def display_role_cache(account_number: str, inactive: bool = False):
"""
Library wrapper to display a table with data about all roles in an account and write a csv file with the data.
Ref: :func:`~repokid.commands.role_cache._display_roles`
Args:
account_number (string): The current account number Repokid is being run against
inactive (bool): show roles that have historically (but not currently) existed in the account if True
Returns:
None
"""
return _display_roles(account_number, dynamo_table, inactive=inactive)
def main():
args = docopt(__doc__, version=f"Repokid {__version__}")
if args.get("config"):
config_filename = args.get("<config_filename>")
_generate_default_config(filename=config_filename)
sys.exit(0)
account_number = args.get("<account_number>")
if not CONFIG:
config = _generate_default_config()
else:
config = CONFIG
LOGGER.debug("Repokid cli called with args {}".format(args))
hooks = get_hooks(config.get("hooks", ["repokid.hooks.loggers"]))
dynamo_table = dynamo_get_or_create_table(**config["dynamo_db"])
if args.get("update_role_cache"):
return _update_role_cache(account_number, dynamo_table, config, hooks)
if args.get("display_role_cache"):
inactive = args.get("--inactive")
return _display_roles(account_number, dynamo_table, inactive=inactive)
if args.get("find_roles_with_permissions"):
permissions = args.get("<permission>")
output_file = args.get("--output")
return _find_roles_with_permissions(permissions, dynamo_table,
output_file)
if args.get("remove_permissions_from_roles"):
permissions = args.get("<permission>")
role_filename = args.get("--role-file")
commit = args.get("--commit")
return _remove_permissions_from_roles(permissions,
role_filename,
dynamo_table,
config,
hooks,
commit=commit)
if args.get("display_role"):
role_name = args.get("<role_name>")
return _display_role(account_number, role_name, dynamo_table, config,
hooks)
if args.get("repo_role"):
role_name = args.get("<role_name>")
commit = args.get("--commit")
return _repo_role(account_number,
role_name,
dynamo_table,
config,
hooks,
commit=commit)
if args.get("rollback_role"):
role_name = args.get("<role_name>")
commit = args.get("--commit")
selection = args.get("--selection")
return _rollback_role(
account_number,
role_name,
dynamo_table,
config,
hooks,
selection=selection,
commit=commit,
)
if args.get("repo_all_roles"):
LOGGER.info("Updating role data")
_update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info("Repoing all roles")
commit = args.get("--commit")
return _repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=commit,
scheduled=False)
if args.get("schedule_repo"):
LOGGER.info("Updating role data")
_update_role_cache(account_number, dynamo_table, config, hooks)
return _schedule_repo(account_number, dynamo_table, config, hooks)
if args.get("show_scheduled_roles"):
LOGGER.info("Showing scheduled roles")
return _show_scheduled_roles(account_number, dynamo_table)
if args.get("cancel_scheduled_repo"):
role_name = args.get("--role")
is_all = args.get("--all")
if not is_all:
LOGGER.info(
"Cancelling scheduled repo for role: {} in account {}".format(
role_name, account_number))
else:
LOGGER.info(
"Cancelling scheduled repo for all roles in account {}".format(
account_number))
return _cancel_scheduled_repo(account_number,
dynamo_table,
role_name=role_name,
is_all=is_all)
if args.get("repo_scheduled_roles"):
_update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info("Repoing scheduled roles")
commit = args.get("--commit")
return _repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=commit,
scheduled=True)
if args.get("repo_stats"):
output_file = args.get("<output_filename>")
account_number = args.get("--account")
return _repo_stats(output_file,
dynamo_table,
account_number=account_number)
def display_role_cache(ctx: click.Context, account_number: str, inactive: bool) -> None:
_display_roles(account_number, inactive=inactive)