Version increment and lambda gc tool (#168)

* version incr

* lambda cwe policy gc

c7n/credentials.py

@@ -22,7 +22,7 @@
 
 
 class SessionFactory(object):
-    
+
     def __init__(self, region, profile=None, assume_role=None):
         self.region = region
         self.profile = profile
@@ -40,7 +40,7 @@ def __call__(self, assume=True, region=None):
         session._session.user_agent_version = version
         return session
 
-    
+
 def assumed_session(role_arn, session_name, session=None):
     """STS Role assume a boto3.Session
 

c7n/ufuncs/s3crypt.py

@@ -57,7 +57,7 @@ def get_function(session_factory, role, buckets=None):
         LambdaFunction, custodian_archive, BucketNotification)
 
     config = dict(
-        name='custodian-s3-encrypt',
+        name='c7n-s3-encrypt',
         handler='s3crypt.process_key_event',
         memory_size=256,
         timeout=15,

c7n/version.py

@@ -12,4 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-version = "0.8.12"
+version = "0.8.13"

setup.py

@@ -3,7 +3,7 @@
 
 setup(
     name="c7n",
-    version='0.8.12',
+    version='0.8.13',
     description="Cloud Custodian - Policy Rules Engine",
     long_description_markdown_filename='README.md',
     classifiers=[

tools/mugc.py

@@ -0,0 +1,106 @@
+import argparse
+import json
+import os
+import logging
+
+from c7n.commands import policy_command
+from c7n.credentials import SessionFactory
+from c7n import mu, resources
+
+log = logging.getLogger('resources')
+
+
+@policy_command
+def resources_gc_prefix(options, policy_collection):
+    """Garbage collect old custodian policies based on prefix.
+
+    We attempt to introspect to find the event sources for a policy
+    but without the old configuration this is implicit.
+    """
+    session_factory = SessionFactory(
+        options.region, options.profile, options.assume_role)
+
+    manager = mu.LambdaManager(session_factory)
+    funcs = list(manager.list_functions('custodian-'))
+
+    client = session_factory().client('lambda')
+
+    remove = []
+    current_policies = [p.name for p in policy_collection]
+    for f in funcs:
+        pn = f['FunctionName'].split('-', 1)[1]
+        if pn not in current_policies:
+            remove.append(f)
+
+    for n in remove:
+        log.info("Removing %s" % n['FunctionName'])
+
+    for func in remove:
+        events = []
+        result = client.get_policy(FunctionName=func['FunctionName'])
+        if 'Policy' not in result:
+            pass
+        else:
+            p = json.loads(result['Policy'])
+            for s in p['Statement']:
+                principal = s.get('Principal')
+                if not isinstance(principal, dict):
+                    log.info("Skipping function %s" % func['FunctionName'])
+                    continue
+                if principal == {'Service': 'events.amazonaws.com'}:
+                    events.append(
+                        mu.CloudWatchEventSource({}, session_factory))
+
+        f = mu.LambdaFunction({
+            'name': n['FunctionName'],
+            'role': n['Role'],
+            'handler': n['Handler'],
+            'timeout': n['Timeout'],
+            'memory_size': n['MemorySize'],
+            'description': n['Description'],
+            'runtime': n['Runtime'],
+            'events': events}, None)
+        log.info("Removing %s" % f)
+
+        if options.dryrun:
+            log.info("Dryrun skipping")
+            continue
+        manager.remove(f)
+
+
+def setup_parser():
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-c', '--config', required=True)
+    parser.add_argument(
+        '-r', '--region', default=os.environ.get(
+            'AWS_DEFAULT_REGION', 'us-east-1'))
+    parser.add_argument('--dryrun', action="store_true", default=False)
+    parser.add_argument(
+        "--profile", default=os.environ.get('AWS_PROFILE'),
+        help="AWS Account Config File Profile to utilize")
+    parser.add_argument(
+        "--assume", default=None, dest="assume_role",
+        help="Role to assume")
+    return parser
+
+
+def main():
+    parser = setup_parser()
+    options = parser.parse_args()
+    options.policy_filter = None
+    options.log_group = None
+    options.cache_period = 0
+    options.cache = None
+    logging.basicConfig(
+        level=logging.DEBUG,
+        format="%(asctime)s: %(name)s:%(levelname)s %(message)s")
+    logging.getLogger('botocore').setLevel(logging.ERROR)
+
+    resources.load_resources()
+    resources_gc_prefix(options)
+
+
+
+
+if __name__ == '__main__':
+    main()