def show_scheduled_roles(account_number, dynamo_table):
"""
Show scheduled repos for a given account. For each scheduled show whether scheduled time is elapsed or not.
"""
roles = Roles([
Role(get_role_data(dynamo_table, roleID))
for roleID in tqdm(role_ids_for_account(dynamo_table, account_number))
])
# filter to show only roles that are scheduled
roles = roles.filter(active=True)
roles = [role for role in roles if (role.repo_scheduled)]
header = ["Role name", "Scheduled", "Scheduled Time Elapsed?"]
rows = []
curtime = int(time.time())
for role in roles:
rows.append([
role.role_name,
dt.fromtimestamp(role.repo_scheduled).strftime("%Y-%m-%d %H:%M"),
role.repo_scheduled < curtime,
])
print(tabulate(rows, headers=header))
def _display_roles(account_number, dynamo_table, inactive=False):
"""
Display a table with data about all roles in an account and write a csv file with the data.
Args:
account_number (string)
inactive (bool): show roles that have historically (but not currently) existed in the account if True
Returns:
None
"""
headers = [
"Name",
"Refreshed",
"Disqualified By",
"Can be repoed",
"Permissions",
"Policies Repoable",
"Services",
"Repoed",
"Managed Permissions",
"Managed Policies Repoable"
"Managed Services",
]
rows = list()
roles = Roles([
Role.parse_obj(get_role_data(dynamo_table, roleID))
for roleID in tqdm(role_ids_for_account(dynamo_table, account_number))
])
if not inactive:
roles = roles.filter(active=True)
for role in roles:
rows.append([
role.role_name,
role.refreshed,
role.disqualified_by,
len(role.disqualified_by) == 0,
role.total_permissions,
role.repoable_permissions,
role.repoable_services,
role.repoed,
role.total_managed_permissions,
role.repoable_managed_permissions,
role.repoable_managed_services,
])
rows = sorted(rows, key=lambda x: (x[5], x[0], x[4]))
rows.insert(0, headers)
# print tabulate(rows, headers=headers)
t.view(rows)
with open("table.csv", "w") as csvfile:
csv_writer = csv.writer(csvfile)
csv_writer.writerow(headers)
for row in rows:
csv_writer.writerow(row)
def repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=False,
scheduled=True):
"""
Repo all scheduled or eligible roles in an account. Collect any errors and display them at the end.
Args:
account_number (string)
dynamo_table
config
commit (bool): actually make the changes
scheduled (bool): if True only repo the scheduled roles, if False repo all the (eligible) roles
Returns:
None
"""
errors = []
role_ids_in_account = role_ids_for_account(dynamo_table, account_number)
roles = Roles([])
for role_id in role_ids_in_account:
roles.append(
Role(
get_role_data(dynamo_table,
role_id,
fields=['Active', 'RoleName', 'RepoScheduled'])))
roles = roles.filter(active=True)
cur_time = int(time.time())
if scheduled:
roles = [
role for role in roles
if (role.repo_scheduled and cur_time > role.repo_scheduled)
]
LOGGER.info('Repoing these {}roles from account {}:\n\t{}'.format(
'scheduled ' if scheduled else '', account_number,
', '.join([role.role_name for role in roles])))
for role in roles:
error = repo_role(account_number,
role.role_name,
dynamo_table,
config,
hooks,
commit=commit)
if error:
errors.append(error)
if errors:
LOGGER.error('Error(s) during repo: \n{}'.format(errors))
else:
LOGGER.info('Everything successful!')
def _repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=False,
scheduled=True,
limit=-1):
"""
Repo all scheduled or eligible roles in an account. Collect any errors and display them at the end.
Args:
account_number (string)
dynamo_table
config
commit (bool): actually make the changes
scheduled (bool): if True only repo the scheduled roles, if False repo all the (eligible) roles
limit (int): limit number of roles to be repoed per run (< 0 is unlimited)
Returns:
None
"""
errors = []
role_ids_in_account = role_ids_for_account(dynamo_table, account_number)
roles = Roles([])
for role_id in role_ids_in_account:
roles.append(
Role(
get_role_data(
dynamo_table,
role_id,
fields=["Active", "RoleName", "RepoScheduled"],
)))
roles = roles.filter(active=True)
cur_time = int(time.time())
if scheduled:
roles = [
role for role in roles
if (role.repo_scheduled and cur_time > role.repo_scheduled)
]
LOGGER.info("Repoing these {}roles from account {}:\n\t{}".format(
"scheduled " if scheduled else "",
account_number,
", ".join([role.role_name for role in roles]),
))
repokid.hooks.call_hooks(hooks, "BEFORE_REPO_ROLES", {
"account_number": account_number,
"roles": roles
})
count = 0
repoed = Roles([])
for role in roles:
if limit >= 0 and count == limit:
break
error = _repo_role(
account_number,
role.role_name,
dynamo_table,
config,
hooks,
commit=commit,
scheduled=scheduled,
)
if error:
errors.append(error)
repoed.append(role)
count += 1
if errors:
LOGGER.error(
f"Error(s) during repo: \n{errors} (account: {account_number})")
else:
LOGGER.info(
f"Successfully repoed {count} roles in account {account_number}")
repokid.hooks.call_hooks(
hooks,
"AFTER_REPO_ROLES",
{
"account_number": account_number,
"roles": repoed,
"errors": errors
},
)
