def repo_all_roles(account_number, commit=False): """ Repo all eligible roles in an account. Collect any errors and display them at the end. Args: account_number (string) commit (bool): actually make the changes Returns: None """ errors = [] role_ids_in_account = roledata.role_ids_for_account(account_number) roles = Roles([]) for role_id in role_ids_in_account: roles.append( Role(roledata.get_role_data(role_id), fields=['Active', 'RoleName'])) roles = roles.filter(active=True) for role in roles: errors.append(repo_role(account_number, role.role_name, commit=commit)) if errors: LOGGER.error('Error(s) during repo: \n{}'.format(errors)) else: LOGGER.info('Everything successful!')
def repo_stats(output_file, account_number=None): roleIDs = roledata.roles_for_account( account_number ) if account_number else roledata.role_ids_for_all_accounts() headers = [ 'RoleId', 'Role Name', 'Account', 'Date', 'Source', 'Permissions Count', 'Disqualified By' ] rows = [] for roleID in roleIDs: role_data = roledata.get_role_data(roleID) for stats_entry in role_data.get('Stats', []): rows.append([ role_data['RoleId'], role_data['RoleName'], role_data['Account'], stats_entry['Date'], stats_entry['Source'], stats_entry['PermissionsCount'], stats_entry.get('DisqualifiedBy', []) ]) try: with open(output_file, 'wb') as csvfile: csv_writer = csv.writer(csvfile) csv_writer.writerow(headers) for row in rows: csv_writer.writerow(row) except IOError as e: LOGGER.error('Unable to write file {}: {}'.format(output_file, e)) else: LOGGER.info('Successfully wrote stats to {}'.format(output_file))
def find_roles_with_permission(permission): for roleID in roledata.role_ids_for_all_accounts(): role_data = roledata.get_role_data(roleID) permissions = _get_role_permissions(role_data) if permission in permissions: LOGGER.info('ARN {arn} has {permission}'.format( arn=role_data['Arn'], permission=permission))
def _find_role_in_cache(role_name): """Return a tuple with arn and role from cache matching supplied rolename or None, None""" found = False for roleID in roledata.roles_for_account(CUR_ACCOUNT_NUMBER): role_data = roledata.get_role_data(roleID) if role_data['RoleName'].lower() == role_name.lower(): found = True break if found: return role_data else: return None
def _find_role_in_cache(account_number, role_name): """Return role dictionary for active role with name in account Args: account_number (string) role_name (string) Returns: dict: A dict with the roledata for the given role in account, else None if not found """ found = False for roleID in roledata.role_ids_for_account(account_number): role_data = roledata.get_role_data(roleID, fields=['RoleName', 'Active']) if role_data['RoleName'].lower() == role_name.lower( ) and role_data['Active']: found = True break if found: return roledata.get_role_data(roleID) else: return None
def find_roles_with_permission(permission): """ Search roles in all accounts for a policy with a given permission, log the ARN of each role with this permission Args: permission (string): The name of the permission to find Returns: None """ for roleID in roledata.role_ids_for_all_accounts(): role = Role( roledata.get_role_data(roleID, fields=['Policies', 'RoleName', 'Arn'])) permissions = roledata._get_role_permissions(role) if permission.lower() in permissions: LOGGER.info('ARN {arn} has {permission}'.format( arn=role.arn, permission=permission))
def display_roles(account_number, inactive=False): """ Display a table with data about all roles in an account and write a csv file with the data. Args: account_number (string) inactive (bool): show roles that have historically (but not currently) existed in the account if True Returns: None """ headers = [ 'Name', 'Refreshed', 'Disqualified By', 'Can be repoed', 'Permissions', 'Repoable', 'Repoed', 'Services' ] rows = list() roles = Roles([ Role(roledata.get_role_data(roleID)) for roleID in tqdm(roledata.role_ids_for_account(account_number)) ]) if not inactive: roles = roles.filter(active=True) for role in roles: rows.append([ role.role_name, role.refreshed, role.disqualified_by, len(role.disqualified_by) == 0, role.total_permissions, role.repoable_permissions, role.repoed, role.repoable_services ]) rows = sorted(rows, key=lambda x: (x[5], x[0], x[4])) rows.insert(0, headers) # print tabulate(rows, headers=headers) t.view(rows) with open('table.csv', 'wb') as csvfile: csv_writer = csv.writer(csvfile) csv_writer.writerow(headers) for row in rows: csv_writer.writerow(row)
def repo_stats(output_file, account_number=None): """ Create a csv file with stats about roles, total permissions, and applicable filters over time Args: output_file (string): the name of the csv file to write account_number (string): if specified only display roles from selected account, otherwise display all Returns: None """ roleIDs = roledata.role_ids_for_account( account_number ) if account_number else roledata.role_ids_for_all_accounts() headers = [ 'RoleId', 'Role Name', 'Account', 'Date', 'Source', 'Permissions Count', 'Disqualified By' ] rows = [] for roleID in roleIDs: role_data = roledata.get_role_data( roleID, fields=['RoleId', 'RoleName', 'Account', 'Stats']) for stats_entry in role_data.get('Stats', []): rows.append([ role_data['RoleId'], role_data['RoleName'], role_data['Account'], stats_entry['Date'], stats_entry['Source'], stats_entry['PermissionsCount'], stats_entry.get('DisqualifiedBy', []) ]) try: with open(output_file, 'wb') as csvfile: csv_writer = csv.writer(csvfile) csv_writer.writerow(headers) for row in rows: csv_writer.writerow(row) except IOError as e: LOGGER.error('Unable to write file {}: {}'.format(output_file, e)) else: LOGGER.info('Successfully wrote stats to {}'.format(output_file))
def display_roles(account_number, inactive=False): headers = [ 'Name', 'Disqualified By', 'Can be repoed', 'Permissions', 'Repoable', 'Repoed', 'Services' ] rows = list() if inactive: roles_data = { roleID: roledata.get_role_data(roleID) for roleID in tqdm(roledata.roles_for_account(account_number)) } else: roles_data = roledata.get_data_for_active_roles_in_account( account_number) for roleID, role_data in roles_data.items(): rows.append([ role_data['RoleName'], role_data.get('DisqualifiedBy', []), len(role_data.get('DisqualifiedBy', [])) == 0, role_data['TotalPermissions'], role_data.get('RepoablePermissions', 0), role_data['Repoed'], role_data.get('RepoableServices') ]) rows = sorted(rows, key=lambda x: (x[4], x[0], x[3])) rows.insert(0, headers) # print tabulate(rows, headers=headers) t.view(rows) with open('table.csv', 'wb') as csvfile: csv_writer = csv.writer(csvfile) csv_writer.writerow(headers) for row in rows: csv_writer.writerow(row)