def main(): # Check Python version. version = '%d.%d' % (sys.version_info.major, sys.version_info.minor) if version != '2.7': print( 'brkt-cli requires Python 2.7. Version', version, 'is not supported.', file=sys.stderr ) return 1 parser = argparse.ArgumentParser() parser.add_argument( '-v', '--verbose', dest='verbose', action='store_true', help='Print status information to the console' ) parser.add_argument( '--version', action='version', version='brkt-cli version %s' % VERSION ) subparsers = parser.add_subparsers() encrypt_ami_parser = subparsers.add_parser('encrypt-ami') encrypt_ami_args.setup_encrypt_ami_args(encrypt_ami_parser) update_encrypted_ami_parser = \ subparsers.add_parser('update-encrypted-ami') update_encrypted_ami_args.setup_update_encrypted_ami( update_encrypted_ami_parser) argv = sys.argv[1:] values = parser.parse_args(argv) # Initialize logging. Log messages are written to stderr and are # prefixed with a compact timestamp, so that the user knows how long # each operation took. if values.verbose: log_level = logging.DEBUG else: # Boto logs auth errors and 401s at ERROR level by default. boto.log.setLevel(logging.FATAL) log_level = logging.INFO # Set the log level of our modules explicitly. We can't set the # default log level to INFO because we would see INFO messages from # boto and other 3rd party libraries in the command output. logging.basicConfig(format='%(asctime)s %(message)s', datefmt='%H:%M:%S') global log log = logging.getLogger(__name__) log.setLevel(log_level) aws_service.log.setLevel(log_level) encryptor_service.log.setLevel(log_level) if argv[0] == 'encrypt-ami': return command_encrypt_ami(values, log) if argv[0] == 'update-encrypted-ami': return command_update_encrypted_ami(values, log)
def main(): parser = argparse.ArgumentParser() parser.add_argument( '-v', '--verbose', dest='verbose', action='store_true', help='Print status information to the console' ) parser.add_argument( '--version', action='version', version='brkt-cli version %s' % VERSION ) subparsers = parser.add_subparsers() encrypt_ami_parser = subparsers.add_parser('encrypt-ami') encrypt_ami_args.setup_encrypt_ami_args(encrypt_ami_parser) argv = sys.argv[1:] values = parser.parse_args(argv) region = values.region # Initialize logging. Log messages are written to stderr and are # prefixed with a compact timestamp, so that the user knows how long # each operation took. if values.verbose: log_level = logging.DEBUG else: # Boto logs auth errors and 401s at ERROR level by default. boto.log.setLevel(logging.FATAL) log_level = logging.INFO # Set the log level of our modules explicitly. We can't set the # default log level to INFO because we would see INFO messages from # boto and other 3rd party libraries in the command output. logging.basicConfig(format='%(asctime)s %(message)s', datefmt='%H:%M:%S') global log log = logging.getLogger(__name__) log.setLevel(log_level) aws_service.log.setLevel(log_level) encryptor_service.log.setLevel(log_level) if values.encrypted_ami_name: try: aws_service.validate_image_name(values.encrypted_ami_name) except aws_service.ImageNameError as e: print(e.message, file=sys.stderr) return 1 # Validate the region. regions = [str(r.name) for r in boto.vpc.regions()] if region not in regions: print( 'Invalid region %s. Must be one of %s.' % (region, str(regions)), file=sys.stderr ) return 1 encryptor_ami = values.encryptor_ami if not encryptor_ami: try: encryptor_ami = encrypt_ami.get_encryptor_ami(region) except: log.exception('Failed to get encryptor AMI.') return 1 session_id = util.make_nonce() default_tags = encrypt_ami.get_default_tags(session_id, encryptor_ami) try: # Connect to AWS. aws_svc = aws_service.AWSService( session_id, encryptor_ami, default_tags=default_tags) aws_svc.connect(region, key_name=values.key_name) except NoAuthHandlerFound: msg = ( 'Unable to connect to AWS. Are your AWS_ACCESS_KEY_ID and ' 'AWS_SECRET_ACCESS_KEY environment variables set?' ) if values.verbose: log.exception(msg) else: log.error(msg) return 1 try: if values.key_name: # Validate the key pair name. aws_svc.get_key_pair(values.key_name) if not values.no_validate_ami: error = aws_svc.validate_guest_ami(values.ami) if error: print(error, file=sys.stderr) return 1 error = aws_svc.validate_encryptor_ami(encryptor_ami) if error: print(error, file=sys.stderr) return 1 log.info('Starting encryptor session %s', aws_svc.session_id) encrypted_image_id = encrypt_ami.encrypt( aws_svc=aws_svc, enc_svc_cls=encryptor_service.EncryptorService, image_id=values.ami, encryptor_ami=encryptor_ami, encrypted_ami_name=values.encrypted_ami_name ) # Print the AMI ID to stdout, in case the caller wants to process # the output. Log messages go to stderr. print(encrypted_image_id) return 0 except EC2ResponseError as e: if e.error_code == 'AuthFailure': msg = 'Check your AWS login credentials and permissions' if values.verbose: log.exception(msg) else: log.error(msg + ': ' + e.error_message) elif e.error_code == 'InvalidKeyPair.NotFound': if values.verbose: log.exception(e.error_message) else: log.error(e.error_message) elif e.error_code == 'UnauthorizedOperation': if values.verbose: log.exception(e.error_message) else: log.error(e.error_message) log.error( 'Unauthorized operation. Check the IAM policy for your ' 'AWS account.' ) else: raise except util.BracketError as e: if values.verbose: log.exception(e.message) else: log.error(e.message) except KeyboardInterrupt: if values.verbose: log.exception('Interrupted by user') else: log.error('Interrupted by user') return 1
def main(): # Check Python version. version = '%d.%d' % (sys.version_info.major, sys.version_info.minor) if version != '2.7': print( 'brkt-cli requires Python 2.7. Version', version, 'is not supported.', file=sys.stderr ) return 1 parser = argparse.ArgumentParser() parser.add_argument( '-v', '--verbose', dest='verbose', action='store_true', help='Print status information to the console' ) parser.add_argument( '--version', action='version', version='brkt-cli version %s' % VERSION ) subparsers = parser.add_subparsers(dest='subparser_name') encrypt_ami_parser = subparsers.add_parser('encrypt-ami') encrypt_ami_args.setup_encrypt_ami_args(encrypt_ami_parser) update_encrypted_ami_parser = \ subparsers.add_parser('update-encrypted-ami') update_encrypted_ami_args.setup_update_encrypted_ami( update_encrypted_ami_parser) argv = sys.argv[1:] values = parser.parse_args(argv) # Initialize logging. Log messages are written to stderr and are # prefixed with a compact timestamp, so that the user knows how long # each operation took. if values.verbose: log_level = logging.DEBUG else: # Boto logs auth errors and 401s at ERROR level by default. boto.log.setLevel(logging.FATAL) log_level = logging.INFO # Set the log level of our modules explicitly. We can't set the # default log level to INFO because we would see INFO messages from # boto and other 3rd party libraries in the command output. logging.basicConfig(format='%(asctime)s %(message)s', datefmt='%H:%M:%S') global log log = logging.getLogger(__name__) log.setLevel(log_level) aws_service.log.setLevel(log_level) encryptor_service.log.setLevel(log_level) if values.validate_ami: print( 'The --validate-ami option has been replaced with --no-validate. ' 'It will be removed in a future release.', file=sys.stderr ) values.validate = True if values.no_validate_ami: print( 'The --validate-ami option has been replaced with --no-validate. ' 'It will be removed in a future release.', file=sys.stderr ) values.validate = False try: if values.subparser_name == 'encrypt-ami': return command_encrypt_ami(values, log) if values.subparser_name == 'update-encrypted-ami': return command_update_encrypted_ami(values, log) except ValidationError as e: print(e, file=sys.stderr) except NoAuthHandlerFound: msg = ( 'Unable to connect to AWS. Are your AWS_ACCESS_KEY_ID and ' 'AWS_SECRET_ACCESS_KEY environment variables set?' ) if values.verbose: log.exception(msg) else: log.error(msg) except EC2ResponseError as e: if e.error_code == 'AuthFailure': msg = 'Check your AWS login credentials and permissions' if values.verbose: log.exception(msg) else: log.error(msg + ': ' + e.error_message) elif e.error_code in ( 'InvalidKeyPair.NotFound', 'InvalidSubnetID.NotFound', 'InvalidGroup.NotFound'): if values.verbose: log.exception(e.error_message) else: log.error(e.error_message) elif e.error_code == 'UnauthorizedOperation': if values.verbose: log.exception(e.error_message) else: log.error(e.error_message) log.error( 'Unauthorized operation. Check the IAM policy for your ' 'AWS account.' ) else: raise except util.BracketError as e: if values.verbose: log.exception(e.message) else: log.error(e.message) except KeyboardInterrupt: if values.verbose: log.exception('Interrupted by user') else: log.error('Interrupted by user') return 1