Ejemplo n.º 1
0
def rollback_role(
    ctx: click.Context,
    account_number: str,
    role_name: str,
    selection: int,
    commit: bool,
) -> None:
    config = ctx.obj["config"]
    hooks = ctx.obj["hooks"]
    _rollback_role(
        account_number, role_name, config, hooks, selection=selection, commit=commit
    )
Ejemplo n.º 2
0
def rollback_role(account_number: str,
                  role_name: str,
                  selection: int = 0,
                  commit: bool = False) -> Optional[List[str]]:
    """
    Library wrapper to display the historical policy versions for a roll as a numbered list.  Restore to a specific
    version if selected. Indicate changes that will be made and then actually make them if commit is selected.

    Ref: :func:`~repokid.commands.repo._rollback_role`

    Args:
        account_number (string): The current account number Repokid is being run against
        role_name (string)
        selection (int): which policy version in the list to rollback to
        commit (bool): actually make the change

    Returns:
        errors (list): if any
    """
    return _rollback_role(
        account_number,
        role_name,
        dynamo_table,
        CONFIG,
        hooks,
        selection=selection,
        commit=commit,
    )
Ejemplo n.º 3
0
def rollback_role(message: Message) -> ResponderReturn:
    if not message.selection:
        return ResponderReturn(
            successful=False, return_message="Rollback must contain a selection number"
        )

    errors = _rollback_role(
        message.account,
        message.role_name,
        CONFIG,
        hooks,
        selection=int(message.selection),
        commit=True,
    )
    if errors:
        return ResponderReturn(
            successful=False, return_message="Errors during rollback: {}".format(errors)
        )
    else:
        return ResponderReturn(
            successful=True,
            return_message="Successfully rolled back role {} in account {}".format(
                message.role_name, message.account
            ),
        )
Ejemplo n.º 4
0
def main():
    args = docopt(__doc__, version=f"Repokid {__version__}")

    if args.get("config"):
        config_filename = args.get("<config_filename>")
        _generate_default_config(filename=config_filename)
        sys.exit(0)

    account_number = args.get("<account_number>")

    if not CONFIG:
        config = _generate_default_config()
    else:
        config = CONFIG

    LOGGER.debug("Repokid cli called with args {}".format(args))

    hooks = get_hooks(config.get("hooks", ["repokid.hooks.loggers"]))
    dynamo_table = dynamo_get_or_create_table(**config["dynamo_db"])

    if args.get("update_role_cache"):
        return _update_role_cache(account_number, dynamo_table, config, hooks)

    if args.get("display_role_cache"):
        inactive = args.get("--inactive")
        return _display_roles(account_number, dynamo_table, inactive=inactive)

    if args.get("find_roles_with_permissions"):
        permissions = args.get("<permission>")
        output_file = args.get("--output")
        return _find_roles_with_permissions(permissions, dynamo_table,
                                            output_file)

    if args.get("remove_permissions_from_roles"):
        permissions = args.get("<permission>")
        role_filename = args.get("--role-file")
        commit = args.get("--commit")
        return _remove_permissions_from_roles(permissions,
                                              role_filename,
                                              dynamo_table,
                                              config,
                                              hooks,
                                              commit=commit)

    if args.get("display_role"):
        role_name = args.get("<role_name>")
        return _display_role(account_number, role_name, dynamo_table, config,
                             hooks)

    if args.get("repo_role"):
        role_name = args.get("<role_name>")
        commit = args.get("--commit")
        return _repo_role(account_number,
                          role_name,
                          dynamo_table,
                          config,
                          hooks,
                          commit=commit)

    if args.get("rollback_role"):
        role_name = args.get("<role_name>")
        commit = args.get("--commit")
        selection = args.get("--selection")
        return _rollback_role(
            account_number,
            role_name,
            dynamo_table,
            config,
            hooks,
            selection=selection,
            commit=commit,
        )

    if args.get("repo_all_roles"):
        LOGGER.info("Updating role data")
        _update_role_cache(account_number, dynamo_table, config, hooks)
        LOGGER.info("Repoing all roles")
        commit = args.get("--commit")
        return _repo_all_roles(account_number,
                               dynamo_table,
                               config,
                               hooks,
                               commit=commit,
                               scheduled=False)

    if args.get("schedule_repo"):
        LOGGER.info("Updating role data")
        _update_role_cache(account_number, dynamo_table, config, hooks)
        return _schedule_repo(account_number, dynamo_table, config, hooks)

    if args.get("show_scheduled_roles"):
        LOGGER.info("Showing scheduled roles")
        return _show_scheduled_roles(account_number, dynamo_table)

    if args.get("cancel_scheduled_repo"):
        role_name = args.get("--role")
        is_all = args.get("--all")
        if not is_all:
            LOGGER.info(
                "Cancelling scheduled repo for role: {} in account {}".format(
                    role_name, account_number))
        else:
            LOGGER.info(
                "Cancelling scheduled repo for all roles in account {}".format(
                    account_number))
        return _cancel_scheduled_repo(account_number,
                                      dynamo_table,
                                      role_name=role_name,
                                      is_all=is_all)

    if args.get("repo_scheduled_roles"):
        _update_role_cache(account_number, dynamo_table, config, hooks)
        LOGGER.info("Repoing scheduled roles")
        commit = args.get("--commit")
        return _repo_all_roles(account_number,
                               dynamo_table,
                               config,
                               hooks,
                               commit=commit,
                               scheduled=True)

    if args.get("repo_stats"):
        output_file = args.get("<output_filename>")
        account_number = args.get("--account")
        return _repo_stats(output_file,
                           dynamo_table,
                           account_number=account_number)