def deploy(options): from common import get_accounts for account in get_accounts(options): for region_name in options.regions: for fname, config in account['config_files'].items(): for policy in config.get('policies', ()): if policy.get('mode'): deploy_one( region_name, account, policy, options.sentry_dsn)
def orgreplay(options): from common import Bag, get_accounts accounts = get_accounts(options) auth_headers = {'Authorization': 'Bearer %s' % options.sentry_token} sget = partial(requests.get, headers=auth_headers) spost = partial(requests.post, headers=auth_headers) dsn = urlparse.urlparse(options.sentry_dsn) endpoint = "%s://%s/api/0/" % ( dsn.scheme, "@" in dsn.netloc and dsn.netloc.rsplit('@', 1)[1] or dsn.netloc) log.info("sentry endpoint: %s", endpoint) teams = set([t['slug'] for t in sget( endpoint + "organizations/%s/teams/" % options.sentry_org).json()]) projects = {p['name']: p for p in sget(endpoint + "projects/").json()} def process_account(a): log.debug("processing %s", a['name']) team_name = a['name'].rsplit('-', 1)[0] if team_name not in teams: log.info("creating org team %s", team_name) spost( endpoint + "organizations/%s/teams/" % options.sentry_org, json={'name': team_name}) teams.add(team_name) if a['name'] not in projects: log.info("creating account project %s", a['name']) spost(endpoint + "teams/%s/%s/projects/" % ( options.sentry_org, team_name), json={'name': a['name']}) bagger = partial( Bag, profile=options.profile, role=None, log_streams=None, start=options.start, end=options.end, sentry_dsn=options.sentry_dsn, account_id=a['account_id'], account_name=a['name']) for r in options.regions: log.debug("Fetching hub instance policy errors for %s", a['name']) b = bagger( region=r, log_group="/cloud-custodian/%s/%s" % (a['name'], r)) try: process_log_group(b) except ClientError as e: log.warning("Could not process %s region %s error: %s", a['name'], r, e) log.debug("Fetching spoke lambda policy errors for %s", a['name']) for fname, config in a['config_files'].items(): for p in config.get('policies', ()): if not p.get('mode'): continue b = bagger(region=r, assume_role=a['role'], log_group="/aws/lambda/custodian-%s" % p['name']) try: process_log_group(b) except ClientError as e: if e.response['Error']['Code']: log.info("account: %s region: %s group: %s not found", a['name'], r, b.log_group) continue return [process_account(a) for a in accounts] with ThreadPoolExecutor(max_workers=3) as w: futures = {} for a in accounts: futures[w.submit(process_account, a)] = a for f in as_completed(futures): exc = f.exception() if exc: log.error("Error processing account %s: %r", a['name'], exc)