Module List¶
- keyup.cauth module
- keyup.cli module
- keyup.colors module
- keyup.configuration module
- keyup.logd module
- keyup.help_menu module
- keyup.keyconfig module
- keyup.map module
- keyup.menu module
- keyup.statics module
- keyup.thread_progress module
- keyup.iam_operations module
- keyup.script_utils module
- keyup.list_ops module
- keyup.oscodes_unix module
- keyup.oscodes_win module
keyup.cauth module¶
- Key Report Generation Module:
- Centralized authentication module for producing Key Report
- Uses threading for concurrent processing
- Module Functions:
- convert:
- Converts time units to hours
- discover_account_affiliations:
- maps awscli profile users to corresponding iam user ids
- expired_keys:
- determines if an access keyset is aged beyond max age value in keyup’s configuration file
- display_table:
- renders vpt table to cli stdout
-
class
keyup.cauth.
authentication
(profile)[source]¶ Bases:
object
class def for generation and retention of a single set of credentials for generating key-report via a single iam user priviledges
-
keyup.cauth.
discover_account_affiliations
()[source]¶ - Associates each profile name in local awscli configuration to an iam username and an AWS Account Number
- Returns:
- affiliation info, TYPE: dict
-
keyup.cauth.
display_skipped
(iam_users)[source]¶ Display iam users exceptions skipped in the key report
-
keyup.cauth.
display_table
(table, exceptions, tabspaces=4)[source]¶ Print Table Object offset from left by tabspaces
-
keyup.cauth.
format_remaining
(days: int)[source]¶ - Formats days remaining value
- Returns:
- days (int) with appropriate color, spacing format applied
-
keyup.cauth.
prepare_reportdata
(debug=False)[source]¶ Prints out key expiration info for all profilenames associated with the primary profilename given to access the account information
-
keyup.cauth.
print_header
(title, indent=4, spacing=4)[source]¶ Paints title header grid of a vpt Table
-
keyup.cauth.
setup_table
(user_data, exception_list)[source]¶ Renders Table containing data elements via cli stdout
-
keyup.cauth.
truncate_fields
(element)[source]¶ - Truncates table field data to align with max column width
- Returns:
- truncated element, TYPE: dict or str
keyup.cli module¶
- Summary:
keyup (python3) | Scripted rotation of access keys for an IAM User.
- Display of key report showing key metadata
- Creation of new access keys
- Keyset installation in awscli local config
- Deletion of deprecated keyset
- Author:
- Blake Huber Copyright Blake Huber, All Rights Reserved.
- License:
- GNU General Public License v3.0 (GPL-3) Additional terms may be found in the complete license agreement: https://bitbucket.org/blakeca00/keyup/src/master/LICENSE.txt
- OS Support:
- RedHat Linux, Amazon Linux, Ubuntu & variants
- Windows 7+
- Dependencies:
- Requires python3, tested under py3.5 and py3.6
-
class
keyup.cli.
SetLogging
(mode, disable=False)[source]¶ Bases:
object
Initializes project level logging- Args:
- mode (str): log_mode, either ‘stream’ or ‘FILE’
- disable (bool): when True, disables logging output
- Returns:
- TYPE: bool, Success | Failure
-
keyup.cli.
clean_config
(quiet)[source]¶ - Test local awscli config for Active temporary credentails
- Args:
credentials_file (str): location of local awscli credentials file config (configParser obj): GLOBAL object representing parsed awscli credentials file - Returns:
- TYPE: bool, Success | Failure
Note
Conditions when
clean_config
returns False (Failure):If parsed_config contains active credentials, key rotation prohibited and keyup will exit.
If parsed_config contains inactive credentials,
clean_config
returnsbool True
and key rotation proceeds
-
keyup.cli.
configure_keyset
(keyset, profile, surrogate='')[source]¶ - Parses local awscli config and reconfigures it with newly created access keys
- Args:
keyset (json): access keys, newly created profile (str): iam user alias in the local awscli config surrogate (str): iam username on which access key operations are conducted by another iam user denoted in profile - Returns:
parsed (configParser): object configured with new access key signatures configfile_path (str): os dependent path to awscli credentials file access_key (str): sts access key string secret_key (str): sts secret key string
-
keyup.cli.
create_keyset
(iam_user, profile, surrogate='')[source]¶ - Creates new access key, secret key pair for iam user
- Args:
- access_key (str): AccessKeyId of the keyset to delete
- profile (str): iam user alias in the local awscli config
- surrogate (str): iam username on which access key operations
- are conducted by another iam user denoted in profile
- Returns:
- Success | Failure, TYPE: bool, aws access keys (dict)
-
keyup.cli.
delete_keyset
(access_key, profile, surrogate='')[source]¶ - Deletes oldest access key credentials associated with a user
- Args:
- access_key (str): AccessKeyId of the keyset to delete
- profile (str): iam user alias in the local awscli config
- surrogate (str): iam username on which access key operations
- are conducted by another iam user denoted in profile
- Returns:
- TYPE: bool, Success | Failure
-
keyup.cli.
get_current_key
(profile_name, surrogate='')[source]¶ - Extracts the STS AccessKeyId currently utilised in user’s profile in the local awscli configuration
- Args:
- profile_name: a username in local awscli profile
- Returns:
- key_id (str): Amazon STS AccessKeyId
- Raises:
- Exception if profile_name not found in config
Displays help menu contents
-
keyup.cli.
main
(operation, profile, auto, debug, user_name='')[source]¶ End-to-end renew of access keys for a specific profile in local awscli config
-
keyup.cli.
options
(parser, help_menu=False)[source]¶ - Parse cli parameter options
- Returns:
- TYPE: argparse object, parser argument set
-
keyup.cli.
parse_awscli
()[source]¶ - Parse, update local awscli config credentials
- Args:
user (str): USERNAME, only required when run on windows os - Returns:
- TYPE: configparser object, parsed config file
-
keyup.cli.
remove_temporary_credentials
(config_object, prefix='', profiles=False)[source]¶ - Filers temporary credentials from the list of profilenames present in the local awscli configuration
- Args:
config_object (configParser object): object containing profilenames from the local awscli credentials file prefix (str): any prefix prepended to profilenames to indicate temporary role credentials in the local awscli credentials file profiles (bool): flag indicating return of a profilename list instead of - Returns:
- configParser object | profilename list (list)
-
keyup.cli.
set_keyset
(access_key, secret_key, clear=False)[source]¶ - Sets new access keys in memory to execute requests to Amazon APIs during rewrite of local awscli credentials filename
- Args:
clear (bool): reset keys set as env variables, if present
- Discover alterate location for awscli shared credentials file
- Returns:
- TYPE: str, Full path of shared credentials file, if exists
-
keyup.cli.
write_keyset
(configparser_obj, filename, debug=False)[source]¶ - Write out new awscli credentials to local config
- Args:
- configparser_obj (configparser): parsed awscli config containing new keyset
- filename (str): path to file to which keyset written
- debug (bool): debug flag
- Returns:
- TYPE: bool, Success | Failure
-
keyup.cli.
write_keyset_backup
(keys, user, quiet)[source]¶ - Writes newly created keyset to disk provided configuration file flag set:
- Args:
keys: New keyset object quiet: When set, supresses all output to stdout - Returns:
- TYPE: bool, Success | Failure
keyup.colors module¶
- Summary:
- ANSI color and formatting code class See: http://www.lihaoyi.com/post/BuildyourownCommandLinewithANSIescapecodes.html#256-colors
- Args:
- None
- Returns:
- ansi codes
- Raises:
- None. AttributeError if no code match returns the reset ansi codes
-
class
keyup.colors.
Colors
[source]¶ Bases:
object
Class attributes provide different format variations
-
AQUA
= '\x1b[38;5;14m'¶
-
BKGND_BLACK
= '\x1b[40m'¶
-
BKGND_BLUE
= '\x1b[44m'¶
-
BKGND_BRIGHT_BLACK
= '\x1b[40;1m'¶
-
BKGND_BRIGHT_BLUE
= '\x1b[44;1m'¶
-
BKGND_BRIGHT_CYAN
= '\x1b[46;1m'¶
-
BKGND_BRIGHT_GREEN
= '\x1b[42;1m'¶
-
BKGND_BRIGHT_MAGENTA
= '\x1b[45;1m'¶
-
BKGND_BRIGHT_RED
= '\x1b[41;1m'¶
-
BKGND_BRIGHT_WHITE
= '\x1b[47;1m'¶
-
BKGND_BRIGHT_YELLOW
= '\x1b[43;1m'¶
-
BKGND_CYAN
= '\x1b[46m'¶
-
BKGND_GREEN
= '\x1b[42m'¶
-
BKGND_MAGENTA
= '\x1b[45m'¶
-
BKGND_RED
= '\x1b[41m'¶
-
BKGND_WHITE
= '\x1b[47m'¶
-
BKGND_WHITE_BOLD
= '\x1b[47;1m'¶
-
BKGND_YELLOW
= '\x1b[43m'¶
-
BLUE
= '\x1b[94m'¶
-
BOLD
= '\x1b[1m'¶
-
BRIGHTBLUE
= '\x1b[38;5;51m'¶
-
BRIGHTCYAN
= '\x1b[38;5;36m'¶
-
BRIGHTGREEN
= '\x1b[38;5;95;38;5;46m'¶
-
BRIGHTPURPLE
= '\x1b[38;5;68m'¶
-
BRIGHTRED
= '\x1b[31;1m'¶
-
BRIGHTWHITE
= '\x1b[38;5;15m'¶
-
BRIGHTYELLOW
= '\x1b[38;5;11m'¶
-
BRIGHTYELLOW2
= '\x1b[38;5;95;38;5;226m'¶
-
BRIGHTYELLOWGREEN
= '\x1b[38;5;95;38;5;155m'¶
-
CYAN
= '\x1b[96m'¶
-
DARKBLUE
= '\x1b[38;5;95;38;5;24m'¶
-
DARKCYAN
= '\x1b[36m'¶
-
DARKGRAY1
= '\x1b[90m'¶
-
DARKGRAY2
= '\x1b[38;5;95;38;5;8m'¶
-
DARKGREEN
= '\x1b[38;5;2m'¶
-
END
= '\x1b[0m'¶
-
GREEN
= '\x1b[92m'¶
-
ITALIC
= '\x1b[3m'¶
-
LT1GRAY
= '\x1b[38;5;95;38;5;245m'¶
-
LT2GRAY
= '\x1b[38;5;249m'¶
-
ORANGE
= '\x1b[38;5;95;38;5;214m'¶
-
PURPLE
= '\x1b[95m'¶
-
RED
= '\x1b[91m'¶
-
RESET
= '\x1b[0;0m'¶
-
REVERSE
= '\x1b[;7m'¶
-
TITLE
= '\x1b[4m\x1b[1m'¶
-
UNBOLD
= '\x1b[22m'¶
-
UNDERLINE
= '\x1b[4m'¶
-
URL
= '\x1b[4m\x1b[96m'¶
-
WHITE
= '\x1b[37m'¶
-
WHITEGRAY
= '\x1b[38;5;95;38;5;250m'¶
-
YELLOW
= '\x1b[93m'¶
-
keyup.configuration module¶
- Summary.
- local_config Module, creates local config file (json) to override default values set in statics module
- Module Attributes:
- current_config (TYPE str):
- JSON object resulting from parsing an existing local config file. If no config file exists, object is the starting seed schema stored in statics module
- config_file (TYPE str):
- Path to local config file, usually found in ~/.config/PACKAGE/config.json
- logger (TYPE logging obj):
- system logger, output set by log_mode project-level attribute
- user_home (TYPE str):
- os-specific path to home directory determined in statics module
-
class
keyup.configuration.
UpdateConfig
(local_file, update=False, debug=False)[source]¶ Bases:
object
Class def for parsing, update, and writing of local fs configuration file
-
assemble
(arg_dict)[source]¶ Summary.
Assembles new parameters in json format for write to new conf file- Returns:
local_config (json): json schema of configuration parameters to be written to local filesystem as new keyup configuration file
-
preload_parameters
(current_config)[source]¶ Summary.
preloads existing configuration parameters or loads defaults if no preexisting local config file
-
-
keyup.configuration.
converge_answer
(question, choices, answer='')[source]¶ - Summary:
- prompt user for input until answer in appropriate responses received
- Args:
answer (str): user response to question choices (list): list of valid responses. Responses are strings - Returns:
valid answer (str): valid response from choices
-
keyup.configuration.
display_table
(header, title=False, alignment='c', border=True, offset=45, tabspaces=4, color='\x1b[94m')[source]¶ Print Table Object offset from left by tabspaces
-
keyup.configuration.
exit_processing
(code=None, clear=False)[source]¶ Reset terminal screen colors on exit
-
keyup.configuration.
init
(debug=False, cfg=None)[source]¶ - Summary:
- Initiates read, write, or update of local_config file
- Args:
debug (bool): debug flag cfg (str): path to fs object containing project k,v config parameters - Returns:
- TYPE: bool, Success | Failure
-
keyup.configuration.
remove_trailing_slash
(path)[source]¶ Removes a trailing slash from provided fs path
-
keyup.configuration.
set_writeable_location
(default_location, header, message, confirmation_msg)[source]¶ - Summary:
- Takes user input for filesystem location.
- Tests to ensure location is writable
- Removes trailing slash (if applicable)
- Args:
default_location (str): filesystem location if no user input header (str): Header question/title to print prior to user input message (str): Message to solicit user input confirmation_msg (str): Display text after user input accepted - Returns:
fs_location (str): writeable filesystem path
-
keyup.configuration.
validate_fs_location
(path)[source]¶ - Summary:
- Validate existence of a path or create it
- Args:
path (str): - Returns:
- Success | Failure, TYPE: bool
keyup.keyconfig module¶
- Summary:
- Display module of configuration file contents
-
keyup.keyconfig.
display_content
(data_object, halt=False)[source]¶ - Summary:
- Display contents of object correctly whether display on a terminal (tty) or redirected to a file
-
keyup.keyconfig.
is_tty
()[source]¶ - Summary:
- Determines if output is displayed to the screen or redirected
- Returns:
- True if tty terminal | False is redirected, TYPE: bool
-
keyup.keyconfig.
option_configure
(debug=False, path=None)[source]¶ - Summary:
- Initiate configuration menu to customize keyup runtime options.
Console script
`keyconfig`
invokes this option_configure directly in debug mode to display the contents of the local config file (if exists) - Args:
path (str): full path to default local configuration file location debug (bool): debug flag, when True prints out contents of local config file - Returns:
- TYPE (bool): Configuration Success | Failure
keyup.logd module¶
- Summary:
- Project-level logging module
-
keyup.logd.
getLogger
(*args, **kwargs)[source]¶ - Summary:
- custom format logger
- Args:
mode (str): The Logger module supprts the following log modes:
- log to console / stdout. Log_mode = ‘stream’
- log to file
- log to system logger (syslog)
- Returns:
- logging object | TYPE: logging singleton
-
keyup.logd.
logprep
(mode)[source]¶ - Summary:
- prerequisites for logging to file mode
- Args:
mode (str): valid value is ‘FILE’; parameter used for logging type validation only - Return:
- Success | Failure, TYPE: bool
keyup.map module¶
- Summary:
- Mapping Module
- maps profile names from local awscli to iam usernames in AWS Account
-
keyup.map.
map_iam_username
(username, profilename)[source]¶ - Summary:
- Triangulates if provided username is a profile name from local awscli configuration or an IAM username from AWS
- Returns:
- IAM username (str)
-
keyup.map.
map_identity
(profile)[source]¶ - Summary:
- retrieves iam user info for profiles in awscli config
- Args:
user (str): string, local profile user from which the current boto3 session object created - Returns:
iam_user (str): AWS iam user corresponding to the provided profile user in local config
keyup.statics module¶
Summary.
keyup Project-level Defaults and Settings
- Local Default Settings: Local defaults for your specific installation are derived from settings found in:
~/.config/keyup/config.json
- Module Attributes:
- user_home (TYPE str):
$HOME environment variable, present for most Unix and Unix-like POSIX systems
- config_dir (TYPE str):
directory name default for stsaval config files (.stsaval)
- config_path (TYPE str):
default for stsaval config files, includes config_dir (~/.stsaval)
- key_deprecation (TYPE str):
Deprecation logic that keyup uses when 2 keys exist for a user.
2 values possible:
- ‘AGE’: keyup deprecates based on age, replacing the oldest key
- ‘AWSCLI’: keyup replaces keys currently in the local awscli config
-
keyup.statics.
import_file_object
(filename)[source]¶ - Summary:
- Imports block filesystem object
- Args:
filename (str): block filesystem object - Returns:
- dictionary obj (valid json file), file data object
-
keyup.statics.
os_parityPath
(path)[source]¶ Converts unix paths to correct windows equivalents. Unix native paths remain unchanged (no effect)
-
keyup.statics.
read_local_config
(cfg)[source]¶ Parses local config file for override values
- Args:
local_file (str): filename of local config file - Returns:
- dict object of values contained in local config file
keyup.thread_progress module¶
-
class
keyup.thread_progress.
ProgressBarThread
(label='Working', delay=0.1, cycles=500)[source]¶ Bases:
threading.Thread
-
run
()[source]¶ Method representing the thread’s activity.
You may override this method in a subclass. The standard run() method invokes the callable object passed to the object’s constructor as the target argument, if any, with sequential and keyword arguments taken from the args and kwargs arguments, respectively.
-
-
class
keyup.thread_progress.
SpinnerThread
(label='Working', delay=0.2)[source]¶ Bases:
threading.Thread
-
run
()[source]¶ Method representing the thread’s activity.
You may override this method in a subclass. The standard run() method invokes the callable object passed to the object’s constructor as the target argument, if any, with sequential and keyword arguments taken from the args and kwargs arguments, respectively.
-
keyup.iam_operations module¶
Summary.
Prints iam usernames from local awscli configuration. A usernames may be omitted from the output simply by listing them with a space between them after the call:
$ python3 iam_users.py default
Returns:
Will return all iam usernames in the local configuration except the default user (username “default”)
-
keyup.iam_operations.
awscli_profiles
(conf)[source]¶ Summary.
Returns IAM usernames from local awscli configuration
-
keyup.iam_operations.
create_userlist
(content, exclusions)[source]¶ - Summary:
- Return usernames from configParser object if not in the exclusion list
- Args:
- content (configParser object): local awscli credentials file parsed content exclusions (list): profilenames to be excluded from return
- Returns:
- list of profile names from localhost awscli configuration
- Summary:
- Discover alterate location for awscli shared credentials file
- Returns:
- TYPE: str, Full path of shared credentials file, if exists
-
keyup.iam_operations.
temporary_profilenames
(conf, exclusions=[])[source]¶ - Summary:
- Return usernames from configParser object which represent temporary (iam role) credentials
- Args:
conf (str): path to awscli credentials file exclusions (list): profilenames to be excluded from return - Returns:
- temporary profile names (role names) from localhost awscli configuration TYPE: str
keyup.list_ops module¶
- Summary.
- List iam keyset operations (read-only)
-
keyup.list_ops.
list_keys
(account, profile, iam_user, surrogate='', stage=None, quiet=False)[source]¶ - Summary.
- Displays iam user available access keys
- Args:
account (str): AWS account number profile (str): name of the iam user for which we are interrogating keys iam_user (str): name of the iam user which corresponds to profile name from local awscli configuration surrogate (str): name of profile user used to execute key operations in place of the profile user stage (str): stage of key rotation; ie, either BEFORE | AFTER rotation quiet (bool): No output to stdout (True) | Show output (False) - Returns:
- TYPE: list, AccessKeyIds listed for the IAM user
-
keyup.list_ops.
query_keyinfo
(account, profile, surrogate='', quiet=False)[source]¶ - Summary.
- boto3 client instantiation and error handling
- Args:
account (str): AWS account number profile (str): name of the iam user for which we are interrogating keys surrogate (str): name of profile user used to execute key operations in place of the profile user quiet (bool): No output to stdout (True) | Show output (False) - Returns:
- boto3 response, TYPE: dict
keyup.script_utils module¶
Command-line Interface (CLI) Utilities Module
- Module Functions:
- bool_assignment:
- set bool depending up user answer from stdin
- config_init:
- Initializes config file if none exists
- debug_mode:
- Provide additional log output for debugging
- read_local_config:
- parse local config file
-
keyup.script_utils.
bool_assignment
(arg, patterns=None)[source]¶ - Summary:
- Enforces correct bool argment assignment
- Arg:
arg (*): arg which must be interpreted as either bool True or False - Returns:
- bool assignment | TYPE: bool
-
keyup.script_utils.
config_init
(config_file, json_config_obj, config_dirname=None)[source]¶ - Summary:
- Creates local config from JSON seed template
- Args:
config_file (str): filesystem object containing json dict of config values json_config_obj (json): data to be written to config_file config_dirname (str): dir name containing config_file - Returns:
- TYPE: bool, Success | Failure
-
keyup.script_utils.
import_file_object
(filename)[source]¶ - Summary:
- Imports block filesystem object
- Args:
filename (str): block filesystem object - Returns:
- dictionary obj (valid json file), file data object
-
keyup.script_utils.
read_local_config
(cfg)[source]¶ Parses local config file for override values
- Args:
local_file (str): filename of local config file - Returns:
- dict object of values contained in local config file
keyup.oscodes_unix module¶
- Standard OS Module Exit Codes
- Module Attributes:
- exit_codes (dict): exit error codes for Unix, Linux
keyup.oscodes_win module¶
- Standard OS Module Exit Codes
- Module Attributes:
- exit_codes (dict): exist error codes for Microsoft Windows