def show_scheduled_roles(account_number, dynamo_table): """ Show scheduled repos for a given account. For each scheduled show whether scheduled time is elapsed or not. """ roles = Roles([ Role(get_role_data(dynamo_table, roleID)) for roleID in tqdm(role_ids_for_account(dynamo_table, account_number)) ]) # filter to show only roles that are scheduled roles = roles.filter(active=True) roles = [role for role in roles if (role.repo_scheduled)] header = ["Role name", "Scheduled", "Scheduled Time Elapsed?"] rows = [] curtime = int(time.time()) for role in roles: rows.append([ role.role_name, dt.fromtimestamp(role.repo_scheduled).strftime("%Y-%m-%d %H:%M"), role.repo_scheduled < curtime, ]) print(tabulate(rows, headers=header))
def _display_roles(account_number, dynamo_table, inactive=False): """ Display a table with data about all roles in an account and write a csv file with the data. Args: account_number (string) inactive (bool): show roles that have historically (but not currently) existed in the account if True Returns: None """ headers = [ "Name", "Refreshed", "Disqualified By", "Can be repoed", "Permissions", "Policies Repoable", "Services", "Repoed", "Managed Permissions", "Managed Policies Repoable" "Managed Services", ] rows = list() roles = Roles([ Role.parse_obj(get_role_data(dynamo_table, roleID)) for roleID in tqdm(role_ids_for_account(dynamo_table, account_number)) ]) if not inactive: roles = roles.filter(active=True) for role in roles: rows.append([ role.role_name, role.refreshed, role.disqualified_by, len(role.disqualified_by) == 0, role.total_permissions, role.repoable_permissions, role.repoable_services, role.repoed, role.total_managed_permissions, role.repoable_managed_permissions, role.repoable_managed_services, ]) rows = sorted(rows, key=lambda x: (x[5], x[0], x[4])) rows.insert(0, headers) # print tabulate(rows, headers=headers) t.view(rows) with open("table.csv", "w") as csvfile: csv_writer = csv.writer(csvfile) csv_writer.writerow(headers) for row in rows: csv_writer.writerow(row)
def repo_all_roles(account_number, dynamo_table, config, hooks, commit=False, scheduled=True): """ Repo all scheduled or eligible roles in an account. Collect any errors and display them at the end. Args: account_number (string) dynamo_table config commit (bool): actually make the changes scheduled (bool): if True only repo the scheduled roles, if False repo all the (eligible) roles Returns: None """ errors = [] role_ids_in_account = role_ids_for_account(dynamo_table, account_number) roles = Roles([]) for role_id in role_ids_in_account: roles.append( Role( get_role_data(dynamo_table, role_id, fields=['Active', 'RoleName', 'RepoScheduled']))) roles = roles.filter(active=True) cur_time = int(time.time()) if scheduled: roles = [ role for role in roles if (role.repo_scheduled and cur_time > role.repo_scheduled) ] LOGGER.info('Repoing these {}roles from account {}:\n\t{}'.format( 'scheduled ' if scheduled else '', account_number, ', '.join([role.role_name for role in roles]))) for role in roles: error = repo_role(account_number, role.role_name, dynamo_table, config, hooks, commit=commit) if error: errors.append(error) if errors: LOGGER.error('Error(s) during repo: \n{}'.format(errors)) else: LOGGER.info('Everything successful!')
def _repo_all_roles(account_number, dynamo_table, config, hooks, commit=False, scheduled=True, limit=-1): """ Repo all scheduled or eligible roles in an account. Collect any errors and display them at the end. Args: account_number (string) dynamo_table config commit (bool): actually make the changes scheduled (bool): if True only repo the scheduled roles, if False repo all the (eligible) roles limit (int): limit number of roles to be repoed per run (< 0 is unlimited) Returns: None """ errors = [] role_ids_in_account = role_ids_for_account(dynamo_table, account_number) roles = Roles([]) for role_id in role_ids_in_account: roles.append( Role( get_role_data( dynamo_table, role_id, fields=["Active", "RoleName", "RepoScheduled"], ))) roles = roles.filter(active=True) cur_time = int(time.time()) if scheduled: roles = [ role for role in roles if (role.repo_scheduled and cur_time > role.repo_scheduled) ] LOGGER.info("Repoing these {}roles from account {}:\n\t{}".format( "scheduled " if scheduled else "", account_number, ", ".join([role.role_name for role in roles]), )) repokid.hooks.call_hooks(hooks, "BEFORE_REPO_ROLES", { "account_number": account_number, "roles": roles }) count = 0 repoed = Roles([]) for role in roles: if limit >= 0 and count == limit: break error = _repo_role( account_number, role.role_name, dynamo_table, config, hooks, commit=commit, scheduled=scheduled, ) if error: errors.append(error) repoed.append(role) count += 1 if errors: LOGGER.error( f"Error(s) during repo: \n{errors} (account: {account_number})") else: LOGGER.info( f"Successfully repoed {count} roles in account {account_number}") repokid.hooks.call_hooks( hooks, "AFTER_REPO_ROLES", { "account_number": account_number, "roles": repoed, "errors": errors }, )