def rollback_role(
ctx: click.Context,
account_number: str,
role_name: str,
selection: int,
commit: bool,
) -> None:
config = ctx.obj["config"]
hooks = ctx.obj["hooks"]
_rollback_role(
account_number, role_name, config, hooks, selection=selection, commit=commit
)
def rollback_role(account_number: str,
role_name: str,
selection: int = 0,
commit: bool = False) -> Optional[List[str]]:
"""
Library wrapper to display the historical policy versions for a roll as a numbered list. Restore to a specific
version if selected. Indicate changes that will be made and then actually make them if commit is selected.
Ref: :func:`~repokid.commands.repo._rollback_role`
Args:
account_number (string): The current account number Repokid is being run against
role_name (string)
selection (int): which policy version in the list to rollback to
commit (bool): actually make the change
Returns:
errors (list): if any
"""
return _rollback_role(
account_number,
role_name,
dynamo_table,
CONFIG,
hooks,
selection=selection,
commit=commit,
)
def rollback_role(message: Message) -> ResponderReturn:
if not message.selection:
return ResponderReturn(
successful=False, return_message="Rollback must contain a selection number"
)
errors = _rollback_role(
message.account,
message.role_name,
CONFIG,
hooks,
selection=int(message.selection),
commit=True,
)
if errors:
return ResponderReturn(
successful=False, return_message="Errors during rollback: {}".format(errors)
)
else:
return ResponderReturn(
successful=True,
return_message="Successfully rolled back role {} in account {}".format(
message.role_name, message.account
),
)
def main():
args = docopt(__doc__, version=f"Repokid {__version__}")
if args.get("config"):
config_filename = args.get("<config_filename>")
_generate_default_config(filename=config_filename)
sys.exit(0)
account_number = args.get("<account_number>")
if not CONFIG:
config = _generate_default_config()
else:
config = CONFIG
LOGGER.debug("Repokid cli called with args {}".format(args))
hooks = get_hooks(config.get("hooks", ["repokid.hooks.loggers"]))
dynamo_table = dynamo_get_or_create_table(**config["dynamo_db"])
if args.get("update_role_cache"):
return _update_role_cache(account_number, dynamo_table, config, hooks)
if args.get("display_role_cache"):
inactive = args.get("--inactive")
return _display_roles(account_number, dynamo_table, inactive=inactive)
if args.get("find_roles_with_permissions"):
permissions = args.get("<permission>")
output_file = args.get("--output")
return _find_roles_with_permissions(permissions, dynamo_table,
output_file)
if args.get("remove_permissions_from_roles"):
permissions = args.get("<permission>")
role_filename = args.get("--role-file")
commit = args.get("--commit")
return _remove_permissions_from_roles(permissions,
role_filename,
dynamo_table,
config,
hooks,
commit=commit)
if args.get("display_role"):
role_name = args.get("<role_name>")
return _display_role(account_number, role_name, dynamo_table, config,
hooks)
if args.get("repo_role"):
role_name = args.get("<role_name>")
commit = args.get("--commit")
return _repo_role(account_number,
role_name,
dynamo_table,
config,
hooks,
commit=commit)
if args.get("rollback_role"):
role_name = args.get("<role_name>")
commit = args.get("--commit")
selection = args.get("--selection")
return _rollback_role(
account_number,
role_name,
dynamo_table,
config,
hooks,
selection=selection,
commit=commit,
)
if args.get("repo_all_roles"):
LOGGER.info("Updating role data")
_update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info("Repoing all roles")
commit = args.get("--commit")
return _repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=commit,
scheduled=False)
if args.get("schedule_repo"):
LOGGER.info("Updating role data")
_update_role_cache(account_number, dynamo_table, config, hooks)
return _schedule_repo(account_number, dynamo_table, config, hooks)
if args.get("show_scheduled_roles"):
LOGGER.info("Showing scheduled roles")
return _show_scheduled_roles(account_number, dynamo_table)
if args.get("cancel_scheduled_repo"):
role_name = args.get("--role")
is_all = args.get("--all")
if not is_all:
LOGGER.info(
"Cancelling scheduled repo for role: {} in account {}".format(
role_name, account_number))
else:
LOGGER.info(
"Cancelling scheduled repo for all roles in account {}".format(
account_number))
return _cancel_scheduled_repo(account_number,
dynamo_table,
role_name=role_name,
is_all=is_all)
if args.get("repo_scheduled_roles"):
_update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info("Repoing scheduled roles")
commit = args.get("--commit")
return _repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=commit,
scheduled=True)
if args.get("repo_stats"):
output_file = args.get("<output_filename>")
account_number = args.get("--account")
return _repo_stats(output_file,
dynamo_table,
account_number=account_number)