manheim_c7n_tools.runner module¶

class manheim_c7n_tools.runner.BaseStep(region_name, config)[source]¶

Bases: object

Base class representing one step in the deployment process. Subclass this for each step. It should have a name and two public methods, run and dryrun.

dryrun()[source]¶

name = None¶: The name of the step, as used on the CLI

run()[source]¶

static run_in_region(region_name, config)[source]¶

Return True if this step should run in the specified region, False if it should not.

Parameters:	region_name (str) – region name to test config (ManheimConfig) – The manheim-c7n-tools config to use for this step, already made region-specific (`config_for_region()` is called where this class is intialized in `_run_step_in_regions()`).
Returns:	whether this step should run in the specified region
Return type:	bool

class manheim_c7n_tools.runner.CustodianRunner(account_name, config_path='manheim-c7n-tools.yml')[source]¶

Bases: object

Main class to run all steps required for manheim c7n deployment.

_run_step_in_regions(action, step, regions)[source]¶

Called from run(); run a given step in all applicable / specified regions.

Parameters:	action (str) – Name of the action to do, “run” or “dryrun” step (object) – A reference to the `BaseStep` subclass to run regions (list) – list of string region names to run in

_steps_to_run(step_names, skip_steps)[source]¶

Given the step_names and skip_steps passed to run(), return the list of step classes to run (in order).

Parameters:	step_names (list) – list of step names to run skip_steps (list) – list of step names to skip
Returns:	list of step classes to run, in order
Return type:	list

_validate_account()[source]¶

Validate that we are connected to the configured account.

Raises:	RuntimeError

ordered_step_classes = [<class 'manheim_c7n_tools.runner.PolicygenStep'>, <class 'manheim_c7n_tools.runner.ValidateStep'>, <class 'manheim_c7n_tools.runner.MugcStep'>, <class 'manheim_c7n_tools.runner.CustodianStep'>, <class 'manheim_c7n_tools.runner.MailerStep'>, <class 'manheim_c7n_tools.runner.DryRunDiffStep'>, <class 'manheim_c7n_tools.runner.S3ArchiverStep'>, <class 'manheim_c7n_tools.runner.DocsBuildStep'>]¶: List of the BaseStep subclasses to run for deployment, in the order they should be run.

run(action, regions=[], step_names=[], skip_steps=[])[source]¶

Main method to run all steps. This calls _steps_to_run() to determine which step classes to run and the order to run them in, and then loops through that list calling the run() or dryrun() method on each of them, according to the action specified.

Parameters:

action (str) – Name of the action to do, “run” or “dryrun”
regions (list) – list of string region names to run in; if left empty, run in all regions listed in config file
step_names (list) – list of string step names to run; if not specified, will run all defined steps. Steps are always run in the order defined in ordered_step_classes.
skip_steps (list) – list of string step names to skip running

class manheim_c7n_tools.runner.CustodianStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Step for actual custodian run

dryrun()[source]¶

Perform a dry-run of custodian.

This replicates the command:

custodian run –region ‘${region}’ –dryrun -v -s dryrun/${region} -c custodian_${region}.yml –cache ‘/tmp/.cache/cloud-custodian.cache’

name = 'custodian'¶

run()[source]¶

Perform an actual run of cloud-custodian.

This replicates the command: custodian run –region ‘${region}’ –metrics -v -s cloud-custodian-${account_id}-${region}/logs –log-group=/cloud-custodian/${account_id}/${region} -c custodian_${region}.yml –cache ‘/tmp/.cache/cloud-custodian.cache’

class manheim_c7n_tools.runner.DocsBuildStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Builds generated documentation.

_run_sphinx_build()[source]¶

dryrun()[source]¶

name = 'docs'¶

run()[source]¶

static run_in_region(region_name, conf)[source]¶

Return True if this step should run in the specified region, False if it should not.

Parameters:	region_name (str) – region name to test config (ManheimConfig) – The manheim-c7n-tools config to use for this step, already made region-specific (`config_for_region()` is called where this class is intialized in `_run_step_in_regions()`).
Returns:	whether this step should run in the specified region
Return type:	bool

class manheim_c7n_tools.runner.DryRunDiffStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Generates the dryrun diff during dry runs.

dryrun()[source]¶

name = 'dryrun-diff'¶

run()[source]¶

static run_in_region(region_name, conf)[source]¶

Return True if this step should run in the specified region, False if it should not.

Parameters:	region_name (str) – region name to test config (ManheimConfig) – The manheim-c7n-tools config to use for this step, already made region-specific (`config_for_region()` is called where this class is intialized in `_run_step_in_regions()`).
Returns:	whether this step should run in the specified region
Return type:	bool

class manheim_c7n_tools.runner.MailerStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Step for running c7n-mailer dryrun or Lambda provision

This replicates the parts of c7n_mailer.cli that we need for our use case.

dryrun()[source]¶

mailer_config¶

Return the validated c7n-mailer config.

Returns:	c7n-mailer config

name = 'mailer'¶

run()[source]¶

static run_in_region(region_name, config)[source]¶

Return True if this step should run in the specified region, False if it should not.

Parameters:	region_name (str) – region name to test config (ManheimConfig) – The manheim-c7n-tools config to use for this step, already made region-specific (`config_for_region()` is called where this class is intialized in `_run_step_in_regions()`).
Returns:	whether this step should run in the specified region
Return type:	bool

class manheim_c7n_tools.runner.MugcStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Step to run custodian mugc.py (lambda garbage collection), based on main() in that module.

dryrun()[source]¶

name = 'mugc'¶

run()[source]¶

class manheim_c7n_tools.runner.PolicygenStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Step to run policygen to generate custodian-ready policies on disk.

_do_policygen()[source]¶

dryrun()[source]¶

name = 'policygen'¶

run()[source]¶

static run_in_region(region_name, conf)[source]¶

Return True if this step should run in the specified region, False if it should not.

Parameters:	region_name (str) – region name to test config (ManheimConfig) – The manheim-c7n-tools config to use for this step, already made region-specific (`config_for_region()` is called where this class is intialized in `_run_step_in_regions()`).
Returns:	whether this step should run in the specified region
Return type:	bool

class manheim_c7n_tools.runner.S3ArchiverStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Runs s3archiver to archive logs of deleted policies.

dryrun()[source]¶

name = 's3archiver'¶

run()[source]¶

class manheim_c7n_tools.runner.ValidateStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Step to run custodian validate on generated policies.

_do_validate()[source]¶

dryrun()[source]¶

name = 'validate'¶

run()[source]¶

manheim_c7n_tools.runner.main()[source]¶: main command-line entrypoint; calls parse_args, sets up logging, and either lists steps or instantiates a CustodianRunner and calls run().

manheim_c7n_tools.runner.parse_args(argv)[source]¶: Parse command-line arguments with ArgumentParser.