fix existing tests and do some cleanup

Netflix · Dec 28, 2020 · a5d0c85 · a5d0c85
1 parent 46e7ae5
commit a5d0c85
Show file tree

Hide file tree

Showing 14 changed files with 166 additions and 888 deletions.
diff --git a/repokid/cli/dispatcher_cli.py b/repokid/cli/dispatcher_cli.py
@@ -14,7 +14,6 @@
 import repokid.dispatcher
 from repokid import CONFIG
 from repokid.dispatcher.types import Message
-from repokid.utils.dynamo import dynamo_get_or_create_table
 
 
 def get_failure_message(channel: str, message: str) -> Dict[str, Any]:
@@ -68,8 +67,6 @@ def message_context(
 
 
 def main() -> None:
-    dynamo_table = dynamo_get_or_create_table(**CONFIG["dynamo_db"])
-
     conn_details = {
         "assume_role": CONFIG["dispatcher"].get("assume_role", None),
         "session_name": CONFIG["dispatcher"].get("session_name", "Repokid"),
@@ -96,9 +93,7 @@ def main() -> None:
                 continue
 
             try:
-                return_val = RESPONDER_FUNCTIONS[parsed_msg.command](
-                    dynamo_table, parsed_msg
-                )
+                return_val = RESPONDER_FUNCTIONS[parsed_msg.command](parsed_msg)
             except KeyError:
                 failure_message = get_failure_message(
                     channel=parsed_msg.respond_channel,

diff --git a/repokid/cli/repokid_cli.py b/repokid/cli/repokid_cli.py
@@ -196,19 +196,17 @@ def config(ctx: click.Context, filename: str) -> None:
 @click.argument("account_number")
 @click.pass_context
 def update_role_cache(ctx: click.Context, account_number: str) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
     config = ctx.obj["config"]
     hooks = ctx.obj["hooks"]
-    _update_role_cache(account_number, dynamo_table, config, hooks)
+    _update_role_cache(account_number, config, hooks)
 
 
 @cli.command()
 @click.argument("account_number")
 @click.option("--inactive", default=False, help="Include inactive roles")
 @click.pass_context
 def display_role_cache(ctx: click.Context, account_number: str, inactive: bool) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
-    _display_roles(account_number, dynamo_table, inactive=inactive)
+    _display_roles(account_number, inactive=inactive)
 
 
 @cli.command()
@@ -218,8 +216,7 @@ def display_role_cache(ctx: click.Context, account_number: str, inactive: bool)
 def find_roles_with_permissions(
     ctx: click.Context, permissions: List[str], output: str
 ) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
-    _find_roles_with_permissions(permissions, dynamo_table, output)
+    _find_roles_with_permissions(permissions, output)
 
 
 @cli.command()
@@ -230,23 +227,18 @@ def find_roles_with_permissions(
 def remove_permissions_from_roles(
     ctx: click.Context, permissions: List[str], role_file: str, commit: bool
 ) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
     config = ctx.obj["config"]
     hooks = ctx.obj["hooks"]
-    _remove_permissions_from_roles(
-        permissions, role_file, dynamo_table, config, hooks, commit=commit
-    )
+    _remove_permissions_from_roles(permissions, role_file, config, hooks, commit=commit)
 
 
 @cli.command()
 @click.argument("account_number")
 @click.argument("role_name")
 @click.pass_context
 def display_role(ctx: click.Context, account_number: str, role_name: str) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
     config = ctx.obj["config"]
-    hooks = ctx.obj["hooks"]
-    _display_role(account_number, role_name, dynamo_table, config, hooks)
+    _display_role(account_number, role_name, config)
 
 
 @cli.command()
@@ -257,10 +249,9 @@ def display_role(ctx: click.Context, account_number: str, role_name: str) -> Non
 def repo_role(
     ctx: click.Context, account_number: str, role_name: str, commit: bool
 ) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
     config = ctx.obj["config"]
     hooks = ctx.obj["hooks"]
-    _repo_role(account_number, role_name, dynamo_table, config, hooks, commit=commit)
+    _repo_role(account_number, role_name, config, hooks, commit=commit)
 
 
 @cli.command()
@@ -276,17 +267,10 @@ def rollback_role(
     selection: int,
     commit: bool,
 ) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
     config = ctx.obj["config"]
     hooks = ctx.obj["hooks"]
     _rollback_role(
-        account_number,
-        role_name,
-        dynamo_table,
-        config,
-        hooks,
-        selection=selection,
-        commit=commit,
+        account_number, role_name, config, hooks, selection=selection, commit=commit
     )
 
 
@@ -295,34 +279,29 @@ def rollback_role(
 @click.option("--commit", "-c", default=False, help="Commit changes")
 @click.pass_context
 def repo_all_roles(ctx: click.Context, account_number: str, commit: bool) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
     config = ctx.obj["config"]
     hooks = ctx.obj["hooks"]
     logger.info("Updating role data")
-    _update_role_cache(account_number, dynamo_table, config, hooks)
-    _repo_all_roles(
-        account_number, dynamo_table, config, hooks, commit=commit, scheduled=False
-    )
+    _update_role_cache(account_number, config, hooks)
+    _repo_all_roles(account_number, config, hooks, commit=commit, scheduled=False)
 
 
 @cli.command()
 @click.argument("account_number")
 @click.pass_context
 def schedule_repo(ctx: click.Context, account_number: str) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
     config = ctx.obj["config"]
     hooks = ctx.obj["hooks"]
     logger.info("Updating role data")
-    _update_role_cache(account_number, dynamo_table, config, hooks)
-    _schedule_repo(account_number, dynamo_table, config, hooks)
+    _update_role_cache(account_number, config, hooks)
+    _schedule_repo(account_number, config, hooks)
 
 
 @cli.command()
 @click.argument("account_number")
 @click.pass_context
 def show_scheduled_roles(ctx: click.Context, account_number: str) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
-    _show_scheduled_roles(account_number, dynamo_table)
+    _show_scheduled_roles(account_number)
 
 
 @cli.command()
@@ -333,31 +312,26 @@ def show_scheduled_roles(ctx: click.Context, account_number: str) -> None:
 def cancel_scheduled_repo(
     ctx: click.Context, account_number: str, role: str, all: bool
 ) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
-    _cancel_scheduled_repo(account_number, dynamo_table, role_name=role, is_all=all)
+    _cancel_scheduled_repo(account_number, role_name=role, is_all=all)
 
 
 @cli.command()
 @click.argument("account_number")
 @click.option("--commit", "-c", default=False, help="Commit changes")
 @click.pass_context
 def repo_scheduled_roles(ctx: click.Context, account_number: str, commit: bool) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
     config = ctx.obj["config"]
     hooks = ctx.obj["hooks"]
-    _update_role_cache(account_number, dynamo_table, config, hooks)
-    _repo_all_roles(
-        account_number, dynamo_table, config, hooks, commit=commit, scheduled=True
-    )
+    _update_role_cache(account_number, config, hooks)
+    _repo_all_roles(account_number, config, hooks, commit=commit, scheduled=True)
 
 
 @cli.command()
 @click.argument("account_number")
 @click.option("--output", "-o", required=True, help="File to write results to")
 @click.pass_context
 def repo_stats(ctx: click.Context, account_number: str, output: str) -> None:
-    dynamo_table = ctx.obj["dynamo_table"]
-    _repo_stats(output, dynamo_table, account_number=account_number)
+    _repo_stats(output, account_number=account_number)
 
 
 if __name__ == "__main__":

diff --git a/repokid/commands/repo.py b/repokid/commands/repo.py
@@ -22,7 +22,6 @@
 from cloudaux.aws.iam import delete_role_policy
 from cloudaux.aws.iam import get_role_inline_policies
 from cloudaux.aws.iam import put_role_policy
-from mypy_boto3_dynamodb.service_resource import Table
 from tabulate import tabulate
 
 import repokid.hooks
@@ -47,7 +46,6 @@
 def _repo_role(
     account_number: str,
     role_name: str,
-    dynamo_table: Table,
     config: RepokidConfig,
     hooks: RepokidHooks,
     commit: bool = False,
@@ -148,7 +146,6 @@ def _repo_role(
 def _rollback_role(
     account_number: str,
     role_name: str,
-    dynamo_table: Table,
     config: RepokidConfig,
     hooks: RepokidHooks,
     selection: int = 0,
@@ -290,7 +287,6 @@ def _rollback_role(
 
 def _repo_all_roles(
     account_number: str,
-    dynamo_table: Table,
     config: RepokidConfig,
     hooks: RepokidHooks,
     commit: bool = False,
@@ -341,7 +337,6 @@ def _repo_all_roles(
         error = _repo_role(
             account_number,
             role.role_name,
-            dynamo_table,
             config,
             hooks,
             commit=commit,
@@ -364,9 +359,7 @@ def _repo_all_roles(
     )
 
 
-def _repo_stats(
-    output_file: str, dynamo_table: Table, account_number: str = ""
-) -> None:
+def _repo_stats(output_file: str, account_number: str = "") -> None:
     """
     Create a csv file with stats about roles, total permissions, and applicable filters over time
 

diff --git a/repokid/commands/role.py b/repokid/commands/role.py
@@ -18,7 +18,6 @@
 from typing import List
 
 import tabview as t
-from mypy_boto3_dynamodb.service_resource import Table
 from policyuniverse.arn import ARN
 from tabulate import tabulate
 from tqdm import tqdm
@@ -39,9 +38,7 @@
 LOGGER = logging.getLogger("repokid")
 
 
-def _display_roles(
-    account_number: str, dynamo_table: Table, inactive: bool = False
-) -> None:
+def _display_roles(account_number: str, inactive: bool = False) -> None:
     """
     Display a table with data about all roles in an account and write a csv file with the data.
 
@@ -96,9 +93,7 @@ def _display_roles(
             csv_writer.writerow(row)
 
 
-def _find_roles_with_permissions(
-    permissions: List[str], dynamo_table: Table, output_file: str
-) -> None:
+def _find_roles_with_permissions(permissions: List[str], output_file: str) -> None:
     """
     Search roles in all accounts for a policy with any of the provided permissions, log the ARN of each role.
 
@@ -140,9 +135,7 @@ def _find_roles_with_permissions(
 def _display_role(
     account_number: str,
     role_name: str,
-    dynamo_table: Table,
     config: RepokidConfig,
-    hooks: RepokidHooks,
 ) -> None:
     """
     Displays data about a role in a given account:
@@ -270,7 +263,6 @@ def _display_role(
 def _remove_permissions_from_roles(
     permissions: List[str],
     role_filename: str,
-    dynamo_table: Table,
     config: RepokidConfig,
     hooks: RepokidHooks,
     commit: bool = False,
@@ -302,14 +294,7 @@ def _remove_permissions_from_roles(
         role.fetch()
 
         remove_permissions_from_role(
-            account_number,
-            permissions,
-            role,
-            role_id,
-            dynamo_table,
-            config,
-            hooks,
-            commit=commit,
+            account_number, permissions, role, config, hooks, commit=commit
         )
 
         repokid.hooks.call_hooks(hooks, "AFTER_REPO", {"role": role})
diff --git a/repokid/commands/role_cache.py b/repokid/commands/role_cache.py
@@ -14,21 +14,20 @@
 import logging
 
 from cloudaux.aws.iam import get_account_authorization_details
-from mypy_boto3_dynamodb.service_resource import Table
 from tqdm import tqdm
 
 from repokid.filters.utils import get_filter_plugins
 from repokid.role import Role
 from repokid.role import RoleList
 from repokid.types import RepokidConfig
 from repokid.types import RepokidHooks
+from repokid.utils.roledata import find_and_mark_inactive
 
 LOGGER = logging.getLogger("repokid")
 
 
 def _update_role_cache(
     account_number: str,
-    dynamo_table: Table,
     config: RepokidConfig,
     hooks: RepokidHooks,
 ) -> None:
@@ -85,10 +84,10 @@ def _update_role_cache(
         )
 
     LOGGER.info("Finding inactive roles in account {}".format(account_number))
-    # roledata.find_and_mark_inactive(dynamo_table, account_number, roles)
+    find_and_mark_inactive(account_number, roles)
 
     LOGGER.info("Filtering roles")
-    plugins = get_filter_plugins(account_number)
+    plugins = get_filter_plugins(account_number, config=config)
     for plugin in plugins.filter_plugins:
         filtered_list = plugin.apply(roles)
         class_name = plugin.__class__.__name__

diff --git a/repokid/commands/schedule.py b/repokid/commands/schedule.py
@@ -15,7 +15,6 @@
 import time
 from datetime import datetime as dt
 
-from mypy_boto3_dynamodb.service_resource import Table
 from tabulate import tabulate
 
 import repokid.hooks
@@ -31,7 +30,6 @@
 
 def _schedule_repo(
     account_number: str,
-    dynamo_table: Table,
     config: RepokidConfig,
     hooks: RepokidHooks,
 ) -> None:
@@ -80,7 +78,7 @@ def _schedule_repo(
     repokid.hooks.call_hooks(hooks, "AFTER_SCHEDULE_REPO", {"roles": scheduled_roles})
 
 
-def _show_scheduled_roles(account_number: str, dynamo_table: Table) -> None:
+def _show_scheduled_roles(account_number: str) -> None:
     """
     Show scheduled repos for a given account.  For each scheduled show whether scheduled time is elapsed or not.
     """
@@ -108,7 +106,7 @@ def _show_scheduled_roles(account_number: str, dynamo_table: Table) -> None:
 
 
 def _cancel_scheduled_repo(
-    account_number: str, dynamo_table: Table, role_name: str = "", is_all: bool = False
+    account_number: str, role_name: str = "", is_all: bool = False
 ) -> None:
     """
     Cancel scheduled repo for a role in an account