Module List

• keyup.cauth module
• keyup.cli module
• keyup.colors module
• keyup.configuration module
• keyup.logd module
• keyup.help_menu module
• keyup.keyconfig module
• keyup.map module
• keyup.menu module
• keyup.statics module
• keyup.thread_progress module
• keyup.iam_operations module
• keyup.script_utils module
• keyup.list_ops module
• keyup.oscodes_unix module
• keyup.oscodes_win module

---

keyup.cauth module

Key Report Generation Module:

• Centralized authentication module for producing Key Report
• Uses threading for concurrent processing

Module Functions:

• convert:

  Converts time units to hours

• discover_account_affiliations:

  maps awscli profile users to corresponding iam user ids

• expired_keys:

  determines if an access keyset is aged beyond max age value in keyup’s configuration file

• display_table:

  renders vpt table to cli stdout

class keyup.cauth.authentication(profile)

Bases: object

class def for generation and retention of a single set of credentials for generating key-report via a single iam user priviledges

generate_token(user)

keyup.cauth.convert(dt)

Convert days to hours

keyup.cauth.discover_account_affiliations()

Associates each profile name in local awscli configuration to an iam username and an AWS Account Number

Returns:

affiliation info, TYPE: dict

keyup.cauth.display_skipped(iam_users)

Display iam users exceptions skipped in the key report

keyup.cauth.display_table(table, exceptions, tabspaces=4)

Print Table Object offset from left by tabspaces

keyup.cauth.expired_keys(dt)

Convert datetime objects into human readable

keyup.cauth.format_remaining(days: int)

Formats days remaining value

Returns:

days (int) with appropriate color, spacing format applied

keyup.cauth.prepare_reportdata(debug=False)

Prints out key expiration info for all profilenames associated with the primary profilename given to access the account information

keyup.cauth.print_header(title, indent=4, spacing=4)

Paints title header grid of a vpt Table

keyup.cauth.setup_table(user_data, exception_list)

Renders Table containing data elements via cli stdout

keyup.cauth.source_globals()

global environment variable definitions

keyup.cauth.spacing(days)

keyup.cauth.time_remaining(dt)

Calculate the days until expiration

keyup.cauth.truncate_fields(element)

Truncates table field data to align with max column width

Returns:

truncated element, TYPE: dict or str

Module List

---

keyup.cli module

Summary:

keyup (python3) | Scripted rotation of access keys for an IAM User.

• Display of key report showing key metadata
• Creation of new access keys
• Keyset installation in awscli local config
• Deletion of deprecated keyset

Author:

Blake Huber Copyright Blake Huber, All Rights Reserved.

License:

GNU General Public License v3.0 (GPL-3) Additional terms may be found in the complete license agreement: https://bitbucket.org/blakeca00/keyup/src/master/LICENSE.txt

OS Support:

• RedHat Linux, Amazon Linux, Ubuntu & variants
• Windows 7+

Dependencies:

• Requires python3, tested under py3.5 and py3.6

class keyup.cli.SetLogging(mode, disable=False)

Bases: object

Initializes project level logging

Args:

• mode (str): log_mode, either ‘stream’ or ‘FILE’
• disable (bool): when True, disables logging output

Returns:

TYPE: bool, Success | Failure

set(mode, disable)

create logger object, enable or disable logging

keyup.cli.clean_config(quiet)

Test local awscli config for Active temporary credentails

Args:

credentials_file (str):  location of local awscli credentials file config (configParser obj):  GLOBAL object representing parsed awscli credentials file

Returns:

TYPE: bool, Success | Failure

Note

Conditions when clean_config returns False (Failure):

If parsed_config contains active credentials, key rotation prohibited and keyup will exit.

If parsed_config contains inactive credentials, clean_config returns bool True and key rotation proceeds

keyup.cli.configure_keyset(keyset, profile, surrogate='')

Parses local awscli config and reconfigures it with newly created access keys

Args:

keyset (json):access keys, newly created profile (str):iam user alias in the local awscli config surrogate (str):  iam username on which access key operations are conducted by another iam user denoted in profile

Returns:

parsed (configParser):  object configured with new access key signatures configfile_path (str):  os dependent path to awscli credentials file access_key (str):  sts access key string secret_key (str):  sts secret key string

keyup.cli.create_keyset(iam_user, profile, surrogate='')

Creates new access key, secret key pair for iam user

Args:

• access_key (str): AccessKeyId of the keyset to delete
• profile (str): iam user alias in the local awscli config

• surrogate (str): iam username on which access key operations

  are conducted by another iam user denoted in profile

Returns:

Success | Failure, TYPE: bool, aws access keys (dict)

keyup.cli.delete_keyset(access_key, profile, surrogate='')

Deletes oldest access key credentials associated with a user

Args:

• access_key (str): AccessKeyId of the keyset to delete
• profile (str): iam user alias in the local awscli config

• surrogate (str): iam username on which access key operations

  are conducted by another iam user denoted in profile

Returns:

TYPE: bool, Success | Failure

keyup.cli.get_current_key(profile_name, surrogate='')

Extracts the STS AccessKeyId currently utilised in user’s profile in the local awscli configuration

Args:

profile_name: a username in local awscli profile

Returns:

key_id (str): Amazon STS AccessKeyId

Raises:

Exception if profile_name not found in config

keyup.cli.help_menu()

Displays help menu contents

keyup.cli.init()

Caller function; initializes all functionality

keyup.cli.main(operation, profile, auto, debug, user_name='')

End-to-end renew of access keys for a specific profile in local awscli config

keyup.cli.options(parser, help_menu=False)

Parse cli parameter options

Returns:

TYPE: argparse object, parser argument set

keyup.cli.package_version()

Prints package version and requisite PACKAGE info

keyup.cli.parse_awscli()

Parse, update local awscli config credentials

Args:

user (str):USERNAME, only required when run on windows os

Returns:

TYPE: configparser object, parsed config file

keyup.cli.precheck()

Verify project runtime dependencies

keyup.cli.remove_temporary_credentials(config_object, prefix='', profiles=False)

Filers temporary credentials from the list of profilenames present in the local awscli configuration

Args:

config_object (configParser object):  object containing profilenames from the local awscli credentials file prefix (str):any prefix prepended to profilenames to indicate temporary role credentials in the local awscli credentials file profiles (bool):  flag indicating return of a profilename list instead of

Returns:

configParser object | profilename list (list)

keyup.cli.set_keyset(access_key, secret_key, clear=False)

Sets new access keys in memory to execute requests to Amazon APIs during rewrite of local awscli credentials filename

Args:

clear (bool):reset keys set as env variables, if present

keyup.cli.set_logging(cfg_obj)

Enable or disable logging per config object parameter

keyup.cli.shared_credentials_location()

Discover alterate location for awscli shared credentials file

Returns:

TYPE: str, Full path of shared credentials file, if exists

keyup.cli.source_globals()

Source all global variable definitions here

keyup.cli.write_keyset(configparser_obj, filename, debug=False)

Write out new awscli credentials to local config

Args:

• configparser_obj (configparser): parsed awscli config containing new keyset
• filename (str): path to file to which keyset written
• debug (bool): debug flag

Returns:

TYPE: bool, Success | Failure

keyup.cli.write_keyset_backup(keys, user, quiet)

Writes newly created keyset to disk provided configuration file flag set:

Args:

keys:New keyset object quiet:When set, supresses all output to stdout

Returns:

TYPE: bool, Success | Failure

Module List

---

keyup.colors module

Summary:

ANSI color and formatting code class See: http://www.lihaoyi.com/post/BuildyourownCommandLinewithANSIescapecodes.html#256-colors

Args:

None

Returns:

ansi codes

Raises:

None. AttributeError if no code match returns the reset ansi codes

class keyup.colors.Colors

Bases: object

Class attributes provide different format variations

AQUA = '\x1b[38;5;14m'

BKGND_BLACK = '\x1b[40m'

BKGND_BLUE = '\x1b[44m'

BKGND_BRIGHT_BLACK = '\x1b[40;1m'

BKGND_BRIGHT_BLUE = '\x1b[44;1m'

BKGND_BRIGHT_CYAN = '\x1b[46;1m'

BKGND_BRIGHT_GREEN = '\x1b[42;1m'

BKGND_BRIGHT_MAGENTA = '\x1b[45;1m'

BKGND_BRIGHT_RED = '\x1b[41;1m'

BKGND_BRIGHT_WHITE = '\x1b[47;1m'

BKGND_BRIGHT_YELLOW = '\x1b[43;1m'

BKGND_CYAN = '\x1b[46m'

BKGND_GREEN = '\x1b[42m'

BKGND_MAGENTA = '\x1b[45m'

BKGND_RED = '\x1b[41m'

BKGND_WHITE = '\x1b[47m'

BKGND_WHITE_BOLD = '\x1b[47;1m'

BKGND_YELLOW = '\x1b[43m'

BLUE = '\x1b[94m'

BOLD = '\x1b[1m'

BRIGHTBLUE = '\x1b[38;5;51m'

BRIGHTCYAN = '\x1b[38;5;36m'

BRIGHTGREEN = '\x1b[38;5;95;38;5;46m'

BRIGHTPURPLE = '\x1b[38;5;68m'

BRIGHTRED = '\x1b[31;1m'

BRIGHTWHITE = '\x1b[38;5;15m'

BRIGHTYELLOW = '\x1b[38;5;11m'

BRIGHTYELLOW2 = '\x1b[38;5;95;38;5;226m'

BRIGHTYELLOWGREEN = '\x1b[38;5;95;38;5;155m'

CYAN = '\x1b[96m'

DARKBLUE = '\x1b[38;5;95;38;5;24m'

DARKCYAN = '\x1b[36m'

DARKGRAY1 = '\x1b[90m'

DARKGRAY2 = '\x1b[38;5;95;38;5;8m'

DARKGREEN = '\x1b[38;5;2m'

END = '\x1b[0m'

GREEN = '\x1b[92m'

ITALIC = '\x1b[3m'

LT1GRAY = '\x1b[38;5;95;38;5;245m'

LT2GRAY = '\x1b[38;5;249m'

ORANGE = '\x1b[38;5;95;38;5;214m'

PURPLE = '\x1b[95m'

RED = '\x1b[91m'

RESET = '\x1b[0;0m'

REVERSE = '\x1b[;7m'

TITLE = '\x1b[4m\x1b[1m'

UNBOLD = '\x1b[22m'

UNDERLINE = '\x1b[4m'

URL = '\x1b[4m\x1b[96m'

WHITE = '\x1b[37m'

WHITEGRAY = '\x1b[38;5;95;38;5;250m'

YELLOW = '\x1b[93m'

Module List

---

keyup.configuration module

Summary.

local_config Module, creates local config file (json) to override default values set in statics module

Module Attributes:

• current_config (TYPE str):

  JSON object resulting from parsing an existing local config file. If no config file exists, object is the starting seed schema stored in statics module

• config_file (TYPE str):

  Path to local config file, usually found in ~/.config/PACKAGE/config.json

• logger (TYPE logging obj):

  system logger, output set by log_mode project-level attribute

• user_home (TYPE str):

  os-specific path to home directory determined in statics module

class keyup.configuration.ReadConfig(local_file='')

Bases: object

read(cfg='')

reads values from local config file

class keyup.configuration.UpdateConfig(local_file, update=False, debug=False)

Bases: object

Class def for parsing, update, and writing of local fs configuration file

assemble(arg_dict)

Summary.

Assembles new parameters in json format for write to new conf file

Returns:

local_config (json):  json schema of configuration parameters to be written to local filesystem as new keyup configuration file

config_directory(cfg)

Checks config_path to ensure directories exist; if not create

preload_parameters(current_config)

Summary.

preloads existing configuration parameters or loads defaults if no preexisting local config file

print_header(header)

prints header strings to stdout

update(cfg, debug=False)

Summary.

updates values in local config file

Args:

cfg (configParser object):  parsed local awscli credentials file debug (boot):debug flag

Returns:

TYPE: bool, update Success | Failure

write_config(parameter_dict, cfg)

create new config file

keyup.configuration.converge_answer(question, choices, answer='')

Summary:

prompt user for input until answer in appropriate responses received

Args:

answer (str):user response to question choices (list):list of valid responses. Responses are strings

Returns:

valid answer (str):  valid response from choices

keyup.configuration.display_table(header, title=False, alignment='c', border=True, offset=45, tabspaces=4, color='\x1b[94m')

Print Table Object offset from left by tabspaces

keyup.configuration.exit_processing(code=None, clear=False)

Reset terminal screen colors on exit

keyup.configuration.expand_home_path(path)

Substitute ~ for actual home path

keyup.configuration.init(debug=False, cfg=None)

Summary:

Initiates read, write, or update of local_config file

Args:

debug (bool):debug flag cfg (str):path to fs object containing project k,v config parameters

Returns:

TYPE: bool, Success | Failure

keyup.configuration.remove_trailing_slash(path)

Removes a trailing slash from provided fs path

keyup.configuration.set_writeable_location(default_location, header, message, confirmation_msg)

Summary:

• Takes user input for filesystem location.
• Tests to ensure location is writable
• Removes trailing slash (if applicable)

Args:

default_location (str):  filesystem location if no user input header (str):Header question/title to print prior to user input message (str):Message to solicit user input confirmation_msg (str):  Display text after user input accepted

Returns:

fs_location (str):  writeable filesystem path

keyup.configuration.validate_fs_location(path)

Summary:

Validate existence of a path or create it

Args:

path (str):

Returns:

Success | Failure, TYPE: bool

Module List

---

keyup.help_menu module

Help Menu

Help menu object containing body of help content. For printing with formatting

Module List

---

keyup.keyconfig module

Summary:

Display module of configuration file contents

keyup.keyconfig.display_content(data_object, halt=False)

Summary:

Display contents of object correctly whether display on a terminal (tty) or redirected to a file

keyup.keyconfig.is_tty()

Summary:

Determines if output is displayed to the screen or redirected

Returns:

True if tty terminal | False is redirected, TYPE: bool

keyup.keyconfig.option_configure(debug=False, path=None)

Summary:

Initiate configuration menu to customize keyup runtime options. Console script `keyconfig` invokes this option_configure directly in debug mode to display the contents of the local config file (if exists)

Args:

path (str):full path to default local configuration file location debug (bool):debug flag, when True prints out contents of local config file

Returns:

TYPE (bool): Configuration Success | Failure

Module List

---

keyup.logd module

Summary:

Project-level logging module

keyup.logd.getLogger(*args, **kwargs)

Summary:

custom format logger

Args:

mode (str): The Logger module supprts the following log modes:

• log to console / stdout. Log_mode = ‘stream’
• log to file
• log to system logger (syslog)

Returns:

logging object | TYPE: logging singleton

keyup.logd.logprep(mode)

Summary:

prerequisites for logging to file mode

Args:

mode (str):valid value is ‘FILE’; parameter used for logging type validation only

Return:

Success | Failure, TYPE: bool

keyup.logd.mode_assignment(mode)

Translates arg to enforce proper assignment

Module List

---

keyup.map module

Summary:

• Mapping Module
• maps profile names from local awscli to iam usernames in AWS Account

keyup.map.map_iam_username(username, profilename)

Summary:

Triangulates if provided username is a profile name from local awscli configuration or an IAM username from AWS

Returns:

IAM username (str)

keyup.map.map_identity(profile)

Summary:

retrieves iam user info for profiles in awscli config

Args:

user (str):string, local profile user from which the current boto3 session object created

Returns:

iam_user (str):AWS iam user corresponding to the provided profile user in local config

Module List

---

keyup.menu module

Curses-menu

keyup.menu.main()

Builds main menu, branches to submenus

keyup.menu.selection_menu_example()

keyup.menu.submenu_backup(menu_obj)

keyup.menu.submenu_logging(menu_obj)

Module List

---

keyup.statics module

Summary.

keyup Project-level Defaults and Settings

• Local Default Settings: Local defaults for your specific installation are derived from settings found in:

~/.config/keyup/config.json

Module Attributes:

• user_home (TYPE str):

  $HOME environment variable, present for most Unix and Unix-like POSIX systems

• config_dir (TYPE str):

  directory name default for stsaval config files (.stsaval)

• config_path (TYPE str):

  default for stsaval config files, includes config_dir (~/.stsaval)

• key_deprecation (TYPE str):

  Deprecation logic that keyup uses when 2 keys exist for a user.

  2 values possible:

  • ‘AGE’: keyup deprecates based on age, replacing the oldest key
  • ‘AWSCLI’: keyup replaces keys currently in the local awscli config

keyup.statics.import_file_object(filename)

Summary:

Imports block filesystem object

Args:

filename (str):block filesystem object

Returns:

dictionary obj (valid json file), file data object

keyup.statics.os_parityPath(path)

Converts unix paths to correct windows equivalents. Unix native paths remain unchanged (no effect)

keyup.statics.read_local_config(cfg)

Parses local config file for override values

Args:

local_file (str):  filename of local config file

Returns:

dict object of values contained in local config file

Module List

---

keyup.thread_progress module

class keyup.thread_progress.ProgressBarThread(label='Working', delay=0.1, cycles=500)

Bases: threading.Thread

run()

Method representing the thread’s activity.

You may override this method in a subclass. The standard run() method invokes the callable object passed to the object’s constructor as the target argument, if any, with sequential and keyword arguments taken from the args and kwargs arguments, respectively.

start()

Start the thread’s activity.

It must be called at most once per thread object. It arranges for the object’s run() method to be invoked in a separate thread of control.

This method will raise a RuntimeError if called more than once on the same thread object.

stop()

class keyup.thread_progress.SpinnerThread(label='Working', delay=0.2)

Bases: threading.Thread

run()

Method representing the thread’s activity.

You may override this method in a subclass. The standard run() method invokes the callable object passed to the object’s constructor as the target argument, if any, with sequential and keyword arguments taken from the args and kwargs arguments, respectively.

start()

Start the thread’s activity.

It must be called at most once per thread object. It arranges for the object’s run() method to be invoked in a separate thread of control.

This method will raise a RuntimeError if called more than once on the same thread object.

stop()

Module List

---

keyup.iam_operations module

Summary.

Prints iam usernames from local awscli configuration. A usernames may be omitted from the output simply by listing them with a space between them after the call:

$ python3 iam_users.py default

Returns:

Will return all iam usernames in the local configuration except the default user (username “default”)

keyup.iam_operations.awscli_profiles(conf)

Summary.

Returns IAM usernames from local awscli configuration

keyup.iam_operations.create_userlist(content, exclusions)

Summary:

Return usernames from configParser object if not in the exclusion list

Args:

content (configParser object): local awscli credentials file parsed content exclusions (list): profilenames to be excluded from return

Returns:

list of profile names from localhost awscli configuration

keyup.iam_operations.iam_users(profile)

keyup.iam_operations.local_profilenames(exceptions=[])

keyup.iam_operations.print_profiles(config, args)

Execution when no parameters provided

keyup.iam_operations.shared_credentials_location()

Summary:

Discover alterate location for awscli shared credentials file

Returns:

TYPE: str, Full path of shared credentials file, if exists

keyup.iam_operations.temporary_profilenames(conf, exclusions=[])

Summary:

Return usernames from configParser object which represent temporary (iam role) credentials

Args:

conf (str):path to awscli credentials file exclusions (list):  profilenames to be excluded from return

Returns:

temporary profile names (role names) from localhost awscli configuration TYPE: str

Module List

---

keyup.list_ops module

Summary.

List iam keyset operations (read-only)

keyup.list_ops.list_keys(account, profile, iam_user, surrogate='', stage=None, quiet=False)

Summary.

Displays iam user available access keys

Args:

account (str):AWS account number profile (str):name of the iam user for which we are interrogating keys iam_user (str):name of the iam user which corresponds to profile name from local awscli configuration surrogate (str):  name of profile user used to execute key operations in place of the profile user stage (str):stage of key rotation; ie, either BEFORE | AFTER rotation quiet (bool):No output to stdout (True) | Show output (False)

Returns:

TYPE: list, AccessKeyIds listed for the IAM user

keyup.list_ops.query_keyinfo(account, profile, surrogate='', quiet=False)

Summary.

boto3 client instantiation and error handling

Args:

account (str):AWS account number profile (str):name of the iam user for which we are interrogating keys surrogate (str):  name of profile user used to execute key operations in place of the profile user quiet (bool):No output to stdout (True) | Show output (False)

Returns:

boto3 response, TYPE: dict

Module List

---

keyup.script_utils module

Command-line Interface (CLI) Utilities Module

Module Functions:

• bool_assignment:

  set bool depending up user answer from stdin

• config_init:

  Initializes config file if none exists

• debug_mode:

  Provide additional log output for debugging

• read_local_config:

  parse local config file

keyup.script_utils.bool_assignment(arg, patterns=None)

Summary:

Enforces correct bool argment assignment

Arg:

arg (*):arg which must be interpreted as either bool True or False

Returns:

bool assignment | TYPE: bool

keyup.script_utils.config_init(config_file, json_config_obj, config_dirname=None)

Summary:

Creates local config from JSON seed template

Args:

config_file (str):  filesystem object containing json dict of config values json_config_obj (json):  data to be written to config_file config_dirname (str):  dir name containing config_file

Returns:

TYPE: bool, Success | Failure

keyup.script_utils.debug_mode(header, data_object, debug=False, halt=False)

debug output

keyup.script_utils.import_file_object(filename)

Summary:

Imports block filesystem object

Args:

filename (str):block filesystem object

Returns:

dictionary obj (valid json file), file data object

keyup.script_utils.read_local_config(cfg)

Parses local config file for override values

Args:

local_file (str):  filename of local config file

Returns:

dict object of values contained in local config file

Module List

---

keyup.oscodes_unix module

Standard OS Module Exit Codes

• See https://docs.python.org/3.6/library/os.html#process-management

Module Attributes:

• exit_codes (dict): exit error codes for Unix, Linux

Module List

---

keyup.oscodes_win module

Standard OS Module Exit Codes

• See https://docs.python.org/3.6/library/os.html#process-management

Module Attributes:

• exit_codes (dict): exist error codes for Microsoft Windows

Module List

---

Table Of Contents

---