manheim_c7n_tools.dryrun_diff module¶

class manheim_c7n_tools.dryrun_diff.DryRunDiffer(config)[source]¶

Bases: object

RESOURCE_TYPE_KEY = 'resource_type'¶

UNKNOWN_RESOURCE_ID = 'unknown_id'¶

UNKNOWN_RESOURCE_TYPE = 'unknown_type'¶

_extract_data_from_s3_obj(obj)[source]¶: Extracts a JSON payload from an S3 object.

_find_changed_policies(git_dir=None, diff_against='master')[source]¶

Returns:	list of policy names that differ from master
Return type:	list

_get_dryrun_results(pol_names)[source]¶

Read the resources.json files from disk for the dryrun/ directory. Return a dictionary of string policy name to nested dictionaries, of string region name to resources.

Returns:	dictionary of nested dictionaries, policy name to dict of region name to resource
Return type:	dict

_get_latest_res_for_policy(bucket, pol_name, get_res_type)[source]¶

Given the S3 Bucket and a policy name, find the newest resources.json file for that policy and annotate it with it’s respective type from the metadata.json file.

Parameters:	bucket (`boto3.S3.Bucket`) – the bucket to look in pol_name (str) – the name of the policy
Returns:	resource from latest run of the policy
Return type:	obj

_get_resource_id(resource, policy)[source]¶: Obtain the id for a given policy from a dict of resources. :param resource: the dict of resources :param policy: the name of the policy :return: the resource_id the policy affects :rtype: string

_get_s3_policy_prefixes(bucket)[source]¶

Find all of the per-policy prefixes (a.k.a. “directories”) in the S3 bucket. Return a list of them

Parameters:	bucket (`boto3.S3.Bucket`) – the S3 bucket to list policies in
Returns:	list of per-policy prefixes in S3 bucket
Return type:	list

_get_s3_results_for_region(region_name, changed_pols)[source]¶: Find the results files in S3 from the last live run of the deployed policies. Reads each file and maps resources to self._live_results accordingly.

_make_diff_markdown(dryrun)[source]¶

Return GitHub-flavored Markdown showing the difference between the dryrun (this branch) and the last run of each policy on master.

Parameters:	dryrun (dict) – dryrun policy resource counts
Returns:	markdown diff
Return type:	str

_make_diff_report(dryrun)[source]¶

Return a HTML report breaking down the differences between the dryrun (this branch) and the last run of each policy on master.

Requires a jinja template located at ./reporting-template/report.j2 within the same directory where the dryrun-diff step has been run.

Parameters:	dryrun (dict) – dryrun policy resource information
Returns:	html report
Return type:	str

_read_dryrun_files(directory, pol, region, res)[source]¶: Read the directory for dryrun files, and attaches each resource to the supplied result dict via their policy-name and region. :param directory: the path where the dryrun files are located :param pol: the name of the policy :param region: the name of the region :param res: the dict that will be mutated with the resources found. :return: a dict of resources :rtype: dict

run(git_dir=None, diff_against='master')[source]¶

manheim_c7n_tools.dryrun_diff.main()[source]¶

manheim_c7n_tools.dryrun_diff.parse_args(argv)[source]¶