def main():
dynamo_table = dynamo.dynamo_get_or_create_table(**CONFIG["dynamo_db"])
message_schema = MessageSchema()
connection = {
"assume_role": CONFIG["dispatcher"].get("assume_role", None),
"session_name": CONFIG["dispatcher"].get("session_name", "Repokid"),
"region": CONFIG["dispatcher"].get("region", "us-west-2"),
}
while True:
message = receive_message(**connection)
if not message or "Messages" not in message:
continue
with message_context(message, connection) as msg:
if not msg:
continue
parsed_msg = message_schema.load(msg)
command_data = parsed_msg.data
if parsed_msg.errors:
failure_message = get_failure_message(
channel=command_data.get("respond_channel", None),
message="Malformed message: {}".format(parsed_msg.errors),
)
send_message(failure_message, **connection)
continue
try:
return_val = RESPONDER_FUNCTIONS[command_data.command](
dynamo_table, command_data
)
except KeyError:
failure_message = get_failure_message(
channel=command_data.respond_channel,
message="Unknown function {}".format(command_data.command),
)
send_message(failure_message, **connection)
continue
send_message(
{
"message": "@{} {}".format(
command_data.respond_user, return_val.return_message
),
"channel": command_data.respond_channel,
"title": "Repokid Success"
if return_val.successful
else "Repokid Failure",
},
**connection
)
def main():
dynamo_table = dynamo.dynamo_get_or_create_table(**CONFIG['dynamo_db'])
message_schema = MessageSchema()
connection = {
'assume_role': CONFIG['dispatcher'].get('assume_role', None),
'session_name': CONFIG['dispatcher'].get('session_name', 'Repokid'),
'region': CONFIG['dispatcher'].get('region', 'us-west-2')
}
while True:
message = receive_message(**connection)
if not message or 'Messages' not in message:
continue
with message_context(message, connection) as msg:
if not msg:
continue
parsed_msg = message_schema.load(msg)
command_data = parsed_msg.data
if parsed_msg.errors:
failure_message = get_failure_message(
channel=command_data.get('respond_channel', None),
message='Malformed message: {}'.format(parsed_msg.errors))
send_message(failure_message, **connection)
continue
try:
return_val = RESPONDER_FUNCTIONS[command_data.command](
dynamo_table, command_data)
except KeyError:
failure_message = get_failure_message(
channel=command_data.respond_channel,
message='Unknown function {}'.format(command_data.command))
send_message(failure_message, **connection)
continue
send_message(
{
'message':
'@{} {}'.format(command_data.respond_user,
return_val.return_message),
'channel':
command_data.respond_channel,
'title':
'Repokid Success'
if return_val.successful else 'Repokid Failure'
}, **connection)
def main():
args = docopt(__doc__, version=f"Repokid {__version__}")
if args.get("config"):
config_filename = args.get("<config_filename>")
_generate_default_config(filename=config_filename)
sys.exit(0)
account_number = args.get("<account_number>")
if not CONFIG:
config = _generate_default_config()
else:
config = CONFIG
LOGGER.debug("Repokid cli called with args {}".format(args))
hooks = get_hooks(config.get("hooks", ["repokid.hooks.loggers"]))
dynamo_table = dynamo_get_or_create_table(**config["dynamo_db"])
if args.get("update_role_cache"):
return _update_role_cache(account_number, dynamo_table, config, hooks)
if args.get("display_role_cache"):
inactive = args.get("--inactive")
return _display_roles(account_number, dynamo_table, inactive=inactive)
if args.get("find_roles_with_permissions"):
permissions = args.get("<permission>")
output_file = args.get("--output")
return _find_roles_with_permissions(permissions, dynamo_table,
output_file)
if args.get("remove_permissions_from_roles"):
permissions = args.get("<permission>")
role_filename = args.get("--role-file")
commit = args.get("--commit")
return _remove_permissions_from_roles(permissions,
role_filename,
dynamo_table,
config,
hooks,
commit=commit)
if args.get("display_role"):
role_name = args.get("<role_name>")
return _display_role(account_number, role_name, dynamo_table, config,
hooks)
if args.get("repo_role"):
role_name = args.get("<role_name>")
commit = args.get("--commit")
return _repo_role(account_number,
role_name,
dynamo_table,
config,
hooks,
commit=commit)
if args.get("rollback_role"):
role_name = args.get("<role_name>")
commit = args.get("--commit")
selection = args.get("--selection")
return _rollback_role(
account_number,
role_name,
dynamo_table,
config,
hooks,
selection=selection,
commit=commit,
)
if args.get("repo_all_roles"):
LOGGER.info("Updating role data")
_update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info("Repoing all roles")
commit = args.get("--commit")
return _repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=commit,
scheduled=False)
if args.get("schedule_repo"):
LOGGER.info("Updating role data")
_update_role_cache(account_number, dynamo_table, config, hooks)
return _schedule_repo(account_number, dynamo_table, config, hooks)
if args.get("show_scheduled_roles"):
LOGGER.info("Showing scheduled roles")
return _show_scheduled_roles(account_number, dynamo_table)
if args.get("cancel_scheduled_repo"):
role_name = args.get("--role")
is_all = args.get("--all")
if not is_all:
LOGGER.info(
"Cancelling scheduled repo for role: {} in account {}".format(
role_name, account_number))
else:
LOGGER.info(
"Cancelling scheduled repo for all roles in account {}".format(
account_number))
return _cancel_scheduled_repo(account_number,
dynamo_table,
role_name=role_name,
is_all=is_all)
if args.get("repo_scheduled_roles"):
_update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info("Repoing scheduled roles")
commit = args.get("--commit")
return _repo_all_roles(account_number,
dynamo_table,
config,
hooks,
commit=commit,
scheduled=True)
if args.get("repo_stats"):
output_file = args.get("<output_filename>")
account_number = args.get("--account")
return _repo_stats(output_file,
dynamo_table,
account_number=account_number)
def main():
args = docopt(__doc__, version='Repokid {version}'.format(version=__version__))
if args.get('config'):
config_filename = args.get('<config_filename>')
_generate_default_config(filename=config_filename)
sys.exit(0)
account_number = args.get('<account_number>')
if not CONFIG:
config = _generate_default_config()
else:
config = CONFIG
LOGGER.debug('Repokid cli called with args {}'.format(args))
hooks = _get_hooks(config.get('hooks', ['repokid.hooks.loggers']))
dynamo_table = dynamo_get_or_create_table(**config['dynamo_db'])
if args.get('update_role_cache'):
return update_role_cache(account_number, dynamo_table, config, hooks)
if args.get('display_role_cache'):
inactive = args.get('--inactive')
return display_roles(account_number, dynamo_table, inactive=inactive)
if args.get('find_roles_with_permission'):
return find_roles_with_permission(args.get('<permission>'), dynamo_table)
if args.get('display_role'):
role_name = args.get('<role_name>')
return display_role(account_number, role_name, dynamo_table, config, hooks)
if args.get('repo_role'):
role_name = args.get('<role_name>')
commit = args.get('--commit')
return repo_role(account_number, role_name, dynamo_table, config, hooks, commit=commit)
if args.get('rollback_role'):
role_name = args.get('<role_name>')
commit = args.get('--commit')
selection = args.get('--selection')
return rollback_role(account_number, role_name, dynamo_table, config, hooks, selection=selection, commit=commit)
if args.get('repo_all_roles'):
LOGGER.info('Updating role data')
update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info('Repoing all roles')
commit = args.get('--commit')
return repo_all_roles(account_number, dynamo_table, config, hooks, commit=commit, scheduled=False)
if args.get('schedule_repo'):
LOGGER.info('Updating role data')
update_role_cache(account_number, dynamo_table, config, hooks)
return schedule_repo(account_number, dynamo_table, config, hooks)
if args.get('show_scheduled_roles'):
LOGGER.info('Showing scheduled roles')
return show_scheduled_roles(account_number, dynamo_table)
if args.get('cancel_scheduled_repo'):
role_name = args.get('--role')
is_all = args.get('--all')
if not is_all:
LOGGER.info('Cancelling scheduled repo for role: {} in account {}'.format(role_name, account_number))
else:
LOGGER.info('Cancelling scheduled repo for all roles in account {}'.format(account_number))
return cancel_scheduled_repo(account_number, dynamo_table, role_name=role_name, is_all=is_all)
if args.get('repo_scheduled_roles'):
update_role_cache(account_number, dynamo_table, config, hooks)
LOGGER.info('Repoing scheduled roles')
commit = args.get('--commit')
return repo_all_roles(account_number, dynamo_table, config, hooks, commit=commit, scheduled=True)
if args.get('repo_stats'):
output_file = args.get('<output_filename>')
account_number = args.get('--account')
return repo_stats(output_file, dynamo_table, account_number=account_number)
from repokid.commands.role import (
_display_role,
_display_roles,
_find_roles_with_permissions,
_remove_permissions_from_roles,
)
from repokid.commands.role_cache import _update_role_cache
from repokid.commands.schedule import (
_cancel_scheduled_repo,
_schedule_repo,
_show_scheduled_roles,
)
from repokid.utils.dynamo import dynamo_get_or_create_table
hooks = get_hooks(CONFIG.get("hooks", ["repokid.hooks.loggers"]))
dynamo_table = dynamo_get_or_create_table(**CONFIG["dynamo_db"])
def update_role_cache(account_number: str):
"""
Library wrapper to update data about all roles in a given account.
Ref: :func:`~repokid.commands.role_cache._update_role_cache`
Args:
account_number (string): The current account number Repokid is being run against
Returns:
None
"""
return _update_role_cache(account_number, dynamo_table, CONFIG, hooks)
def main():
args = docopt(__doc__,
version='Repokid {version}'.format(version=__version__))
if args.get('config'):
config_filename = args.get('<config_filename>')
_generate_default_config(filename=config_filename)
sys.exit(0)
account_number = args.get('<account_number>')
if not CONFIG:
config = _generate_default_config()
else:
config = CONFIG
dynamo_table = dynamo_get_or_create_table(**config['dynamo_db'])
if args.get('update_role_cache'):
return update_role_cache(account_number, dynamo_table, config)
if args.get('display_role_cache'):
inactive = args.get('--inactive')
return display_roles(account_number, dynamo_table, inactive=inactive)
if args.get('find_roles_with_permission'):
return find_roles_with_permission(args.get('<permission>'),
dynamo_table)
if args.get('display_role'):
role_name = args.get('<role_name>')
return display_role(account_number, role_name, dynamo_table, config)
if args.get('schedule_repo'):
return schedule_repo(account_number, dynamo_table, config)
if args.get('repo_role'):
role_name = args.get('<role_name>')
commit = args.get('--commit')
return repo_role(account_number,
role_name,
dynamo_table,
config,
commit=commit)
if args.get('rollback_role'):
role_name = args.get('<role_name>')
commit = args.get('--commit')
selection = args.get('--selection')
return rollback_role(account_number,
role_name,
dynamo_table,
config,
selection=selection,
commit=commit)
if args.get('repo_all_roles'):
commit = args.get('--commit')
return repo_all_roles(account_number,
dynamo_table,
config,
commit=commit,
scheduled=False)
if args.get('repo_scheduled_roles'):
commit = args.get('--commit')
return repo_all_roles(account_number,
dynamo_table,
config,
commit=commit,
scheduled=True)
if args.get('repo_stats'):
output_file = args.get('<output_filename>')
account_number = args.get('--account')
return repo_stats(output_file,
dynamo_table,
account_number=account_number)