def test_schema_multi_expand(self): test_schema = { 'schema1': { '$ref': '#/definitions/filters_common/value_from' }, 'schema2': { '$ref': '#/definitions/filters_common/value_from' } } expected = yaml_dump({ 'schema1': { 'type': 'object', 'additionalProperties': 'False', 'required': ['url'], 'properties': { 'url': { 'type': 'string' }, 'format': { 'enum': ['csv', 'json', 'txt', 'csv2dict'] }, 'expr': { 'oneOf': [{ 'type': 'integer' }, { 'type': 'string' }] } } }, 'schema2': { 'type': 'object', 'additionalProperties': 'False', 'required': ['url'], 'properties': { 'url': { 'type': 'string' }, 'format': { 'enum': ['csv', 'json', 'txt', 'csv2dict'] }, 'expr': { 'oneOf': [{ 'type': 'integer' }, { 'type': 'string' }] } } } }) result = yaml_dump( _expand_schema(test_schema, generate()['definitions'])) self.assertEquals(result, expected)
def main(role, ou, assume, profile, output, regions, active): """Generate a c7n-org accounts config file using AWS Organizations With c7n-org you can then run policies or arbitrary scripts across accounts. """ session = get_session(assume, 'c7n-org', profile) client = session.client('organizations') accounts = [] for path in ou: ou = get_ou_from_path(client, path) accounts.extend(get_accounts_for_ou(client, ou, active)) results = [] for a in accounts: tags = [] path_parts = a['Path'].strip('/').split('/') for idx, _ in enumerate(path_parts): tags.append("path:/%s" % "/".join(path_parts[:idx + 1])) ainfo = { 'account_id': a['Id'], 'email': a['Email'], 'name': a['Name'], 'tags': tags, 'role': role.format(**a) } if regions: ainfo['regions'] = list(regions) results.append(ainfo) print(yaml_dump({'accounts': results}), file=output)
def _print_cls_schema(cls): # Print docstring docstring = _schema_get_docstring(cls) print("\nHelp\n----\n") if docstring: print(docstring) else: # Shouldn't ever hit this, so exclude from cover print("No help is available for this item.") # pragma: no cover # Print schema print("\nSchema\n------\n") if hasattr(cls, 'schema'): definitions = generate()['definitions'] component_schema = dict(cls.schema) component_schema = _expand_schema(component_schema, definitions) component_schema.pop('additionalProperties', None) component_schema.pop('type', None) print(yaml_dump(component_schema)) else: # Shouldn't ever hit this, so exclude from cover print("No schema is available for this item.", file=sys.sterr) # pragma: no cover print('') return
def main(role, name, ou, assume, profile, output, regions, active, ignore): """Generate a c7n-org accounts config file using AWS Organizations With c7n-org you can then run policies or arbitrary scripts across accounts. """ logging.basicConfig(level=logging.INFO) stats, session = get_session(assume, 'c7n-org', profile) client = session.client('organizations') accounts = [] for path in ou: ou = get_ou_from_path(client, path) accounts.extend( get_accounts_for_ou(client, ou, active, ignoredAccounts=ignore)) results = [] for a in accounts: tags = [] path_parts = a['Path'].strip('/').split('/') for idx, _ in enumerate(path_parts): tags.append("path:/%s" % "/".join(path_parts[:idx + 1])) for k, v in a.get('Tags', {}).items(): tags.append("{}:{}".format(k, v)) a['OrgId'] = a['Arn'].split('/')[1] if not role.startswith('arn'): arn_role = "arn:aws:iam::{}:role/{}".format(a['Id'], role) else: arn_role = role.format(**a) ainfo = { 'account_id': a['Id'], 'email': a['Email'], 'display_name': a['Name'], 'name': a['Name'], 'org_id': a['OrgId'], 'tags': tags, 'role': arn_role } ainfo['name'] = name.format(**ainfo) if regions: ainfo['regions'] = list(regions) if 'Tags' in a and a['Tags']: ainfo['vars'] = a['Tags'] results.append(ainfo) # log.info('api calls {}'.format(stats.get_metadata())) print(yaml_dump({'accounts': results}), file=output)
def main(output): """ Generate a c7n-org subscriptions config file """ client = SubscriptionClient(Session().get_credentials()) subs = [sub.serialize(True) for sub in client.subscriptions.list()] results = [] for sub in subs: sub_info = { 'subscription_id': sub['subscriptionId'], 'name': sub['displayName'] } results.append(sub_info) print(yaml_dump({'subscriptions': results}), file=output)
def main(role, ou, assume, profile, output, regions, active, ignore): """Generate a c7n-org accounts config file using AWS Organizations With c7n-org you can then run policies or arbitrary scripts across accounts. """ session = get_session(assume, 'c7n-org', profile) client = session.client('organizations') accounts = [] for path in ou: ou = get_ou_from_path(client, path) accounts.extend( get_accounts_for_ou(client, ou, active, ignoredAccounts=ignore)) results = [] for a in accounts: tags = [] path_parts = a['Path'].strip('/').split('/') for idx, _ in enumerate(path_parts): tags.append("path:/%s" % "/".join(path_parts[:idx + 1])) for tag in list_tags_for_account(client, a['Id']): tags.append("{}:{}".format(tag.get('Key'), tag.get('Value'))) if not role.startswith('arn'): arn_role = "arn:aws:iam::{}:role/{}".format(a['Id'], role) else: arn_role = role.format(**a) ainfo = { 'account_id': a['Id'], 'email': a['Email'], 'name': a['Name'], 'tags': tags, 'role': arn_role } if regions: ainfo['regions'] = list(regions) results.append(ainfo) print(yaml_dump({'accounts': results}), file=output)
def _print_cls_schema(cls): # Print docstring docstring = ElementSchema.doc(cls) print("\nHelp\n----\n") if docstring: print(docstring) else: # Shouldn't ever hit this, so exclude from cover print("No help is available for this item.") # pragma: no cover # Print schema print("\nSchema\n------\n") if hasattr(cls, 'schema'): definitions = generate()['definitions'] component_schema = ElementSchema.schema(definitions, cls) print(yaml_dump(component_schema)) else: # Shouldn't ever hit this, so exclude from cover print("No schema is available for this item.", file=sys.sterr) # pragma: no cover print('') return
def schema_cmd(options): """ Print info about the resources, actions and filters available. """ from c7n import schema if options.json: schema.json_dump(options.resource) return if options.summary: load_available() resource_mapping = schema.resource_vocabulary() schema.pprint_schema_summary(resource_mapping) return # Here are the formats for what we accept: # - No argument # - List all available RESOURCES # - PROVIDER # - List all available RESOURCES for supplied PROVIDER # - RESOURCE # - List all available actions and filters for supplied RESOURCE # - MODE # - List all available MODES # - RESOURCE.actions # - List all available actions for supplied RESOURCE # - RESOURCE.actions.ACTION # - Show class doc string and schema for supplied action # - RESOURCE.filters # - List all available filters for supplied RESOURCE # - RESOURCE.filters.FILTER # - Show class doc string and schema for supplied filter if not options.resource: load_available(resources=False) resource_list = {'resources': sorted(itertools.chain( *[clouds[p].resource_map.keys() for p in PROVIDER_NAMES]))} print(yaml_dump(resource_list)) return # Format is [PROVIDER].RESOURCE.CATEGORY.ITEM # optional provider defaults to aws for compatibility components = options.resource.lower().split('.') if len(components) == 1 and components[0] in PROVIDER_NAMES: load_providers((components[0])) resource_list = {'resources': sorted( clouds[components[0]].resource_map.keys())} print(yaml_dump(resource_list)) return if components[0] in PROVIDER_NAMES: cloud_provider = components.pop(0) components[0] = '%s.%s' % (cloud_provider, components[0]) load_resources((components[0],)) resource_mapping = schema.resource_vocabulary( cloud_provider) elif components[0] == 'mode': load_available(resources=False) resource_mapping = schema.resource_vocabulary() else: # compatibility, aws is default for provider components[0] = 'aws.%s' % components[0] load_resources((components[0],)) resource_mapping = schema.resource_vocabulary('aws') # # Handle mode # if components[0] == "mode": if len(components) == 1: output = {components[0]: list(resource_mapping[components[0]].keys())} print(yaml_dump(output)) return if len(components) == 2: if components[1] not in resource_mapping[components[0]]: log.error('{} is not a valid mode'.format(components[1])) sys.exit(1) _print_cls_schema(resource_mapping[components[0]][components[1]]) return # We received too much (e.g. mode.actions.foo) log.error("Invalid selector '{}'. Valid options are 'mode' " "or 'mode.TYPE'".format(options.resource)) sys.exit(1) # # Handle resource # resource = components[0] if resource not in resource_mapping: log.error('{} is not a valid resource'.format(resource)) sys.exit(1) if len(components) == 1: docstring = ElementSchema.doc( resource_mapping[resource]['classes']['resource']) del(resource_mapping[resource]['classes']) if docstring: print("\nHelp\n----\n") print(docstring + '\n') output = {resource: resource_mapping[resource]} print(yaml_dump(output)) return # # Handle category # category = components[1] if category not in ('actions', 'filters'): log.error("Valid choices are 'actions' and 'filters'. You supplied '{}'".format(category)) sys.exit(1) if len(components) == 2: output = "No {} available for resource {}.".format(category, resource) if category in resource_mapping[resource]: output = {resource: { category: resource_mapping[resource][category]}} print(yaml_dump(output)) return # # Handle item # item = components[2] if item not in resource_mapping[resource][category]: log.error('{} is not in the {} list for resource {}'.format(item, category, resource)) sys.exit(1) if len(components) == 3: cls = resource_mapping[resource]['classes'][category][item] _print_cls_schema(cls) return # We received too much (e.g. s3.actions.foo.bar) log.error("Invalid selector '{}'. Max of 3 components in the " "format RESOURCE.CATEGORY.ITEM".format(options.resource)) sys.exit(1)