From 17b2e977b081fc73b69985f632ddd3f8c6ceb8a3 Mon Sep 17 00:00:00 2001 From: vkmrishad Date: Sat, 20 Oct 2018 14:48:12 +0530 Subject: [PATCH 1/3] PEP-8 + String formatting updates --- kinder/ebs.py | 4 ++-- kinder/ec2.py | 4 ++-- kinder/lambda_funcs.py | 6 +++--- kinder/s3.py | 4 ++-- kinder/security_group.py | 3 ++- krampus.py | 19 +++++++++--------- lib/aws_sessions.py | 4 ++-- lib/krampus_logging.py | 5 +++-- lib/krampus_tasks.py | 42 ++++++++++++++++++++++++++-------------- 9 files changed, 54 insertions(+), 37 deletions(-) diff --git a/kinder/ebs.py b/kinder/ebs.py index e2613c9..5f044f5 100644 --- a/kinder/ebs.py +++ b/kinder/ebs.py @@ -19,8 +19,8 @@ def __init__(self, volume_id, region, sess): try: self.conn = sess.resource("ec2", region_name=region) except Exception as e: - KLog.log("issue connecting to AWS %s" % str(e), "critical") - exit("[!] issue connecting to AWS: %s" % str(e)) + KLog.log("issue connecting to AWS %s" % e, "critical") + exit("[!] issue connecting to AWS: %s" % e) # get volume reference self.volume = self.conn.Volume(volume_id) self.region = region diff --git a/kinder/ec2.py b/kinder/ec2.py index dc5908d..2a75c1c 100644 --- a/kinder/ec2.py +++ b/kinder/ec2.py @@ -15,8 +15,8 @@ def __init__(self, instance_id, region, sess): try: self.conn = sess.resource("ec2", region) except Exception as e: - KLog.log("issue connecting to AWS %s" % str(e), "critical") - exit("[!] issue connecting to AWS: %s" % str(e)) + KLog.log("issue connecting to AWS %s" % e, "critical") + exit("[!] issue connecting to AWS: %s" % e) # set it self.instance = self.getInstanceByID(instance_id) # verify the instance diff --git a/kinder/lambda_funcs.py b/kinder/lambda_funcs.py index f701cb9..9ba594c 100644 --- a/kinder/lambda_funcs.py +++ b/kinder/lambda_funcs.py @@ -13,8 +13,8 @@ def __init__(self, func_name, region, sess): try: self.conn = sess.client("lambda", region_name=region) except Exception as e: - KLog.log("issue connecting to AWS %s" % str(e), "critical") - exit("[!] issue connecting to AWS: %s" % str(e)) + KLog.log("issue connecting to AWS %s" % e, "critical") + exit("[!] issue connecting to AWS: %s" % e) # get volume reference self.func = func_name self.region = region @@ -33,5 +33,5 @@ def kill(self): if str(e).find("ResourceNotFoundException") is not -1: KLog.log("could not find function '%s', dequeueing task" % self.func) else: - KLog.log("could not delete function '%s', unknown error: %s" % str(e), "critical") + KLog.log("could not delete function '%s', unknown error: %s" % e, "critical") return None diff --git a/kinder/s3.py b/kinder/s3.py index 98f5bcb..3d71c7d 100644 --- a/kinder/s3.py +++ b/kinder/s3.py @@ -31,7 +31,7 @@ def deleteAllGrants(self): "Grants": [], "Owner": self.bucket.owner } - ) # done + ) # done # do some ACL magic to pull access to bucket def deleteGrant(self, principal, principal_type, perms): @@ -60,4 +60,4 @@ def deleteGrant(self, principal, principal_type, perms): "Grants": acl, "Owner": self.bucket.owner } - ) # alternate remediation could be changing owner + ) # alternate remediation could be changing owner diff --git a/kinder/security_group.py b/kinder/security_group.py index a899a9f..ef03db8 100644 --- a/kinder/security_group.py +++ b/kinder/security_group.py @@ -61,7 +61,8 @@ def disable(self, cidr_ip, from_port, to_port, proto, direction="ingress"): # so we have to take some extra steps here unfortunately elif direction == "egress": for rule in self.group.ip_permissions_egress: - if rule['FromPort'] == from_port and rule['ToPort'] == to_port and rule['IpProtocol'] == proto and self.hasRange(rule['IpRanges'], cidr_ip): + if rule['FromPort'] == from_port and rule['ToPort'] == to_port and \ + rule['IpProtocol'] == proto and self.hasRange(rule['IpRanges'], cidr_ip): # good enough for me, remove it from the list self.group.revoke_egress(IpPermissions=[rule]) # update the permissions diff --git a/krampus.py b/krampus.py index 4997059..d57c81d 100644 --- a/krampus.py +++ b/krampus.py @@ -4,10 +4,10 @@ # [tell a fun krampus tale] ############################################################################### # TODO: - # change all repeatable tasks to raise exception to be re-added instead of - # catching exceptions - # eventually checks for if a resource exists when pulling by id should - # raise specific exception that invalid jobs not re-queued +# change all repeatable tasks to raise exception to be re-added instead of +# catching exceptions +# eventually checks for if a resource exists when pulling by id should +# raise specific exception that invalid jobs not re-queued ############################################################################### import time import os @@ -21,17 +21,17 @@ def __init__(self, region, bucket_name, key, whitelist, krampus_role): # setup some basic things we need self.region = region self.bucket_name = bucket_name - self.key = key # basically the filename + self.key = key # basically the filename self.whitelist = whitelist self.krampus_role = krampus_role # instanitate logger - self.klog = KLog(self.bucket_name, "krampus_log_" + str(int(time.time()))) + self.klog = KLog(self.bucket_name, "krampus_log_".format(time.time())) self.kt = KTask(self.region, self.bucket_name, self.klog, self.whitelist, self.krampus_role) # collect our jobs def getTasks(self): # ktask is our friend dot ru - self.kt.getTasks(self.key) # should populate kt.tasks + self.kt.getTasks(self.key) # should populate kt.tasks # complete them def completeTasks(self): @@ -43,7 +43,7 @@ def completeTasks(self): # add to deferred tasks to try later self.kt.deferred_tasks.append(task.as_json) # alert that there was an issue - KLog.log("could not complete task: %s" % str(e), "critical") + KLog.log("could not complete task: %s" % e, "critical") # update the tasks def updateTaskList(self): @@ -79,7 +79,8 @@ def main(event, context): k.updateTaskList() # save the log file k.klog.writeLogFile() - print "[+] krampus is done sowing death and destruction in AWS... until next time!" + print + "[+] krampus is done sowing death and destruction in AWS... until next time!" if __name__ == "__main__": diff --git a/lib/aws_sessions.py b/lib/aws_sessions.py index 8501852..5904a2e 100644 --- a/lib/aws_sessions.py +++ b/lib/aws_sessions.py @@ -31,8 +31,8 @@ def __init__(self, account_id, role_name): try: sess = sts.assume_role(RoleArn=arn_str, RoleSessionName=account_id) except ClientError as e: # prob does not have perms to assume - print "[!] issue assuming role %s: %s" % (arn_str, str(e)) - KLog.log("issue assuming role {0}: {1}".format(arn_str, str(e)), "critical") + print "[!] issue assuming role %s: %s" % (arn_str, e) + KLog.log("issue assuming role {0}: {1}".format(arn_str, e), "critical") return None # if that works lets save the session sessions[account_id] = boto3.Session( diff --git a/lib/krampus_logging.py b/lib/krampus_logging.py index 47d38a7..ed74372 100644 --- a/lib/krampus_logging.py +++ b/lib/krampus_logging.py @@ -41,7 +41,8 @@ def log(msg, level="info"): "warn": "[-]", "critical": "[!]" } - print "%s %s" % (prepends[level], msg) + print + "%s %s" % (prepends[level], msg) # see if it should go to the hipchat room if level == "critical": KLog.hipLog(msg) @@ -60,7 +61,7 @@ def hipLog(msg): KLog.log("tried to log to hipchat without a working connection", "warn") return False # otherwise let's set as red - hc_room.notification("KRAMPUS: " + msg, "red") + hc_room.notification("KRAMPUS: %s" % msg, "red") # write the final product def writeLogFile(self): diff --git a/lib/krampus_tasks.py b/lib/krampus_tasks.py index 6f449d3..a7dda5c 100644 --- a/lib/krampus_tasks.py +++ b/lib/krampus_tasks.py @@ -97,7 +97,8 @@ def responseHandler(self, resp): ) else: # something... else - KLog.log("at least one call failed for %s, please check logs" % self.job_params['arn'].arn_str, "critical") + KLog.log("at least one call failed for %s, please check logs" % self.job_params['arn'].arn_str, + "critical") def complete(self): # now we go through and see what type of action and object and call the appropriate kinder methods @@ -110,10 +111,12 @@ def complete(self): KLog.log("deleting ebs volume with id: %s" % ebs_volume, "info") resp = ebs.EBS(ebs_volume, self.aws_region, self.session).kill() elif self.action == "disable": - KLog.log("'disable' action makes no sense for EBS volume: %s, will be deleted instead" % ebs_volume, "warn") + KLog.log("'disable' action makes no sense for EBS volume: %s, will be deleted instead" % ebs_volume, + "warn") resp = ebs.EBS(ebs_volume, self.aws_region, self.session).kill() else: - KLog.log("did not understand action '%s' for ebs job type on %s" % (self.action, ebs_volume), "critical") + KLog.log("did not understand action '%s' for ebs job type on %s" % (self.action, ebs_volume), + "critical") resp = None self.responseHandler(resp) # security group job @@ -131,7 +134,9 @@ def complete(self): self.job_params['proto'] ) else: - KLog.log("did not understand action '%s' for secgroup job type on %s" % (self.action, security_group_id), "critical") + KLog.log( + "did not understand action '%s' for secgroup job type on %s" % (self.action, security_group_id), + "critical") resp = None self.responseHandler(resp) # standard ec2 instance job @@ -144,7 +149,8 @@ def complete(self): KLog.log("deleting ec2 instance: %s" % ec2_instance) resp = ec2.EC2(ec2_instance, self.aws_region, self.session).kill() else: - KLog.log("did not understand action '%s' for ec2 job type on %s" % (self.action, ec2_instance), "critical") + KLog.log("did not understand action '%s' for ec2 job type on %s" % (self.action, ec2_instance), + "critical") resp = None self.responseHandler(resp) # s3 job @@ -154,9 +160,12 @@ def complete(self): try: s3_permissions = self.job_params[KEYS['s3_permission']] s3_principal = self.job_params[KEYS['s3_principal']] - s3_principal_type = "Group" if self.job_params[KEYS['s3_principal']].find("http") > -1 else "CanonicalUser" + s3_principal_type = "Group" if self.job_params[KEYS['s3_principal']].find( + "http") > -1 else "CanonicalUser" except KeyError: - KLog.log("s3 job %s was not passed with principal and permission info - all perms will be removed" % bucket, "warn") + KLog.log( + "s3 job %s was not passed with principal and permission info - all perms will be removed" % bucket, + "warn") remove_all = True if self.action == "disable" and not remove_all: KLog.log( @@ -181,7 +190,8 @@ def complete(self): KLog.log("disabling iam object: %s" % iam_obj) resp = iam.IAM(iam_obj, self.session, self.aws_region).disable() else: - KLog.log("did not understand action '%s' for iam job type on %s" % (self.action, iam_obj), "critical") + KLog.log("did not understand action '%s' for iam job type on %s" % (self.action, iam_obj), + "critical") resp = None self.responseHandler(resp) # rds job @@ -194,7 +204,8 @@ def complete(self): KLog.log("'kill' action too dangerous for rds job: %s, will be dequeued" % rds_instance, "critical") resp = None # will cause responseHandler to dequeue this job else: - KLog.log("did not understand action '%s' for rds job type on %s" % (self.action, rds_instance), "critical") + KLog.log("did not understand action '%s' for rds job type on %s" % (self.action, rds_instance), + "critical") resp = None self.responseHandler(resp) # lambda job @@ -207,10 +218,12 @@ def complete(self): elif self.action == "kill": resp = lambda_funcs.Lambda(func_name, self.aws_region, self.session).kill() else: - KLog.log("did not understand action '%s' for lambda job '%s'" % (self.action, func_name), "critical") + KLog.log("did not understand action '%s' for lambda job '%s'" % (self.action, func_name), + "critical") resp = None # send it back self.responseHandler(resp) + # end task class # ktask ARN utils @@ -230,6 +243,7 @@ def resolveARN(self, arn_str): # special cases if self.service == "rds" or self.service == "lambda": self.resource = arn[6] # deal with the resource:resource_name scheme we get for these guys + # end ARN class # I WANT THE TASKS @@ -239,7 +253,7 @@ def getTasks(self, key): try: # we'll actually want to save this for later to rebuild task list self.json_data = json.load(self.bucket.Object(key).get()['Body']) except ClientError as e: - KLog.log("failed to download tasks file: %s" % str(e), "critical") + KLog.log("failed to download tasks file: %s" % e, "critical") exit() for job in self.json_data['tasks']: # resolve the arn @@ -265,8 +279,8 @@ def getTasks(self, key): opts['krampus_role'] = self.krampus_role # task obj if/else series determines how the additional args outside action etc used t = KTask.Task(opts) - if (obj_type not in SERVICES): - KLog.log("got unrecognized aws object type: " + obj_type, "warn") + if obj_type not in SERVICES: + KLog.log("got unrecognized aws object type: %s" % obj_type, "warn") continue # don't append a non-existant task brah # add it to the list of things to action on # save json representation for convenience @@ -291,5 +305,5 @@ def rebuildTaskList(self): updated_json = json.dumps(updated_json) # put it to the bucket resp = self.bucket.Object(self.key).put(Body=updated_json) - KLog.log("done updating tasks list: " + self.key, "info") + KLog.log("done updating tasks list: %s" % self.key, "info") return resp From f2376ae8fa5cdaf5d28a8c3332837ce89e01f316 Mon Sep 17 00:00:00 2001 From: Mohammed Rishad Date: Sat, 27 Oct 2018 03:26:53 +0530 Subject: [PATCH 2/3] Missed argument added --- kinder/lambda_funcs.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kinder/lambda_funcs.py b/kinder/lambda_funcs.py index 9ba594c..1aa7491 100644 --- a/kinder/lambda_funcs.py +++ b/kinder/lambda_funcs.py @@ -33,5 +33,6 @@ def kill(self): if str(e).find("ResourceNotFoundException") is not -1: KLog.log("could not find function '%s', dequeueing task" % self.func) else: - KLog.log("could not delete function '%s', unknown error: %s" % e, "critical") + KLog.log("could not delete function '%s', unknown error: %s" % (self.func, e), "critical") + return None From 3b0e66cc030215342ccb3b7a8543b81b7d3057fe Mon Sep 17 00:00:00 2001 From: Mohammed Rishad Date: Sat, 27 Oct 2018 03:29:37 +0530 Subject: [PATCH 3/3] Blank space indent error fixed --- kinder/lambda_funcs.py | 1 - 1 file changed, 1 deletion(-) diff --git a/kinder/lambda_funcs.py b/kinder/lambda_funcs.py index 1aa7491..99a8493 100644 --- a/kinder/lambda_funcs.py +++ b/kinder/lambda_funcs.py @@ -34,5 +34,4 @@ def kill(self): KLog.log("could not find function '%s', dequeueing task" % self.func) else: KLog.log("could not delete function '%s', unknown error: %s" % (self.func, e), "critical") - return None