def repo_roles( account_number: str, commit: bool = False, scheduled: bool = False, update: bool = True, limit: int = -1, ): """ Library wrapper to repo all scheduled or eligible roles in an account. Collect any errors and display them at the end. Ref: :func:`~repokid.commands.repo._repo_all_roles` Args: account_number (string): The current account number Repokid is being run against commit (bool): actually make the changes scheduled (bool): if True only repo the scheduled roles, if False repo all the (eligible) roles update (bool): if True run update_role_cache before repoing limit (int): limit number of roles to be repoed per run (< 0 is unlimited) Returns: None """ if update: _update_role_cache(account_number, dynamo_table, CONFIG, hooks) return _repo_all_roles( account_number, dynamo_table, CONFIG, hooks, commit=commit, scheduled=scheduled, limit=limit, )
def repo_scheduled_roles(ctx: Context, account_number: str, commit: bool) -> None: config = ctx.obj["config"] hooks = ctx.obj["hooks"] _update_role_cache(account_number, config, hooks) _repo_all_roles(account_number, config, hooks, commit=commit, scheduled=True)
def repo_all_roles(ctx: Context, account_number: str, commit: bool) -> None: config = ctx.obj["config"] hooks = ctx.obj["hooks"] logger.info("Updating role data") _update_role_cache(account_number, config, hooks) _repo_all_roles(account_number, config, hooks, commit=commit, scheduled=False)
def schedule_repo(account_number: str): """ Library wrapper to schedule a repo for a given account. Schedule repo for a time in the future (default 7 days) for any roles in the account with repoable permissions. Ref: :func:`~repokid.commands.repo._repo_all_roles` Args: account_number (string): The current account number Repokid is being run against Returns: None """ _update_role_cache(account_number, dynamo_table, CONFIG, hooks) return _schedule_repo(account_number, dynamo_table, CONFIG, hooks)
def update_role_cache(account_number: str): """ Library wrapper to update data about all roles in a given account. Ref: :func:`~repokid.commands.role_cache._update_role_cache` Args: account_number (string): The current account number Repokid is being run against Returns: None """ return _update_role_cache(account_number, dynamo_table, CONFIG, hooks)
def main(): args = docopt(__doc__, version=f"Repokid {__version__}") if args.get("config"): config_filename = args.get("<config_filename>") _generate_default_config(filename=config_filename) sys.exit(0) account_number = args.get("<account_number>") if not CONFIG: config = _generate_default_config() else: config = CONFIG LOGGER.debug("Repokid cli called with args {}".format(args)) hooks = get_hooks(config.get("hooks", ["repokid.hooks.loggers"])) dynamo_table = dynamo_get_or_create_table(**config["dynamo_db"]) if args.get("update_role_cache"): return _update_role_cache(account_number, dynamo_table, config, hooks) if args.get("display_role_cache"): inactive = args.get("--inactive") return _display_roles(account_number, dynamo_table, inactive=inactive) if args.get("find_roles_with_permissions"): permissions = args.get("<permission>") output_file = args.get("--output") return _find_roles_with_permissions(permissions, dynamo_table, output_file) if args.get("remove_permissions_from_roles"): permissions = args.get("<permission>") role_filename = args.get("--role-file") commit = args.get("--commit") return _remove_permissions_from_roles(permissions, role_filename, dynamo_table, config, hooks, commit=commit) if args.get("display_role"): role_name = args.get("<role_name>") return _display_role(account_number, role_name, dynamo_table, config, hooks) if args.get("repo_role"): role_name = args.get("<role_name>") commit = args.get("--commit") return _repo_role(account_number, role_name, dynamo_table, config, hooks, commit=commit) if args.get("rollback_role"): role_name = args.get("<role_name>") commit = args.get("--commit") selection = args.get("--selection") return _rollback_role( account_number, role_name, dynamo_table, config, hooks, selection=selection, commit=commit, ) if args.get("repo_all_roles"): LOGGER.info("Updating role data") _update_role_cache(account_number, dynamo_table, config, hooks) LOGGER.info("Repoing all roles") commit = args.get("--commit") return _repo_all_roles(account_number, dynamo_table, config, hooks, commit=commit, scheduled=False) if args.get("schedule_repo"): LOGGER.info("Updating role data") _update_role_cache(account_number, dynamo_table, config, hooks) return _schedule_repo(account_number, dynamo_table, config, hooks) if args.get("show_scheduled_roles"): LOGGER.info("Showing scheduled roles") return _show_scheduled_roles(account_number, dynamo_table) if args.get("cancel_scheduled_repo"): role_name = args.get("--role") is_all = args.get("--all") if not is_all: LOGGER.info( "Cancelling scheduled repo for role: {} in account {}".format( role_name, account_number)) else: LOGGER.info( "Cancelling scheduled repo for all roles in account {}".format( account_number)) return _cancel_scheduled_repo(account_number, dynamo_table, role_name=role_name, is_all=is_all) if args.get("repo_scheduled_roles"): _update_role_cache(account_number, dynamo_table, config, hooks) LOGGER.info("Repoing scheduled roles") commit = args.get("--commit") return _repo_all_roles(account_number, dynamo_table, config, hooks, commit=commit, scheduled=True) if args.get("repo_stats"): output_file = args.get("<output_filename>") account_number = args.get("--account") return _repo_stats(output_file, dynamo_table, account_number=account_number)
def schedule_repo(ctx: click.Context, account_number: str) -> None: config = ctx.obj["config"] hooks = ctx.obj["hooks"] logger.info("Updating role data") _update_role_cache(account_number, config, hooks) _schedule_repo(account_number, config, hooks)
def update_role_cache(ctx: click.Context, account_number: str) -> None: config = ctx.obj["config"] hooks = ctx.obj["hooks"] _update_role_cache(account_number, config, hooks)