performed_event_names_by_user(
search_query, user_iam)
elif args.role:
rolename = args.role
role_iam = get_role_iam(rolename, account_iam)
print "Getting info for role {}".format(rolename)
if args.destrole:
dest_role_iam = get_role_iam(args.destrole, destination_iam)
print "Getting info for AssumeRole into {}".format(
args.destrole)
allowed_actions = get_role_allowed_actions(
aws_api_list, dest_role_iam, destination_iam)
performed_actions = datasource.get_performed_event_names_by_role_in_role(
search_query, role_iam, dest_role_iam)
else:
allowed_actions = get_role_allowed_actions(
aws_api_list, role_iam, account_iam)
performed_actions = datasource.get_performed_event_names_by_role(
search_query, role_iam)
else:
exit("ERROR: Must specify a user or a role")
printfilter = {}
printfilter['show_unknown'] = args.show_unknown
printfilter['show_benign'] = args.show_benign
printfilter['show_used'] = args.show_used
print_diff(performed_actions, allowed_actions, printfilter, use_color)