-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added a simple Django-based administration web site and Cloudefigo's …
…Web API. In addition. performed refactoring to make the code cleaner.
- Loading branch information
Showing
47 changed files
with
919 additions
and
272 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
File renamed without changes.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| #!/usr/bin/python | ||
| from abc import ABCMeta, abstractmethod | ||
|
|
||
| __author__ = 'nirv' | ||
|
|
||
| from boto.cloudtrail import layer1 | ||
| from chef.utils import json | ||
| from CloudServices.Admin.Storage import S3StorageAdmin | ||
| from CloudServices.Common.AppConfigMgr import ConfigMgr | ||
|
|
||
| class AbstractBaseAudit(): | ||
| __metaclass__ = ABCMeta | ||
|
|
||
| @abstractmethod | ||
| def get_logs(self): | ||
| pass | ||
|
|
||
|
|
||
| class Audit(AbstractBaseAudit): | ||
|
|
||
| def __init__(self): | ||
| self.__cfg = ConfigMgr() | ||
| self.__conn = layer1.CloudTrailConnection(); | ||
| self.__storage = S3StorageAdmin() | ||
|
|
||
| def get_logs(self): | ||
| trails_list = self.__conn.describe_trails()["trailList"] | ||
| logs_list = [] | ||
| for trail in trails_list: | ||
| bucket_name = trail["S3BucketName"] | ||
| bucket_prefix = trail["S3KeyPrefix"] | ||
| file_contents_list = self.__storage.get_all_files(bucket_name, bucket_prefix) | ||
| for file_content in file_contents_list: | ||
| json_content = json.loads(file_content) | ||
| for event in json_content["Records"]: | ||
| log_entry = self.__get_log_entry_from_json(event) | ||
| logs_list.append(log_entry) | ||
| return logs_list | ||
|
|
||
| def reset_files_extensions(self): | ||
| trails_list = self.__conn.describe_trails()["trailList"] | ||
| for trail in trails_list: | ||
| bucket_name = trail["S3BucketName"] | ||
| bucket_prefix = trail["S3KeyPrefix"] | ||
| self.__storage.reset_files_extension(bucket_name, bucket_prefix) | ||
|
|
||
| @staticmethod | ||
| def __get_log_entry_from_json(event): | ||
| log_entry = {'timestamp': event["eventTime"]} | ||
| try: | ||
| log_entry['username'] = event["userIdentity"]["userName"] | ||
| except: | ||
| log_entry['username'] = "" | ||
| try: | ||
| log_entry['access_key'] = event["userIdentity"]["accessKeyId"] | ||
| except: | ||
| log_entry['access_key'] = "" | ||
| log_entry['event_name'] = event["eventName"] | ||
| log_entry['event_source'] = event["eventSource"] | ||
| log_entry['source_ip'] = event["sourceIPAddress"] | ||
| log_entry['user_agent'] = event["userAgent"] | ||
| log_entry['region'] = event["awsRegion"] | ||
| log_entry['request_parameters'] = json.dumps(event["requestParameters"]) | ||
| log_entry['response'] = json.dumps(event["responseElements"]) | ||
| return log_entry | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| #!/usr/bin/python | ||
| from abc import abstractmethod, ABCMeta | ||
|
|
||
| __author__ = 'nirv' | ||
|
|
||
| import boto | ||
| import uuid | ||
| from CloudServices.Common.AppConfigMgr import ConfigMgr | ||
| from CloudServices.Common.Logger import Logger | ||
|
|
||
|
|
||
| class AbstractBaseIDMAdmin(): | ||
| __metaclass__ = ABCMeta | ||
|
|
||
| @abstractmethod | ||
| def create_dynamic_role(self): | ||
| pass | ||
|
|
||
|
|
||
| class IAMAdmin(AbstractBaseIDMAdmin): | ||
| def __init__(self): | ||
| self.__cfg = ConfigMgr() | ||
| self.__iam_basic_policy_path = self.__cfg.get_parameter("Instances", "IAMBasicPolicyPath") | ||
| self.__prefix_name = self.__cfg.get_parameter("Instances", "NamingPrefix") | ||
| self.__iam_policy_name = "cloud-sec-policy" | ||
| self.__conn = boto.connect_iam() | ||
|
|
||
| def create_dynamic_role(self): | ||
| random_id = uuid.uuid4().get_hex() | ||
| with open(self.__iam_basic_policy_path, "r") as policy_file: | ||
| iam_role_name = "{}-{}".format(self.__prefix_name, random_id) | ||
| iam_policy_document = policy_file.read().replace("BUCKETNAME", "{}*".format(self.__prefix_name)) | ||
| self.__conn.create_role(iam_role_name) | ||
| self.__conn.create_instance_profile(iam_role_name) | ||
| self.__conn.add_role_to_instance_profile(iam_role_name, iam_role_name) | ||
| self.__conn.put_role_policy(iam_role_name, self.__iam_policy_name, iam_policy_document) | ||
| Logger.log("info", "Created a dynamic role named {}".format(iam_role_name)) | ||
| return iam_role_name |
Oops, something went wrong.