How to use the c7n.manager.resources.register function in c7n
To help you get started, we’ve selected a few c7n examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
cloud-custodian / cloud-custodian / c7n / resources / ebs.py View on Github 
if not cross_region or len(snapshot_set) < 5:
continue
copy_ids = [r['c7n:CopiedSnapshot'] for r in snapshot_set]
self.log.debug(
"Waiting on cross-region snapshot copy %s", ",".join(copy_ids))
waiter = client.get_waiter('snapshot_completed')
waiter.config.delay = 60
waiter.config.max_attempts = 60
waiter.wait(SnapshotIds=copy_ids)
self.log.debug(
"Cross region copy complete %s", ",".join(copy_ids))
@resources.register('ebs')
class EBS(QueryResourceManager):
class resource_type(TypeInfo):
service = 'ec2'
arn_type = 'volume'
enum_spec = ('describe_volumes', 'Volumes', None)
name = id = 'VolumeId'
filter_name = 'VolumeIds'
filter_type = 'list'
date = 'createTime'
dimension = 'VolumeId'
metrics_namespace = 'AWS/EBS'
config_type = "AWS::EC2::Volume"
default_report_fields = (
'VolumeId',
'Attachments[0].InstanceId',from botocore.exceptions import ClientError
from c7n.actions import BaseAction
from c7n.filters import FilterRegistry
from c7n.manager import resources
from c7n.query import QueryResourceManager, TypeInfo
from c7n.utils import chunks, local_session, get_retry, type_schema
from c7n.tags import RemoveTag, Tag, TagActionFilter, TagDelayedAction
filters = FilterRegistry('datapipeline.filters')
filters.register('marked-for-op', TagActionFilter)
@resources.register('datapipeline')
class DataPipeline(QueryResourceManager):
retry = staticmethod(get_retry(('Throttled',)))
filter_registry = filters
class resource_type(TypeInfo):
service = 'datapipeline'
arn_type = 'dataPipeline'
id = 'id'
name = 'name'
dimension = 'name'
batch_detail_spec = (
'describe_pipelines', 'pipelineIds', 'id', 'pipelineDescriptionList', None)
enum_spec = ('list_pipelines', 'pipelineIdList', None)from botocore.exceptions import ClientError
from c7n.actions import ActionRegistry, BaseAction
from c7n.filters import FilterRegistry
from c7n.manager import resources
from c7n.query import QueryResourceManager, TypeInfo
from c7n.utils import (type_schema, local_session, chunks)
log = logging.getLogger('custodian.rds-param-group')
pg_filters = FilterRegistry('rds-param-group.filters')
pg_actions = ActionRegistry('rds-param-group.actions')
@resources.register('rds-param-group')
class RDSParamGroup(QueryResourceManager):
"""Resource manager for RDS parameter groups.
"""
class resource_type(TypeInfo):
service = 'rds'
arn_type = 'pg'
enum_spec = ('describe_db_parameter_groups', 'DBParameterGroups', None)
name = id = 'DBParameterGroupName'
dimension = 'DBParameterGroupName'
filter_registry = pg_filters
action_registry = pg_actionsreturn results
class PolicyQueryParser(QueryParser):
QuerySchema = {
'Scope': ('All', 'AWS', 'Local'),
'PolicyUsageFilter': ('PermissionsPolicy', 'PermissionsBoundary'),
'PathPrefix': six.string_types,
'OnlyAttached': bool
}
multi_value = False
value_key = 'Value'
@resources.register('iam-profile')
class InstanceProfile(QueryResourceManager):
class resource_type(TypeInfo):
service = 'iam'
arn_type = 'instance-profile'
enum_spec = ('list_instance_profiles', 'InstanceProfiles', None)
id = 'InstanceProfileId'
name = 'InstanceProfileId'
date = 'CreateDate'
# Denotes this resource type exists across regions
global_resource = True
arn = 'Arn'
@resources.register('iam-certificate')
class ServerCertificate(QueryResourceManager):@Role.action_registry.register('remove-tag')
class RoleRemoveTag(RemoveTag):
"""Remove tags from an iam role."""
permissions = ('iam:UntagRole',)
def process_resource_set(self, client, roles, tags):
for role in roles:
try:
self.manager.retry(
client.untag_role, RoleName=role['RoleName'], TagKeys=tags)
except client.exceptions.NoSuchEntityException:
continue
@resources.register('iam-user')
class User(QueryResourceManager):
class resource_type(TypeInfo):
service = 'iam'
arn_type = 'user'
detail_spec = ('get_user', 'UserName', 'UserName', 'User')
enum_spec = ('list_users', 'Users', None)
id = name = 'UserName'
date = 'CreateDate'
config_type = "AWS::IAM::User"
# Denotes this resource type exists across regions
global_resource = True
arn = 'Arn'
def get_source(self, source_type):
if source_type == 'describe':class InstanceProfile(QueryResourceManager):
class resource_type(object):
service = 'iam'
type = 'instance-profile'
enum_spec = ('list_instance_profiles', 'InstanceProfiles', None)
id = 'InstanceProfileId'
filter_name = None
name = 'InstanceProfileId'
date = 'CreateDate'
dimension = None
# Denotes this resource type exists across regions
global_resource = True
@resources.register('iam-certificate')
class ServerCertificate(QueryResourceManager):
class resource_type(object):
service = 'iam'
type = 'server-certificate'
enum_spec = ('list_server_certificates',
'ServerCertificateMetadataList',
None)
id = 'ServerCertificateId'
filter_name = None
name = 'ServerCertificateName'
date = 'Expiration'
dimension = None
# Denotes this resource type exists across regions
global_resource = Truedef process(self, resources):
group_name = self.data['group']
state = self.data['state']
client = local_session(self.manager.session_factory).client('iam')
op_map = {
'add': client.add_user_to_group,
'remove': client.remove_user_from_group
}
for r in resources:
try:
op_map[state](GroupName=group_name, UserName=r['UserName'])
except client.exceptions.NoSuchEntityException:
continue
@resources.register('iam-policy')
class Policy(QueryResourceManager):
class resource_type(TypeInfo):
service = 'iam'
arn_type = 'policy'
enum_spec = ('list_policies', 'Policies', None)
id = 'PolicyId'
name = 'PolicyName'
date = 'CreateDate'
config_type = "AWS::IAM::Policy"
# Denotes this resource type exists across regions
global_resource = True
arn = 'Arn'
def get_source(self, source_type):
if source_type == 'describe':# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import absolute_import, division, print_function, unicode_literals
from c7n.actions import Action
from c7n.filters.vpc import SecurityGroupFilter, SubnetFilter, VpcFilter
from c7n.manager import resources
from c7n import tags
from c7n.query import QueryResourceManager, TypeInfo
from c7n.utils import local_session, type_schema
from .aws import shape_validate
@resources.register('eks')
class EKS(QueryResourceManager):
class resource_type(TypeInfo):
service = 'eks'
enum_spec = ('list_clusters', 'clusters', None)
arn = 'arn'
arn_type = 'cluster'
detail_spec = ('describe_cluster', 'name', None, 'cluster')
id = name = 'name'
date = 'createdAt'
def augment(self, resources):
resources = super(EKS, self).augment(resources)
for r in resources:
if 'tags' not in r:
continue# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import absolute_import, division, print_function, unicode_literals
from c7n.actions import Action
from c7n.manager import resources
from c7n.query import QueryResourceManager, TypeInfo
from c7n.utils import local_session, type_schema
@resources.register('cloudsearch')
class CloudSearch(QueryResourceManager):
class resource_type(TypeInfo):
service = "cloudsearch"
enum_spec = ("describe_domains", "DomainStatusList", None)
name = id = "DomainName"
dimension = "DomainName"
filter_name = 'DomainNames'
filter_type = 'list'
arn_type = "domain"
@CloudSearch.action_registry.register('delete')
class Delete(Action):
schema = type_schema('delete')@resources.register('kms')
class KeyAlias(QueryResourceManager):
class resource_type(TypeInfo):
service = 'kms'
arn_type = 'alias'
enum_spec = ('list_aliases', 'Aliases', None)
name = "AliasName"
id = "AliasArn"
def augment(self, resources):
return [r for r in resources if 'TargetKeyId' in r]
@resources.register('kms-key')
class Key(QueryResourceManager):
class resource_type(TypeInfo):
service = 'kms'
arn_type = "key"
enum_spec = ('list_keys', 'Keys', None)
name = "KeyId"
id = "KeyArn"
universal_taggable = True
def augment(self, resources):
client = local_session(self.session_factory).client('kms')
for r in resources:
try:
key_id = r.get('KeyArn')
Popular c7n functions
- c7n.actions.Action
- c7n.actions.BaseAction
- c7n.config.Bag
- c7n.config.Config.empty
- c7n.credentials.SessionFactory
- c7n.exceptions.PolicyValidationError
- c7n.filters.Filter
- c7n.filters.ValueFilter
- c7n.manager.resources
- c7n.manager.resources.register
- c7n.mu.LambdaManager
- c7n.query
- c7n.query.QueryResourceManager
- c7n.query.TypeInfo
- c7n.utils
- c7n.utils.chunks
- c7n.utils.dumps
- c7n.utils.get_retry
- c7n.utils.local_session
- c7n.utils.type_schema