def get_config_rules_ids_names(self): my_status = execution_status() response = dict() all_config_rules = dict() config_rules_ids_names = dict() try: response = self.client.describe_config_rules() all_config_rules = response.get("ConfigRules") for configRule in all_config_rules: if configRule.get("Source").get( "SourceIdentifier") == "REQUIRED_TAGS": config_rules_ids_names[configRule.get( "ConfigRuleId")] = configRule.get("ConfigRuleName") if len(config_rules_ids_names): my_status.success( message='"required-tags" Config rules found!') else: my_status.warning( message='No "required-tags" Config rules found!') except botocore.exceptions.ClientError as error: errorString = "Boto3 API returned error: {}" log.error(errorString.format(error)) if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): my_status.error( message="You are not authorized to view these resources") else: my_status.error() config_rules_ids_names[ "No Config rules found"] = "No Config rules found" return config_rules_ids_names, my_status.get_status()
def get_user_credentials(cognito_id_token, user_pool_id, identity_pool_id, region): my_status = execution_status() user_credentials = dict() idp_name = "cognito-idp." + region + ".amazonaws.com/" + user_pool_id try: cognito_identity_client = boto3.client("cognito-identity", region_name=region) identity_id_response = cognito_identity_client.get_id( IdentityPoolId=identity_pool_id, Logins={idp_name: cognito_id_token}) log.debug("function: {} - Received the Cognito identity".format( sys._getframe().f_code.co_name)) identity_id = identity_id_response["IdentityId"] cognito_identity_response = ( cognito_identity_client.get_credentials_for_identity( IdentityId=identity_id, Logins={idp_name: cognito_id_token})) log.debug("function: {} - Received the Cognito credentials".format( sys._getframe().f_code.co_name)) user_credentials["AccessKeyId"] = cognito_identity_response[ "Credentials"]["AccessKeyId"] user_credentials["SecretKey"] = cognito_identity_response[ "Credentials"]["SecretKey"] user_credentials["SessionToken"] = cognito_identity_response[ "Credentials"]["SessionToken"] my_status.success(message="Retrieved user credentials!") except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error. function: {} - {}".format( sys._getframe().f_code.co_name, error)) my_status.error() user_credentials["AccessKeyId"] = None user_credentials["SecretKey"] = None user_credentials["SessionToken"] = None return user_credentials
def get_sc_product_templates(self): self.my_status = execution_status() sc_prod_templates_ids_names = dict() try: sc_response = self.service_catalog_client.search_products_as_admin( SortBy="Title", SortOrder="ASCENDING") log.debug('The sc_response is: "%s"', sc_response) sc_product_templates = list() sc_product_templates = sc_response.get("ProductViewDetails") for template in sc_product_templates: if not re.search("^AWS", template["ProductViewSummary"].get("Owner")): sc_prod_templates_ids_names[ template["ProductViewSummary"].get( "ProductId")] = template["ProductViewSummary"].get( "Name") self.my_status.success( message="Service Catalog product templates found!") except botocore.exceptions.ClientError as error: log.error('Boto3 API returned error: "%s"', error) if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): self.my_status.error( message="You are not authorized to view these resources") else: self.my_status.error() return sc_prod_templates_ids_names, self.my_status.get_status()
def get_aurora_db_tag_values(self, **session_credentials): my_status = execution_status() tag_values_inventory = list() self.session_credentials = dict() self.session_credentials = session_credentials if session_credentials.get("multi_account_role_session"): client = session_credentials["multi_account_role_session"].client( self.resource_type, region_name=self.region) else: this_session = boto3.session.Session( aws_access_key_id=self.session_credentials.get("AccessKeyId"), aws_secret_access_key=self.session_credentials.get( "SecretKey"), aws_session_token=self.session_credentials.get("SessionToken"), ) client = this_session.client(self.resource_type, region_name=self.region) try: # Interate all the resources in the region my_resources = client.describe_db_clusters() if len(my_resources["DBClusters"]) == 0: # tag_values_inventory.append("No tag values found") my_status.warning( message="No Amazon Aurora DB clusters found!") else: for item in my_resources["DBClusters"]: if len(item.get("TagList")): # Add all tag keys to the list for tag in item["TagList"]: if not re.search("^aws:", tag["Value"]): tag_values_inventory.append(tag["Value"]) # Set success if tag values found else set warning if len(tag_values_inventory): my_status.success(message="Tag values found!") else: my_status.warning( message="No tag values found for this resource type.") except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) # tag_values_inventory.append("No tag values found") tag_values_inventory.append("") if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): my_status.error( message="You are not authorized to view these resources") else: my_status.error() return tag_values_inventory, my_status.get_status() # Remove duplicate tags & sort tag_values_inventory = list(set(tag_values_inventory)) tag_values_inventory.sort(key=str.lower) return tag_values_inventory, my_status.get_status()
def __init__(self, region, **session_credentials): self.my_status = execution_status() self.region = region self.tag_groups = dict() self.session_credentials = dict() self.session_credentials["AccessKeyId"] = session_credentials[ "AccessKeyId"] self.session_credentials["SecretKey"] = session_credentials[ "SecretKey"] self.session_credentials["SessionToken"] = session_credentials[ "SessionToken"] this_session = boto3.session.Session( aws_access_key_id=self.session_credentials["AccessKeyId"], aws_secret_access_key=self.session_credentials["SecretKey"], aws_session_token=self.session_credentials["SessionToken"], ) try: self.dynamodb = this_session.resource("dynamodb", region_name=self.region) self.table = self.dynamodb.Table("tag_tamer_tag_groups") except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): self.my_status.error( message="You are not authorized to access these resources") else: self.my_status.error()
def set_repository_resources_tags(self, resources_to_tag, chosen_tags, **session_credentials): my_status = execution_status() resources_updated_tags = dict() tag_dict = dict() self.chosen_tags = chosen_tags self.session_credentials = dict() self.session_credentials['AccessKeyId'] = session_credentials[ 'AccessKeyId'] self.session_credentials['SecretKey'] = session_credentials[ 'SecretKey'] self.session_credentials['SessionToken'] = session_credentials[ 'SessionToken'] this_session = boto3.session.Session( aws_access_key_id=self.session_credentials['AccessKeyId'], aws_secret_access_key=self.session_credentials['SecretKey'], aws_session_token=self.session_credentials['SessionToken']) # for Code repository Boto3 API covert list of tags dicts to single key:value tag dict for tag in self.chosen_tags: tag_dict[tag['Key']] = tag['Value'] for resource_arn in resources_to_tag: try: client = this_session.client(self.resource_type, region_name=self.region) try: response = client.tag_resource(resourceArn=resource_arn, tags=tag_dict) my_status.success(message='Tags updated successfully!') except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) resources_updated_tags[ "No Resources Found"] = "No Tags Applied" if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message= 'You are not authorized to modify these resources') else: my_status.error() except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) resources_updated_tags[ "No Resources Found"] = "No Tags Applied" if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message= 'You are not authorized to modify these resources') else: my_status.error() return my_status.get_status()
def set_config_rules(self, tag_groups_keys_values, config_rule_id, config_rule_name): my_status = execution_status() if len(tag_groups_keys_values) and config_rule_id: # convert selected Tag Groups into JSON for Boto3 input to # this Config Rule's underlying Lambda : input_parameters_json = json.dumps(tag_groups_keys_values) config_rule_current_parameters = dict() ( config_rule_current_parameters, config_rule_current_parameters_execution_status, ) = self.get_config_rule(config_rule_name) try: self.client.put_config_rule( ConfigRule={ "ConfigRuleId": config_rule_id, "Scope": { "ComplianceResourceTypes": config_rule_current_parameters.get( "ComplianceResourceTypes") }, "InputParameters": input_parameters_json, "Source": { "Owner": "AWS", "SourceIdentifier": "REQUIRED_TAGS" }, }) my_status.success( message='"required-tags" Config rules updated!') log.debug( 'REQUIRED_TAGS Config Rule "%s" updated with these parameters: "%s"', config_rule_id, input_parameters_json, ) except botocore.exceptions.ClientError as error: errorString = "Boto3 API returned error: {}" log.error(errorString.format(error)) if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): my_status.error( message="You are not authorized to view these resources" ) else: my_status.error() else: my_status.warning( message="Please select at least one Tag Group and Config rule." ) return my_status.get_status()
def get_user_group_arns(user_name, user_pool_id, region): try: my_status = execution_status() cognito_idp_groups = dict() cognito_idp_client = boto3.client("cognito-idp", region_name=region) cognito_idp_groups = cognito_idp_client.admin_list_groups_for_user( Username=user_name, UserPoolId=user_pool_id) # Initially support one Cognito user pool group IAM role ARN per user group_role_arn = (cognito_idp_groups["Groups"][0]["RoleArn"] if cognito_idp_groups.get("Groups") else False) my_status.success(message="Retrieved IAM role ARN assign to user.") except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error. function: {} - {}".format( sys._getframe().f_code.co_name, error)) my_status.error() group_role_arn = False return group_role_arn
def set_lambda_resources_tags( self, resources_to_tag, chosen_tags, **session_credentials ): my_status = execution_status() resources_updated_tags = dict() tag_dict = dict() self.resources_to_tag = resources_to_tag self.chosen_tags = chosen_tags self.session_credentials = dict() self.session_credentials = session_credentials if session_credentials.get("multi_account_role_session"): client = session_credentials["multi_account_role_session"].client( self.resource_type, region_name=self.region ) else: this_session = boto3.session.Session( aws_access_key_id=self.session_credentials.get("AccessKeyId"), aws_secret_access_key=self.session_credentials.get("SecretKey"), aws_session_token=self.session_credentials.get("SessionToken"), ) client = this_session.client(self.resource_type, region_name=self.region) # for Lambda Boto3 API covert list of tags dicts to single key:value tag dict for tag in self.chosen_tags: tag_dict[tag["Key"]] = tag["Value"] for resource_arn in self.resources_to_tag: try: response = client.tag_resource(Resource=resource_arn, Tags=tag_dict) my_status.success(message="Lambda function tags updated successfully!") except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) resources_updated_tags["No Resources Found"] = "No Tags Applied" if ( error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation" ): my_status.error( message="You are not authorized to modify these resources" ) else: my_status.error() return my_status.get_status()
def update_sc_tag_option(self, tag_key, tag_value): self.my_status = execution_status() tag_option_id = "" try: sc_response = self.service_catalog_client.update_tag_option( Key=tag_key, Value=tag_value) tag_option_id = sc_response["TagOptionDetail"]["Id"] self.my_status.success(message="Tag option found!") except botocore.exceptions.ClientError as error: log.error('Boto3 API returned error: "%s"', error) if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): self.my_status.error( message="You are not authorized to update these resources") else: self.my_status.error() return tag_option_id, self.my_status.get_status()
def set_rds_resources_tags(self, resources_to_tag, chosen_tags, **session_credentials): my_status = execution_status() resources_updated_tags = dict() self.resources_to_tag = resources_to_tag self.chosen_tags = chosen_tags self.session_credentials = dict() self.session_credentials = session_credentials if session_credentials.get("multi_account_role_session"): client = session_credentials["multi_account_role_session"].client( self.resource_type, region_name=self.region) else: this_session = boto3.session.Session( aws_access_key_id=self.session_credentials.get("AccessKeyId"), aws_secret_access_key=self.session_credentials.get( "SecretKey"), aws_session_token=self.session_credentials.get("SessionToken"), ) client = this_session.client(self.resource_type, region_name=self.region) for resource_arn in self.resources_to_tag: try: response = client.add_tags_to_resource( ResourceName=resource_arn, Tags=self.chosen_tags) my_status.success( message="Amazon RDS instance tags updated successfully!") except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) resources_updated_tags[ "No Resources Found"] = "No Tags Applied" if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): my_status.error( message= "You are not authorized to modify these resources") else: my_status.error() return my_status.get_status()
def get_sc_tag_options(self, **kwargs): self.my_status = execution_status() sc_response = dict() try: if kwargs.get("key"): sc_response = self.service_catalog_client.list_tag_options( Filters={"Key": kwargs.get("key")}) else: sc_response = self.service_catalog_client.list_tag_options() self.my_status.success( message="Service Catalog Tag options found!") except botocore.exceptions.ClientError as error: log.error('Boto3 API returned error: "%s"', error) if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): self.my_status.error( message="You are not authorized to view these resources") else: self.my_status.error() return sc_response, self.my_status.get_status()
def get_config_rule(self, config_rule_name): my_status = execution_status() required_tags_config_rules = dict() try: response = self.client.describe_config_rules( ConfigRuleNames=[config_rule_name]) all_config_rules = dict() all_config_rules = response.get("ConfigRules") input_parameters_dict = dict() for rule in all_config_rules: if rule.get("Source").get( "SourceIdentifier") == "REQUIRED_TAGS": input_parameters_dict = json.loads( rule.get("InputParameters")) required_tags_config_rules["ConfigRuleName"] = rule.get( "ConfigRuleName") required_tags_config_rules[ "ComplianceResourceTypes"] = rule.get("Scope").get( "ComplianceResourceTypes") for key, value in input_parameters_dict.items(): required_tags_config_rules[key] = value input_parameters_dict.clear() my_status.success( message='"required-tags" Config rules found!') except botocore.exceptions.ClientError as error: errorString = "Boto3 API returned error: {}" log.error(errorString.format(error)) if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): my_status.error( message="You are not authorized to view these resources") else: my_status.error() return required_tags_config_rules, my_status.get_status()
def get_repository_tag_keys(self, **session_credentials): my_status = execution_status() tag_keys_inventory = list() # Give users ability to find resources with no tags applied tag_keys_inventory.append('<No tags applied>') self.session_credentials = dict() self.session_credentials['AccessKeyId'] = session_credentials[ 'AccessKeyId'] self.session_credentials['SecretKey'] = session_credentials[ 'SecretKey'] self.session_credentials['SessionToken'] = session_credentials[ 'SessionToken'] this_session = boto3.session.Session( aws_access_key_id=self.session_credentials['AccessKeyId'], aws_secret_access_key=self.session_credentials['SecretKey'], aws_session_token=self.session_credentials['SessionToken']) try: client = this_session.client(self.resource_type, region_name=self.region) # Get all the Code repositories in the region my_repositories = client.list_repositories() for item in my_repositories['repositories']: code_repository_arn = client.get_repository( repositoryName=item['repositoryName'] )['repositoryMetadata']['Arn'] try: # Get all the tags for a given Code repository response = client.list_tags_for_resource( resourceArn=code_repository_arn) try: # Add all tag keys to the list for tag_key, _ in response['tags'].items(): if not re.search("^aws:", tag_key): tag_keys_inventory.append(tag_key) my_status.success(message='Resources and tags found!') except: tag_keys_inventory.append("No tag keys found") my_status.error( message= 'You are not authorized to view these resources') except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) tag_keys_inventory.append("No tag keys found") if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message= 'You are not authorized to view these resources') else: my_status.error() except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) tag_keys_inventory.append("No tag keys found") if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message='You are not authorized to view these resources') else: my_status.error() #Remove duplicate tags & sort tag_keys_inventory = list(set(tag_keys_inventory)) tag_keys_inventory.sort(key=str.lower) return tag_keys_inventory, my_status.get_status()
def get_lambda_tag_values(self, **session_credentials): my_status = execution_status() tag_values_inventory = list() self.session_credentials = dict() self.session_credentials = session_credentials if session_credentials.get("multi_account_role_session"): client = session_credentials["multi_account_role_session"].client( self.resource_type, region_name=self.region ) else: this_session = boto3.session.Session( aws_access_key_id=self.session_credentials.get("AccessKeyId"), aws_secret_access_key=self.session_credentials.get("SecretKey"), aws_session_token=self.session_credentials.get("SessionToken"), ) client = this_session.client(self.resource_type, region_name=self.region) try: # Get all the Lambda functions in the region my_functions = client.list_functions() for item in my_functions["Functions"]: function_arn = item["FunctionArn"] try: # Get all the tags for a given Lambda function response = client.list_tags(Resource=function_arn) if len(response.get("Tags")): # Add all tag values to the list for tag_key, tag_value in response["Tags"].items(): # Exclude any AWS-applied tags which begin with "aws:" if not re.search("^aws:", tag_key) and tag_value: tag_values_inventory.append(tag_value) except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if ( error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation" ): my_status.error( message="You are not authorized to view these resources" ) else: my_status.error() return tag_values_inventory, my_status.get_status() # Set success if tag values found else set warning if len(tag_values_inventory): my_status.success(message="Tag values found!") else: my_status.warning(message="No tag values found for this resource type.") except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if ( error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation" ): my_status.error( message="You are not authorized to view these resources" ) else: my_status.error() return tag_values_inventory, my_status.get_status() # Remove duplicate tags & sort tag_values_inventory = list(set(tag_values_inventory)) tag_values_inventory.sort(key=str.lower) return tag_values_inventory, my_status.get_status()
def get_lambda_names_ids(self, filter_tags, **session_credentials): my_status = execution_status() self.filter_tags = filter_tags tag_key1_state = True if self.filter_tags.get("tag_key1") else False tag_value1_state = True if self.filter_tags.get("tag_value1") else False tag_key2_state = True if self.filter_tags.get("tag_key2") else False tag_value2_state = True if self.filter_tags.get("tag_value2") else False if not self.filter_tags.get("conjunction"): self.filter_tags["conjunction"] = "AND" resource_inventory = dict() self.session_credentials = dict() self.session_credentials = session_credentials if session_credentials.get("multi_account_role_session"): client = session_credentials["multi_account_role_session"].client( self.resource_type, region_name=self.region ) else: this_session = boto3.session.Session( aws_access_key_id=self.session_credentials.get("AccessKeyId"), aws_secret_access_key=self.session_credentials.get("SecretKey"), aws_session_token=self.session_credentials.get("SessionToken"), ) client = this_session.client(self.resource_type, region_name=self.region) def _intersection_union_invalid(tag_dict, function_name, function_arn): resource_inventory[ "No matching resources found" ] = "No matching resources found" if self.filter_tags.get("conjunction") == "AND": def _intersection_tfff(tag_dict, function_name, function_arn): if self.filter_tags.get("tag_key1") in tag_dict: resource_inventory[function_arn] = function_name def _intersection_fftf(tag_dict, function_name, function_arn): if self.filter_tags.get("tag_key2") in tag_dict: resource_inventory[function_arn] = function_name def _intersection_fftt(tag_dict, function_name, function_arn): if self.filter_tags.get("tag_key2") in tag_dict: if tag_dict.get( self.filter_tags.get("tag_key2") ) == self.filter_tags.get("tag_value2"): resource_inventory[function_arn] = function_name def _intersection_ttff(tag_dict, function_name, function_arn): if self.filter_tags.get("tag_key1") in tag_dict: if tag_dict.get( self.filter_tags.get("tag_key1") ) == self.filter_tags.get("tag_value1"): resource_inventory[function_arn] = function_name def _intersection_tftf(tag_dict, function_name, function_arn): if ( self.filter_tags.get("tag_key1") in tag_dict and self.filter_tags.get("tag_key2") in tag_dict ): resource_inventory[function_arn] = function_name def _intersection_tftt(tag_dict, function_name, function_arn): if ( self.filter_tags.get("tag_key1") in tag_dict and self.filter_tags.get("tag_key2") in tag_dict ): if tag_dict.get( self.filter_tags.get("tag_key2") ) == self.filter_tags.get("tag_value2"): resource_inventory[function_arn] = function_name def _intersection_tttf(tag_dict, function_name, function_arn): if ( self.filter_tags.get("tag_key1") in tag_dict and self.filter_tags.get("tag_key2") in tag_dict ): if tag_dict.get( self.filter_tags.get("tag_key1") ) == self.filter_tags.get("tag_value1"): resource_inventory[function_arn] = function_name def _intersection_tttt(tag_dict, function_name, function_arn): if ( self.filter_tags.get("tag_key1") in tag_dict and self.filter_tags.get("tag_key2") in tag_dict ): if tag_dict.get( self.filter_tags.get("tag_key1") ) == self.filter_tags.get("tag_value1"): if tag_dict.get( self.filter_tags.get("tag_key2") ) == self.filter_tags.get("tag_value2"): resource_inventory[function_arn] = function_name def _intersection_ffff(tag_dict, function_name, function_arn): resource_inventory[function_arn] = function_name # "AND" Truth table check for tag_key1, tag_value1, tag_key2, tag_value2 intersection_combos = { (False, False, False, True): _intersection_union_invalid, (False, True, False, False): _intersection_union_invalid, (False, True, False, True): _intersection_union_invalid, (True, False, False, True): _intersection_union_invalid, (True, True, False, True): _intersection_union_invalid, (False, True, True, False): _intersection_union_invalid, (False, False, True, False): _intersection_fftf, (False, False, True, True): _intersection_fftt, (True, False, False, False): _intersection_tfff, (True, True, False, False): _intersection_ttff, (True, False, True, False): _intersection_tftf, (True, False, True, True): _intersection_tftt, (True, True, True, False): _intersection_tttf, (True, True, True, True): _intersection_tttt, (False, False, False, False): _intersection_ffff, } try: # Get all the Lambda functions in the region my_functions = client.list_functions() for item in my_functions["Functions"]: try: # Get all the tags for a given Lambda function response = client.list_tags(Resource=item["FunctionArn"]) if not response.get("Tags") and ( self.filter_tags.get("tag_key1") == "<No tags applied>" or self.filter_tags.get("tag_key2") == "<No tags applied>" ): resource_inventory[item["FunctionArn"]] = item[ "FunctionName" ] else: intersection_combos[ ( tag_key1_state, tag_value1_state, tag_key2_state, tag_value2_state, ) ]( response.get("Tags"), item["FunctionName"], item["FunctionArn"], ) except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if ( error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation" ): my_status.error( message="You are not authorized to view these resources" ) else: my_status.error() my_status.success(message="Resources and tags found!") except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if ( error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation" ): my_status.error( message="You are not authorized to view these resources" ) else: my_status.error() if self.filter_tags.get("conjunction") == "OR": def _union_tfff_tftf_fftf(tag_dict, function_name, function_arn): if ( self.filter_tags.get("tag_key1") in tag_dict or self.filter_tags.get("tag_key2") in tag_dict ): resource_inventory[function_arn] = function_name def _union_tttf(tag_dict, function_name, function_arn): if self.filter_tags.get("tag_key1") in tag_dict: if tag_dict[ self.filter_tags.get("tag_key1") ] == self.filter_tags.get("tag_value1"): resource_inventory[function_arn] = function_name elif self.filter_tags.get("tag_key2") in tag_dict: resource_inventory[function_arn] = function_name def _union_tftt(tag_dict, function_name, function_arn): if self.filter_tags.get("tag_key2") in tag_dict: if tag_dict[ self.filter_tags.get("tag_key2") ] == self.filter_tags.get("tag_value2"): resource_inventory[function_arn] = function_name elif self.filter_tags.get("tag_key1") in tag_dict: resource_inventory[function_arn] = function_name def _union_fftt(tag_dict, function_name, function_arn): if self.filter_tags.get("tag_key2") in tag_dict: if tag_dict[ self.filter_tags.get("tag_key2") ] == self.filter_tags.get("tag_value2"): resource_inventory[function_arn] = function_name def _union_ttff(tag_dict, function_name, function_arn): if self.filter_tags.get("tag_key1") in tag_dict: if tag_dict[ self.filter_tags.get("tag_key1") ] == self.filter_tags.get("tag_value1"): resource_inventory[function_arn] = function_name def _union_tttt(tag_dict, function_name, function_arn): if self.filter_tags.get("tag_key1") in tag_dict: if tag_dict[ self.filter_tags.get("tag_key1") ] == self.filter_tags.get("tag_value1"): resource_inventory[function_arn] = function_name elif self.filter_tags.get("tag_key2") in tag_dict: if tag_dict[ self.filter_tags.get("tag_key2") ] == self.filter_tags.get("tag_value2"): resource_inventory[function_arn] = function_name def _union_ffff(tag_dict, function_name, function_arn): resource_inventory[function_arn] = function_name # "OR" Truth table check for tag_key1, tag_value1, tag_key2, tag_value2 or_combos = { (False, False, False, True): _intersection_union_invalid, (False, True, False, False): _intersection_union_invalid, (False, True, False, True): _intersection_union_invalid, (False, True, True, True): _intersection_union_invalid, (True, True, False, True): _intersection_union_invalid, (False, False, True, False): _union_tfff_tftf_fftf, (False, False, True, True): _union_fftt, (True, False, False, False): _union_tfff_tftf_fftf, (True, False, True, False): _union_tfff_tftf_fftf, (True, False, True, True): _union_tftt, (True, True, False, False): _union_ttff, (True, True, True, False): _union_tttf, (True, True, True, True): _union_tttt, (False, False, False, False): _union_ffff, } try: # Get all the Lambda functions in the region my_functions = client.list_functions() for item in my_functions["Functions"]: try: # Get all the tags for a given Lambda function response = client.list_tags(Resource=item["FunctionArn"]) if not response.get("Tags") and ( self.filter_tags.get("tag_key1") == "<No tags applied>" or self.filter_tags.get("tag_key2") == "<No tags applied>" ): resource_inventory[item["FunctionArn"]] = item[ "FunctionName" ] else: or_combos[ ( tag_key1_state, tag_value1_state, tag_key2_state, tag_value2_state, ) ]( response.get("Tags"), item["FunctionName"], item["FunctionArn"], ) except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if ( error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation" ): my_status.error( message="You are not authorized to view these resources" ) else: my_status.error() my_status.success(message="Resources and tags found!") except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if ( error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation" ): my_status.error( message="You are not authorized to view these resources" ) else: my_status.error() return resource_inventory, my_status.get_status()
def get_lambda_resources_tags(self, chosen_resources, **session_credentials): my_status = execution_status() # Instantiate dictionaries to hold resources & their tags tagged_resource_inventory = dict() self.session_credentials = dict() self.session_credentials = session_credentials if session_credentials.get("multi_account_role_session"): client = session_credentials["multi_account_role_session"].client( self.resource_type, region_name=self.region ) else: this_session = boto3.session.Session( aws_access_key_id=self.session_credentials.get("AccessKeyId"), aws_secret_access_key=self.session_credentials.get("SecretKey"), aws_session_token=self.session_credentials.get("SessionToken"), ) client = this_session.client(self.resource_type, region_name=self.region) try: if chosen_resources[0][0] != "No matching resources found": for resource_id_name in chosen_resources: resource_tags = dict() sorted_resource_tags = dict() function_arn = resource_id_name[0] try: # Get all the tags for a given Lambda function response = client.list_tags(Resource=function_arn) if response.get("Tags"): user_applied_tags = False for tag_key, tag_value in response["Tags"].items(): # Ignore tags applied by AWS which begin with "aws:" if not re.search("^aws:", tag_key): resource_tags[tag_key] = tag_value user_applied_tags = True if not user_applied_tags: resource_tags[ "No user-applied tag keys found" ] = "No user-applied tag values found" else: resource_tags[ "No user-applied tag keys found" ] = "No user-applied tag values found" except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) resource_tags["No Tags Found"] = "No Tags Found" if ( error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation" ): my_status.error( message="You are not authorized to view these resources" ) else: my_status.error() sorted_resource_tags = OrderedDict(sorted(resource_tags.items())) tagged_resource_inventory[ resource_id_name[0] ] = sorted_resource_tags my_status.success(message="Resources and tags found!") else: tagged_resource_inventory["No Resource Found"] = { "No tag keys found": "No tag values found" } my_status.warning(message="No AWS Lambda functions found!") except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) tagged_resource_inventory["No Resource Found"] = { "No tag keys found": "No tag values found" } if ( error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation" ): my_status.error( message="You are not authorized to view these resources" ) else: my_status.error() return tagged_resource_inventory, my_status.get_status()
def assign_tg_sc_product_template(self, tag_group_name, sc_product_template_id, **session_credentials): self.my_status = execution_status() all_sc_tag_options = dict() tag_group_contents = dict() this_sc_tag_option_values_ids = dict() # Instantiate a service catalog class instance sc_instance = service_catalog(self.region, **session_credentials) # Get the key & values list for the requested Tag Group tag_group = get_tag_groups(self.region, **session_credentials) ( tag_group_contents, tag_group_execution_status, ) = tag_group.get_tag_group_key_values(tag_group_name) # Get the dictionary of current SC TagOptions all_sc_tag_options, sc_tag_execution_status = sc_instance.get_sc_tag_options( key=tag_group_contents["tag_group_key"]) # Get the TagOption ID's of all SC TagOptions that have the same key as the Tag Group parameter # If there's a key match, remember the corresponding value to determine if any Tag Group values are missing from SC for sc_tag_option in all_sc_tag_options["TagOptionDetails"]: if sc_tag_option["Key"] == tag_group_contents["tag_group_key"]: this_sc_tag_option_values_ids[ sc_tag_option["Value"]] = sc_tag_option["Id"] # Delete Service Catalog TagOptions values that are not included in selected Tag Group if this_sc_tag_option_values_ids: temp_tag_option_values_ids = this_sc_tag_option_values_ids.copy() for value, option_id in temp_tag_option_values_ids.items(): if value not in tag_group_contents["tag_group_values"]: try: response = self.service_catalog_client.disassociate_tag_option_from_resource( ResourceId=sc_product_template_id, TagOptionId=option_id) response = self.service_catalog_client.delete_tag_option( Id=option_id) this_sc_tag_option_values_ids.pop(value) self.my_status.success( message="Service Catalog TagOption deleted!") except botocore.exceptions.ClientError as error: log.error('Boto3 API returned error: "%s"', error) if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): self.my_status.error( message= "You are not authorized to update these resources" ) elif (error.response["Error"]["Code"] == "ResourceInUseException"): self.my_status.warning( message='The TagOption Key: "' + tag_group_contents["tag_group_key"] + '" and Value: "' + value + '" is in use on another Product Template.') else: self.my_status.error() else: self.my_status.success() # Create SC TagOptions for the selected Tag Group's values if value is not already an SC TagOption for value in tag_group_contents["tag_group_values"]: if value not in this_sc_tag_option_values_ids: ( tag_option_id, tag_option_id_execution_status, ) = sc_instance.create_sc_tag_option( tag_group_contents["tag_group_key"], value) this_sc_tag_option_values_ids[value] = tag_option_id product_template_details = dict() try: product_template_details = ( self.service_catalog_client.describe_product_as_admin( Id=sc_product_template_id)) self.my_status.success() current_status = self.my_status.get_status() if current_status["alert_level"] == "success": self.my_status.success( message="Service Catalog product template found!") except botocore.exceptions.ClientError as error: log.error('Boto3 API returned error: "%s"', error) if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): self.my_status.error( message="You are not authorized to view these resources") else: self.my_status.error() existing_prod_template_tag_options = list() existing_prod_template_tag_options = product_template_details.get( "TagOptions") existing_product_template_tag_option_ids = list() for tag_option in existing_prod_template_tag_options: existing_product_template_tag_option_ids.append( tag_option.get("Id")) # Assign Tag value in the Tag Group to the specified SC product template if not already assigned for value, to_id in this_sc_tag_option_values_ids.items(): if to_id not in existing_product_template_tag_option_ids: try: sc_response = (self.service_catalog_client. associate_tag_option_with_resource( ResourceId=sc_product_template_id, TagOptionId=to_id)) self.my_status.success() current_status = self.my_status.get_status() if current_status["alert_level"] == "success": self.my_status.success( message= "New Tag Option associated with Service Catalog product!" ) except botocore.exceptions.ClientError as error: log.error('Boto3 API returned error: "%s"', error) if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): self.my_status.error( message= "You are not authorized to update these resources") else: self.my_status.error() # Return updated dictionary of TagOption keys & values for the SC product template product_template_details.clear() try: product_template_details = ( self.service_catalog_client.describe_product_as_admin( Id=sc_product_template_id)) self.my_status.success() current_status = self.my_status.get_status() if current_status["alert_level"] == "success": self.my_status.success( message="Service Catalog product template found!") except botocore.exceptions.ClientError as error: log.error('Boto3 API returned error: "%s"', error) if (error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation"): self.my_status.error( message="You are not authorized to view these resources") else: self.my_status.error() existing_prod_template_tag_options.clear() existing_prod_template_tag_options = product_template_details[ "TagOptions"] existing_tag_option_keys_values = defaultdict(list) for tag_option in existing_prod_template_tag_options: existing_tag_option_keys_values[tag_option["Key"]].append( tag_option["Value"]) return existing_tag_option_keys_values, self.my_status.get_status()
def get_pipeline_resources_tags(self, chosen_resources, **session_credentials): my_status = execution_status() # Instantiate dictionaries to hold resources & their tags tagged_resource_inventory = dict() self.session_credentials = dict() self.session_credentials['AccessKeyId'] = session_credentials[ 'AccessKeyId'] self.session_credentials['SecretKey'] = session_credentials[ 'SecretKey'] self.session_credentials['SessionToken'] = session_credentials[ 'SessionToken'] this_session = boto3.session.Session( aws_access_key_id=self.session_credentials['AccessKeyId'], aws_secret_access_key=self.session_credentials['SecretKey'], aws_session_token=self.session_credentials['SessionToken']) try: if chosen_resources: client = this_session.client(self.resource_type, region_name=self.region) for resource_id_name in chosen_resources: resource_tags = dict() sorted_resource_tags = dict() pipeline_arn = resource_id_name[0] try: # Get all the tags for a given Code Pipeline response = client.list_tags_for_resource( resourceArn=pipeline_arn) for tag in response['tags']: if not re.search("^aws:", tag['key']): resource_tags[tag['key']] = tag['value'] except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) resource_tags["No Tags Found"] = "No Tags Found" if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message= 'You are not authorized to view these resources' ) else: my_status.error() sorted_resource_tags = OrderedDict( sorted(resource_tags.items())) tagged_resource_inventory[ resource_id_name[0]] = sorted_resource_tags my_status.success(message='Resources and tags found!') else: tagged_resource_inventory["No Resource Found"] = { "No Tags Found": "No Tags Found" } my_status.warning(message='No AWS Code Pipelines found!') except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) tagged_resource_inventory["No Resource Found"] = { "No Tags Found": "No Tags Found" } if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message='You are not authorized to view these resources') else: my_status.error() return tagged_resource_inventory, my_status.get_status()
def get_eks_clusters_keys(self, **session_credentials): my_status = execution_status() tag_keys_inventory = list() self.session_credentials = dict() self.session_credentials = session_credentials if session_credentials.get("multi_account_role_session"): client = session_credentials["multi_account_role_session"].client( self.resource_type, region_name=self.region ) else: this_session = boto3.session.Session( aws_access_key_id=self.session_credentials.get("AccessKeyId"), aws_secret_access_key=self.session_credentials.get("SecretKey"), aws_session_token=self.session_credentials.get("SessionToken"), ) client = this_session.client(self.resource_type, region_name=self.region) try: # Get all the EKS clusters in the region my_clusters = client.list_clusters() if len(my_clusters["clusters"]) == 0: my_status.warning(message="No Amazon EKS clusters found!") else: for item in my_clusters["clusters"]: cluster_arn = client.describe_cluster(name=item)["cluster"]["arn"] try: # Get all the tags for a given EKS Cluster response = client.list_tags_for_resource( resourceArn=cluster_arn ) if len(response.get("tags")): # Add all tag keys to the list for tag_key, _ in response["tags"].items(): if not re.search("^aws:", tag_key): tag_keys_inventory.append(tag_key) except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if ( error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation" ): my_status.error( message="You are not authorized to view these resources" ) else: my_status.error() return tag_keys_inventory, my_status.get_status() # Set success if tag values found else set warning if len(tag_keys_inventory): my_status.success(message="Tag keys found!") else: my_status.warning(message="No tag keys found for this resource type.") except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if ( error.response["Error"]["Code"] == "AccessDeniedException" or error.response["Error"]["Code"] == "UnauthorizedOperation" ): my_status.error( message="You are not authorized to view these resources" ) else: my_status.error() return tag_keys_inventory, my_status.get_status() # Remove duplicate tags & sort tag_keys_inventory = list(set(tag_keys_inventory)) tag_keys_inventory.sort(key=str.lower) return tag_keys_inventory, my_status.get_status()
def get_pipeline_tag_values(self, **session_credentials): my_status = execution_status() tag_values_inventory = list() self.session_credentials = dict() self.session_credentials['AccessKeyId'] = session_credentials[ 'AccessKeyId'] self.session_credentials['SecretKey'] = session_credentials[ 'SecretKey'] self.session_credentials['SessionToken'] = session_credentials[ 'SessionToken'] this_session = boto3.session.Session( aws_access_key_id=self.session_credentials['AccessKeyId'], aws_secret_access_key=self.session_credentials['SecretKey'], aws_session_token=self.session_credentials['SessionToken']) try: client = this_session.client(self.resource_type, region_name=self.region) # Get all the Code Pipelines in the region my_pipelines = client.list_pipelines() for item in my_pipelines['pipelines']: code_pipeline_arn = client.get_pipeline( name=item['name'])['metadata']['pipelineArn'] try: # Get all the tags for a given Code Pipeline response = client.list_tags_for_resource( resourceArn=code_pipeline_arn) try: # Add all tag keys to the list for tag in response['tags'](): # Exclude any AWS-applied tags which begin with "aws:" if not re.search("^aws:", tag['key']) and tag['value']: tag_values_inventory.append(tag['value']) except: #tag_values_inventory.append("No tag values found") tag_values_inventory.append("") my_status.warning( message='No tags found for this resource.') except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) #tag_values_inventory.append("No tag values found") tag_values_inventory.append("") if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message= 'You are not authorized to view these resources') else: my_status.error() my_status.success(message='Resources and tags found!') except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) #tag_values_inventory.append("No tag values found") tag_values_inventory.append("") if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message='You are not authorized to view these resources') else: my_status.error() #Remove duplicate tags & sort tag_values_inventory = list(set(tag_values_inventory)) tag_values_inventory.sort(key=str.lower) return tag_values_inventory, my_status.get_status()
def get_code_pipeline_ids(self, filter_tags, **session_credentials): my_status = execution_status() self.filter_tags = filter_tags tag_key1_state = True if self.filter_tags.get('tag_key1') else False tag_value1_state = True if self.filter_tags.get( 'tag_value1') else False tag_key2_state = True if self.filter_tags.get('tag_key2') else False tag_value2_state = True if self.filter_tags.get( 'tag_value2') else False resource_inventory = dict() self.session_credentials = {} self.session_credentials['AccessKeyId'] = session_credentials[ 'AccessKeyId'] self.session_credentials['SecretKey'] = session_credentials[ 'SecretKey'] self.session_credentials['SessionToken'] = session_credentials[ 'SessionToken'] this_session = boto3.session.Session( aws_access_key_id=self.session_credentials['AccessKeyId'], aws_secret_access_key=self.session_credentials['SecretKey'], aws_session_token=self.session_credentials['SessionToken']) def _intersection_union_invalid(tag_dict, pipeline_name, pipeline_arn): resource_inventory['No matching resource'] = 'No matching resource' if self.filter_tags.get('conjunction') == 'AND': def _intersection_tfff(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get('tag_key1') in tag_dict: resource_inventory[pipeline_arn] = pipeline_name def _intersection_fftf(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get('tag_key2') in tag_dict: resource_inventory[pipeline_arn] = pipeline_name def _intersection_fftt(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get('tag_key2') in tag_dict: if tag_dict.get(self.filter_tags.get( 'tag_key2')) == self.filter_tags.get('tag_value2'): resource_inventory[pipeline_arn] = pipeline_name def _intersection_ttff(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get('tag_key1') in tag_dict: if tag_dict.get(self.filter_tags.get( 'tag_key1')) == self.filter_tags.get('tag_value1'): resource_inventory[pipeline_arn] = pipeline_name def _intersection_tftf(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get( 'tag_key1') in tag_dict and self.filter_tags.get( 'tag_key2') in tag_dict: resource_inventory[pipeline_arn] = pipeline_name def _intersection_tftt(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get( 'tag_key1') in tag_dict and self.filter_tags.get( 'tag_key2') in tag_dict: if tag_dict.get(self.filter_tags.get( 'tag_key2')) == self.filter_tags.get('tag_value2'): resource_inventory[pipeline_arn] = pipeline_name def _intersection_tttf(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get( 'tag_key1') in tag_dict and self.filter_tags.get( 'tag_key2') in tag_dict: if tag_dict.get(self.filter_tags.get( 'tag_key1')) == self.filter_tags.get('tag_value1'): resource_inventory[pipeline_arn] = pipeline_name def _intersection_tttt(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get( 'tag_key1') in tag_dict and self.filter_tags.get( 'tag_key2') in tag_dict: if tag_dict.get(self.filter_tags.get( 'tag_key1')) == self.filter_tags.get('tag_value1'): if tag_dict.get( self.filter_tags.get('tag_key2') ) == self.filter_tags.get('tag_value2'): resource_inventory[pipeline_arn] = pipeline_name def _intersection_ffff(tag_dict, pipeline_name, pipeline_arn): resource_inventory[pipeline_arn] = pipeline_name # "AND" Truth table check for tag_key1, tag_value1, tag_key2, tag_value2 intersection_combos = { (False, False, False, True): _intersection_union_invalid, (False, True, False, False): _intersection_union_invalid, (False, True, False, True): _intersection_union_invalid, (True, False, False, True): _intersection_union_invalid, (True, True, False, True): _intersection_union_invalid, (False, True, True, False): _intersection_union_invalid, (False, False, True, False): _intersection_fftf, (False, False, True, True): _intersection_fftt, (True, False, False, False): _intersection_tfff, (True, True, False, False): _intersection_ttff, (True, False, True, False): _intersection_tftf, (True, False, True, True): _intersection_tftt, (True, True, True, False): _intersection_tttf, (True, True, True, True): _intersection_tttt, (False, False, False, False): _intersection_ffff } try: client = this_session.client(self.resource_type, region_name=self.region) # Get all the CodePipleines in the region my_pipelines = client.list_pipelines() for item in my_pipelines['pipelines']: try: code_pipeline_arn = client.get_pipeline( name=item['name'])['metadata']['pipelineArn'] # Get all the tags for a given Code Pipeline response = client.list_tags_for_resource( resourceArn=code_pipeline_arn) if response.get('tags'): intersection_combos[(tag_key1_state, tag_value1_state, tag_key2_state, tag_value2_state)]( response.get('tags'), item['name'], code_pipeline_arn) elif self.filter_tags.get('tag_key1') == '<No tags applied>' or \ self.filter_tags.get('tag_key2') == '<No tags applied>': resource_inventory[pipeline_arn] = item['name'] except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message= 'You are not authorized to view these resources' ) else: my_status.error() my_status.success(message='Resources and tags found!') except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message='You are not authorized to view these resources' ) else: my_status.error() if self.filter_tags.get('conjunction') == 'OR': def _union_tfff_tftf_fftf(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get( 'tag_key1') in tag_dict or self.filter_tags.get( 'tag_key2') in tag_dict: resource_inventory[pipeline_arn] = pipeline_name def _union_tttf(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get('tag_key1') in tag_dict: if tag_dict[self.filter_tags.get( 'tag_key1')] == self.filter_tags.get('tag_value1'): resource_inventory[pipeline_arn] = pipeline_name elif self.filter_tags.get('tag_key2') in tag_dict: resource_inventory[pipeline_arn] = pipeline_name def _union_tftt(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get('tag_key2') in tag_dict: if tag_dict[self.filter_tags.get( 'tag_key2')] == self.filter_tags.get('tag_value2'): resource_inventory[pipeline_arn] = pipeline_name elif self.filter_tags.get('tag_key1') in tag_dict: resource_inventory[pipeline_arn] = pipeline_name def _union_fftt(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get('tag_key2') in tag_dict: if tag_dict[self.filter_tags.get( 'tag_key2')] == self.filter_tags.get('tag_value2'): resource_inventory[pipeline_arn] = pipeline_name def _union_ttff(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get('tag_key1') in tag_dict: if tag_dict[self.filter_tags.get( 'tag_key1')] == self.filter_tags.get('tag_value1'): resource_inventory[pipeline_arn] = pipeline_name def _union_tttt(tag_dict, pipeline_name, pipeline_arn): if self.filter_tags.get('tag_key1') in tag_dict: if tag_dict[self.filter_tags.get( 'tag_key1')] == self.filter_tags.get('tag_value1'): resource_inventory[pipeline_arn] = pipeline_name elif self.filter_tags.get('tag_key2') in tag_dict: if tag_dict[self.filter_tags.get( 'tag_key2')] == self.filter_tags.get('tag_value2'): resource_inventory[pipeline_arn] = pipeline_name def _union_ffff(tag_dict, pipeline_name, pipeline_arn): resource_inventory[pipeline_arn] = pipeline_name # "OR" Truth table check for tag_key1, tag_value1, tag_key2, tag_value2 or_combos = { (False, False, False, True): _intersection_union_invalid, (False, True, False, False): _intersection_union_invalid, (False, True, False, True): _intersection_union_invalid, (False, True, True, True): _intersection_union_invalid, (True, True, False, True): _intersection_union_invalid, (False, False, True, False): _union_tfff_tftf_fftf, (False, False, True, True): _union_fftt, (True, False, False, False): _union_tfff_tftf_fftf, (True, False, True, False): _union_tfff_tftf_fftf, (True, False, True, True): _union_tftt, (True, True, False, False): _union_ttff, (True, True, True, False): _union_tttf, (True, True, True, True): _union_tttt, (False, False, False, False): _union_ffff } try: client = this_session.client(self.resource_type, region_name=self.region) # Get all the Code Pipelinesin the region my_pipelines = client.list_pipelines() for item in my_pipelines['pipelines']: try: code_pipeline_arn = client.get_pipeline( name=item['name'])['metadata']['pipelineArn'] # Get all the tags for a given Code Pipeline response = client.list_tags_for_resource( resourceArn=code_pipeline_arn) if response.get('tags'): or_combos[(tag_key1_state, tag_value1_state, tag_key2_state, tag_value2_state)](response.get('tags'), item['name'], code_pipeline_arn) elif self.filter_tags.get('tag_key1') == '<No tags applied>' or \ self.filter_tags.get('tag_key2') == '<No tags applied>': resource_inventory[code_pipeline_arn] = item[ 'name'] except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message= 'You are not authorized to view these resources' ) else: my_status.error() my_status.success(message='Resources and tags found!') except botocore.exceptions.ClientError as error: log.error("Boto3 API returned error: {}".format(error)) if error.response['Error'][ 'Code'] == 'AccessDeniedException' or error.response[ 'Error']['Code'] == 'UnauthorizedOperation': my_status.error( message='You are not authorized to view these resources' ) else: my_status.error() #return resource_inventory, my_status.get_status() return resource_inventory, my_status.get_status()