def get_config_rules_ids_names(self):
my_status = execution_status()
response = dict()
all_config_rules = dict()
config_rules_ids_names = dict()
try:
response = self.client.describe_config_rules()
all_config_rules = response.get("ConfigRules")
for configRule in all_config_rules:
if configRule.get("Source").get(
"SourceIdentifier") == "REQUIRED_TAGS":
config_rules_ids_names[configRule.get(
"ConfigRuleId")] = configRule.get("ConfigRuleName")
if len(config_rules_ids_names):
my_status.success(
message='"required-tags" Config rules found!')
else:
my_status.warning(
message='No "required-tags" Config rules found!')
except botocore.exceptions.ClientError as error:
errorString = "Boto3 API returned error: {}"
log.error(errorString.format(error))
if (error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
my_status.error(
message="You are not authorized to view these resources")
else:
my_status.error()
config_rules_ids_names[
"No Config rules found"] = "No Config rules found"
return config_rules_ids_names, my_status.get_status()
def get_user_credentials(cognito_id_token, user_pool_id, identity_pool_id,
region):
my_status = execution_status()
user_credentials = dict()
idp_name = "cognito-idp." + region + ".amazonaws.com/" + user_pool_id
try:
cognito_identity_client = boto3.client("cognito-identity",
region_name=region)
identity_id_response = cognito_identity_client.get_id(
IdentityPoolId=identity_pool_id,
Logins={idp_name: cognito_id_token})
log.debug("function: {} - Received the Cognito identity".format(
sys._getframe().f_code.co_name))
identity_id = identity_id_response["IdentityId"]
cognito_identity_response = (
cognito_identity_client.get_credentials_for_identity(
IdentityId=identity_id, Logins={idp_name: cognito_id_token}))
log.debug("function: {} - Received the Cognito credentials".format(
sys._getframe().f_code.co_name))
user_credentials["AccessKeyId"] = cognito_identity_response[
"Credentials"]["AccessKeyId"]
user_credentials["SecretKey"] = cognito_identity_response[
"Credentials"]["SecretKey"]
user_credentials["SessionToken"] = cognito_identity_response[
"Credentials"]["SessionToken"]
my_status.success(message="Retrieved user credentials!")
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error. function: {} - {}".format(
sys._getframe().f_code.co_name, error))
my_status.error()
user_credentials["AccessKeyId"] = None
user_credentials["SecretKey"] = None
user_credentials["SessionToken"] = None
return user_credentials
def get_sc_product_templates(self):
self.my_status = execution_status()
sc_prod_templates_ids_names = dict()
try:
sc_response = self.service_catalog_client.search_products_as_admin(
SortBy="Title", SortOrder="ASCENDING")
log.debug('The sc_response is: "%s"', sc_response)
sc_product_templates = list()
sc_product_templates = sc_response.get("ProductViewDetails")
for template in sc_product_templates:
if not re.search("^AWS",
template["ProductViewSummary"].get("Owner")):
sc_prod_templates_ids_names[
template["ProductViewSummary"].get(
"ProductId")] = template["ProductViewSummary"].get(
"Name")
self.my_status.success(
message="Service Catalog product templates found!")
except botocore.exceptions.ClientError as error:
log.error('Boto3 API returned error: "%s"', error)
if (error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
self.my_status.error(
message="You are not authorized to view these resources")
else:
self.my_status.error()
return sc_prod_templates_ids_names, self.my_status.get_status()
def get_aurora_db_tag_values(self, **session_credentials):
my_status = execution_status()
tag_values_inventory = list()
self.session_credentials = dict()
self.session_credentials = session_credentials
if session_credentials.get("multi_account_role_session"):
client = session_credentials["multi_account_role_session"].client(
self.resource_type, region_name=self.region)
else:
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials.get("AccessKeyId"),
aws_secret_access_key=self.session_credentials.get(
"SecretKey"),
aws_session_token=self.session_credentials.get("SessionToken"),
)
client = this_session.client(self.resource_type,
region_name=self.region)
try:
# Interate all the resources in the region
my_resources = client.describe_db_clusters()
if len(my_resources["DBClusters"]) == 0:
# tag_values_inventory.append("No tag values found")
my_status.warning(
message="No Amazon Aurora DB clusters found!")
else:
for item in my_resources["DBClusters"]:
if len(item.get("TagList")):
# Add all tag keys to the list
for tag in item["TagList"]:
if not re.search("^aws:", tag["Value"]):
tag_values_inventory.append(tag["Value"])
# Set success if tag values found else set warning
if len(tag_values_inventory):
my_status.success(message="Tag values found!")
else:
my_status.warning(
message="No tag values found for this resource type.")
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
# tag_values_inventory.append("No tag values found")
tag_values_inventory.append("")
if (error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
my_status.error(
message="You are not authorized to view these resources")
else:
my_status.error()
return tag_values_inventory, my_status.get_status()
# Remove duplicate tags & sort
tag_values_inventory = list(set(tag_values_inventory))
tag_values_inventory.sort(key=str.lower)
return tag_values_inventory, my_status.get_status()
def __init__(self, region, **session_credentials):
self.my_status = execution_status()
self.region = region
self.tag_groups = dict()
self.session_credentials = dict()
self.session_credentials["AccessKeyId"] = session_credentials[
"AccessKeyId"]
self.session_credentials["SecretKey"] = session_credentials[
"SecretKey"]
self.session_credentials["SessionToken"] = session_credentials[
"SessionToken"]
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials["AccessKeyId"],
aws_secret_access_key=self.session_credentials["SecretKey"],
aws_session_token=self.session_credentials["SessionToken"],
)
try:
self.dynamodb = this_session.resource("dynamodb",
region_name=self.region)
self.table = self.dynamodb.Table("tag_tamer_tag_groups")
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if (error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
self.my_status.error(
message="You are not authorized to access these resources")
else:
self.my_status.error()
def set_repository_resources_tags(self, resources_to_tag, chosen_tags,
**session_credentials):
my_status = execution_status()
resources_updated_tags = dict()
tag_dict = dict()
self.chosen_tags = chosen_tags
self.session_credentials = dict()
self.session_credentials['AccessKeyId'] = session_credentials[
'AccessKeyId']
self.session_credentials['SecretKey'] = session_credentials[
'SecretKey']
self.session_credentials['SessionToken'] = session_credentials[
'SessionToken']
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials['AccessKeyId'],
aws_secret_access_key=self.session_credentials['SecretKey'],
aws_session_token=self.session_credentials['SessionToken'])
# for Code repository Boto3 API covert list of tags dicts to single key:value tag dict
for tag in self.chosen_tags:
tag_dict[tag['Key']] = tag['Value']
for resource_arn in resources_to_tag:
try:
client = this_session.client(self.resource_type,
region_name=self.region)
try:
response = client.tag_resource(resourceArn=resource_arn,
tags=tag_dict)
my_status.success(message='Tags updated successfully!')
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
resources_updated_tags[
"No Resources Found"] = "No Tags Applied"
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message=
'You are not authorized to modify these resources')
else:
my_status.error()
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
resources_updated_tags[
"No Resources Found"] = "No Tags Applied"
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message=
'You are not authorized to modify these resources')
else:
my_status.error()
return my_status.get_status()
def set_config_rules(self, tag_groups_keys_values, config_rule_id,
config_rule_name):
my_status = execution_status()
if len(tag_groups_keys_values) and config_rule_id:
# convert selected Tag Groups into JSON for Boto3 input to
# this Config Rule's underlying Lambda :
input_parameters_json = json.dumps(tag_groups_keys_values)
config_rule_current_parameters = dict()
(
config_rule_current_parameters,
config_rule_current_parameters_execution_status,
) = self.get_config_rule(config_rule_name)
try:
self.client.put_config_rule(
ConfigRule={
"ConfigRuleId": config_rule_id,
"Scope": {
"ComplianceResourceTypes":
config_rule_current_parameters.get(
"ComplianceResourceTypes")
},
"InputParameters": input_parameters_json,
"Source": {
"Owner": "AWS",
"SourceIdentifier": "REQUIRED_TAGS"
},
})
my_status.success(
message='"required-tags" Config rules updated!')
log.debug(
'REQUIRED_TAGS Config Rule "%s" updated with these parameters: "%s"',
config_rule_id,
input_parameters_json,
)
except botocore.exceptions.ClientError as error:
errorString = "Boto3 API returned error: {}"
log.error(errorString.format(error))
if (error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
my_status.error(
message="You are not authorized to view these resources"
)
else:
my_status.error()
else:
my_status.warning(
message="Please select at least one Tag Group and Config rule."
)
return my_status.get_status()
def get_user_group_arns(user_name, user_pool_id, region):
try:
my_status = execution_status()
cognito_idp_groups = dict()
cognito_idp_client = boto3.client("cognito-idp", region_name=region)
cognito_idp_groups = cognito_idp_client.admin_list_groups_for_user(
Username=user_name, UserPoolId=user_pool_id)
# Initially support one Cognito user pool group IAM role ARN per user
group_role_arn = (cognito_idp_groups["Groups"][0]["RoleArn"]
if cognito_idp_groups.get("Groups") else False)
my_status.success(message="Retrieved IAM role ARN assign to user.")
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error. function: {} - {}".format(
sys._getframe().f_code.co_name, error))
my_status.error()
group_role_arn = False
return group_role_arn
def set_lambda_resources_tags(
self, resources_to_tag, chosen_tags, **session_credentials
):
my_status = execution_status()
resources_updated_tags = dict()
tag_dict = dict()
self.resources_to_tag = resources_to_tag
self.chosen_tags = chosen_tags
self.session_credentials = dict()
self.session_credentials = session_credentials
if session_credentials.get("multi_account_role_session"):
client = session_credentials["multi_account_role_session"].client(
self.resource_type, region_name=self.region
)
else:
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials.get("AccessKeyId"),
aws_secret_access_key=self.session_credentials.get("SecretKey"),
aws_session_token=self.session_credentials.get("SessionToken"),
)
client = this_session.client(self.resource_type, region_name=self.region)
# for Lambda Boto3 API covert list of tags dicts to single key:value tag dict
for tag in self.chosen_tags:
tag_dict[tag["Key"]] = tag["Value"]
for resource_arn in self.resources_to_tag:
try:
response = client.tag_resource(Resource=resource_arn, Tags=tag_dict)
my_status.success(message="Lambda function tags updated successfully!")
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
resources_updated_tags["No Resources Found"] = "No Tags Applied"
if (
error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"] == "UnauthorizedOperation"
):
my_status.error(
message="You are not authorized to modify these resources"
)
else:
my_status.error()
return my_status.get_status()
def update_sc_tag_option(self, tag_key, tag_value):
self.my_status = execution_status()
tag_option_id = ""
try:
sc_response = self.service_catalog_client.update_tag_option(
Key=tag_key, Value=tag_value)
tag_option_id = sc_response["TagOptionDetail"]["Id"]
self.my_status.success(message="Tag option found!")
except botocore.exceptions.ClientError as error:
log.error('Boto3 API returned error: "%s"', error)
if (error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
self.my_status.error(
message="You are not authorized to update these resources")
else:
self.my_status.error()
return tag_option_id, self.my_status.get_status()
def set_rds_resources_tags(self, resources_to_tag, chosen_tags,
**session_credentials):
my_status = execution_status()
resources_updated_tags = dict()
self.resources_to_tag = resources_to_tag
self.chosen_tags = chosen_tags
self.session_credentials = dict()
self.session_credentials = session_credentials
if session_credentials.get("multi_account_role_session"):
client = session_credentials["multi_account_role_session"].client(
self.resource_type, region_name=self.region)
else:
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials.get("AccessKeyId"),
aws_secret_access_key=self.session_credentials.get(
"SecretKey"),
aws_session_token=self.session_credentials.get("SessionToken"),
)
client = this_session.client(self.resource_type,
region_name=self.region)
for resource_arn in self.resources_to_tag:
try:
response = client.add_tags_to_resource(
ResourceName=resource_arn, Tags=self.chosen_tags)
my_status.success(
message="Amazon RDS instance tags updated successfully!")
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
resources_updated_tags[
"No Resources Found"] = "No Tags Applied"
if (error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
my_status.error(
message=
"You are not authorized to modify these resources")
else:
my_status.error()
return my_status.get_status()
def get_sc_tag_options(self, **kwargs):
self.my_status = execution_status()
sc_response = dict()
try:
if kwargs.get("key"):
sc_response = self.service_catalog_client.list_tag_options(
Filters={"Key": kwargs.get("key")})
else:
sc_response = self.service_catalog_client.list_tag_options()
self.my_status.success(
message="Service Catalog Tag options found!")
except botocore.exceptions.ClientError as error:
log.error('Boto3 API returned error: "%s"', error)
if (error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
self.my_status.error(
message="You are not authorized to view these resources")
else:
self.my_status.error()
return sc_response, self.my_status.get_status()
def get_config_rule(self, config_rule_name):
my_status = execution_status()
required_tags_config_rules = dict()
try:
response = self.client.describe_config_rules(
ConfigRuleNames=[config_rule_name])
all_config_rules = dict()
all_config_rules = response.get("ConfigRules")
input_parameters_dict = dict()
for rule in all_config_rules:
if rule.get("Source").get(
"SourceIdentifier") == "REQUIRED_TAGS":
input_parameters_dict = json.loads(
rule.get("InputParameters"))
required_tags_config_rules["ConfigRuleName"] = rule.get(
"ConfigRuleName")
required_tags_config_rules[
"ComplianceResourceTypes"] = rule.get("Scope").get(
"ComplianceResourceTypes")
for key, value in input_parameters_dict.items():
required_tags_config_rules[key] = value
input_parameters_dict.clear()
my_status.success(
message='"required-tags" Config rules found!')
except botocore.exceptions.ClientError as error:
errorString = "Boto3 API returned error: {}"
log.error(errorString.format(error))
if (error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
my_status.error(
message="You are not authorized to view these resources")
else:
my_status.error()
return required_tags_config_rules, my_status.get_status()
def get_repository_tag_keys(self, **session_credentials):
my_status = execution_status()
tag_keys_inventory = list()
# Give users ability to find resources with no tags applied
tag_keys_inventory.append('<No tags applied>')
self.session_credentials = dict()
self.session_credentials['AccessKeyId'] = session_credentials[
'AccessKeyId']
self.session_credentials['SecretKey'] = session_credentials[
'SecretKey']
self.session_credentials['SessionToken'] = session_credentials[
'SessionToken']
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials['AccessKeyId'],
aws_secret_access_key=self.session_credentials['SecretKey'],
aws_session_token=self.session_credentials['SessionToken'])
try:
client = this_session.client(self.resource_type,
region_name=self.region)
# Get all the Code repositories in the region
my_repositories = client.list_repositories()
for item in my_repositories['repositories']:
code_repository_arn = client.get_repository(
repositoryName=item['repositoryName']
)['repositoryMetadata']['Arn']
try:
# Get all the tags for a given Code repository
response = client.list_tags_for_resource(
resourceArn=code_repository_arn)
try:
# Add all tag keys to the list
for tag_key, _ in response['tags'].items():
if not re.search("^aws:", tag_key):
tag_keys_inventory.append(tag_key)
my_status.success(message='Resources and tags found!')
except:
tag_keys_inventory.append("No tag keys found")
my_status.error(
message=
'You are not authorized to view these resources')
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
tag_keys_inventory.append("No tag keys found")
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message=
'You are not authorized to view these resources')
else:
my_status.error()
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
tag_keys_inventory.append("No tag keys found")
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message='You are not authorized to view these resources')
else:
my_status.error()
#Remove duplicate tags & sort
tag_keys_inventory = list(set(tag_keys_inventory))
tag_keys_inventory.sort(key=str.lower)
return tag_keys_inventory, my_status.get_status()
def get_lambda_tag_values(self, **session_credentials):
my_status = execution_status()
tag_values_inventory = list()
self.session_credentials = dict()
self.session_credentials = session_credentials
if session_credentials.get("multi_account_role_session"):
client = session_credentials["multi_account_role_session"].client(
self.resource_type, region_name=self.region
)
else:
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials.get("AccessKeyId"),
aws_secret_access_key=self.session_credentials.get("SecretKey"),
aws_session_token=self.session_credentials.get("SessionToken"),
)
client = this_session.client(self.resource_type, region_name=self.region)
try:
# Get all the Lambda functions in the region
my_functions = client.list_functions()
for item in my_functions["Functions"]:
function_arn = item["FunctionArn"]
try:
# Get all the tags for a given Lambda function
response = client.list_tags(Resource=function_arn)
if len(response.get("Tags")):
# Add all tag values to the list
for tag_key, tag_value in response["Tags"].items():
# Exclude any AWS-applied tags which begin with "aws:"
if not re.search("^aws:", tag_key) and tag_value:
tag_values_inventory.append(tag_value)
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if (
error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"] == "UnauthorizedOperation"
):
my_status.error(
message="You are not authorized to view these resources"
)
else:
my_status.error()
return tag_values_inventory, my_status.get_status()
# Set success if tag values found else set warning
if len(tag_values_inventory):
my_status.success(message="Tag values found!")
else:
my_status.warning(message="No tag values found for this resource type.")
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if (
error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"] == "UnauthorizedOperation"
):
my_status.error(
message="You are not authorized to view these resources"
)
else:
my_status.error()
return tag_values_inventory, my_status.get_status()
# Remove duplicate tags & sort
tag_values_inventory = list(set(tag_values_inventory))
tag_values_inventory.sort(key=str.lower)
return tag_values_inventory, my_status.get_status()
def get_lambda_names_ids(self, filter_tags, **session_credentials):
my_status = execution_status()
self.filter_tags = filter_tags
tag_key1_state = True if self.filter_tags.get("tag_key1") else False
tag_value1_state = True if self.filter_tags.get("tag_value1") else False
tag_key2_state = True if self.filter_tags.get("tag_key2") else False
tag_value2_state = True if self.filter_tags.get("tag_value2") else False
if not self.filter_tags.get("conjunction"):
self.filter_tags["conjunction"] = "AND"
resource_inventory = dict()
self.session_credentials = dict()
self.session_credentials = session_credentials
if session_credentials.get("multi_account_role_session"):
client = session_credentials["multi_account_role_session"].client(
self.resource_type, region_name=self.region
)
else:
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials.get("AccessKeyId"),
aws_secret_access_key=self.session_credentials.get("SecretKey"),
aws_session_token=self.session_credentials.get("SessionToken"),
)
client = this_session.client(self.resource_type, region_name=self.region)
def _intersection_union_invalid(tag_dict, function_name, function_arn):
resource_inventory[
"No matching resources found"
] = "No matching resources found"
if self.filter_tags.get("conjunction") == "AND":
def _intersection_tfff(tag_dict, function_name, function_arn):
if self.filter_tags.get("tag_key1") in tag_dict:
resource_inventory[function_arn] = function_name
def _intersection_fftf(tag_dict, function_name, function_arn):
if self.filter_tags.get("tag_key2") in tag_dict:
resource_inventory[function_arn] = function_name
def _intersection_fftt(tag_dict, function_name, function_arn):
if self.filter_tags.get("tag_key2") in tag_dict:
if tag_dict.get(
self.filter_tags.get("tag_key2")
) == self.filter_tags.get("tag_value2"):
resource_inventory[function_arn] = function_name
def _intersection_ttff(tag_dict, function_name, function_arn):
if self.filter_tags.get("tag_key1") in tag_dict:
if tag_dict.get(
self.filter_tags.get("tag_key1")
) == self.filter_tags.get("tag_value1"):
resource_inventory[function_arn] = function_name
def _intersection_tftf(tag_dict, function_name, function_arn):
if (
self.filter_tags.get("tag_key1") in tag_dict
and self.filter_tags.get("tag_key2") in tag_dict
):
resource_inventory[function_arn] = function_name
def _intersection_tftt(tag_dict, function_name, function_arn):
if (
self.filter_tags.get("tag_key1") in tag_dict
and self.filter_tags.get("tag_key2") in tag_dict
):
if tag_dict.get(
self.filter_tags.get("tag_key2")
) == self.filter_tags.get("tag_value2"):
resource_inventory[function_arn] = function_name
def _intersection_tttf(tag_dict, function_name, function_arn):
if (
self.filter_tags.get("tag_key1") in tag_dict
and self.filter_tags.get("tag_key2") in tag_dict
):
if tag_dict.get(
self.filter_tags.get("tag_key1")
) == self.filter_tags.get("tag_value1"):
resource_inventory[function_arn] = function_name
def _intersection_tttt(tag_dict, function_name, function_arn):
if (
self.filter_tags.get("tag_key1") in tag_dict
and self.filter_tags.get("tag_key2") in tag_dict
):
if tag_dict.get(
self.filter_tags.get("tag_key1")
) == self.filter_tags.get("tag_value1"):
if tag_dict.get(
self.filter_tags.get("tag_key2")
) == self.filter_tags.get("tag_value2"):
resource_inventory[function_arn] = function_name
def _intersection_ffff(tag_dict, function_name, function_arn):
resource_inventory[function_arn] = function_name
# "AND" Truth table check for tag_key1, tag_value1, tag_key2, tag_value2
intersection_combos = {
(False, False, False, True): _intersection_union_invalid,
(False, True, False, False): _intersection_union_invalid,
(False, True, False, True): _intersection_union_invalid,
(True, False, False, True): _intersection_union_invalid,
(True, True, False, True): _intersection_union_invalid,
(False, True, True, False): _intersection_union_invalid,
(False, False, True, False): _intersection_fftf,
(False, False, True, True): _intersection_fftt,
(True, False, False, False): _intersection_tfff,
(True, True, False, False): _intersection_ttff,
(True, False, True, False): _intersection_tftf,
(True, False, True, True): _intersection_tftt,
(True, True, True, False): _intersection_tttf,
(True, True, True, True): _intersection_tttt,
(False, False, False, False): _intersection_ffff,
}
try:
# Get all the Lambda functions in the region
my_functions = client.list_functions()
for item in my_functions["Functions"]:
try:
# Get all the tags for a given Lambda function
response = client.list_tags(Resource=item["FunctionArn"])
if not response.get("Tags") and (
self.filter_tags.get("tag_key1") == "<No tags applied>"
or self.filter_tags.get("tag_key2") == "<No tags applied>"
):
resource_inventory[item["FunctionArn"]] = item[
"FunctionName"
]
else:
intersection_combos[
(
tag_key1_state,
tag_value1_state,
tag_key2_state,
tag_value2_state,
)
](
response.get("Tags"),
item["FunctionName"],
item["FunctionArn"],
)
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if (
error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"
):
my_status.error(
message="You are not authorized to view these resources"
)
else:
my_status.error()
my_status.success(message="Resources and tags found!")
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if (
error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"] == "UnauthorizedOperation"
):
my_status.error(
message="You are not authorized to view these resources"
)
else:
my_status.error()
if self.filter_tags.get("conjunction") == "OR":
def _union_tfff_tftf_fftf(tag_dict, function_name, function_arn):
if (
self.filter_tags.get("tag_key1") in tag_dict
or self.filter_tags.get("tag_key2") in tag_dict
):
resource_inventory[function_arn] = function_name
def _union_tttf(tag_dict, function_name, function_arn):
if self.filter_tags.get("tag_key1") in tag_dict:
if tag_dict[
self.filter_tags.get("tag_key1")
] == self.filter_tags.get("tag_value1"):
resource_inventory[function_arn] = function_name
elif self.filter_tags.get("tag_key2") in tag_dict:
resource_inventory[function_arn] = function_name
def _union_tftt(tag_dict, function_name, function_arn):
if self.filter_tags.get("tag_key2") in tag_dict:
if tag_dict[
self.filter_tags.get("tag_key2")
] == self.filter_tags.get("tag_value2"):
resource_inventory[function_arn] = function_name
elif self.filter_tags.get("tag_key1") in tag_dict:
resource_inventory[function_arn] = function_name
def _union_fftt(tag_dict, function_name, function_arn):
if self.filter_tags.get("tag_key2") in tag_dict:
if tag_dict[
self.filter_tags.get("tag_key2")
] == self.filter_tags.get("tag_value2"):
resource_inventory[function_arn] = function_name
def _union_ttff(tag_dict, function_name, function_arn):
if self.filter_tags.get("tag_key1") in tag_dict:
if tag_dict[
self.filter_tags.get("tag_key1")
] == self.filter_tags.get("tag_value1"):
resource_inventory[function_arn] = function_name
def _union_tttt(tag_dict, function_name, function_arn):
if self.filter_tags.get("tag_key1") in tag_dict:
if tag_dict[
self.filter_tags.get("tag_key1")
] == self.filter_tags.get("tag_value1"):
resource_inventory[function_arn] = function_name
elif self.filter_tags.get("tag_key2") in tag_dict:
if tag_dict[
self.filter_tags.get("tag_key2")
] == self.filter_tags.get("tag_value2"):
resource_inventory[function_arn] = function_name
def _union_ffff(tag_dict, function_name, function_arn):
resource_inventory[function_arn] = function_name
# "OR" Truth table check for tag_key1, tag_value1, tag_key2, tag_value2
or_combos = {
(False, False, False, True): _intersection_union_invalid,
(False, True, False, False): _intersection_union_invalid,
(False, True, False, True): _intersection_union_invalid,
(False, True, True, True): _intersection_union_invalid,
(True, True, False, True): _intersection_union_invalid,
(False, False, True, False): _union_tfff_tftf_fftf,
(False, False, True, True): _union_fftt,
(True, False, False, False): _union_tfff_tftf_fftf,
(True, False, True, False): _union_tfff_tftf_fftf,
(True, False, True, True): _union_tftt,
(True, True, False, False): _union_ttff,
(True, True, True, False): _union_tttf,
(True, True, True, True): _union_tttt,
(False, False, False, False): _union_ffff,
}
try:
# Get all the Lambda functions in the region
my_functions = client.list_functions()
for item in my_functions["Functions"]:
try:
# Get all the tags for a given Lambda function
response = client.list_tags(Resource=item["FunctionArn"])
if not response.get("Tags") and (
self.filter_tags.get("tag_key1") == "<No tags applied>"
or self.filter_tags.get("tag_key2") == "<No tags applied>"
):
resource_inventory[item["FunctionArn"]] = item[
"FunctionName"
]
else:
or_combos[
(
tag_key1_state,
tag_value1_state,
tag_key2_state,
tag_value2_state,
)
](
response.get("Tags"),
item["FunctionName"],
item["FunctionArn"],
)
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if (
error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"
):
my_status.error(
message="You are not authorized to view these resources"
)
else:
my_status.error()
my_status.success(message="Resources and tags found!")
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if (
error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"] == "UnauthorizedOperation"
):
my_status.error(
message="You are not authorized to view these resources"
)
else:
my_status.error()
return resource_inventory, my_status.get_status()
def get_lambda_resources_tags(self, chosen_resources, **session_credentials):
my_status = execution_status()
# Instantiate dictionaries to hold resources & their tags
tagged_resource_inventory = dict()
self.session_credentials = dict()
self.session_credentials = session_credentials
if session_credentials.get("multi_account_role_session"):
client = session_credentials["multi_account_role_session"].client(
self.resource_type, region_name=self.region
)
else:
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials.get("AccessKeyId"),
aws_secret_access_key=self.session_credentials.get("SecretKey"),
aws_session_token=self.session_credentials.get("SessionToken"),
)
client = this_session.client(self.resource_type, region_name=self.region)
try:
if chosen_resources[0][0] != "No matching resources found":
for resource_id_name in chosen_resources:
resource_tags = dict()
sorted_resource_tags = dict()
function_arn = resource_id_name[0]
try:
# Get all the tags for a given Lambda function
response = client.list_tags(Resource=function_arn)
if response.get("Tags"):
user_applied_tags = False
for tag_key, tag_value in response["Tags"].items():
# Ignore tags applied by AWS which begin with "aws:"
if not re.search("^aws:", tag_key):
resource_tags[tag_key] = tag_value
user_applied_tags = True
if not user_applied_tags:
resource_tags[
"No user-applied tag keys found"
] = "No user-applied tag values found"
else:
resource_tags[
"No user-applied tag keys found"
] = "No user-applied tag values found"
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
resource_tags["No Tags Found"] = "No Tags Found"
if (
error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"
):
my_status.error(
message="You are not authorized to view these resources"
)
else:
my_status.error()
sorted_resource_tags = OrderedDict(sorted(resource_tags.items()))
tagged_resource_inventory[
resource_id_name[0]
] = sorted_resource_tags
my_status.success(message="Resources and tags found!")
else:
tagged_resource_inventory["No Resource Found"] = {
"No tag keys found": "No tag values found"
}
my_status.warning(message="No AWS Lambda functions found!")
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
tagged_resource_inventory["No Resource Found"] = {
"No tag keys found": "No tag values found"
}
if (
error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"] == "UnauthorizedOperation"
):
my_status.error(
message="You are not authorized to view these resources"
)
else:
my_status.error()
return tagged_resource_inventory, my_status.get_status()
def assign_tg_sc_product_template(self, tag_group_name,
sc_product_template_id,
**session_credentials):
self.my_status = execution_status()
all_sc_tag_options = dict()
tag_group_contents = dict()
this_sc_tag_option_values_ids = dict()
# Instantiate a service catalog class instance
sc_instance = service_catalog(self.region, **session_credentials)
# Get the key & values list for the requested Tag Group
tag_group = get_tag_groups(self.region, **session_credentials)
(
tag_group_contents,
tag_group_execution_status,
) = tag_group.get_tag_group_key_values(tag_group_name)
# Get the dictionary of current SC TagOptions
all_sc_tag_options, sc_tag_execution_status = sc_instance.get_sc_tag_options(
key=tag_group_contents["tag_group_key"])
# Get the TagOption ID's of all SC TagOptions that have the same key as the Tag Group parameter
# If there's a key match, remember the corresponding value to determine if any Tag Group values are missing from SC
for sc_tag_option in all_sc_tag_options["TagOptionDetails"]:
if sc_tag_option["Key"] == tag_group_contents["tag_group_key"]:
this_sc_tag_option_values_ids[
sc_tag_option["Value"]] = sc_tag_option["Id"]
# Delete Service Catalog TagOptions values that are not included in selected Tag Group
if this_sc_tag_option_values_ids:
temp_tag_option_values_ids = this_sc_tag_option_values_ids.copy()
for value, option_id in temp_tag_option_values_ids.items():
if value not in tag_group_contents["tag_group_values"]:
try:
response = self.service_catalog_client.disassociate_tag_option_from_resource(
ResourceId=sc_product_template_id,
TagOptionId=option_id)
response = self.service_catalog_client.delete_tag_option(
Id=option_id)
this_sc_tag_option_values_ids.pop(value)
self.my_status.success(
message="Service Catalog TagOption deleted!")
except botocore.exceptions.ClientError as error:
log.error('Boto3 API returned error: "%s"', error)
if (error.response["Error"]["Code"]
== "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
self.my_status.error(
message=
"You are not authorized to update these resources"
)
elif (error.response["Error"]["Code"] ==
"ResourceInUseException"):
self.my_status.warning(
message='The TagOption Key: "' +
tag_group_contents["tag_group_key"] +
'" and Value: "' + value +
'" is in use on another Product Template.')
else:
self.my_status.error()
else:
self.my_status.success()
# Create SC TagOptions for the selected Tag Group's values if value is not already an SC TagOption
for value in tag_group_contents["tag_group_values"]:
if value not in this_sc_tag_option_values_ids:
(
tag_option_id,
tag_option_id_execution_status,
) = sc_instance.create_sc_tag_option(
tag_group_contents["tag_group_key"], value)
this_sc_tag_option_values_ids[value] = tag_option_id
product_template_details = dict()
try:
product_template_details = (
self.service_catalog_client.describe_product_as_admin(
Id=sc_product_template_id))
self.my_status.success()
current_status = self.my_status.get_status()
if current_status["alert_level"] == "success":
self.my_status.success(
message="Service Catalog product template found!")
except botocore.exceptions.ClientError as error:
log.error('Boto3 API returned error: "%s"', error)
if (error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
self.my_status.error(
message="You are not authorized to view these resources")
else:
self.my_status.error()
existing_prod_template_tag_options = list()
existing_prod_template_tag_options = product_template_details.get(
"TagOptions")
existing_product_template_tag_option_ids = list()
for tag_option in existing_prod_template_tag_options:
existing_product_template_tag_option_ids.append(
tag_option.get("Id"))
# Assign Tag value in the Tag Group to the specified SC product template if not already assigned
for value, to_id in this_sc_tag_option_values_ids.items():
if to_id not in existing_product_template_tag_option_ids:
try:
sc_response = (self.service_catalog_client.
associate_tag_option_with_resource(
ResourceId=sc_product_template_id,
TagOptionId=to_id))
self.my_status.success()
current_status = self.my_status.get_status()
if current_status["alert_level"] == "success":
self.my_status.success(
message=
"New Tag Option associated with Service Catalog product!"
)
except botocore.exceptions.ClientError as error:
log.error('Boto3 API returned error: "%s"', error)
if (error.response["Error"]["Code"]
== "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
self.my_status.error(
message=
"You are not authorized to update these resources")
else:
self.my_status.error()
# Return updated dictionary of TagOption keys & values for the SC product template
product_template_details.clear()
try:
product_template_details = (
self.service_catalog_client.describe_product_as_admin(
Id=sc_product_template_id))
self.my_status.success()
current_status = self.my_status.get_status()
if current_status["alert_level"] == "success":
self.my_status.success(
message="Service Catalog product template found!")
except botocore.exceptions.ClientError as error:
log.error('Boto3 API returned error: "%s"', error)
if (error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"):
self.my_status.error(
message="You are not authorized to view these resources")
else:
self.my_status.error()
existing_prod_template_tag_options.clear()
existing_prod_template_tag_options = product_template_details[
"TagOptions"]
existing_tag_option_keys_values = defaultdict(list)
for tag_option in existing_prod_template_tag_options:
existing_tag_option_keys_values[tag_option["Key"]].append(
tag_option["Value"])
return existing_tag_option_keys_values, self.my_status.get_status()
def get_pipeline_resources_tags(self, chosen_resources,
**session_credentials):
my_status = execution_status()
# Instantiate dictionaries to hold resources & their tags
tagged_resource_inventory = dict()
self.session_credentials = dict()
self.session_credentials['AccessKeyId'] = session_credentials[
'AccessKeyId']
self.session_credentials['SecretKey'] = session_credentials[
'SecretKey']
self.session_credentials['SessionToken'] = session_credentials[
'SessionToken']
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials['AccessKeyId'],
aws_secret_access_key=self.session_credentials['SecretKey'],
aws_session_token=self.session_credentials['SessionToken'])
try:
if chosen_resources:
client = this_session.client(self.resource_type,
region_name=self.region)
for resource_id_name in chosen_resources:
resource_tags = dict()
sorted_resource_tags = dict()
pipeline_arn = resource_id_name[0]
try:
# Get all the tags for a given Code Pipeline
response = client.list_tags_for_resource(
resourceArn=pipeline_arn)
for tag in response['tags']:
if not re.search("^aws:", tag['key']):
resource_tags[tag['key']] = tag['value']
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
resource_tags["No Tags Found"] = "No Tags Found"
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message=
'You are not authorized to view these resources'
)
else:
my_status.error()
sorted_resource_tags = OrderedDict(
sorted(resource_tags.items()))
tagged_resource_inventory[
resource_id_name[0]] = sorted_resource_tags
my_status.success(message='Resources and tags found!')
else:
tagged_resource_inventory["No Resource Found"] = {
"No Tags Found": "No Tags Found"
}
my_status.warning(message='No AWS Code Pipelines found!')
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
tagged_resource_inventory["No Resource Found"] = {
"No Tags Found": "No Tags Found"
}
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message='You are not authorized to view these resources')
else:
my_status.error()
return tagged_resource_inventory, my_status.get_status()
def get_eks_clusters_keys(self, **session_credentials):
my_status = execution_status()
tag_keys_inventory = list()
self.session_credentials = dict()
self.session_credentials = session_credentials
if session_credentials.get("multi_account_role_session"):
client = session_credentials["multi_account_role_session"].client(
self.resource_type, region_name=self.region
)
else:
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials.get("AccessKeyId"),
aws_secret_access_key=self.session_credentials.get("SecretKey"),
aws_session_token=self.session_credentials.get("SessionToken"),
)
client = this_session.client(self.resource_type, region_name=self.region)
try:
# Get all the EKS clusters in the region
my_clusters = client.list_clusters()
if len(my_clusters["clusters"]) == 0:
my_status.warning(message="No Amazon EKS clusters found!")
else:
for item in my_clusters["clusters"]:
cluster_arn = client.describe_cluster(name=item)["cluster"]["arn"]
try:
# Get all the tags for a given EKS Cluster
response = client.list_tags_for_resource(
resourceArn=cluster_arn
)
if len(response.get("tags")):
# Add all tag keys to the list
for tag_key, _ in response["tags"].items():
if not re.search("^aws:", tag_key):
tag_keys_inventory.append(tag_key)
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if (
error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"]
== "UnauthorizedOperation"
):
my_status.error(
message="You are not authorized to view these resources"
)
else:
my_status.error()
return tag_keys_inventory, my_status.get_status()
# Set success if tag values found else set warning
if len(tag_keys_inventory):
my_status.success(message="Tag keys found!")
else:
my_status.warning(message="No tag keys found for this resource type.")
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if (
error.response["Error"]["Code"] == "AccessDeniedException"
or error.response["Error"]["Code"] == "UnauthorizedOperation"
):
my_status.error(
message="You are not authorized to view these resources"
)
else:
my_status.error()
return tag_keys_inventory, my_status.get_status()
# Remove duplicate tags & sort
tag_keys_inventory = list(set(tag_keys_inventory))
tag_keys_inventory.sort(key=str.lower)
return tag_keys_inventory, my_status.get_status()
def get_pipeline_tag_values(self, **session_credentials):
my_status = execution_status()
tag_values_inventory = list()
self.session_credentials = dict()
self.session_credentials['AccessKeyId'] = session_credentials[
'AccessKeyId']
self.session_credentials['SecretKey'] = session_credentials[
'SecretKey']
self.session_credentials['SessionToken'] = session_credentials[
'SessionToken']
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials['AccessKeyId'],
aws_secret_access_key=self.session_credentials['SecretKey'],
aws_session_token=self.session_credentials['SessionToken'])
try:
client = this_session.client(self.resource_type,
region_name=self.region)
# Get all the Code Pipelines in the region
my_pipelines = client.list_pipelines()
for item in my_pipelines['pipelines']:
code_pipeline_arn = client.get_pipeline(
name=item['name'])['metadata']['pipelineArn']
try:
# Get all the tags for a given Code Pipeline
response = client.list_tags_for_resource(
resourceArn=code_pipeline_arn)
try:
# Add all tag keys to the list
for tag in response['tags']():
# Exclude any AWS-applied tags which begin with "aws:"
if not re.search("^aws:",
tag['key']) and tag['value']:
tag_values_inventory.append(tag['value'])
except:
#tag_values_inventory.append("No tag values found")
tag_values_inventory.append("")
my_status.warning(
message='No tags found for this resource.')
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
#tag_values_inventory.append("No tag values found")
tag_values_inventory.append("")
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message=
'You are not authorized to view these resources')
else:
my_status.error()
my_status.success(message='Resources and tags found!')
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
#tag_values_inventory.append("No tag values found")
tag_values_inventory.append("")
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message='You are not authorized to view these resources')
else:
my_status.error()
#Remove duplicate tags & sort
tag_values_inventory = list(set(tag_values_inventory))
tag_values_inventory.sort(key=str.lower)
return tag_values_inventory, my_status.get_status()
def get_code_pipeline_ids(self, filter_tags, **session_credentials):
my_status = execution_status()
self.filter_tags = filter_tags
tag_key1_state = True if self.filter_tags.get('tag_key1') else False
tag_value1_state = True if self.filter_tags.get(
'tag_value1') else False
tag_key2_state = True if self.filter_tags.get('tag_key2') else False
tag_value2_state = True if self.filter_tags.get(
'tag_value2') else False
resource_inventory = dict()
self.session_credentials = {}
self.session_credentials['AccessKeyId'] = session_credentials[
'AccessKeyId']
self.session_credentials['SecretKey'] = session_credentials[
'SecretKey']
self.session_credentials['SessionToken'] = session_credentials[
'SessionToken']
this_session = boto3.session.Session(
aws_access_key_id=self.session_credentials['AccessKeyId'],
aws_secret_access_key=self.session_credentials['SecretKey'],
aws_session_token=self.session_credentials['SessionToken'])
def _intersection_union_invalid(tag_dict, pipeline_name, pipeline_arn):
resource_inventory['No matching resource'] = 'No matching resource'
if self.filter_tags.get('conjunction') == 'AND':
def _intersection_tfff(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get('tag_key1') in tag_dict:
resource_inventory[pipeline_arn] = pipeline_name
def _intersection_fftf(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get('tag_key2') in tag_dict:
resource_inventory[pipeline_arn] = pipeline_name
def _intersection_fftt(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get('tag_key2') in tag_dict:
if tag_dict.get(self.filter_tags.get(
'tag_key2')) == self.filter_tags.get('tag_value2'):
resource_inventory[pipeline_arn] = pipeline_name
def _intersection_ttff(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get('tag_key1') in tag_dict:
if tag_dict.get(self.filter_tags.get(
'tag_key1')) == self.filter_tags.get('tag_value1'):
resource_inventory[pipeline_arn] = pipeline_name
def _intersection_tftf(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get(
'tag_key1') in tag_dict and self.filter_tags.get(
'tag_key2') in tag_dict:
resource_inventory[pipeline_arn] = pipeline_name
def _intersection_tftt(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get(
'tag_key1') in tag_dict and self.filter_tags.get(
'tag_key2') in tag_dict:
if tag_dict.get(self.filter_tags.get(
'tag_key2')) == self.filter_tags.get('tag_value2'):
resource_inventory[pipeline_arn] = pipeline_name
def _intersection_tttf(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get(
'tag_key1') in tag_dict and self.filter_tags.get(
'tag_key2') in tag_dict:
if tag_dict.get(self.filter_tags.get(
'tag_key1')) == self.filter_tags.get('tag_value1'):
resource_inventory[pipeline_arn] = pipeline_name
def _intersection_tttt(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get(
'tag_key1') in tag_dict and self.filter_tags.get(
'tag_key2') in tag_dict:
if tag_dict.get(self.filter_tags.get(
'tag_key1')) == self.filter_tags.get('tag_value1'):
if tag_dict.get(
self.filter_tags.get('tag_key2')
) == self.filter_tags.get('tag_value2'):
resource_inventory[pipeline_arn] = pipeline_name
def _intersection_ffff(tag_dict, pipeline_name, pipeline_arn):
resource_inventory[pipeline_arn] = pipeline_name
# "AND" Truth table check for tag_key1, tag_value1, tag_key2, tag_value2
intersection_combos = {
(False, False, False, True): _intersection_union_invalid,
(False, True, False, False): _intersection_union_invalid,
(False, True, False, True): _intersection_union_invalid,
(True, False, False, True): _intersection_union_invalid,
(True, True, False, True): _intersection_union_invalid,
(False, True, True, False): _intersection_union_invalid,
(False, False, True, False): _intersection_fftf,
(False, False, True, True): _intersection_fftt,
(True, False, False, False): _intersection_tfff,
(True, True, False, False): _intersection_ttff,
(True, False, True, False): _intersection_tftf,
(True, False, True, True): _intersection_tftt,
(True, True, True, False): _intersection_tttf,
(True, True, True, True): _intersection_tttt,
(False, False, False, False): _intersection_ffff
}
try:
client = this_session.client(self.resource_type,
region_name=self.region)
# Get all the CodePipleines in the region
my_pipelines = client.list_pipelines()
for item in my_pipelines['pipelines']:
try:
code_pipeline_arn = client.get_pipeline(
name=item['name'])['metadata']['pipelineArn']
# Get all the tags for a given Code Pipeline
response = client.list_tags_for_resource(
resourceArn=code_pipeline_arn)
if response.get('tags'):
intersection_combos[(tag_key1_state,
tag_value1_state,
tag_key2_state,
tag_value2_state)](
response.get('tags'),
item['name'],
code_pipeline_arn)
elif self.filter_tags.get('tag_key1') == '<No tags applied>' or \
self.filter_tags.get('tag_key2') == '<No tags applied>':
resource_inventory[pipeline_arn] = item['name']
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message=
'You are not authorized to view these resources'
)
else:
my_status.error()
my_status.success(message='Resources and tags found!')
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message='You are not authorized to view these resources'
)
else:
my_status.error()
if self.filter_tags.get('conjunction') == 'OR':
def _union_tfff_tftf_fftf(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get(
'tag_key1') in tag_dict or self.filter_tags.get(
'tag_key2') in tag_dict:
resource_inventory[pipeline_arn] = pipeline_name
def _union_tttf(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get('tag_key1') in tag_dict:
if tag_dict[self.filter_tags.get(
'tag_key1')] == self.filter_tags.get('tag_value1'):
resource_inventory[pipeline_arn] = pipeline_name
elif self.filter_tags.get('tag_key2') in tag_dict:
resource_inventory[pipeline_arn] = pipeline_name
def _union_tftt(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get('tag_key2') in tag_dict:
if tag_dict[self.filter_tags.get(
'tag_key2')] == self.filter_tags.get('tag_value2'):
resource_inventory[pipeline_arn] = pipeline_name
elif self.filter_tags.get('tag_key1') in tag_dict:
resource_inventory[pipeline_arn] = pipeline_name
def _union_fftt(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get('tag_key2') in tag_dict:
if tag_dict[self.filter_tags.get(
'tag_key2')] == self.filter_tags.get('tag_value2'):
resource_inventory[pipeline_arn] = pipeline_name
def _union_ttff(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get('tag_key1') in tag_dict:
if tag_dict[self.filter_tags.get(
'tag_key1')] == self.filter_tags.get('tag_value1'):
resource_inventory[pipeline_arn] = pipeline_name
def _union_tttt(tag_dict, pipeline_name, pipeline_arn):
if self.filter_tags.get('tag_key1') in tag_dict:
if tag_dict[self.filter_tags.get(
'tag_key1')] == self.filter_tags.get('tag_value1'):
resource_inventory[pipeline_arn] = pipeline_name
elif self.filter_tags.get('tag_key2') in tag_dict:
if tag_dict[self.filter_tags.get(
'tag_key2')] == self.filter_tags.get('tag_value2'):
resource_inventory[pipeline_arn] = pipeline_name
def _union_ffff(tag_dict, pipeline_name, pipeline_arn):
resource_inventory[pipeline_arn] = pipeline_name
# "OR" Truth table check for tag_key1, tag_value1, tag_key2, tag_value2
or_combos = {
(False, False, False, True): _intersection_union_invalid,
(False, True, False, False): _intersection_union_invalid,
(False, True, False, True): _intersection_union_invalid,
(False, True, True, True): _intersection_union_invalid,
(True, True, False, True): _intersection_union_invalid,
(False, False, True, False): _union_tfff_tftf_fftf,
(False, False, True, True): _union_fftt,
(True, False, False, False): _union_tfff_tftf_fftf,
(True, False, True, False): _union_tfff_tftf_fftf,
(True, False, True, True): _union_tftt,
(True, True, False, False): _union_ttff,
(True, True, True, False): _union_tttf,
(True, True, True, True): _union_tttt,
(False, False, False, False): _union_ffff
}
try:
client = this_session.client(self.resource_type,
region_name=self.region)
# Get all the Code Pipelinesin the region
my_pipelines = client.list_pipelines()
for item in my_pipelines['pipelines']:
try:
code_pipeline_arn = client.get_pipeline(
name=item['name'])['metadata']['pipelineArn']
# Get all the tags for a given Code Pipeline
response = client.list_tags_for_resource(
resourceArn=code_pipeline_arn)
if response.get('tags'):
or_combos[(tag_key1_state, tag_value1_state,
tag_key2_state,
tag_value2_state)](response.get('tags'),
item['name'],
code_pipeline_arn)
elif self.filter_tags.get('tag_key1') == '<No tags applied>' or \
self.filter_tags.get('tag_key2') == '<No tags applied>':
resource_inventory[code_pipeline_arn] = item[
'name']
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message=
'You are not authorized to view these resources'
)
else:
my_status.error()
my_status.success(message='Resources and tags found!')
except botocore.exceptions.ClientError as error:
log.error("Boto3 API returned error: {}".format(error))
if error.response['Error'][
'Code'] == 'AccessDeniedException' or error.response[
'Error']['Code'] == 'UnauthorizedOperation':
my_status.error(
message='You are not authorized to view these resources'
)
else:
my_status.error()
#return resource_inventory, my_status.get_status()
return resource_inventory, my_status.get_status()