def load_providers(provider_types):
global LOADED
# Even though we're lazy loading resources we still need to import
# those that are making available generic filters/actions
if should_load_provider('aws', provider_types):
import c7n.resources.securityhub
import c7n.resources.sfn
import c7n.resources.ssm # NOQA
if should_load_provider('azure', provider_types):
from c7n_azure.entry import initialize_azure
initialize_azure()
if should_load_provider('gcp', provider_types):
from c7n_gcp.entry import initialize_gcp
initialize_gcp()
if should_load_provider('k8s', provider_types):
from c7n_kube.entry import initialize_kube
initialize_kube()
if should_load_provider('openstack', provider_types):
from c7n_openstack.entry import initialize_openstack
initialize_openstack()
if should_load_provider('c7n', provider_types):
from c7n import data # noqa
LOADED.update(provider_types)
@staticmethod
def has_yaml_ext(filename):
return filename.lower().endswith(('.yml', '.yaml'))
@staticmethod
@click.command(help="Periodically run a set of policies from an Azure storage container "
"against a single subscription. The host will update itself with new "
"policies and event subscriptions as they are added.")
@click.option("--storage-id", "-q", envvar=ENV_CONTAINER_STORAGE_RESOURCE_ID, required=True,
help="The resource id of the storage account to create the event queue in")
@click.option("--queue-name", "-n", envvar=ENV_CONTAINER_QUEUE_NAME,
help="The name of the event queue to create")
@click.option("--policy-uri", "-p", envvar=ENV_CONTAINER_POLICY_URI, required=True,
help="The URI to the Azure storage container that holds the policies")
@click.option("--log-group", "-l", envvar=ENV_CONTAINER_OPTION_LOG_GROUP,
help="Location to send policy logs")
@click.option("--metrics", "-m", envvar=ENV_CONTAINER_OPTION_METRICS,
help="The resource name or instrumentation key for uploading metrics")
@click.option("--output-dir", "-d", envvar=ENV_CONTAINER_OPTION_OUTPUT_DIR,
help="The directory for policy output")
def cli(**kwargs):
Host(**kwargs)
if __name__ == "__main__":
# handle CLI commands
Host.cli()
# Need to manually initialize c7n_azure
entry.initialize_azure()
import azure.functions as func
from azure.functions_worker.bindings.queue import QueueMessage
except ImportError:
pass
max_dequeue_count = 3
def main(input):
logging.info("Running Azure Cloud Custodian Policy")
context = {
'config_file': join(dirname(__file__), 'config.json'),
'auth_file': join(dirname(__file__), 'auth.json')
}
event = None
subscription_id = None
if type(input) is QueueMessage:
if input.dequeue_count > max_dequeue_count:
return
event = input.get_json()
subscription_id = ResourceIdParser.get_subscription_id(event['subject'])
handler.run(event, context, subscription_id)
# Need to manually initialize c7n_azure
entry.initialize_azure()
# flake8: noqa
def load_resources():
global LOADED
if LOADED:
return
import c7n.resources.account
import c7n.resources.acm
import c7n.resources.ami
import c7n.resources.apigw
import c7n.resources.appelb
import c7n.resources.asg
import c7n.resources.awslambda
import c7n.resources.backup
import c7n.resources.batch
import c7n.resources.cfn
import c7n.resources.cloudfront
import c7n.resources.cloudsearch
import c7n.resources.cloudtrail
import c7n.resources.code
import c7n.resources.cognito
import c7n.resources.config
import c7n.resources.cw
import c7n.resources.directory
import c7n.resources.directconnect
import c7n.resources.dlm
import c7n.resources.dms
import c7n.resources.dynamodb
import c7n.resources.datapipeline
import c7n.resources.ebs
import c7n.resources.ec2
import c7n.resources.ecr
import c7n.resources.ecs
import c7n.resources.efs
import c7n.resources.elasticache
import c7n.resources.elasticbeanstalk
import c7n.resources.elasticsearch
import c7n.resources.elb
import c7n.resources.eks
import c7n.resources.emr
import c7n.resources.gamelift
import c7n.resources.glacier
import c7n.resources.glue
import c7n.resources.health
import c7n.resources.hsm
import c7n.resources.iam
import c7n.resources.iot
import c7n.resources.kafka
import c7n.resources.kinesis
import c7n.resources.kms
import c7n.resources.lightsail
import c7n.resources.ml
import c7n.resources.mq
import c7n.resources.opsworks
import c7n.resources.rds
import c7n.resources.rdsparamgroup
import c7n.resources.rdscluster
import c7n.resources.redshift
import c7n.resources.route53
import c7n.resources.s3
import c7n.resources.sagemaker
import c7n.resources.secretsmanager
import c7n.resources.sfn
import c7n.resources.shield
import c7n.resources.simpledb
import c7n.resources.snowball
import c7n.resources.sns
import c7n.resources.storagegw
import c7n.resources.sqs
import c7n.resources.ssm
import c7n.resources.support
import c7n.resources.vpc
import c7n.resources.waf
import c7n.resources.fsx
import c7n.resources.workspaces # NOQA
# Load external plugins (private sdks etc)
#
# We default to loading known cloud providers
# to avoid the runtime costs in serverless
# environments of scanning the entire python
# path for entry points.
from c7n.manager import resources
if 'C7N_EXTPLUGINS' in os.environ:
resources.load_plugins()
else:
try:
from c7n_azure.entry import initialize_azure
initialize_azure()
except ImportError:
pass
try:
from c7n_gcp.entry import initialize_gcp
initialize_gcp()
except ImportError:
pass
try:
from c7n_kube.entry import initialize_kube
initialize_kube()
except ImportError:
pass
resources.notify(resources.EVENT_FINAL)
LOADED = True
