manheim_c7n_tools.runner module¶

class manheim_c7n_tools.runner.BaseStep(region_name, config)[source]¶

Bases: object

Base class representing one step in the deployment process. Subclass this for each step. It should have a name and two public methods, run and dryrun.

abstract dryrun()[source]¶

name = None¶: The name of the step, as used on the CLI

abstract run()[source]¶

static run_in_region(region_name, config)[source]¶

Return True if this step should run in the specified region, False if it should not.

Parameters

region_name (str) – region name to test
config (ManheimConfig) – The manheim-c7n-tools config to use for this step, already made region-specific (config_for_region() is called where this class is intialized in _run_step_in_regions()).

Returns

whether this step should run in the specified region

Return type

bool

class manheim_c7n_tools.runner.CustodianRunner(account_name, config_path='manheim-c7n-tools.yml')[source]¶

Bases: object

Main class to run all steps required for manheim c7n deployment.

_run_step_in_regions(action, step, regions)[source]¶

Called from run(); run a given step in all applicable / specified regions.

Parameters

action (str) – Name of the action to do, “run” or “dryrun”
step (object) – A reference to the BaseStep subclass to run
regions (list) – list of string region names to run in

_steps_to_run(step_names, skip_steps)[source]¶

Given the step_names and skip_steps passed to run(), return the list of step classes to run (in order).

Parameters

step_names (list) – list of step names to run
skip_steps (list) – list of step names to skip

Returns

list of step classes to run, in order

Return type

list

_validate_account()[source]¶

Validate that we are connected to the configured account.

Raises: RuntimeError

ordered_step_classes = [<class 'manheim_c7n_tools.runner.PolicygenStep'>, <class 'manheim_c7n_tools.runner.ValidateStep'>, <class 'manheim_c7n_tools.runner.MugcStep'>, <class 'manheim_c7n_tools.runner.CustodianStep'>, <class 'manheim_c7n_tools.runner.MailerStep'>, <class 'manheim_c7n_tools.runner.DryRunDiffStep'>, <class 'manheim_c7n_tools.runner.S3ArchiverStep'>, <class 'manheim_c7n_tools.runner.DocsBuildStep'>]¶: List of the BaseStep subclasses to run for deployment, in the order they should be run.

run(action, regions=[], step_names=[], skip_steps=[])[source]¶

Main method to run all steps. This calls _steps_to_run() to determine which step classes to run and the order to run them in, and then loops through that list calling the run() or dryrun() method on each of them, according to the action specified.

Parameters

action (str) – Name of the action to do, “run” or “dryrun”
regions (list) – list of string region names to run in; if left empty, run in all regions listed in config file
step_names (list) – list of string step names to run; if not specified, will run all defined steps. Steps are always run in the order defined in ordered_step_classes.
skip_steps (list) – list of string step names to skip running

class manheim_c7n_tools.runner.CustodianStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Step for actual custodian run

dryrun()[source]¶

Perform a dry-run of custodian.

This replicates the command:

custodian run –region ‘${region}’ –dryrun -v -s dryrun/${region} -c custodian_${region}.yml –cache ‘/tmp/.cache/cloud-custodian.cache’

name = 'custodian'¶: The name of the step, as used on the CLI

run()[source]¶

Perform an actual run of cloud-custodian.

This replicates the command: custodian run –region ‘${region}’ –metrics -v -s cloud-custodian-${account_id}-${region}/logs –log-group=/cloud-custodian/${account_id}/${region} -c custodian_${region}.yml –cache ‘/tmp/.cache/cloud-custodian.cache’

class manheim_c7n_tools.runner.DocsBuildStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Builds generated documentation.

_run_sphinx_build()[source]¶

dryrun()[source]¶

name = 'docs'¶: The name of the step, as used on the CLI

run()[source]¶

static run_in_region(region_name, conf)[source]¶

Return True if this step should run in the specified region, False if it should not.

Parameters

region_name (str) – region name to test
config (ManheimConfig) – The manheim-c7n-tools config to use for this step, already made region-specific (config_for_region() is called where this class is intialized in _run_step_in_regions()).

Returns

whether this step should run in the specified region

Return type

bool

class manheim_c7n_tools.runner.DryRunDiffStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Generates the dryrun diff during dry runs.

dryrun()[source]¶

name = 'dryrun-diff'¶: The name of the step, as used on the CLI

run()[source]¶

static run_in_region(region_name, conf)[source]¶

Return True if this step should run in the specified region, False if it should not.

Parameters

region_name (str) – region name to test
config (ManheimConfig) – The manheim-c7n-tools config to use for this step, already made region-specific (config_for_region() is called where this class is intialized in _run_step_in_regions()).

Returns

whether this step should run in the specified region

Return type

bool

class manheim_c7n_tools.runner.MailerStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Step for running c7n-mailer dryrun or Lambda provision

This replicates the parts of c7n_mailer.cli that we need for our use case.

dryrun()[source]¶

property mailer_config¶

Return the validated c7n-mailer config.

Returns: c7n-mailer config

name = 'mailer'¶: The name of the step, as used on the CLI

run()[source]¶

static run_in_region(region_name, config)[source]¶

Return True if this step should run in the specified region, False if it should not.

Parameters

region_name (str) – region name to test
config (ManheimConfig) – The manheim-c7n-tools config to use for this step, already made region-specific (config_for_region() is called where this class is intialized in _run_step_in_regions()).

Returns

whether this step should run in the specified region

Return type

bool

class manheim_c7n_tools.runner.MugcStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Step to run custodian mugc.py (lambda garbage collection), based on main() in that module.

dryrun()[source]¶

name = 'mugc'¶: The name of the step, as used on the CLI

run()[source]¶

class manheim_c7n_tools.runner.PolicygenStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Step to run policygen to generate custodian-ready policies on disk.

_do_policygen()[source]¶

dryrun()[source]¶

name = 'policygen'¶: The name of the step, as used on the CLI

run()[source]¶

static run_in_region(region_name, conf)[source]¶

Return True if this step should run in the specified region, False if it should not.

Parameters

region_name (str) – region name to test
config (ManheimConfig) – The manheim-c7n-tools config to use for this step, already made region-specific (config_for_region() is called where this class is intialized in _run_step_in_regions()).

Returns

whether this step should run in the specified region

Return type

bool

class manheim_c7n_tools.runner.S3ArchiverStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Runs s3archiver to archive logs of deleted policies.

dryrun()[source]¶

name = 's3archiver'¶: The name of the step, as used on the CLI

run()[source]¶

class manheim_c7n_tools.runner.ValidateStep(region_name, config)[source]¶

Bases: manheim_c7n_tools.runner.BaseStep

Step to run custodian validate on generated policies.

_do_validate()[source]¶

dryrun()[source]¶

name = 'validate'¶: The name of the step, as used on the CLI

run()[source]¶

manheim_c7n_tools.runner.main()[source]¶: main command-line entrypoint; calls parse_args, sets up logging, and either lists steps or instantiates a CustodianRunner and calls run().

manheim_c7n_tools.runner.parse_args(argv)[source]¶: Parse command-line arguments with ArgumentParser.