def update_stats(dynamo_table, roles, source='Scan'):
"""
Create a new stats entry for each role in a set of roles and add it to Dynamo
Args:
roles (Roles): a list of all the role objects to update data for
source (string): the source of the new stats data (repo, scan, etc)
Returns:
None
"""
for role in roles:
new_stats = {
'Date': datetime.datetime.utcnow().isoformat(),
'DisqualifiedBy': role.disqualified_by,
'PermissionsCount': role.total_permissions,
'RepoablePermissionsCount': role.repoable_permissions,
'Source': source
}
try:
cur_stats = role.stats[-1]
except IndexError:
cur_stats = {
'DisqualifiedBy': [],
'PermissionsCount': 0,
'RepoablePermissionsCount': 0
}
for item in [
'DisqualifiedBy', 'PermissionsCount',
'RepoablePermissionsCount'
]:
if new_stats.get(item) != cur_stats.get(item):
add_to_end_of_list(dynamo_table, role.role_id, 'Stats',
new_stats)
def update_stats(dynamo_table, roles, source="Scan"):
"""
Create a new stats entry for each role in a set of roles and add it to Dynamo
Args:
roles (Roles): a list of all the role objects to update data for
source (string): the source of the new stats data (repo, scan, etc)
Returns:
None
"""
for role in roles:
new_stats = {
"Date": datetime.datetime.utcnow().isoformat(),
"DisqualifiedBy": role.disqualified_by,
"PermissionsCount": role.total_permissions,
"RepoablePermissionsCount": role.repoable_permissions,
"Source": source,
}
try:
cur_stats = role.stats[-1]
except IndexError:
cur_stats = {
"DisqualifiedBy": [],
"PermissionsCount": 0,
"RepoablePermissionsCount": 0,
}
for item in [
"DisqualifiedBy", "PermissionsCount",
"RepoablePermissionsCount"
]:
if new_stats.get(item) != cur_stats.get(item):
add_to_end_of_list(dynamo_table, role.role_id, "Stats",
new_stats)
def add_new_managed_policy_version(dynamo_table, role, current_managed_policy,
update_source):
"""
Create a new entry in the history of policy versions in Dynamo. The entry contains the source of the new policy:
(scan, repo, or restore) the current time, and the current policy contents. Updates the role's policies with the
full policies including the latest.
Args:
role (Role)
current_managed_policy (dict)
update_source (string): ['Repo', 'Scan', 'Restore']
Returns:
None
"""
policy_entry = {
"Source": update_source,
"Discovered": datetime.datetime.utcnow().isoformat(),
"Policy": current_managed_policy,
}
add_to_end_of_list(dynamo_table, role.role_id, "ManagedPolicies",
policy_entry)
role.managed_policies = get_role_data(dynamo_table,
role.role_id,
fields=["ManagedPolicies"
])["ManagedPolicies"]
def update_stats(dynamo_table, roles, source='Scan'):
"""
Create a new stats entry for each role in a set of roles and add it to Dynamo
Args:
roles (Roles): a list of all the role objects to update data for
source (string): the source of the new stats data (repo, scan, etc)
Returns:
None
"""
for role in roles:
new_stats = {
'Date': datetime.datetime.utcnow().isoformat(),
'DisqualifiedBy': role.disqualified_by,
'PermissionsCount': role.total_permissions,
'Source': source
}
cur_stats = get_role_data(dynamo_table, role.role_id,
fields=['Stats'])['Stats'][-1]
for item in ['DisqualifiedBy', 'PermissionsCount']:
if new_stats[item] != cur_stats[item]:
add_to_end_of_list(dynamo_table, role.role_id, 'Stats',
new_stats)
