Skip to content

Commit

Permalink
feat: Create .gitignore (#2)
Browse files Browse the repository at this point in the history
* feat: Create .gitignore

* feat: initial working code
  • Loading branch information
venkatamutyala authored Nov 22, 2024
1 parent 3e22413 commit 46e1da5
Show file tree
Hide file tree
Showing 7 changed files with 650 additions and 0 deletions.
75 changes: 75 additions & 0 deletions .github/workflows/container_image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
name: Publish to GHCR.io

on: [push]

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
build_tag_push_to_ghcr:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4


- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3

- name: Setup Docker buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1

- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch,prefix=
type=ref,event=tag,prefix=
type=sha,format=short,prefix=
type=sha,format=long,prefix=
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index



- name: Determine version
id: determine_version
run: |
if [ "${GITHUB_REF_TYPE}" == "tag" ]; then
VERSION=${GITHUB_REF_NAME}
else
VERSION=v0.0.0-${GITHUB_SHA::7}
fi
BUILD_TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
echo "VERSION=${VERSION}" >> $GITHUB_ENV
echo "COMMIT_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV
echo "BUILD_TIMESTAMP=${BUILD_TIMESTAMP}" >> $GITHUB_ENV
- name: Build and push Docker image
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
VERSION=${{ env.VERSION }}
COMMIT_SHA=${{ env.COMMIT_SHA }}
BUILD_TIMESTAMP=${{ env.BUILD_TIMESTAMP }}
cache-from: type=gha
cache-to: type=gha,mode=max
162 changes: 162 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class

# C extensions
*.so

# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST

# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec

# Installer logs
pip-log.txt
pip-delete-this-directory.txt

# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/

# Translations
*.mo
*.pot

# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal

# Flask stuff:
instance/
.webassets-cache

# Scrapy stuff:
.scrapy

# Sphinx documentation
docs/_build/

# PyBuilder
.pybuilder/
target/

# Jupyter Notebook
.ipynb_checkpoints

# IPython
profile_default/
ipython_config.py

# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version

# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock

# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock

# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/latest/usage/project/#working-with-version-control
.pdm.toml
.pdm-python
.pdm-build/

# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/

# Celery stuff
celerybeat-schedule
celerybeat.pid

# SageMath parsed files
*.sage.py

# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/

# Spyder project settings
.spyderproject
.spyproject

# Rope project settings
.ropeproject

# mkdocs documentation
/site

# mypy
.mypy_cache/
.dmypy.json
dmypy.json

# Pyre type checker
.pyre/

# pytype static type analyzer
.pytype/

# Cython debug symbols
cython_debug/

# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/
46 changes: 46 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Use an official Python runtime as a parent image
FROM python:3.11.10-alpine@sha256:65c34f59d896f939f204e64c2f098db4a4c235be425bd8f0804fd389b1e5fd80 AS builder

# Set working directory
WORKDIR /app

# Copy the requirements file
COPY requirements.txt .

# Install dependencies
RUN pip install --no-cache-dir -r requirements.txt

# Use a smaller base image for the final image
FROM python:3.11.10-alpine@sha256:65c34f59d896f939f204e64c2f098db4a4c235be425bd8f0804fd389b1e5fd80

# Set working directory
WORKDIR /app

# Copy the dependencies from the builder stage
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
COPY --from=builder /usr/local/bin /usr/local/bin

# Copy the application files
COPY app /app

# Set environment variables
ENV PYTHONUNBUFFERED=1

# Accept build arguments for versioning
ARG VERSION=unknown
ARG COMMIT_SHA=unknown
ARG BUILD_TIMESTAMP=unknown

ENV VERSION=${VERSION}
ENV COMMIT_SHA=${COMMIT_SHA}
ENV BUILD_TIMESTAMP=${BUILD_TIMESTAMP}

# Create a non-root user and switch to it
RUN adduser -D appuser
USER appuser

# Make port 8000 available to the world outside this container
EXPOSE 8000

# Use ENTRYPOINT to ensure the container runs as expected
ENTRYPOINT ["python", "-u", "main.py"]
81 changes: 81 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1 +1,82 @@
# getoutline-docs-update-aws-organizations

This project uses `boto3` to interact with AWS Organizations and IAM services to generate a markdown file containing information about AWS accounts and IAM users. The generated markdown includes details such as AWS Account ID, Account Name, Account Email, Created Date, SIGNIN URL, and Description for each account, as well as IAM User Name, Access Key ID, and Description for each IAM user. Once finished the Markdown will be added to our wiki hosted at getoutline.com

## Prerequisites

- Python 3.11
- AWS credentials require these AWS permissions:
- `arn:aws:iam::aws:policy/AWSOrganizationsReadOnlyAccess`
- `arn:aws:iam::aws:policy/IAMReadOnlyAccess`

## Installation

1. Clone the repository:
```sh
git clone https://github.com/yourusername/getoutline-docs-update-aws-organizations.git
cd getoutline-docs-update-aws-organizations
```

2. Install the required Python packages:
```sh
pip install -r requirements.txt
```

## Usage

1. Set the required environment variables:
```sh
export GETOUTLINE_DOCUMENT_ID='your_outline_document_id'
export GETOUTLINE_API_TOKEN='your_outline_api_token'
export AWS_CREDENTIALS_JSON='your_aws_credentials_json'
```

Example of `AWS_CREDENTIALS_JSON`:
```json
{
"accounts": [
{
"name": "org1",
"access_key": "your_access_key_id_for_org1",
"secret_key": "your_secret_access_key_for_org1"
},
{
"name": "org2",
"access_key": "your_access_key_id_for_org2",
"secret_key": "your_secret_access_key_for_org2"
}
]
}
```

2. Run the script:
```sh
python app/main.py
```

3. The script will generate markdown and nest it under an existing AWS document within our getoutline docs.

## Script Details

### `main.py`

- **get_aws_accounts(org_client)**: Retrieves a list of AWS accounts in the organization.
- **get_account_tags(org_client, account_id)**: Retrieves the tags for a given AWS account.
- **generate_signin_url(account_id)**: Generates the SIGNIN URL for a given AWS account ID.
- **list_iam_users(iam_client)**: Lists all IAM users in the root organization.
- **get_user_access_keys(iam_client, user_name)**: Retrieves the access keys for a given IAM user.
- **create_markdown(accounts, org_client)**: Generates the markdown content for AWS accounts and IAM users.

## Example Output

The generated markdow output will look like this:

```md
| AWS Account ID | Account Name | Account Email | Created Date | SIGNIN URL | Description |
|----------------|--------------|---------------|--------------|------------|-------------|
| 123456789012 | ExampleName | [email protected] | 2022-01-01 | https://123456789012.signin.aws.amazon.com/console | Example Description |
| IAM User Name | Access Key ID | Description |
|---------------|---------------|-------------|
| example-user | AKIAIOSFODNN7EXAMPLE | Example Description |
```
Loading

0 comments on commit 46e1da5

Please sign in to comment.