How to use the repokid.LOGGER function in repokid
To help you get started, we’ve selected a few repokid examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
Netflix / repokid / repokid / filters / blocklist / __init__.py View on Github 
def get_blocklist_from_bucket(bucket_config):
try:
s3_resource = boto3_cached_conn('s3', service_type='resource',
account_number=bucket_config.get('account_number'),
assume_role=bucket_config.get('assume_role', None),
session_name='repokid',
region=bucket_config.get('region', 'us-west-2'))
s3_obj = s3_resource.Object(bucket_name=bucket_config['bucket_name'], key=bucket_config['key'])
blocklist = s3_obj.get()['Body'].read().decode("utf-8")
blocklist_json = json.loads(blocklist)
# Blocklist problems are really bad and we should quit rather than silently continue
except (botocore.exceptions.ClientError, AttributeError):
LOGGER.error("S3 blocklist config was set but unable to connect retrieve object, quitting")
sys.exit(1)
except ValueError:
LOGGER.error("S3 blocklist config was set but the returned file is bad, quitting")
sys.exit(1)
if set(blocklist_json.keys()) != set(['arns', 'names']):
LOGGER.error("S3 blocklist file is malformed, quitting")
sys.exit(1)
return blocklist_jsonif account_number:
payload = {'phrase': '{}'.format(account_number)}
elif arn:
payload = {'arn': [arn]}
else:
return
while True:
params = {'count': PAGE_SIZE, 'page': page_num}
try:
r_aardvark = requests.post(aardvark_api_location, params=params, json=payload)
except requests.exceptions.RequestException as e:
LOGGER.error('Unable to get Aardvark data: {}'.format(e))
sys.exit(1)
else:
if(r_aardvark.status_code != 200):
LOGGER.error('Unable to get Aardvark data')
sys.exit(1)
response_data.update(r_aardvark.json())
# don't want these in our Aardvark data
response_data.pop('count')
response_data.pop('page')
response_data.pop('total')
if PAGE_SIZE * page_num < r_aardvark.json().get('total'):
page_num += 1
else:
break
return response_datapage_num = 1
if account_number:
payload = {"phrase": "{}".format(account_number)}
elif arn:
payload = {"arn": [arn]}
else:
return
while True:
params = {"count": PAGE_SIZE, "page": page_num}
try:
r_aardvark = requests.post(
aardvark_api_location, params=params, json=payload
)
except requests.exceptions.RequestException as e:
LOGGER.error("Unable to get Aardvark data: {}".format(e))
sys.exit(1)
else:
if r_aardvark.status_code != 200:
LOGGER.error("Unable to get Aardvark data")
sys.exit(1)
response_data.update(r_aardvark.json())
# don't want these in our Aardvark data
response_data.pop("count")
response_data.pop("page")
response_data.pop("total")
if PAGE_SIZE * page_num < r_aardvark.json().get("total"):
page_num += 1
else:
break
return response_datastored_role = get_role_data(
dynamo_table, role.role_id, fields=["OptOut", "Policies", "Tags"]
)
if not stored_role:
role_dict = store_initial_role_data(
dynamo_table,
role.arn,
role.create_date,
role.role_id,
role.role_name,
account_number,
current_policy,
role.tags,
)
role.set_attributes(role_dict)
LOGGER.info("Added new role ({}): {}".format(role.role_id, role.arn))
else:
# is the policy list the same as the last we had?
old_policy = stored_role["Policies"][-1]["Policy"]
if current_policy != old_policy:
add_new_policy_version(dynamo_table, role, current_policy, source)
LOGGER.info(
"{} has different inline policies than last time, adding to role store".format(
role.arn
)
)
newly_added_permissions = find_newly_added_permissions(
old_policy, current_policy
)
else:
newly_added_permissions = set()deleted_policy_names, repoed_policies, role.role_name, account_number
)
return
conn = config["connection_iam"]
conn["account_number"] = account_number
for name in deleted_policy_names:
error = _delete_policy(name, role, account_number, conn)
if error:
LOGGER.error(error)
if repoed_policies:
error = _replace_policies(repoed_policies, role, account_number, conn)
if error:
LOGGER.error(error)
current_policies = get_role_inline_policies(role.as_dict(), **conn) or {}
roledata.add_new_policy_version(dynamo_table, role, current_policies, "Repo")
set_role_data(
dynamo_table, role.role_id, {"Repoed": datetime.datetime.utcnow().isoformat()}
)
_update_repoed_description(role.role_name, **conn)
_update_role_data(
role,
dynamo_table,
account_number,
config,
conn,
hooks,
source="ManualPermissionRepo",def apply(self, input_list):
now = datetime.datetime.now(tzlocal())
try:
days_delta = self.config["minimum_age"]
except KeyError:
LOGGER.info("Minimum age not set in config, using default 90 days")
days_delta = 90
ago = datetime.timedelta(days=days_delta)
too_young = []
for role in input_list:
if role.create_date > now - ago:
LOGGER.info(
"Role {name} created too recently to cleanup. ({date})".format(
name=role.role_name, date=role.create_date
)
)
too_young.append(role)
return too_youngdef apply(self, input_list):
now = datetime.datetime.now(tzlocal())
try:
days_delta = self.config["minimum_age"]
except KeyError:
LOGGER.info("Minimum age not set in config, using default 90 days")
days_delta = 90
ago = datetime.timedelta(days=days_delta)
too_young = []
for role in input_list:
if role.create_date > now - ago:
LOGGER.info(
"Role {name} created too recently to cleanup. ({date})".format(
name=role.role_name, date=role.create_date
)
)
too_young.append(role)
return too_youngrepokid
AWS Least Privilege for Distributed, High-Velocity Deployment
Package Health Score
51 / 100Popular repokid functions
- repokid.hooks
- repokid.hooks.call_hooks
- repokid.LOGGER
- repokid.LOGGER.debug
- repokid.LOGGER.error
- repokid.LOGGER.info
- repokid.LOGGER.warn
- repokid.LOGGER.warning
- repokid.role.Role
- repokid.role.Roles
- repokid.utils.dynamo.find_role_in_cache
- repokid.utils.dynamo.get_role_data
- repokid.utils.dynamo.role_ids_for_account
- repokid.utils.dynamo.set_role_data
- repokid.utils.roledata
- repokid.utils.roledata._calculate_repo_scores
- repokid.utils.roledata._get_repoed_policy
- repokid.utils.roledata._get_role_permissions
- repokid.utils.roledata.update_role_data
- repokid.utils.roledata.update_stats