carvajal package

Submodules

carvajal.aws module

Functions for extracting information from AWS objects.

carvajal.aws.buckets_encrypted(buckets)

Return bucket’s encryption object or None for each bucket.

Parameters

buckets (list) – list of buckets

Returns

list of encryption object / None

Return type

list

carvajal.aws.get_addresses(filters=None)

Return addresss matching filter.

Parameters

filters (list of dicts, optional.) – Filters to apply.

Returns

list of addresss

Return type

list

carvajal.aws.get_instances(filters=None)

Return instances matching filter.

Parameters

filters (list of dicts, optional.) – Filters to apply.

Returns

list of instances

Return type

list

carvajal.aws.get_load_balancers()

Return all load balancers.

Returns

List of load balancers.

Return type

list

carvajal.aws.get_s3_buckets_names()

Return all S3 bucket names.

Returns

List of S3 bucket names.

Return type

list

carvajal.aws.get_security_groups(filters=None)

Return security groups matching filter. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html and https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.describe_security_groups for details on available filters.

Parameters

filters (list of dicts, optional.) – Filters to apply. For example: filters = [{“Name”: “vpc-id”, “Values”: [“vpc-0123456789abcdef0”]}]

Returns

set of security groups

Return type

set

carvajal.aws.iam_policy_statement_allowed_actions_on_arn(statements, arn)

Accepts statements and arn. Return a set of Allowed actions on arn.

Parameters

  • statements (iter) – iterable of IAM policy statements

  • arn (str) – arn of a resource

Returns

set of Actions allowed on arn

Return type

set

carvajal.aws.iam_user_policy_document_statements(name)

Return a list of all policy document statements attached to a user (by direct attach, by attached policy, or by group).

Parameters

name (str) – name of an IAM User

Returns

List of policy document_statements attached to user name

Return type

list

carvajal.aws.instances_attribute(instances, attribute)

Return a list of the indicated attribute values for instances.

See https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.ec2_client.describe_instance_attribute for usable attributes.

Parameters

  • instances (list) – list of instances

  • attributes (str) – attribute to look up

Returns

list of attribute values

Return type

list

carvajal.aws.instances_egress_ports(instances)

Return all allowed egress ports for a list of instances.

Parameters

instances (list) – list of instances

Returns

set of allowed egress ports

Return type

set

carvajal.aws.instances_egress_rules(instances)

Return all egress rules for a list of instances.

Parameters

instances (list) – list of instances

Returns

list of security group egress rules

Return type

list

carvajal.aws.instances_egress_rules_for_port(instances, port)

Return egress rules applied to instances which include port.

Parameters

  • instances (list) – list of instances

  • port (int) – port

Returns

list of egress rules

Return type

list

carvajal.aws.instances_elastic_ips(instances)

Return a list of elastic IPs associated with instances.

Parameters

instances (list) – list of instances

Returns

list of elastic IPs.

Return type

list

carvajal.aws.instances_ingress_ports(instances)

Return all allowed ingress ports for a list of instances.

Parameters

instances (list) – list of instances

Returns

set of allowed ingress ports

Return type

set

carvajal.aws.instances_ingress_rules(instances)

Return all ingress rules for a list of instances.

Parameters

instances (list) – list of instances

Returns

list of security group ingress rules

Return type

list

carvajal.aws.instances_ingress_rules_for_port(instances, port)

Return ingress rules applied to instances which include port.

Parameters

  • instances (list) – list of instances

  • port (int) – port

Returns

list of ingress rules

Return type

list

carvajal.aws.instances_port_ingress_sources(instances, port)

Return dict with keys ‘cidrs’ and ‘sgids’ of sources that can reach port on instances.

Parameters

  • instances (list) – list of instances

  • port (int) – port

Returns

Dict with keys “cidrs” and “sgids”, of network sources

Return type

dict

carvajal.aws.instances_security_groups(instances)

Return security groups associated with instances.

Parameters

instances (list) – list of ec2 instance objects

Returns

list of dicts with keys GroupId and GroupName

Return type

list

carvajal.aws.instances_security_groups_ids(instances)

Return the set of security group IDs applied to instances.

Parameters

instances (list) – list of ec2 instance objects

Returns

set of security group IDs applied to instances

Return type

set

carvajal.aws.match_env_type_num_name_scheme(objects, infix, env='^[^-]+-', num='-[0-9][0-9]$')

Return objects with a Name tag matching the regex (env)(infix)(num)

Example: prod-web-01

This wraps objects_tags_key_values_matches_regex.

Parameters

  • objects (str) – Iterable of aws objects with a Tags key

  • infix – Raw string for use as regex

  • env (str, optional) – Raw string for use as regex. Defaults to r”^[^-]+-“

  • num (str, optional) – Raw string for use as regex. defaults to r”-[0-9][0-9]$”).

Returns

List of returned boto3 objects

Return type

list

carvajal.aws.objects_tags_key_values_matches_regex(objects: Iterable[dict], key: str, regex: re.Pattern) List[dict]

Return objects tagged with key matching regex. You may wish to use match_env_type_num_name_scheme instead when possible.

Parameters

  • objects (iterable) – Iterable of aws objects with a Tags key

  • key (str) – Tag to compare against

  • regex (re.Pattern) – Regex to match

Returns

List of returned boto3 objects

Return type

list

carvajal.aws.port_in_rule(port, rule)

Return True or False if port is covered by a security group rule.

Parameters

  • port (int) – port to check

  • rule – security group rule to check

Returns

True or False if port is covered by a security group rule.

Return type

bool

carvajal.aws.rules_cidrs_and_security_groups(rules)

Return a dict with keys “cidrs” and “sgids” from a list of security group rules.

Parameters

rules (list) – list of security group rules

Returns

Dict with keys “cidrs” and “sgids”

Return type

dict

carvajal.aws.rules_ports(rules)

Return set of ports covered by a list of security group rules.

Parameters

rules (list) – list of security group rules

Returns

set of ports

Return type

set

carvajal.aws.security_groups_egress(group_ids)

Return all egress rules for a list of security group IDs

Parameters

group_ids (list) – list of security group IDs

Returns

list of security group egress rules

Return type

list

carvajal.aws.security_groups_ingress(group_ids)

Return all ingress rules for a list of security group IDs

Parameters

group_ids (list) – list of security group IDs

Returns

list of security group ingress rules

Return type

list

carvajal.aws.tags_key_value_matches_regex(aws_object: dict, key: str, regex: re.Pattern) bool

Return true if aws_object’s key key matches regex, otherwise False.

Parameters

  • aws_object – A boto3 aws object to check

  • key (str) – Tag to compare against

  • regex (re.Pattern) – Regex to match

Returns

True or False, if there was a match

Return type

bool

carvajal.terraform module

Functions for extracting information from terraform.

carvajal.terraform.console(query)

Ask terraform console a question. It is usually easier to use data or variable instead. If the output will be used as a data structure, use struct instead.

Parameters

query (str) – terraform console expression

Returns

Terraform’s output

Return type

str

carvajal.terraform.data(query)

Ask terraform console for a data value.

Parameters

query (str) – terraform data to look up

Returns

Terraform’s output

Return type

str

carvajal.terraform.output(query)

Ask terraform output a question.

Parameters

query (str) – terraform output key

Returns

Terraform’s output

Return type

str

carvajal.terraform.struct(query)

Ask terraform console a question, returning the answer as a data structure (list or dict, as appropriate)

Parameters

query (str) – terraform console expression

Returns

Terraform’s output

Return type

list or dict

carvajal.terraform.value(what_type, name)

Ask terraform console for a data or a variable value. it is usually easier to use data or variable instead.

Parameters

  • what_type (str) – “data” or “var”

  • name (str) – Name of data or var to return

Returns

Terraform’s output

Return type

str

carvajal.terraform.variable(var)

Ask terraform console for a variable value.

Parameters

var (str) – terraform var to look up

Returns

Terraform’s output

Return type

str

carvajal.utils module

Miscellaneous utilities.

carvajal.utils.all_and_not_empty(iterable: Iterable) bool

Return True if iterable is all True and not empty. This is much like the standard library all, but False for the vacuous case of an empty iterable.

Parameters

iterable (iterable) – iterable to check

Returns

True or False, iterable is non-empty and all True

Return type

bool

Module contents

Carvajal