PR for visibility

skew/resources/__init__.py

@@ -17,11 +17,13 @@
 # Maps resources names as they appear in ARN's to the path name
 # of the Python class representing that resource.
 ResourceTypes = {
+    'aws.acm.certificate': 'aws.acm.Certificate',
     'aws.apigateway.restapis': 'aws.apigateway.RestAPI',
     'aws.autoscaling.autoScalingGroup': 'aws.autoscaling.AutoScalingGroup',
     'aws.autoscaling.launchConfigurationName': 'aws.autoscaling.LaunchConfiguration',
     'aws.cloudfront.distribution': 'aws.cloudfront.Distribution',
     'aws.cloudformation.stack': 'aws.cloudformation.Stack',
+    'aws.cloudsearch.domain': 'aws.cloudsearch.Domain',
     'aws.cloudwatch.alarm': 'aws.cloudwatch.Alarm',
     'aws.dynamodb.table': 'aws.dynamodb.Table',
     'aws.ec2.address': 'aws.ec2.Address',
@@ -40,12 +42,17 @@
     'aws.ec2.vpc-peering-connection': 'aws.ec2.VpcPeeringConnection',
     'aws.ec2.subnet': 'aws.ec2.Subnet',
     'aws.ec2.launch-template': 'aws.ec2.LaunchTemplate',
+    'aws.ecs.cluster': 'aws.ecs.Cluster',
+    'aws.ecs.task-definition': 'aws.ecs.TaskDefinition',
+    'aws.efs.filesystem': 'aws.efs.Filesystem',
     'aws.elasticache.cluster': 'aws.elasticache.Cluster',
     'aws.elasticache.subnet-group': 'aws.elasticache.SubnetGroup',
     'aws.elasticache.snapshot': 'aws.elasticache.Snapshot',
     'aws.elasticbeanstalk.application': 'aws.elasticbeanstalk.Application',
     'aws.elasticbeanstalk.environment': 'aws.elasticbeanstalk.Environment',
     'aws.elb.loadbalancer': 'aws.elb.LoadBalancer',
+    'aws.elbv2.loadbalancer': 'aws.elbv2.LoadBalancer',
+    'aws.elbv2.targetgroup': 'aws.elbv2.TargetGroup',
     'aws.es.domain': 'aws.es.ElasticsearchDomain',
     'aws.firehose.deliverystream': 'aws.firehose.DeliveryStream',
     'aws.iam.group': 'aws.iam.Group',
@@ -56,15 +63,18 @@
     'aws.iam.server-certificate': 'aws.iam.ServerCertificate',
     'aws.kinesis.stream': 'aws.kinesis.Stream',
     'aws.lambda.function': 'aws.lambda.Function',
+    'aws.opsworks.stack': 'aws.opsworks.Stack',
     'aws.rds.db': 'aws.rds.DBInstance',
     'aws.rds.secgrp': 'aws.rds.DBSecurityGroup',
     'aws.redshift.cluster': 'aws.redshift.Cluster',
     'aws.route53.hostedzone': 'aws.route53.HostedZone',
     'aws.route53.healthcheck': 'aws.route53.HealthCheck',
     'aws.s3.bucket': 'aws.s3.Bucket',
     'aws.sqs.queue': 'aws.sqs.Queue',
+    'aws.ses.identity': 'aws.ses.Identity',
     'aws.sns.subscription': 'aws.sns.Subscription',
-    'aws.sns.topic': 'aws.sns.Topic'
+    'aws.sns.topic': 'aws.sns.Topic',
+    'aws.support.check': 'aws.support.Check'
 }
 
 

skew/resources/aws/__init__.py

@@ -47,6 +47,7 @@ class AWSResource(Resource):
     Each entry in the dictionary we define:
 
     * service - The AWS service in which this resource is defined.
+    * resourcegroups_tagging - Precise if the resource supports tags.
     * enum_spec - The enumeration configuration.  This is a tuple consisting
       of the name of the operation to call to enumerate the resources,
       a jmespath query that will be run against the result of the operation
@@ -169,12 +170,16 @@ def tags(self):
                 _tags = self.data['Tags']
                 if isinstance(_tags, list):
                     for kvpair in _tags:
-                        if kvpair['Key'] in self._tags:
-                            if not isinstance(self._tags[kvpair['Key']], list):
-                                self._tags[kvpair['Key']] = [self._tags[kvpair['Key']]]
-                            self._tags[kvpair['Key']].append(kvpair['Value'])
+                        # Compatibility fix for ECS, that use lowercase 'key' and 'value' as dict keys
+                        # https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ecs.html#ECS.Client.list_tags_for_resource
+                        tags_key = kvpair.get('Key', kvpair.get('key'))
+                        tags_value = kvpair.get('Value', kvpair.get('value'))
+                        if tags_key in self._tags:
+                            if not isinstance(self._tags[tags_key], list):
+                                self._tags[tags_key] = [self._tags[tags_key]]
+                            self._tags[tags_key].append(tags_value)
                         else:
-                            self._tags[kvpair['Key']] = kvpair['Value']
+                            self._tags[tags_key] = tags_value
                 elif isinstance(_tags, dict):
                     self._tags = _tags
         return self._tags

skew/resources/aws/acm.py

@@ -0,0 +1,60 @@
+# Copyright (c) 2014 Scopely, Inc.
+# Copyright (c) 2015 Mitch Garnaat
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+import logging
+
+import jmespath
+
+from skew.resources.aws import AWSResource
+
+
+LOG = logging.getLogger(__name__)
+
+
+class Certificate(AWSResource):
+
+    class Meta(object):
+        service = 'acm'
+        type = 'certificate'
+        resourcegroups_tagging = True
+        enum_spec = ('list_certificates', 'CertificateSummaryList', None)
+        detail_spec = ('describe_certificate', 'CertificateArn', 'Certificate')
+        id = 'CertificateArn'
+        tags_spec = ('list_tags_for_certificate', 'Tags[]',
+                     'CertificateArn', 'id')
+        filter_name = None
+        name = 'DomainName'
+        date = 'CreatedAt'
+        dimension = None
+
+    @classmethod
+    def filter(cls, arn, resource_id, data):
+        certificate_id = data.get(cls.Meta.id).split('/')[-1]
+        LOG.debug('%s == %s', resource_id, certificate_id)
+        return resource_id == certificate_id
+
+    @property
+    def arn(self):
+        return self.data['CertificateArn']
+
+    def __init__(self, client, data, query=None):
+        super(Certificate, self).__init__(client, data, query)
+
+        self._id = data['CertificateArn']
+
+        detail_op, param_name, detail_path = self.Meta.detail_spec
+        params = {param_name: data['CertificateArn']}
+        data = client.call(detail_op, **params)
+
+        self.data = jmespath.search(detail_path, data)

skew/resources/aws/apigateway.py

@@ -21,6 +21,7 @@ class RestAPI(AWSResource):
     class Meta(object):
         service = 'apigateway'
         type = 'restapis'
+        resourcegroups_tagging = False
         enum_spec = ('get_rest_apis', 'items', None)
         id = 'id'
         filter_name = None
@@ -35,3 +36,10 @@ def filter(cls, arn, resource_id, data):
         api_id = data.get(cls.Meta.id)
         LOG.debug('%s == %s', resource_id, api_id)
         return resource_id == api_id
+
+    @property
+    def arn(self):
+        # arn:aws:apigateway:us-east-1::/restapis/vwxyz12345
+        return 'arn:aws:apigateway:%s::/restapis/%s' % (
+            self._client.region_name,
+            self.id)

skew/resources/aws/autoscaling.py

@@ -15,13 +15,15 @@
 import jmespath
 
 from skew.resources.aws import AWSResource
+from skew.awsclient import get_awsclient
 
 
 class AutoScalingGroup(AWSResource):
 
     class Meta(object):
         service = 'autoscaling'
         type = 'autoScalingGroup'
+        resourcegroups_tagging = False
         name = 'AutoScalingGroupName'
         date = 'CreatedTime'
         dimension = 'AutoScalingGroupName'
@@ -39,6 +41,33 @@ def __init__(self, client, data, query=None):
     def arn(self):
         return self._arn_query.search(self.data)
 
+    def sleek(self):
+        # Always render lists in the same order to avoid false changes detection
+        self.data['EnabledMetrics'].sort(key=lambda item: item['Metric'])
+        self.data['SuspendedProcesses'].sort(key=str)
+
+    @classmethod
+    def set_tags(cls, arn, region, account, tags, resource_id=None, **kwargs):
+        client = get_awsclient(
+            cls.Meta.service, region, account, **kwargs)
+        asg_name = arn.split(':')[7].split('/')[1]
+        addon = dict(ResourceId=asg_name,
+                     ResourceType='auto-scaling-group',
+                     PropagateAtLaunch=False)
+        tags_list = [dict(Key=k, Value=str(v), **addon) for k, v in tags.items()]
+        return client.call('create_or_update_tags', Tags=tags_list)
+
+    @classmethod
+    def unset_tags(cls, arn, region, account, tag_keys, resource_id=None, **kwargs):
+        client = get_awsclient(
+            cls.Meta.service, region, account, **kwargs)
+        asg_name = arn.split(':')[7].split('/')[1]
+        addon = dict(ResourceId=asg_name,
+                     ResourceType='auto-scaling-group',
+                     PropagateAtLaunch=False)
+        tags_list = [dict(Key=k, **addon) for k in tag_keys]
+        return client.call('delete_tags', Tags=tags_list)
+
 
 class LaunchConfiguration(AWSResource):
 

skew/resources/aws/cloudformation.py

@@ -38,6 +38,7 @@ def enumerate(cls, arn, region, account, resource_id=None, **kwargs):
     class Meta(object):
         service = 'cloudformation'
         type = 'stack'
+        resourcegroups_tagging = False
         enum_spec = ('describe_stacks', 'Stacks[]', None)
         detail_spec = ('describe_stack_resources', 'StackName',
                        'StackResources[]')

skew/resources/aws/cloudfront.py

@@ -1,6 +1,7 @@
 import logging
 
 from skew.resources.aws import AWSResource
+from skew.awsclient import get_awsclient
 
 
 LOG = logging.getLogger(__name__)
@@ -20,12 +21,13 @@ class Distribution(CloudfrontResource):
     class Meta(object):
         service = 'cloudfront'
         type = 'distribution'
+        resourcegroups_tagging = False
         enum_spec = ('list_distributions', 'DistributionList.Items[]', None)
         detail_spec = None
         id = 'Id'
         tags_spec = ('list_tags_for_resource', 'Tags.Items[]',
                      'Resource', 'arn')
-        name = 'DomainName'
+        name = 'Id'
         filter_name = None
         date = 'LastModifiedTime'
         dimension = None
@@ -34,3 +36,16 @@ class Meta(object):
     def filter(cls, arn, resource_id, data):
         LOG.debug('%s == %s', resource_id, data)
         return resource_id == data['Id']
+
+    @classmethod
+    def set_tags(cls, arn, region, account, tags, resource_id=None, **kwargs):
+        client = get_awsclient(
+            cls.Meta.service, region, account, **kwargs)
+        tags_list = [dict(Key=k, Value=str(v)) for k, v in tags.items()]
+        return client.call('tag_resource', Resource=arn, Tags=dict(Items=tags_list))
+
+    @classmethod
+    def unset_tags(cls, arn, region, account, tag_keys, resource_id=None, **kwargs):
+        client = get_awsclient(
+            cls.Meta.service, region, account, **kwargs)
+        return client.call('untag_resource', Resource=arn, TagKeys=dict(Items=tag_keys))

skew/resources/aws/cloudsearch.py

@@ -0,0 +1,42 @@
+# Copyright (c) 2014 Scopely, Inc.
+# Copyright (c) 2015 Mitch Garnaat
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+import logging
+
+import jmespath
+
+from skew.resources.aws import AWSResource
+
+
+LOG = logging.getLogger(__name__)
+
+
+class Domain(AWSResource):
+
+    class Meta(object):
+        service = 'cloudsearch'
+        type = 'domain'
+        resourcegroups_tagging = False
+        enum_spec = ('describe_domains', 'DomainStatusList', None)
+        detail_spec = None
+        id = 'ARN'
+        tags_spec = None
+        filter_name = None
+        name = 'DomainName'
+        date = 'Created'
+        dimension = None
+
+    @property
+    def arn(self):
+        return self.data['ARN']

skew/resources/aws/cloudwatch.py

@@ -20,6 +20,7 @@ class Alarm(AWSResource):
     class Meta(object):
         service = 'cloudwatch'
         type = 'alarm'
+        resourcegroups_tagging = False
         enum_spec = ('describe_alarms', 'MetricAlarms', None)
         id = 'AlarmArn'
         filter_name = 'AlarmNames'

skew/resources/aws/dynamodb.py

@@ -27,6 +27,7 @@ class Table(AWSResource):
     class Meta(object):
         service = 'dynamodb'
         type = 'table'
+        resourcegroups_tagging = True
         enum_spec = ('list_tables', 'TableNames', None)
         detail_spec = ('describe_table', 'TableName', 'Table')
         id = 'Table'