def deploy(options):
from common import get_accounts
for account in get_accounts(options):
for region_name in options.regions:
for fname, config in account['config_files'].items():
for policy in config.get('policies', ()):
if policy.get('mode'):
deploy_one(
region_name, account, policy, options.sentry_dsn)
def orgreplay(options):
from common import Bag, get_accounts
accounts = get_accounts(options)
auth_headers = {'Authorization': 'Bearer %s' % options.sentry_token}
sget = partial(requests.get, headers=auth_headers)
spost = partial(requests.post, headers=auth_headers)
dsn = urlparse.urlparse(options.sentry_dsn)
endpoint = "%s://%s/api/0/" % (
dsn.scheme,
"@" in dsn.netloc and dsn.netloc.rsplit('@', 1)[1] or dsn.netloc)
log.info("sentry endpoint: %s", endpoint)
teams = set([t['slug'] for t in sget(
endpoint + "organizations/%s/teams/" % options.sentry_org).json()])
projects = {p['name']: p for p in sget(endpoint + "projects/").json()}
def process_account(a):
log.debug("processing %s", a['name'])
team_name = a['name'].rsplit('-', 1)[0]
if team_name not in teams:
log.info("creating org team %s", team_name)
spost(
endpoint + "organizations/%s/teams/" % options.sentry_org,
json={'name': team_name})
teams.add(team_name)
if a['name'] not in projects:
log.info("creating account project %s", a['name'])
spost(endpoint + "teams/%s/%s/projects/" % (
options.sentry_org, team_name),
json={'name': a['name']})
bagger = partial(
Bag,
profile=options.profile, role=None, log_streams=None,
start=options.start, end=options.end, sentry_dsn=options.sentry_dsn,
account_id=a['account_id'],
account_name=a['name'])
for r in options.regions:
log.debug("Fetching hub instance policy errors for %s", a['name'])
b = bagger(
region=r, log_group="/cloud-custodian/%s/%s" % (a['name'], r))
try:
process_log_group(b)
except ClientError as e:
log.warning("Could not process %s region %s error: %s",
a['name'], r, e)
log.debug("Fetching spoke lambda policy errors for %s", a['name'])
for fname, config in a['config_files'].items():
for p in config.get('policies', ()):
if not p.get('mode'):
continue
b = bagger(region=r, assume_role=a['role'],
log_group="/aws/lambda/custodian-%s" % p['name'])
try:
process_log_group(b)
except ClientError as e:
if e.response['Error']['Code']:
log.info("account: %s region: %s group: %s not found",
a['name'], r, b.log_group)
continue
return [process_account(a) for a in accounts]
with ThreadPoolExecutor(max_workers=3) as w:
futures = {}
for a in accounts:
futures[w.submit(process_account, a)] = a
for f in as_completed(futures):
exc = f.exception()
if exc:
log.error("Error processing account %s: %r", a['name'], exc)