keyup.cauth module

Key Report Generation Module:
  • Centralized authentication module for producing Key Report
  • Uses threading for concurrent processing
Module Functions:
  • convert:
    Converts time units to hours
  • discover_account_affiliations:
    maps awscli profile users to corresponding iam user ids
  • expired_keys:
    determines if an access keyset is aged beyond max age value in keyup’s configuration file
  • display_table:
    renders vpt table to cli stdout
class keyup.cauth.authentication(profile)[source]

Bases: object

class def for generation and retention of a single set of credentials for generating key-report via a single iam user priviledges

generate_token(user)[source]
keyup.cauth.convert(dt)[source]

Convert days to hours

keyup.cauth.discover_account_affiliations()[source]
Associates each profile name in local awscli configuration to an iam username and an AWS Account Number
Returns:
affiliation info, TYPE: dict
keyup.cauth.display_skipped(iam_users)[source]

Display iam users exceptions skipped in the key report

keyup.cauth.display_table(table, exceptions, tabspaces=4)[source]

Print Table Object offset from left by tabspaces

keyup.cauth.expired_keys(dt)[source]

Convert datetime objects into human readable

keyup.cauth.format_remaining(days: int)[source]
Formats days remaining value
Returns:
days (int) with appropriate color, spacing format applied
keyup.cauth.prepare_reportdata(debug=False)[source]

Prints out key expiration info for all profilenames associated with the primary profilename given to access the account information

keyup.cauth.print_header(title, indent=4, spacing=4)[source]

Paints title header grid of a vpt Table

keyup.cauth.setup_table(user_data, exception_list)[source]

Renders Table containing data elements via cli stdout

keyup.cauth.source_globals()[source]

global environment variable definitions

keyup.cauth.spacing(days)[source]
keyup.cauth.time_remaining(dt)[source]

Calculate the days until expiration

keyup.cauth.truncate_fields(element)[source]
Truncates table field data to align with max column width
Returns:
truncated element, TYPE: dict or str

Module List


keyup.cli module

Summary:

keyup (python3) | Scripted rotation of access keys for an IAM User.

  • Display of key report showing key metadata
  • Creation of new access keys
  • Keyset installation in awscli local config
  • Deletion of deprecated keyset
Author:
Blake Huber Copyright Blake Huber, All Rights Reserved.
License:
GNU General Public License v3.0 (GPL-3) Additional terms may be found in the complete license agreement: https://bitbucket.org/blakeca00/keyup/src/master/LICENSE.txt
OS Support:
  • RedHat Linux, Amazon Linux, Ubuntu & variants
  • Windows 7+
Dependencies:
  • Requires python3, tested under py3.5 and py3.6
class keyup.cli.SetLogging(mode, disable=False)[source]

Bases: object

Initializes project level logging
Args:
  • mode (str): log_mode, either ‘stream’ or ‘FILE’
  • disable (bool): when True, disables logging output
Returns:
TYPE: bool, Success | Failure
set(mode, disable)[source]

create logger object, enable or disable logging

keyup.cli.async_caller()[source]

Calls asynchronous functions

keyup.cli.clean_config(quiet)[source]
Test local awscli config for Active temporary credentails
Args:
credentials_file (str):
 location of local awscli credentials file
config (configParser obj):
 GLOBAL object representing parsed awscli credentials file
Returns:
TYPE: bool, Success | Failure

Note

Conditions when clean_config returns False (Failure):

If parsed_config contains active credentials, key rotation prohibited and keyup will exit.

If parsed_config contains inactive credentials, clean_config returns bool True and key rotation proceeds

keyup.cli.configure_keyset(keyset, profile, surrogate='')[source]
Parses local awscli config and reconfigures it with newly created access keys
Args:
keyset (json):access keys, newly created
profile (str):iam user alias in the local awscli config
surrogate (str):
 iam username on which access key operations are conducted by another iam user denoted in profile
Returns:
parsed (configParser):
 object configured with new access key signatures
configfile_path (str):
 os dependent path to awscli credentials file
access_key (str):
 sts access key string
secret_key (str):
 sts secret key string
keyup.cli.create_keyset(iam_user, profile, surrogate='')[source]
Creates new access key, secret key pair for iam user
Args:
  • access_key (str): AccessKeyId of the keyset to delete
  • profile (str): iam user alias in the local awscli config
  • surrogate (str): iam username on which access key operations
    are conducted by another iam user denoted in profile
Returns:
Success | Failure, TYPE: bool, aws access keys (dict)
keyup.cli.delete_keyset(access_key, profile, surrogate='')[source]
Deletes oldest access key credentials associated with a user
Args:
  • access_key (str): AccessKeyId of the keyset to delete
  • profile (str): iam user alias in the local awscli config
  • surrogate (str): iam username on which access key operations
    are conducted by another iam user denoted in profile
Returns:
TYPE: bool, Success | Failure
keyup.cli.get_current_key(profile_name, surrogate='')[source]
Extracts the STS AccessKeyId currently utilised in user’s profile in the local awscli configuration
Args:
profile_name: a username in local awscli profile
Returns:
key_id (str): Amazon STS AccessKeyId
Raises:
Exception if profile_name not found in config
keyup.cli.help_menu()[source]

Displays help menu contents

keyup.cli.init()[source]

Caller function; initializes all functionality

keyup.cli.main(operation, profile, auto, debug, user_name='')[source]

End-to-end renew of access keys for a specific profile in local awscli config

keyup.cli.options(parser, help_menu=False)[source]
Parse cli parameter options
Returns:
TYPE: argparse object, parser argument set
keyup.cli.package_version()[source]

Prints package version and requisite PACKAGE info

keyup.cli.parse_awscli()[source]
Parse, update local awscli config credentials
Args:
user (str):USERNAME, only required when run on windows os
Returns:
TYPE: configparser object, parsed config file
keyup.cli.precheck()[source]

Verify project runtime dependencies

keyup.cli.remove_temporary_credentials(config_object, prefix='', profiles=False)[source]
Filers temporary credentials from the list of profilenames present in the local awscli configuration
Args:
config_object (configParser object):
 object containing profilenames from the local awscli credentials file
prefix (str):any prefix prepended to profilenames to indicate temporary role credentials in the local awscli credentials file
profiles (bool):
 flag indicating return of a profilename list instead of
Returns:
configParser object | profilename list (list)
keyup.cli.set_keyset(access_key, secret_key, clear=False)[source]
Sets new access keys in memory to execute requests to Amazon APIs during rewrite of local awscli credentials filename
Args:
clear (bool):reset keys set as env variables, if present
keyup.cli.set_logging(cfg_obj)[source]

Enable or disable logging per config object parameter

keyup.cli.shared_credentials_location()[source]
Discover alterate location for awscli shared credentials file
Returns:
TYPE: str, Full path of shared credentials file, if exists
keyup.cli.source_globals()[source]

Source all global variable definitions here

keyup.cli.write_keyset(configparser_obj, filename, debug=False)[source]
Write out new awscli credentials to local config
Args:
  • configparser_obj (configparser): parsed awscli config containing new keyset
  • filename (str): path to file to which keyset written
  • debug (bool): debug flag
Returns:
TYPE: bool, Success | Failure
keyup.cli.write_keyset_backup(keys, user, quiet)[source]
Writes newly created keyset to disk provided configuration file flag set:
Args:
keys:New keyset object
quiet:When set, supresses all output to stdout
Returns:
TYPE: bool, Success | Failure

Module List


keyup.colors module

Summary:
ANSI color and formatting code class See: http://www.lihaoyi.com/post/BuildyourownCommandLinewithANSIescapecodes.html#256-colors
Args:
None
Returns:
ansi codes
Raises:
None. AttributeError if no code match returns the reset ansi codes
class keyup.colors.Colors[source]

Bases: object

Class attributes provide different format variations

AQUA = '\x1b[38;5;14m'
BKGND_BLACK = '\x1b[40m'
BKGND_BLUE = '\x1b[44m'
BKGND_BRIGHT_BLACK = '\x1b[40;1m'
BKGND_BRIGHT_BLUE = '\x1b[44;1m'
BKGND_BRIGHT_CYAN = '\x1b[46;1m'
BKGND_BRIGHT_GREEN = '\x1b[42;1m'
BKGND_BRIGHT_MAGENTA = '\x1b[45;1m'
BKGND_BRIGHT_RED = '\x1b[41;1m'
BKGND_BRIGHT_WHITE = '\x1b[47;1m'
BKGND_BRIGHT_YELLOW = '\x1b[43;1m'
BKGND_CYAN = '\x1b[46m'
BKGND_GREEN = '\x1b[42m'
BKGND_MAGENTA = '\x1b[45m'
BKGND_RED = '\x1b[41m'
BKGND_WHITE = '\x1b[47m'
BKGND_WHITE_BOLD = '\x1b[47;1m'
BKGND_YELLOW = '\x1b[43m'
BLUE = '\x1b[94m'
BOLD = '\x1b[1m'
BRIGHTBLUE = '\x1b[38;5;51m'
BRIGHTCYAN = '\x1b[38;5;36m'
BRIGHTGREEN = '\x1b[38;5;95;38;5;46m'
BRIGHTPURPLE = '\x1b[38;5;68m'
BRIGHTRED = '\x1b[31;1m'
BRIGHTWHITE = '\x1b[38;5;15m'
BRIGHTYELLOW = '\x1b[38;5;11m'
BRIGHTYELLOW2 = '\x1b[38;5;95;38;5;226m'
BRIGHTYELLOWGREEN = '\x1b[38;5;95;38;5;155m'
CYAN = '\x1b[96m'
DARKBLUE = '\x1b[38;5;95;38;5;24m'
DARKCYAN = '\x1b[36m'
DARKGRAY1 = '\x1b[90m'
DARKGRAY2 = '\x1b[38;5;95;38;5;8m'
DARKGREEN = '\x1b[38;5;2m'
END = '\x1b[0m'
GREEN = '\x1b[92m'
ITALIC = '\x1b[3m'
LT1GRAY = '\x1b[38;5;95;38;5;245m'
LT2GRAY = '\x1b[38;5;249m'
ORANGE = '\x1b[38;5;95;38;5;214m'
PURPLE = '\x1b[95m'
RED = '\x1b[91m'
RESET = '\x1b[0;0m'
REVERSE = '\x1b[;7m'
TITLE = '\x1b[4m\x1b[1m'
UNBOLD = '\x1b[22m'
UNDERLINE = '\x1b[4m'
URL = '\x1b[4m\x1b[96m'
WHITE = '\x1b[37m'
WHITEGRAY = '\x1b[38;5;95;38;5;250m'
YELLOW = '\x1b[93m'

Module List


keyup.configuration module

Summary.
local_config Module, creates local config file (json) to override default values set in statics module
Module Attributes:
  • current_config (TYPE str):
    JSON object resulting from parsing an existing local config file. If no config file exists, object is the starting seed schema stored in statics module
  • config_file (TYPE str):
    Path to local config file, usually found in ~/.config/PACKAGE/config.json
  • logger (TYPE logging obj):
    system logger, output set by log_mode project-level attribute
  • user_home (TYPE str):
    os-specific path to home directory determined in statics module
class keyup.configuration.ReadConfig(local_file='')[source]

Bases: object

read(cfg='')[source]

reads values from local config file

class keyup.configuration.UpdateConfig(local_file, update=False, debug=False)[source]

Bases: object

Class def for parsing, update, and writing of local fs configuration file

assemble(arg_dict)[source]

Summary.

Assembles new parameters in json format for write to new conf file
Returns:
local_config (json):
 json schema of configuration parameters to be written to local filesystem as new keyup configuration file
config_directory(cfg)[source]

Checks config_path to ensure directories exist; if not create

preload_parameters(current_config)[source]

Summary.

preloads existing configuration parameters or loads defaults if no preexisting local config file
print_header(header)[source]

prints header strings to stdout

update(cfg, debug=False)[source]

Summary.

updates values in local config file
Args:
cfg (configParser object):
 parsed local awscli credentials file
debug (boot):debug flag
Returns:
TYPE: bool, update Success | Failure
write_config(parameter_dict, cfg)[source]

create new config file

keyup.configuration.converge_answer(question, choices, answer='')[source]
Summary:
prompt user for input until answer in appropriate responses received
Args:
answer (str):user response to question
choices (list):list of valid responses. Responses are strings
Returns:
valid answer (str):
 valid response from choices
keyup.configuration.display_table(header, title=False, alignment='c', border=True, offset=45, tabspaces=4, color='\x1b[94m')[source]

Print Table Object offset from left by tabspaces

keyup.configuration.exit_processing(code=None, clear=False)[source]

Reset terminal screen colors on exit

keyup.configuration.expand_home_path(path)[source]

Substitute ~ for actual home path

keyup.configuration.init(debug=False, cfg=None)[source]
Summary:
Initiates read, write, or update of local_config file
Args:
debug (bool):debug flag
cfg (str):path to fs object containing project k,v config parameters
Returns:
TYPE: bool, Success | Failure
keyup.configuration.remove_trailing_slash(path)[source]

Removes a trailing slash from provided fs path

keyup.configuration.set_writeable_location(default_location, header, message, confirmation_msg)[source]
Summary:
  • Takes user input for filesystem location.
  • Tests to ensure location is writable
  • Removes trailing slash (if applicable)
Args:
default_location (str):
 filesystem location if no user input
header (str):Header question/title to print prior to user input
message (str):Message to solicit user input
confirmation_msg (str):
 Display text after user input accepted
Returns:
fs_location (str):
 writeable filesystem path
keyup.configuration.validate_fs_location(path)[source]
Summary:
Validate existence of a path or create it
Args:
path (str):
Returns:
Success | Failure, TYPE: bool

Module List


keyup.help_menu module

Help Menu
Help menu object containing body of help content. For printing with formatting

Module List


keyup.keyconfig module

Summary:
Display module of configuration file contents
keyup.keyconfig.display_content(data_object, halt=False)[source]
Summary:
Display contents of object correctly whether display on a terminal (tty) or redirected to a file
keyup.keyconfig.is_tty()[source]
Summary:
Determines if output is displayed to the screen or redirected
Returns:
True if tty terminal | False is redirected, TYPE: bool
keyup.keyconfig.option_configure(debug=False, path=None)[source]
Summary:
Initiate configuration menu to customize keyup runtime options. Console script `keyconfig` invokes this option_configure directly in debug mode to display the contents of the local config file (if exists)
Args:
path (str):full path to default local configuration file location
debug (bool):debug flag, when True prints out contents of local config file
Returns:
TYPE (bool): Configuration Success | Failure

Module List


keyup.logd module

Summary:
Project-level logging module
keyup.logd.getLogger(*args, **kwargs)[source]
Summary:
custom format logger
Args:

mode (str): The Logger module supprts the following log modes:

  • log to console / stdout. Log_mode = ‘stream’
  • log to file
  • log to system logger (syslog)
Returns:
logging object | TYPE: logging singleton
keyup.logd.logprep(mode)[source]
Summary:
prerequisites for logging to file mode
Args:
mode (str):valid value is ‘FILE’; parameter used for logging type validation only
Return:
Success | Failure, TYPE: bool
keyup.logd.mode_assignment(mode)[source]

Translates arg to enforce proper assignment

Module List


keyup.map module

Summary:
  • Mapping Module
  • maps profile names from local awscli to iam usernames in AWS Account
keyup.map.map_iam_username(username, profilename)[source]
Summary:
Triangulates if provided username is a profile name from local awscli configuration or an IAM username from AWS
Returns:
IAM username (str)
keyup.map.map_identity(profile)[source]
Summary:
retrieves iam user info for profiles in awscli config
Args:
user (str):string, local profile user from which the current boto3 session object created
Returns:
iam_user (str):AWS iam user corresponding to the provided profile user in local config

Module List


keyup.menu module

Curses-menu

keyup.menu.main()[source]

Builds main menu, branches to submenus

keyup.menu.selection_menu_example()[source]
keyup.menu.submenu_backup(menu_obj)[source]
keyup.menu.submenu_logging(menu_obj)[source]

Module List


keyup.progress module

keyup.progress.progress_bar(seconds, msg=None, quiet=False)[source]
Summary:
Delay timer function with graphical progress bar Prints animation to the cli until background process complete
Args:
seconds (int): number of timer seconds; delay msg (str): progress bar timeout (secs) description caption.
# Example:

    msg = 'Process ready in: '
    description.caption = msg + 'X seconds'
Returns:
TYPE: bool, Delay Duration End (True) | Delay Duration Interrupt (False)

Module List


keyup.statics module

Summary.

keyup Project-level Defaults and Settings

  • Local Default Settings: Local defaults for your specific installation are derived from settings found in:
~/.config/keyup/config.json
Module Attributes:
  • user_home (TYPE str):

    $HOME environment variable, present for most Unix and Unix-like POSIX systems

  • config_dir (TYPE str):

    directory name default for stsaval config files (.stsaval)

  • config_path (TYPE str):

    default for stsaval config files, includes config_dir (~/.stsaval)

  • key_deprecation (TYPE str):

    Deprecation logic that keyup uses when 2 keys exist for a user.

    2 values possible:

    • ‘AGE’: keyup deprecates based on age, replacing the oldest key
    • ‘AWSCLI’: keyup replaces keys currently in the local awscli config
keyup.statics.import_file_object(filename)[source]
Summary:
Imports block filesystem object
Args:
filename (str):block filesystem object
Returns:
dictionary obj (valid json file), file data object
keyup.statics.os_parityPath(path)[source]

Converts unix paths to correct windows equivalents. Unix native paths remain unchanged (no effect)

keyup.statics.read_local_config(cfg)[source]

Parses local config file for override values

Args:
local_file (str):
 filename of local config file
Returns:
dict object of values contained in local config file

Module List


keyup.thread_progress module

class keyup.thread_progress.ProgressBarThread(label='Working', delay=0.1, cycles=500)[source]

Bases: threading.Thread

run()[source]

Method representing the thread’s activity.

You may override this method in a subclass. The standard run() method invokes the callable object passed to the object’s constructor as the target argument, if any, with sequential and keyword arguments taken from the args and kwargs arguments, respectively.

start()[source]

Start the thread’s activity.

It must be called at most once per thread object. It arranges for the object’s run() method to be invoked in a separate thread of control.

This method will raise a RuntimeError if called more than once on the same thread object.

stop()[source]
class keyup.thread_progress.SpinnerThread(label='Working', delay=0.2)[source]

Bases: threading.Thread

run()[source]

Method representing the thread’s activity.

You may override this method in a subclass. The standard run() method invokes the callable object passed to the object’s constructor as the target argument, if any, with sequential and keyword arguments taken from the args and kwargs arguments, respectively.

start()[source]

Start the thread’s activity.

It must be called at most once per thread object. It arranges for the object’s run() method to be invoked in a separate thread of control.

This method will raise a RuntimeError if called more than once on the same thread object.

stop()[source]

Module List


keyup.iam_operations module

Summary.

Prints iam usernames from local awscli configuration. A usernames may be omitted from the output simply by listing them with a space between them after the call:

$ python3 iam_users.py default

Returns:

Will return all iam usernames in the local configuration except the default user (username “default”)
keyup.iam_operations.awscli_profiles(conf)[source]

Summary.

Returns IAM usernames from local awscli configuration
keyup.iam_operations.create_userlist(content, exclusions)[source]
Summary:
Return usernames from configParser object if not in the exclusion list
Args:
content (configParser object): local awscli credentials file parsed content exclusions (list): profilenames to be excluded from return
Returns:
list of profile names from localhost awscli configuration
keyup.iam_operations.iam_users(profile)[source]
keyup.iam_operations.local_profilenames(exceptions=[])[source]
keyup.iam_operations.print_profiles(config, args)[source]

Execution when no parameters provided

keyup.iam_operations.shared_credentials_location()[source]
Summary:
Discover alterate location for awscli shared credentials file
Returns:
TYPE: str, Full path of shared credentials file, if exists
keyup.iam_operations.temporary_profilenames(conf, exclusions=[])[source]
Summary:
Return usernames from configParser object which represent temporary (iam role) credentials
Args:
conf (str):path to awscli credentials file
exclusions (list):
 profilenames to be excluded from return
Returns:
temporary profile names (role names) from localhost awscli configuration TYPE: str

Module List


keyup.list_ops module

Summary.
List iam keyset operations (read-only)
keyup.list_ops.list_keys(account, profile, iam_user, surrogate='', stage=None, quiet=False)[source]
Summary.
Displays iam user available access keys
Args:
account (str):AWS account number
profile (str):name of the iam user for which we are interrogating keys
iam_user (str):name of the iam user which corresponds to profile name from local awscli configuration
surrogate (str):
 name of profile user used to execute key operations in place of the profile user
stage (str):stage of key rotation; ie, either BEFORE | AFTER rotation
quiet (bool):No output to stdout (True) | Show output (False)
Returns:
TYPE: list, AccessKeyIds listed for the IAM user
keyup.list_ops.query_keyinfo(account, profile, surrogate='', quiet=False)[source]
Summary.
boto3 client instantiation and error handling
Args:
account (str):AWS account number
profile (str):name of the iam user for which we are interrogating keys
surrogate (str):
 name of profile user used to execute key operations in place of the profile user
quiet (bool):No output to stdout (True) | Show output (False)
Returns:
boto3 response, TYPE: dict

Module List


keyup.script_utils module

Command-line Interface (CLI) Utilities Module

Module Functions:
  • bool_assignment:
    set bool depending up user answer from stdin
  • config_init:
    Initializes config file if none exists
  • debug_mode:
    Provide additional log output for debugging
  • read_local_config:
    parse local config file
keyup.script_utils.bool_assignment(arg, patterns=None)[source]
Summary:
Enforces correct bool argment assignment
Arg:
arg (*):arg which must be interpreted as either bool True or False
Returns:
bool assignment | TYPE: bool
keyup.script_utils.config_init(config_file, json_config_obj, config_dirname=None)[source]
Summary:
Creates local config from JSON seed template
Args:
config_file (str):
 filesystem object containing json dict of config values
json_config_obj (json):
 data to be written to config_file
config_dirname (str):
 dir name containing config_file
Returns:
TYPE: bool, Success | Failure
keyup.script_utils.debug_mode(header, data_object, debug=False, halt=False)[source]

debug output

keyup.script_utils.import_file_object(filename)[source]
Summary:
Imports block filesystem object
Args:
filename (str):block filesystem object
Returns:
dictionary obj (valid json file), file data object
keyup.script_utils.read_local_config(cfg)[source]

Parses local config file for override values

Args:
local_file (str):
 filename of local config file
Returns:
dict object of values contained in local config file

Module List


keyup.oscodes_unix module

Standard OS Module Exit Codes
Module Attributes:
  • exit_codes (dict): exit error codes for Unix, Linux

Module List


keyup.oscodes_win module

Standard OS Module Exit Codes
Module Attributes:
  • exit_codes (dict): exist error codes for Microsoft Windows

Module List


Table Of Contents