def test_schema_multi_expand(self):
test_schema = {
'schema1': {
'$ref': '#/definitions/filters_common/value_from'
},
'schema2': {
'$ref': '#/definitions/filters_common/value_from'
}
}
expected = yaml_dump({
'schema1': {
'type': 'object',
'additionalProperties': 'False',
'required': ['url'],
'properties': {
'url': {
'type': 'string'
},
'format': {
'enum': ['csv', 'json', 'txt', 'csv2dict']
},
'expr': {
'oneOf': [{
'type': 'integer'
}, {
'type': 'string'
}]
}
}
},
'schema2': {
'type': 'object',
'additionalProperties': 'False',
'required': ['url'],
'properties': {
'url': {
'type': 'string'
},
'format': {
'enum': ['csv', 'json', 'txt', 'csv2dict']
},
'expr': {
'oneOf': [{
'type': 'integer'
}, {
'type': 'string'
}]
}
}
}
})
result = yaml_dump(
_expand_schema(test_schema,
generate()['definitions']))
self.assertEquals(result, expected)
def main(role, ou, assume, profile, output, regions, active):
"""Generate a c7n-org accounts config file using AWS Organizations
With c7n-org you can then run policies or arbitrary scripts across
accounts.
"""
session = get_session(assume, 'c7n-org', profile)
client = session.client('organizations')
accounts = []
for path in ou:
ou = get_ou_from_path(client, path)
accounts.extend(get_accounts_for_ou(client, ou, active))
results = []
for a in accounts:
tags = []
path_parts = a['Path'].strip('/').split('/')
for idx, _ in enumerate(path_parts):
tags.append("path:/%s" % "/".join(path_parts[:idx + 1]))
ainfo = {
'account_id': a['Id'],
'email': a['Email'],
'name': a['Name'],
'tags': tags,
'role': role.format(**a)
}
if regions:
ainfo['regions'] = list(regions)
results.append(ainfo)
print(yaml_dump({'accounts': results}), file=output)
def _print_cls_schema(cls):
# Print docstring
docstring = _schema_get_docstring(cls)
print("\nHelp\n----\n")
if docstring:
print(docstring)
else:
# Shouldn't ever hit this, so exclude from cover
print("No help is available for this item.") # pragma: no cover
# Print schema
print("\nSchema\n------\n")
if hasattr(cls, 'schema'):
definitions = generate()['definitions']
component_schema = dict(cls.schema)
component_schema = _expand_schema(component_schema, definitions)
component_schema.pop('additionalProperties', None)
component_schema.pop('type', None)
print(yaml_dump(component_schema))
else:
# Shouldn't ever hit this, so exclude from cover
print("No schema is available for this item.",
file=sys.sterr) # pragma: no cover
print('')
return
def main(role, name, ou, assume, profile, output, regions, active, ignore):
"""Generate a c7n-org accounts config file using AWS Organizations
With c7n-org you can then run policies or arbitrary scripts across
accounts.
"""
logging.basicConfig(level=logging.INFO)
stats, session = get_session(assume, 'c7n-org', profile)
client = session.client('organizations')
accounts = []
for path in ou:
ou = get_ou_from_path(client, path)
accounts.extend(
get_accounts_for_ou(client, ou, active, ignoredAccounts=ignore))
results = []
for a in accounts:
tags = []
path_parts = a['Path'].strip('/').split('/')
for idx, _ in enumerate(path_parts):
tags.append("path:/%s" % "/".join(path_parts[:idx + 1]))
for k, v in a.get('Tags', {}).items():
tags.append("{}:{}".format(k, v))
a['OrgId'] = a['Arn'].split('/')[1]
if not role.startswith('arn'):
arn_role = "arn:aws:iam::{}:role/{}".format(a['Id'], role)
else:
arn_role = role.format(**a)
ainfo = {
'account_id': a['Id'],
'email': a['Email'],
'display_name': a['Name'],
'name': a['Name'],
'org_id': a['OrgId'],
'tags': tags,
'role': arn_role
}
ainfo['name'] = name.format(**ainfo)
if regions:
ainfo['regions'] = list(regions)
if 'Tags' in a and a['Tags']:
ainfo['vars'] = a['Tags']
results.append(ainfo)
# log.info('api calls {}'.format(stats.get_metadata()))
print(yaml_dump({'accounts': results}), file=output)
def main(output):
"""
Generate a c7n-org subscriptions config file
"""
client = SubscriptionClient(Session().get_credentials())
subs = [sub.serialize(True) for sub in client.subscriptions.list()]
results = []
for sub in subs:
sub_info = {
'subscription_id': sub['subscriptionId'],
'name': sub['displayName']
}
results.append(sub_info)
print(yaml_dump({'subscriptions': results}), file=output)
def main(role, ou, assume, profile, output, regions, active, ignore):
"""Generate a c7n-org accounts config file using AWS Organizations
With c7n-org you can then run policies or arbitrary scripts across
accounts.
"""
session = get_session(assume, 'c7n-org', profile)
client = session.client('organizations')
accounts = []
for path in ou:
ou = get_ou_from_path(client, path)
accounts.extend(
get_accounts_for_ou(client, ou, active, ignoredAccounts=ignore))
results = []
for a in accounts:
tags = []
path_parts = a['Path'].strip('/').split('/')
for idx, _ in enumerate(path_parts):
tags.append("path:/%s" % "/".join(path_parts[:idx + 1]))
for tag in list_tags_for_account(client, a['Id']):
tags.append("{}:{}".format(tag.get('Key'), tag.get('Value')))
if not role.startswith('arn'):
arn_role = "arn:aws:iam::{}:role/{}".format(a['Id'], role)
else:
arn_role = role.format(**a)
ainfo = {
'account_id': a['Id'],
'email': a['Email'],
'name': a['Name'],
'tags': tags,
'role': arn_role
}
if regions:
ainfo['regions'] = list(regions)
results.append(ainfo)
print(yaml_dump({'accounts': results}), file=output)
def _print_cls_schema(cls):
# Print docstring
docstring = ElementSchema.doc(cls)
print("\nHelp\n----\n")
if docstring:
print(docstring)
else:
# Shouldn't ever hit this, so exclude from cover
print("No help is available for this item.") # pragma: no cover
# Print schema
print("\nSchema\n------\n")
if hasattr(cls, 'schema'):
definitions = generate()['definitions']
component_schema = ElementSchema.schema(definitions, cls)
print(yaml_dump(component_schema))
else:
# Shouldn't ever hit this, so exclude from cover
print("No schema is available for this item.", file=sys.sterr) # pragma: no cover
print('')
return
def schema_cmd(options):
""" Print info about the resources, actions and filters available. """
from c7n import schema
if options.json:
schema.json_dump(options.resource)
return
if options.summary:
load_available()
resource_mapping = schema.resource_vocabulary()
schema.pprint_schema_summary(resource_mapping)
return
# Here are the formats for what we accept:
# - No argument
# - List all available RESOURCES
# - PROVIDER
# - List all available RESOURCES for supplied PROVIDER
# - RESOURCE
# - List all available actions and filters for supplied RESOURCE
# - MODE
# - List all available MODES
# - RESOURCE.actions
# - List all available actions for supplied RESOURCE
# - RESOURCE.actions.ACTION
# - Show class doc string and schema for supplied action
# - RESOURCE.filters
# - List all available filters for supplied RESOURCE
# - RESOURCE.filters.FILTER
# - Show class doc string and schema for supplied filter
if not options.resource:
load_available(resources=False)
resource_list = {'resources': sorted(itertools.chain(
*[clouds[p].resource_map.keys() for p in PROVIDER_NAMES]))}
print(yaml_dump(resource_list))
return
# Format is [PROVIDER].RESOURCE.CATEGORY.ITEM
# optional provider defaults to aws for compatibility
components = options.resource.lower().split('.')
if len(components) == 1 and components[0] in PROVIDER_NAMES:
load_providers((components[0]))
resource_list = {'resources': sorted(
clouds[components[0]].resource_map.keys())}
print(yaml_dump(resource_list))
return
if components[0] in PROVIDER_NAMES:
cloud_provider = components.pop(0)
components[0] = '%s.%s' % (cloud_provider, components[0])
load_resources((components[0],))
resource_mapping = schema.resource_vocabulary(
cloud_provider)
elif components[0] == 'mode':
load_available(resources=False)
resource_mapping = schema.resource_vocabulary()
else: # compatibility, aws is default for provider
components[0] = 'aws.%s' % components[0]
load_resources((components[0],))
resource_mapping = schema.resource_vocabulary('aws')
#
# Handle mode
#
if components[0] == "mode":
if len(components) == 1:
output = {components[0]: list(resource_mapping[components[0]].keys())}
print(yaml_dump(output))
return
if len(components) == 2:
if components[1] not in resource_mapping[components[0]]:
log.error('{} is not a valid mode'.format(components[1]))
sys.exit(1)
_print_cls_schema(resource_mapping[components[0]][components[1]])
return
# We received too much (e.g. mode.actions.foo)
log.error("Invalid selector '{}'. Valid options are 'mode' "
"or 'mode.TYPE'".format(options.resource))
sys.exit(1)
#
# Handle resource
#
resource = components[0]
if resource not in resource_mapping:
log.error('{} is not a valid resource'.format(resource))
sys.exit(1)
if len(components) == 1:
docstring = ElementSchema.doc(
resource_mapping[resource]['classes']['resource'])
del(resource_mapping[resource]['classes'])
if docstring:
print("\nHelp\n----\n")
print(docstring + '\n')
output = {resource: resource_mapping[resource]}
print(yaml_dump(output))
return
#
# Handle category
#
category = components[1]
if category not in ('actions', 'filters'):
log.error("Valid choices are 'actions' and 'filters'. You supplied '{}'".format(category))
sys.exit(1)
if len(components) == 2:
output = "No {} available for resource {}.".format(category, resource)
if category in resource_mapping[resource]:
output = {resource: {
category: resource_mapping[resource][category]}}
print(yaml_dump(output))
return
#
# Handle item
#
item = components[2]
if item not in resource_mapping[resource][category]:
log.error('{} is not in the {} list for resource {}'.format(item, category, resource))
sys.exit(1)
if len(components) == 3:
cls = resource_mapping[resource]['classes'][category][item]
_print_cls_schema(cls)
return
# We received too much (e.g. s3.actions.foo.bar)
log.error("Invalid selector '{}'. Max of 3 components in the "
"format RESOURCE.CATEGORY.ITEM".format(options.resource))
sys.exit(1)
