def main():
"""main command-line entrypoint; calls parse_args, sets up logging, and
either lists steps or instantiates a CustodianRunner and calls run()."""
args = parse_args(sys.argv[1:])
# set logging level
if args.verbose > 1:
set_log_debug(logger)
elif args.verbose == 1:
set_log_info(logger)
if args.ACTION == 'list':
for x in CustodianRunner.ordered_step_classes:
print(x.name)
raise SystemExit(0)
if args.ACTION == 'accounts':
accts = ManheimConfig.list_accounts(args.config)
for acctname in sorted(accts.keys()):
print("%s (%s)" % (acctname, accts[acctname]))
raise SystemExit(0)
cr = CustodianRunner(args.ACCT_NAME, args.config)
if args.assume_role:
assume_role(cr.config)
cr.run(
args.ACTION, args.regions, step_names=args.steps, skip_steps=args.skip
)
def test_no_role_arn(self):
m_sts = Mock()
m_sts.assume_role.return_value = {
'Credentials': {
'AccessKeyId': 'AKID',
'SecretAccessKey': 'SKey',
'SessionToken': 'SToken',
'Expiration': datetime(2018, 10, 8, 12, 13, 14)
},
'AssumedRoleUser': {
'AssumedRoleId': 'ARid',
'Arn': 'UserARN'
},
'PackedPolicySize': 123
}
m_sess = Mock()
m_sess.client.return_value = m_sts
with patch('%s.logger' % pbm, autospec=True) as mock_logger:
with patch.dict(os.environ, {}, clear=True):
with patch('%s.boto3.session.Session' % pbm) as mock_boto:
mock_boto.return_value = m_sess
assume_role(self.m_conf)
assert os.environ == {}
assert mock_boto.mock_calls == []
assert mock_logger.mock_calls == [
call.debug('No assume_role configuration; not assuming a role.')
]
def test_success_all_options(self):
m_sts = Mock()
m_sts.assume_role.return_value = {
'Credentials': {
'AccessKeyId': 'AKID',
'SecretAccessKey': 'SKey',
'SessionToken': 'SToken',
'Expiration': datetime(2018, 10, 8, 12, 13, 14)
},
'AssumedRoleUser': {
'AssumedRoleId': 'ARid',
'Arn': 'UserARN'
},
'PackedPolicySize': 123
}
m_sess = Mock()
m_sess.client.return_value = m_sts
type(self.m_conf).assume_role = PropertyMock(return_value={
'role_arn': 'assumeRoleArn',
'external_id': 'eID',
'duration_seconds': '1234'
})
with patch('%s.logger' % pbm, autospec=True) as mock_logger:
with patch.dict(os.environ, {}, clear=True):
with patch('%s.boto3.session.Session' % pbm) as mock_boto:
mock_boto.return_value = m_sess
assume_role(self.m_conf)
assert os.environ == {
'AWS_ACCESS_KEY_ID': 'AKID',
'AWS_SECRET_ACCESS_KEY': 'SKey',
'AWS_SESSION_TOKEN': 'SToken'
}
expected_args = {
'RoleArn': 'assumeRoleArn',
'RoleSessionName': 'manheim-c7n-tools_aName',
'ExternalId': 'eID',
'DurationSeconds': 1234
}
assert mock_boto.mock_calls == [
call(region_name='us-east-1'),
call().client('sts'),
call().client().assume_role(**expected_args)
]
assert mock_logger.mock_calls == [
call.info(
'Calling sts:AssumeRole via boto3 with arguments: %s',
expected_args
),
call.info(
'Exported AssumeRole credentials; AccessKeyId %s expires at '
'%s; AssumedRoleUser ARN: %s', 'AKID',
datetime(2018, 10, 8, 12, 13, 14), 'UserARN'
)
]
def main():
args = parse_args(sys.argv[1:])
# set logging level
if args.verbose > 1:
set_log_debug(logger)
elif args.verbose == 1:
set_log_info(logger)
conf = ManheimConfig.from_file(args.config, args.ACCOUNT_NAME)
if args.assume_role:
assume_role(conf)
CustodianErrorReporter(conf, args.REGION_NAME).run()
