def repo_roles(
account_number: str,
commit: bool = False,
scheduled: bool = False,
update: bool = True,
limit: int = -1,
):
"""
Library wrapper to repo all scheduled or eligible roles in an account. Collect any errors and display them at the
end.
Ref: :func:`~repokid.commands.repo._repo_all_roles`
Args:
account_number (string): The current account number Repokid is being run against
commit (bool): actually make the changes
scheduled (bool): if True only repo the scheduled roles, if False repo all the (eligible) roles
update (bool): if True run update_role_cache before repoing
limit (int): limit number of roles to be repoed per run (< 0 is unlimited)
Returns:
None
"""
if update:
_update_role_cache(account_number, dynamo_table, CONFIG, hooks)
return _repo_all_roles(
account_number,
dynamo_table,
CONFIG,
hooks,
commit=commit,
scheduled=scheduled,
limit=limit,
)
def repo_scheduled_roles(ctx: Context, account_number: str,
commit: bool) -> None:
config = ctx.obj["config"]
hooks = ctx.obj["hooks"]
_update_role_cache(account_number, config, hooks)
_repo_all_roles(account_number,
config,
hooks,
commit=commit,
scheduled=True)
def repo_all_roles(ctx: Context, account_number: str, commit: bool) -> None:
config = ctx.obj["config"]
hooks = ctx.obj["hooks"]
logger.info("Updating role data")
_update_role_cache(account_number, config, hooks)
_repo_all_roles(account_number,
config,
hooks,
commit=commit,
scheduled=False)
def schedule_repo(account_number: str):
"""
Library wrapper to schedule a repo for a given account. Schedule repo for a time in the future (default 7 days) for
any roles in the account with repoable permissions.
Ref: :func:`~repokid.commands.repo._repo_all_roles`
Args:
account_number (string): The current account number Repokid is being run against
Returns:
None
"""
_update_role_cache(account_number, dynamo_table, CONFIG, hooks)
return _schedule_repo(account_number, dynamo_table, CONFIG, hooks)
def update_role_cache(account_number: str):
"""
Library wrapper to update data about all roles in a given account.
Ref: :func:`~repokid.commands.role_cache._update_role_cache`
Args:
account_number (string): The current account number Repokid is being run against
Returns:
None
"""
return _update_role_cache(account_number, dynamo_table, CONFIG, hooks)
def main():
args = docopt(__doc__, version=f"Repokid {__version__}")
if args.get("config"):
config_filename = args.get("<config_filename>")
_generate_default_config(filename=config_filename)
sys.exit(0)
account_number = args.get("<account_number>")
if not CONFIG:
config = _generate_default_config()
else:
config = CONFIG
LOGGER.debug("Repokid cli called with args {}".format(args))
hooks = get_hooks(config.get("hooks", ["repokid.hooks.loggers"]))
dynamo_table = dynamo_get_or_create_table(**config["dynamo_db"])
if args.get("update_role_cache"):
return _update_role_cache(account_number, dynamo_table, config, hooks)
if args.get("display_role_cache"):
inactive = args.get("--inactive")
return _display_roles(account_number, dynamo_table, inactive=inactive)
if args.get("find_roles_with_permissions"):
permissions = args.get("<permission>")
output_file = args.get("--output")
return _find_roles_with_permissions(permissions, dynamo_table,
output_file)
if args.get("remove_permissions_from_roles"):
permissions = args.get("<permission>")
role_filename = args.get("--role-file")
commit = args.get("--commit")
return _remove_permissions_from_roles(permissions,
role_filename,
dynamo_table,
config,
hooks,
commit=commit)
if args.get("display_role"):
role_name = args.get("<role_name>")
return _display_role(account_number, role_name, dynamo_table, config,
hooks)
if args.get("repo_role"):
role_name = args.get("<role_name>")
commit = args.get("--commit")
return _repo_role(account_number,
role_name,
dynamo_table,
config,
hooks,
commit=commit)
if args.get("rollback_role"):
role_name = args.get("<role_name>")
commit = args.get("--commit")
selection = args.get("--selection")
return _rollback_role(
account_number,
role_name,
dynamo_table,
config,
hooks,
selection=selection,
commit=commit,
)
if args.get("repo_all_roles"):
LOGGER.info("Updating role data")
_update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info("Repoing all roles")
commit = args.get("--commit")
return _repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=commit,
scheduled=False)
if args.get("schedule_repo"):
LOGGER.info("Updating role data")
_update_role_cache(account_number, dynamo_table, config, hooks)
return _schedule_repo(account_number, dynamo_table, config, hooks)
if args.get("show_scheduled_roles"):
LOGGER.info("Showing scheduled roles")
return _show_scheduled_roles(account_number, dynamo_table)
if args.get("cancel_scheduled_repo"):
role_name = args.get("--role")
is_all = args.get("--all")
if not is_all:
LOGGER.info(
"Cancelling scheduled repo for role: {} in account {}".format(
role_name, account_number))
else:
LOGGER.info(
"Cancelling scheduled repo for all roles in account {}".format(
account_number))
return _cancel_scheduled_repo(account_number,
dynamo_table,
role_name=role_name,
is_all=is_all)
if args.get("repo_scheduled_roles"):
_update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info("Repoing scheduled roles")
commit = args.get("--commit")
return _repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=commit,
scheduled=True)
if args.get("repo_stats"):
output_file = args.get("<output_filename>")
account_number = args.get("--account")
return _repo_stats(output_file,
dynamo_table,
account_number=account_number)
def schedule_repo(ctx: click.Context, account_number: str) -> None:
config = ctx.obj["config"]
hooks = ctx.obj["hooks"]
logger.info("Updating role data")
_update_role_cache(account_number, config, hooks)
_schedule_repo(account_number, config, hooks)
def update_role_cache(ctx: click.Context, account_number: str) -> None:
config = ctx.obj["config"]
hooks = ctx.obj["hooks"]
_update_role_cache(account_number, config, hooks)
