Cloud Custodian - Git提交作为逻辑策略变更
项目描述
c7n-policystream: 从Git获取策略变更
% [comment]: # ( !!! 重要 !!! ) % [comment]: # (此文件在文档生成期间已移动。) % [comment]: # (只编辑原文档 ./tools/c7n_policystream/README.md)
按照基础设施即代码的原则使用custodian,我们将策略资产存储在版本控制仓库中。这提供了审计日志并促进了代码审查。然而,此功能主要适用于对变更进行语义解释的人类。
此脚本还提供了git仓库的逻辑保管员策略变更,并允许流式传输这些变更以供机器可读和应用消费。它通常用作CI集成或策略索引的基础。
两个示例用例
- 仅在拉取请求中的变更策略上执行dryrun
- 构建策略变更的数据库。
Policystream可以在单个GitHub仓库或组织内一组仓库的GitHub集成上运行。
安装
如果可用的必需预置库(libgit2 > 0.26)可用,则可以通过pypi安装policystream。
pip install c7n-policystream
很快会有Docker镜像,请参阅构建以构建自己的镜像。
构建
或者可以按以下方式构建Docker镜像
# Note must be top level directory of checkout
cd cloud-custodian
docker build -t policystream:latest -f tools/c7n_policystream/Dockerfile .
docker run --mount src="$(pwd)",target=/repos,type=bind policystream:latest
用法
流式传输用例(默认流是到stdout,也支持kinesis、rdbms和sqs)
$ c7n-policystream stream -r foo
2018-08-12 12:37:00,567: c7n.policystream:INFO Cloning repository: foo
<policy-add policy:foi provider:aws resource:ec2 date:2018-08-02T15:13:28-07:00 author:Kapil commit:09cb85>
<policy-moved policy:foi provider:aws resource:ec2 date:2018-08-02T15:14:24-07:00 author:Kapil commit:76fce7>
<policy-remove policy:foi provider:aws resource:ec2 date:2018-08-02T15:14:46-07:00 author:Kapil commit:570ca4>
<policy-add policy:ec2-guard-duty provider:aws resource:ec2 date:2018-08-02T15:14:46-07:00 author:Kapil commit:570ca4>
<policy-add policy:ec2-run provider:aws resource:ec2 date:2018-08-02T15:16:00-07:00 author:Kapil commit:d3d8d4>
<policy-remove policy:ec2-run provider:aws resource:ec2 date:2018-08-02T15:18:31-07:00 author:Kapil commit:922c1a>
<policy-modified policy:ec2-guard-duty provider:aws resource:ec2 date:2018-08-12T09:39:43-04:00 author:Kapil commit:189ea1>
2018-08-12 12:37:01,275: c7n.policystream:INFO Streamed 7 policy changes
在两个源和目标修订规范之间进行策略差异。如果未指定源和目标,则默认修订选择取决于当前工作树分支。目的是用于两种用例,如果在非master分支上,则显示到master的diff。如果在master上,则显示到master上上一个提交的diff。对于不使用master约定的仓库,请指定显式的源和目标。
$ c7n-policystream diff -r foo -v
拉取请求使用,输出当前分支和master之间的策略变更。
$ c7n-policystream diff -r foo
policies:
- filters:
- {type: cross-account}
name: lambda-access-check
resource: aws.lambda
选项
$ c7n-policystream --help
Usage: c7n-policystream [OPTIONS] COMMAND [ARGS]...
Policy changes from git history
Options:
--help Show this message and exit.
Commands:
diff Policy diff between two arbitrary revisions.
org-checkout Checkout repositories from a GitHub organization.
org-stream Stream changes for repos in a GitHub organization.
stream Stream git history policy changes to destination.
关闭
c7n_policystream-0.4.40-py3-none-any.whl的哈希
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 3eb7c7bed921d701ee7c38d346a5876de3c9632b56a398a222dfde03aa01ce79 |
|
| MD5 | cdbdb5e1b237f6bdfb65ec8196eff072 |
|
| BLAKE2b-256 | 36da648988e759f4ec32f2dda4b92a4fb391dfeac2538b8aa53fb743dd2cc6f1 |
