def cli(ctx: click.Context) -> None:
ctx.ensure_object(dict)
if not CONFIG:
config = _generate_default_config()
else:
config = CONFIG
ctx.obj["config"] = config
ctx.obj["hooks"] = get_hooks(config.get("hooks", ["repokid.hooks.loggers"]))
from collections import namedtuple
import datetime
import time
from repokid import CONFIG
from repokid import get_hooks
import repokid.commands.repo
import repokid.utils.dynamo as dynamo
import repokid.utils.roledata as roledata
ResponderReturn = namedtuple("ResponderReturn", "successful, return_message")
if CONFIG:
hooks = get_hooks(CONFIG.get("hooks", ["repokid.hooks.loggers"]))
else:
hooks = ["repokid.hooks.loggers"]
def implements_command(command):
def _implements_command(func):
if not hasattr(func, "_implements_command"):
func._implements_command = command
return func
return _implements_command
@implements_command("list_repoable_services")
def list_repoable_services(dynamo_table, message):
role_id = dynamo.find_role_in_cache(dynamo_table, message.account,
message.role_name)
def main():
args = docopt(__doc__, version=f"Repokid {__version__}")
if args.get("config"):
config_filename = args.get("<config_filename>")
_generate_default_config(filename=config_filename)
sys.exit(0)
account_number = args.get("<account_number>")
if not CONFIG:
config = _generate_default_config()
else:
config = CONFIG
LOGGER.debug("Repokid cli called with args {}".format(args))
hooks = get_hooks(config.get("hooks", ["repokid.hooks.loggers"]))
dynamo_table = dynamo_get_or_create_table(**config["dynamo_db"])
if args.get("update_role_cache"):
return _update_role_cache(account_number, dynamo_table, config, hooks)
if args.get("display_role_cache"):
inactive = args.get("--inactive")
return _display_roles(account_number, dynamo_table, inactive=inactive)
if args.get("find_roles_with_permissions"):
permissions = args.get("<permission>")
output_file = args.get("--output")
return _find_roles_with_permissions(permissions, dynamo_table,
output_file)
if args.get("remove_permissions_from_roles"):
permissions = args.get("<permission>")
role_filename = args.get("--role-file")
commit = args.get("--commit")
return _remove_permissions_from_roles(permissions,
role_filename,
dynamo_table,
config,
hooks,
commit=commit)
if args.get("display_role"):
role_name = args.get("<role_name>")
return _display_role(account_number, role_name, dynamo_table, config,
hooks)
if args.get("repo_role"):
role_name = args.get("<role_name>")
commit = args.get("--commit")
return _repo_role(account_number,
role_name,
dynamo_table,
config,
hooks,
commit=commit)
if args.get("rollback_role"):
role_name = args.get("<role_name>")
commit = args.get("--commit")
selection = args.get("--selection")
return _rollback_role(
account_number,
role_name,
dynamo_table,
config,
hooks,
selection=selection,
commit=commit,
)
if args.get("repo_all_roles"):
LOGGER.info("Updating role data")
_update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info("Repoing all roles")
commit = args.get("--commit")
return _repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=commit,
scheduled=False)
if args.get("schedule_repo"):
LOGGER.info("Updating role data")
_update_role_cache(account_number, dynamo_table, config, hooks)
return _schedule_repo(account_number, dynamo_table, config, hooks)
if args.get("show_scheduled_roles"):
LOGGER.info("Showing scheduled roles")
return _show_scheduled_roles(account_number, dynamo_table)
if args.get("cancel_scheduled_repo"):
role_name = args.get("--role")
is_all = args.get("--all")
if not is_all:
LOGGER.info(
"Cancelling scheduled repo for role: {} in account {}".format(
role_name, account_number))
else:
LOGGER.info(
"Cancelling scheduled repo for all roles in account {}".format(
account_number))
return _cancel_scheduled_repo(account_number,
dynamo_table,
role_name=role_name,
is_all=is_all)
if args.get("repo_scheduled_roles"):
_update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info("Repoing scheduled roles")
commit = args.get("--commit")
return _repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=commit,
scheduled=True)
if args.get("repo_stats"):
output_file = args.get("<output_filename>")
account_number = args.get("--account")
return _repo_stats(output_file,
dynamo_table,
account_number=account_number)
from repokid import get_hooks
from repokid.commands.repo import _rollback_role
from repokid.dispatcher.types import Message
from repokid.role import Role
from repokid.utils.dynamo import find_role_in_cache
from repokid.utils.permissions import get_permissions_in_policy
from repokid.utils.permissions import get_services_and_permissions_from_repoable
ResponderReturn = namedtuple("ResponderReturn", "successful, return_message")
if CONFIG:
hooks_list = CONFIG.get("hooks", ["repokid.hooks.loggers"])
else:
hooks_list = ["repokid.hooks.loggers"]
hooks = get_hooks(hooks_list)
DispatcherCommand = Callable[[Message], ResponderReturn]
def implements_command(
command: str, ) -> Callable[[DispatcherCommand], DispatcherCommand]:
def _implements_command(func: DispatcherCommand) -> DispatcherCommand:
if not hasattr(func, "_implements_command"):
setattr(func, "_implements_command", command)
return func
return _implements_command
@implements_command("list_repoable_services")
def list_repoable_services(message: Message) -> ResponderReturn: