manheim_c7n_tools.dryrun_diff module¶

class manheim_c7n_tools.dryrun_diff.DryRunDiffer(config)[source]¶

Bases: object

RESOURCE_TYPE_KEY = 'resource_type'¶

UNKNOWN_RESOURCE_ID = 'unknown_id'¶

UNKNOWN_RESOURCE_TYPE = 'unknown_type'¶

_extract_data_from_s3_obj(obj)[source]¶: Extracts a JSON payload from an S3 object.

_get_dryrun_results()[source]¶

Read the resources.json files from disk for the dryrun/ directory. Return a dictionary of string policy name to nested dictionaries, of string region name to resources.

Returns: dictionary of nested dictionaries, policy name to dict of region name to resource
Return type: dict

_get_latest_res_for_policy(bucket, pol_name, get_res_type)[source]¶

Given the S3 Bucket and a policy name, find the newest resources.json file for that policy and annotate it with it’s respective type from the metadata.json file.

Parameters

bucket (boto3.S3.Bucket) – the bucket to look in
pol_name (str) – the name of the policy

Returns

resource from latest run of the policy

Return type

obj

_get_resource_id(resource, policy)[source]¶: Obtain the id for a given policy from a dict of resources. :param resource: the dict of resources :param policy: the name of the policy :return: the resource_id the policy affects :rtype: string

_get_s3_policy_prefixes(bucket)[source]¶

Find all of the per-policy prefixes (a.k.a. “directories”) in the S3 bucket. Return a list of them

Parameters: bucket (boto3.S3.Bucket) – the S3 bucket to list policies in
Returns: list of per-policy prefixes in S3 bucket
Return type: list

_get_s3_results_for_region(region_name)[source]¶: Find the results files in S3 from the last live run of the deployed policies. Reads each file and maps resources to self._live_results accordingly.

_make_diff_markdown(dryrun)[source]¶

Return GitHub-flavored Markdown showing the difference between the dryrun (this branch) and the last run of each policy on master.

Parameters: dryrun (dict) – dryrun policy resource counts
Returns: markdown diff
Return type: str

_make_diff_report(dryrun)[source]¶

Return a HTML report breaking down the differences between the dryrun (this branch) and the last run of each policy on master.

Requires a jinja template located at ./reporting-template/report.j2 within the same directory where the dryrun-diff step has been run.

Parameters: dryrun (dict) – dryrun policy resource information
Returns: html report
Return type: str

_read_dryrun_files(directory, pol, region, res)[source]¶: Read the directory for dryrun files, and attaches each resource to the supplied result dict via their policy-name and region. :param directory: the path where the dryrun files are located :param pol: the name of the policy :param region: the name of the region :param res: the dict that will be mutated with the resources found. :return: a dict of resources :rtype: dict

run(git_dir=None, diff_against='master')[source]¶

manheim_c7n_tools.dryrun_diff.main()[source]¶

manheim_c7n_tools.dryrun_diff.parse_args(argv)[source]¶