Skip to content

Commit

Permalink
readonly fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@awsandy
awsandy committed Oct 6, 2024
1 parent d00545d commit eeede6b
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 24 deletions.
33 changes: 23 additions & 10 deletions .python/fixtf_aws_resources/fixtf_glue.py
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,31 @@
import globals
import common
import fixtf
import base64
import boto3
import sys
import os
import inspect

def aws_glue_crawler(t1,tt1,tt2,flag1,flag2):
skip=0
if tt1 == "database_name" and tt2 != "null":
if globals.gluedbs[tt2]:
t1 = tt1 + " = aws_glue_catalog_database.d-"+globals.acc+"__"+tt2+".name\n"
#common.add_dependancy("aws_glue_catalog_database",tt2)

elif tt1 == "sample_size":
if tt2 == "0": skip=1
elif tt1 == "security_configuration" and tt2 != "null":
t1 = tt1 + " = aws_glue_security_configuration."+tt2+".id\n"
common.add_dependancy("aws_glue_security_configuration",tt2)

try:
if tt1 == "database_name" and tt2 != "null":
if tt2 in str(globals.gluedbs):
t1 = tt1 + " = aws_glue_catalog_database.d-"+globals.acc+"__"+tt2+".name\n"
#common.add_dependancy("aws_glue_catalog_database",tt2)

elif tt1 == "sample_size":
if tt2 == "0": skip=1
elif tt1 == "security_configuration" and tt2 != "null":
t1 = tt1 + " = aws_glue_security_configuration."+tt2+".id\n"
common.add_dependancy("aws_glue_security_configuration",tt2)
except Exception as e:
print(e)
print("fixtf_glue.py aws_glue_crawler Exception=", str(e))
print("fixtf_glue.py t1=", t1)

return skip,t1,flag1,flag2

def aws_glue_catalog_database(t1,tt1,tt2,flag1,flag2):
Expand Down
38 changes: 26 additions & 12 deletions .python/get_aws_resources/aws_connect.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
import boto3
import globals
import inspect
import sys


def get_aws_connect_instance(type, id, clfn, descfn, topkey, key, filterid):
Expand Down Expand Up @@ -341,6 +342,8 @@ def get_aws_connect_user(type, id, clfn, descfn, topkey, key, filterid):
return True

# aws_connect_vocabulary
#AccessDeniedException exception for aws_connect.py - returning
# ERROR: Not found aws_connect_vocabulary.4de80d0a-3f95-4475-a7bb-86236b92d13c - check if this resource still exists in AWS. Also check what resource is using it - grep the *.tf files in the generated/tf.* subdirectory

def get_aws_connect_vocabulary(type, id, clfn, descfn, topkey, key, filterid):
if globals.debug:
Expand All @@ -354,21 +357,32 @@ def get_aws_connect_vocabulary(type, id, clfn, descfn, topkey, key, filterid):
return True

else:
client = boto3.client(clfn)
paginator = client.get_paginator(descfn)
pkey = type+"."+id
for page in paginator.paginate(InstanceId=id,State='ACTIVE'):
response = response + page[topkey]
if response == []:
print("Empty response for "+type + " id="+str(id)+" returning")
try:
client = boto3.client(clfn)
paginator = client.get_paginator(descfn)
pkey = type+"."+id
for page in paginator.paginate(InstanceId=id,State='ACTIVE'):
response = response + page[topkey]
if response == []:
print("Empty response for "+type + " id="+str(id)+" returning")
globals.rproc[pkey] = True
return True
for j in response:
theid = id+":"+j[key]
common.write_import(type, theid, "r-"+theid)

globals.rproc[pkey] = True
return True
for j in response:
theid = id+":"+j[key]
common.write_import(type, theid, "r-"+theid)
except Exception as e:
exc_type, exc_obj, exc_tb = sys.exc_info()
exn=str(exc_type.__name__)
if exn == "AccessDeniedException":
pkey = type+"."+id
globals.rproc[pkey] = True
#print("AccessDeniedException exception for aws_connect.py - returning")
return True

globals.rproc[pkey] = True
except Exception as e:

common.handle_error(
e, str(inspect.currentframe().f_code.co_name), clfn, descfn, topkey, id)

Expand Down
21 changes: 19 additions & 2 deletions .python/get_aws_resources/aws_secretsmanager.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ def get_aws_secretsmanager_secret(type, id, clfn, descfn, topkey, key, filterid)
for j in response:

common.write_import(type,j[key],None)
common.add_dependancy("aws_secretsmanager_secret_version",j[key])
#common.add_dependancy("aws_secretsmanager_secret_version",j[key])
try:
print(j['RotationEnabled'])
common.add_dependancy("aws_secretsmanager_secret_rotation",j[key])
Expand All @@ -37,12 +37,13 @@ def get_aws_secretsmanager_secret(type, id, clfn, descfn, topkey, key, filterid)
if response == []: print("Empty response for "+type+ " id="+str(id)+" returning"); return True
j=response
common.write_import(type,j[key],None)
common.add_dependancy("aws_secretsmanager_secret_version",j[key])
try:
print(j['RotationEnabled'])
common.add_dependancy("aws_secretsmanager_secret_rotation",j[key])
except KeyError:
print("INFO: No rotation config")
#common.add_dependancy("aws_secretsmanager_secret_version",j[key])



except Exception as e:
Expand Down Expand Up @@ -97,7 +98,23 @@ def get_aws_secretsmanager_secret_version(type, id, clfn, descfn, topkey, key, f
response = client.list_secret_version_ids(SecretId=id,IncludeDeprecated=False)
if response == []: print("Empty response for "+type+ " id="+str(id)+" returning"); return True
#print(response)

for j in response[topkey]:
#print(j[key])
try:
sresponse = client.get_secret_value(SecretId=id,VersionId=j[key])
except Exception as e:
exc_type, exc_obj, exc_tb = sys.exc_info()
exn=str(exc_type.__name__)
#print(exn,str(e))
if "(AccessDeniedException) when calling the GetSecretValue" in str(e):
print("INFO: get_secret_value failed - not authorized skipping",type,id.split(':')[-1])
pkey=type+"."+id
globals.rproc[pkey]=True
return True

sv=sresponse['SecretString']
print(str(sv))
pkey=id+"|"+j[key]
common.write_import(type,pkey,None)
pkey=type+"."+id
Expand Down

0 comments on commit eeede6b

Please sign in to comment.