1. Advisor
  2. repokid
  3. functions
  4. repokid.utils.roledata._calculate_repo_scores
View all repokid analysis

How to use the repokid.utils.roledata._calculate_repo_scores function in repokid

To help you get started, we’ve selected a few repokid examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github Netflix / repokid / repokid / cli / repokid_cli.py View on Github external
set_role_data(dynamo_table, role.role_id, {'DisqualifiedBy': role.disqualified_by})

    LOGGER.info('Getting data from Aardvark')
    aardvark_data = _get_aardvark_data(config['aardvark_api_location'], account_number=account_number)

    LOGGER.info('Updating with Aardvark data')
    for role in roles:
        try:
            role.aa_data = aardvark_data[role.arn]
        except KeyError:
            LOGGER.info('Aardvark data not found for role: {} ({})'.format(role.role_id, role.role_name))
        else:
            set_role_data(dynamo_table, role.role_id, {'AAData': role.aa_data})

    LOGGER.info('Calculating repoable permissions and services')
    roledata._calculate_repo_scores(roles, config['filter_config']['AgeFilter']['minimum_age'], hooks)
    for role in roles:
        if role.role_name == 'Monterey':
            import pdb; pdb.set_trace()
        set_role_data(dynamo_table, role.role_id, {'TotalPermissions': role.total_permissions,
                                                   'RepoablePermissions': role.repoable_permissions,
                                                   'RepoableServices': role.repoable_services})

    LOGGER.info('Updating stats')
    roledata.update_stats(dynamo_table, roles, source='Scan')
github Netflix / repokid / repokid / cli / repokid_cli.py View on Github external
source: repo, rollback, etc
        add_no_repo: if set to True newly discovered permissions will be added to no repo list

    Returns:
        None
    """
    current_policies = get_role_inline_policies(role.as_dict(), **conn) or {}
    roledata.update_role_data(dynamo_table, account_number, role, current_policies, source=source,
                              add_no_repo=add_no_repo)
    aardvark_data = _get_aardvark_data(config['aardvark_api_location'], arn=role.arn)

    if not aardvark_data:
        return

    role.aa_data = aardvark_data[role.arn]
    roledata._calculate_repo_scores([role], config['filter_config']['AgeFilter']['minimum_age'], hooks)
    set_role_data(dynamo_table, role.role_id, {'AAData': role.aa_data,
                                               'TotalPermissions': role.total_permissions,
                                               'RepoablePermissions': role.repoable_permissions,
                                               'RepoableServices': role.repoable_services})
    roledata.update_stats(dynamo_table, [role], source=source)
github Netflix / repokid / repokid / cli / repokid_cli.py View on Github external
"Aardvark data not found for role: {} ({})".format(
                    role.role_id, role.role_name
                )
            )
        else:
            set_role_data(dynamo_table, role.role_id, {"AAData": role.aa_data})

    LOGGER.info(
        "Calculating repoable permissions and services for account {}".format(
            account_number
        )
    )

    batch_processing = config.get("query_role_data_in_batch", False)
    batch_size = config.get("batch_processing_size", 100)
    roledata._calculate_repo_scores(
        roles,
        config["filter_config"]["AgeFilter"]["minimum_age"],
        hooks,
        batch_processing,
        batch_size,
    )
    for role in roles:
        LOGGER.debug(
            "Role {} in account {} has\nrepoable permissions: {}\nrepoable services: {}".format(
                role.role_name,
                account_number,
                role.repoable_permissions,
                role.repoable_services,
            )
        )
        set_role_data(
github Netflix / repokid / repokid / cli / repokid_cli.py View on Github external
account_number,
        role,
        current_policies,
        source=source,
        add_no_repo=add_no_repo,
    )
    aardvark_data = _get_aardvark_data(config["aardvark_api_location"], arn=role.arn)

    if not aardvark_data:
        return

    batch_processing = config.get("query_role_data_in_batch", False)
    batch_size = config.get("batch_processing_size", 100)

    role.aa_data = aardvark_data[role.arn]
    roledata._calculate_repo_scores(
        [role],
        config["filter_config"]["AgeFilter"]["minimum_age"],
        hooks,
        batch_processing,
        batch_size,
    )
    set_role_data(
        dynamo_table,
        role.role_id,
        {
            "AAData": role.aa_data,
            "TotalPermissions": role.total_permissions,
            "RepoablePermissions": role.repoable_permissions,
            "RepoableServices": role.repoable_services,
        },
    )

repokid

AWS Least Privilege for Distributed, High-Velocity Deployment

GitHub
Apache-2.0
Latest version published 3 years ago

Package Health Score

51 / 100
Full package analysis

Popular repokid functions

Similar packages