-
Notifications
You must be signed in to change notification settings - Fork 283
/
aws.py
executable file
·242 lines (212 loc) · 9.32 KB
/
aws.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
#!/usr/bin/env python
# Licensed to Cloudera, Inc. under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. Cloudera, Inc. licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
usage: aws.py [-h] -H HOSTNAME [-p PORT] [-u USERNAME] [--password PASSWORD]
[--api-version API_VERSION] [--tls] [-c] [-t CATEGORY_NAME]
[-n TYPE_NAME] [--prune CREDENTIAL_NAME] [--version]
A utility to interact with AWS using Cloudera Manager.
optional arguments:
-h, --help show this help message and exit
-H HOSTNAME, --hostname HOSTNAME
The hostname of the Cloudera Manager server.
-p PORT The port of the Cloudera Manager server. Defaults to
7180 (http) or 7183 (https).
-u USERNAME, --username USERNAME
Login name.
--password PASSWORD Login password.
--api-version API_VERSION
API version to be used. Defaults to 16.
--tls Whether to use tls (https).
-c, --show-categories
Prints a list of supported external account category
names. For example, "AWS" is a supported external
account category name.
-t CATEGORY_NAME, --show-types CATEGORY_NAME
Prints a list of supported external account type names
for the given CATEGORY_NAME. For example,
"AWS_ACCESS_KEY_AUTH" is a supported external account
type name for external account category "AWS".
-n TYPE_NAME, --show-credentials TYPE_NAME
Prints a list of available credential names for the
given TYPE_NAME.
--prune CREDENTIAL_NAME
Runs S3Guard prune command on external account
associated with the given CREDENTIAL_NAME.
--version show program's version number and exit
"""
import argparse
import getpass
import logging
import sys
from cm_api.api_client import ApiResource
from cm_api.endpoints.external_accounts import *
# Configuration
DEFAULT_HTTP_PORT = 7180
DEFAULT_HTTPS_PORT = 7183
MINIMUM_SUPPORTED_API_VERSION = 16
# Constants
COMMA_WITH_SPACE = ", "
# Global API object
api = None
def list_supported_categories():
"""
Prints a list of supported external account category names.
For example, "AWS" is a supported external account category name.
"""
categories = get_supported_categories(api)
category_names = [category.name for category in categories]
print ("Supported account categories by name: {0}".format(
COMMA_WITH_SPACE.join(map(str, category_names))))
def list_supported_types(category_name):
"""
Prints a list of supported external account type names for the given
category_name. For example, "AWS_ACCESS_KEY_AUTH" is a supported external
account type name for external account category "AWS".
"""
types = get_supported_types(api, category_name)
type_names = [type.name for type in types]
print ("Supported account types by name for '{0}': [{1}]".format(
category_name, COMMA_WITH_SPACE.join(map(str, type_names))))
def list_credentials_by_name(type_name):
"""
Prints a list of available credential names for the given type_name.
"""
accounts = get_all_external_accounts(api, type_name)
account_names = [account.name for account in accounts]
print ("List of credential names for '{0}': [{1}]".format(
type_name, COMMA_WITH_SPACE.join(map(str, account_names))))
def call_s3guard_prune(credential_name):
"""
Runs S3Guard prune command on external account associated with the
given credential_name.
""" # Get the AWS credential account associated with the credential
account = get_external_account(api, credential_name)
# Invoke the prune command for the account by its name
cmd = account.external_account_cmd_by_name('S3GuardPrune')
print ("Issued '{0}' command with id '{1}'".format(cmd.name, cmd.id))
print ("Waiting for command {0} to finish...".format(cmd.id))
cmd = cmd.wait()
print ("Command succeeded: {0}".format(cmd.success))
def setup_logging(level):
"""
Sets up the logging for the script. The default logging level
is set to INFO.
"""
logging.basicConfig()
logging.getLogger().setLevel(level)
def initialize_api(args):
"""
Initializes the global API instance using the given arguments.
@param args: arguments provided to the script.
"""
global api
api = ApiResource(server_host=args.hostname, server_port=args.port,
username=args.username, password=args.password,
version=args.api_version, use_tls=args.use_tls)
def validate_api_compatibility(args):
"""
Validates the API version.
@param args: arguments provided to the script.
"""
if args.api_version and args.api_version < MINIMUM_SUPPORTED_API_VERSION:
print("ERROR: Given API version: {0}. Minimum supported API version: {1}"
.format(args.api_version, MINIMUM_SUPPORTED_API_VERSION))
def get_login_credentials(args):
"""
Gets the login credentials from the user, if not specified while invoking
the script.
@param args: arguments provided to the script.
"""
if not args.username:
args.username = raw_input("Enter Username: ")
if not args.password:
args.password = getpass.getpass("Enter Password: ")
def main():
"""
The "main" entry that controls the flow of the script based
on the provided arguments.
"""
setup_logging(logging.INFO)
# Parse arguments
parser = argparse.ArgumentParser(
description="A utility to interact with AWS using Cloudera Manager.")
parser.add_argument('-H', '--hostname', action='store', dest='hostname',
required=True,
help='The hostname of the Cloudera Manager server.')
parser.add_argument('-p', action='store', dest='port', type=int,
help='The port of the Cloudera Manager server. Defaults '
'to 7180 (http) or 7183 (https).')
parser.add_argument('-u', '--username', action='store', dest='username',
help='Login name.')
parser.add_argument('--password', action='store', dest='password',
help='Login password.')
parser.add_argument('--api-version', action='store', dest='api_version',
type=int,
default=MINIMUM_SUPPORTED_API_VERSION,
help='API version to be used. Defaults to {0}.'.format(
MINIMUM_SUPPORTED_API_VERSION))
parser.add_argument('--tls', action='store_const', dest='use_tls',
const=True, default=False,
help='Whether to use tls (https).')
parser.add_argument('-c', '--show-categories', action='store_true',
default=False, dest='show_categories',
help='Prints a list of supported external account '
'category names. For example, "AWS" is a supported '
'external account category name.')
parser.add_argument('-t', '--show-types', action='store',
dest='category_name',
help='Prints a list of supported external account type '
'names for the given CATEGORY_NAME. For example, '
'"AWS_ACCESS_KEY_AUTH" is a supported external '
'account type name for external account category '
'"AWS".')
parser.add_argument('-n', '--show-credentials', action='store',
dest='type_name',
help='Prints a list of available credential names for '
'the given TYPE_NAME.')
parser.add_argument('--prune', action='store', dest='credential_name',
help='Runs S3Guard prune command on external account '
'associated with the given CREDENTIAL_NAME.')
parser.add_argument('--version', action='version', version='%(prog)s 1.0')
args = parser.parse_args()
# Use the default port if required.
if not args.port:
if args.use_tls:
args.port = DEFAULT_HTTPS_PORT
else:
args.port = DEFAULT_HTTP_PORT
validate_api_compatibility(args)
get_login_credentials(args)
initialize_api(args)
# Perform the AWS operation based on the input arguments.
if args.show_categories:
list_supported_categories()
elif args.category_name:
list_supported_types(args.category_name)
elif args.type_name:
list_credentials_by_name(args.type_name)
elif args.credential_name:
call_s3guard_prune(args.credential_name)
else:
print ("ERROR: No arguments given to perform any AWS operation.")
parser.print_help()
sys.exit(1)
"""
The "main" entry.
"""
if __name__ == "__main__":
sys.exit(main())