diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | python-dragoneye.spec | 447 | ||||
| -rw-r--r-- | sources | 1 |
3 files changed, 449 insertions, 0 deletions
@@ -0,0 +1 @@ +/dragoneye-0.0.77.tar.gz diff --git a/python-dragoneye.spec b/python-dragoneye.spec new file mode 100644 index 0000000..b3dec7c --- /dev/null +++ b/python-dragoneye.spec @@ -0,0 +1,447 @@ +%global _empty_manifest_terminate_build 0 +Name: python-dragoneye +Version: 0.0.77 +Release: 1 +Summary: Multi-cloud data scan tool +License: MIT License +URL: https://github.com/indeni/dragoneye +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/a6/81/7078b571cc760fdd90df8d6f6066cc4752011d37e208bdf803ab9d0f2f91/dragoneye-0.0.77.tar.gz +BuildArch: noarch + +Requires: python3-pyjq +Requires: python3-boto3 +Requires: python3-PyYAML +Requires: python3-backoff +Requires: python3-requests +Requires: python3-click +Requires: python3-click-aliases +Requires: python3-oauth2client +Requires: python3-google-api-python-client + +%description + + + + + + + +# dragoneye +dragoneye is a Python tool that is used to collect data about a cloud environment using the cloud provider's APIs. It is intended to function as component in other tools who have the need to collect data quickly (multi-threaded), or as a command line to collect a snapshot of a cloud account. + +dragoneye currently supports AWS (AssumeRole and AccessKey based collection) and Azure (with client secret). + +# Setup +Clone this git repository, navigate to the root directory where `setup.py` is located and run: +``` +pip install . +``` +(note the period at the end of the command) + +We recommend doing this within a virtual environment, like so: +``` +python3.9 -m venv ./venv +. ./venv/bin/activate +pip install . +``` + +# Usage + +## Programmatic Usage +Create an instance of one of the CollectRequest classes, such as AwsAccessKeyCollectRequest, AwsAssumeRoleCollectRequest, AzureCollectRequest and call the `collect` function. For example: + +```python +from dragoneye import AwsScanner, AwsCloudScanSettings, AwsSessionFactory, AzureScanner, AzureCloudScanSettings, AzureAuthorizer, GcpCloudScanSettings, GcpCredentialsFactory, GcpScanner + +### AWS ### +aws_settings = AwsCloudScanSettings( + commands_path='/Users/dev/python/dragoneye/aws_commands_example.yaml', + account_name='default', default_region='us-east-1', regions_filter=['us-east-1'] +) + +#### Using environment variables +session = AwsSessionFactory.get_session(profile_name=None, region='us-east-1') # Raises exception if authentication is unsuccessful +aws_scan_output_directory = AwsScanner(session, aws_settings).scan() + +#### Using an AWS Profile +session = AwsSessionFactory.get_session(profile_name='MyProfile', region='us-east-1') # Raises exception if authentication is unsuccessful +aws_scan_output_directory = AwsScanner(session, aws_settings).scan() + +#### Assume Role +session = AwsSessionFactory.get_session_using_assume_role(external_id='...', + role_arn="...", + region='us-east-1') +aws_scan_output_directory = AwsScanner(session, aws_settings).scan() + +### Azure ### +azure_settings = AzureCloudScanSettings( + commands_path='/Users/dev/python/dragoneye/azure_commands_example.yaml', + subscription_id='...', + account_name='my-account' +) + +#### Using a registered application in Azure AD +token = AzureAuthorizer.get_authorization_token( + tenant_id='...', + client_id='...', + client_secret='...' +) # Raises exception if authentication is unsuccessful +azure_scan_output_directory = AzureScanner(token, azure_settings).scan() + +### GCP ### +gcp_settings = GcpCloudScanSettings(commands_path='/Users/dev/python/dragoneye/gcp_commands_example.yaml', + account_name='gcp', project_id='project-id') + +# Authenticating by GCP default auth mechanism: +# Checks environment in order of precedence: +# - Environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to +# a file with stored credentials information. +# - Stored "well known" file associated with `gcloud` command line tool. +# - Google App Engine (production and testing) +# - Google Compute Engine production environment. +default_credentials = GcpCredentialsFactory.get_default_credentials() +# Using a file that contains the service account credentials +service_account_file_credentials = GcpCredentialsFactory.from_service_account_file('filepath.json') +# Using a dictionary that contains the service account credentials (the content of the file from above example) +service_account_dict_credentials = GcpCredentialsFactory.from_service_account_info({'...': '...'}) +# Using impersonation method (service_account_A allowing service_account_B to generate short-lived credentials of service_account_A) +impersonation_credentials = GcpCredentialsFactory.impersonate(default_credentials, 'client_email@google.com', ['https://www.googleapis.com/auth/compute.readonly']) +# Authenticating from an AWS resource via a credentials config file defined by the 'Workload Identity Federation' +wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_file('filepath.json') +# Same as above, but with the content of the above file +wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_info({'...': '...'}) + +gcp_scan_output_directory = GcpScanner(default_credentials, gcp_settings) +``` + +## CLI usage + +### For collecting data from AWS +Dragoneye will use the same mechanisms boto3 uses for authentication. It will generally look for +AWS_ACCESS_KEY_ID, etc. as environment variables. +``` +dragoneye aws +``` + +### For collecting data from Azure +You can authenticate in one of two ways: +1. `az login`, which will allow dragoneye to use credentials loaded through Azure CLI. +2. With client id and secret of an application registered in your Azure AD. +``` +dragoneye azure +``` + +### For collecting data from GP +You can authenticate in several ways: +1. `gcloud auth application-default login`, which will allow dragoneye to use credentials loaded through GCP CLI. +2. With service account credentials - either a file, or its content. +3. With impersonation mechanism; service_account_A allowing service_account_B to generate short-lived credentials of service_account_A +4. With Workload Identity Federation mechanism, authenticating from AWS. +``` +dragoneye gcp +``` + + + +%package -n python3-dragoneye +Summary: Multi-cloud data scan tool +Provides: python-dragoneye +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-dragoneye + + + + + + + +# dragoneye +dragoneye is a Python tool that is used to collect data about a cloud environment using the cloud provider's APIs. It is intended to function as component in other tools who have the need to collect data quickly (multi-threaded), or as a command line to collect a snapshot of a cloud account. + +dragoneye currently supports AWS (AssumeRole and AccessKey based collection) and Azure (with client secret). + +# Setup +Clone this git repository, navigate to the root directory where `setup.py` is located and run: +``` +pip install . +``` +(note the period at the end of the command) + +We recommend doing this within a virtual environment, like so: +``` +python3.9 -m venv ./venv +. ./venv/bin/activate +pip install . +``` + +# Usage + +## Programmatic Usage +Create an instance of one of the CollectRequest classes, such as AwsAccessKeyCollectRequest, AwsAssumeRoleCollectRequest, AzureCollectRequest and call the `collect` function. For example: + +```python +from dragoneye import AwsScanner, AwsCloudScanSettings, AwsSessionFactory, AzureScanner, AzureCloudScanSettings, AzureAuthorizer, GcpCloudScanSettings, GcpCredentialsFactory, GcpScanner + +### AWS ### +aws_settings = AwsCloudScanSettings( + commands_path='/Users/dev/python/dragoneye/aws_commands_example.yaml', + account_name='default', default_region='us-east-1', regions_filter=['us-east-1'] +) + +#### Using environment variables +session = AwsSessionFactory.get_session(profile_name=None, region='us-east-1') # Raises exception if authentication is unsuccessful +aws_scan_output_directory = AwsScanner(session, aws_settings).scan() + +#### Using an AWS Profile +session = AwsSessionFactory.get_session(profile_name='MyProfile', region='us-east-1') # Raises exception if authentication is unsuccessful +aws_scan_output_directory = AwsScanner(session, aws_settings).scan() + +#### Assume Role +session = AwsSessionFactory.get_session_using_assume_role(external_id='...', + role_arn="...", + region='us-east-1') +aws_scan_output_directory = AwsScanner(session, aws_settings).scan() + +### Azure ### +azure_settings = AzureCloudScanSettings( + commands_path='/Users/dev/python/dragoneye/azure_commands_example.yaml', + subscription_id='...', + account_name='my-account' +) + +#### Using a registered application in Azure AD +token = AzureAuthorizer.get_authorization_token( + tenant_id='...', + client_id='...', + client_secret='...' +) # Raises exception if authentication is unsuccessful +azure_scan_output_directory = AzureScanner(token, azure_settings).scan() + +### GCP ### +gcp_settings = GcpCloudScanSettings(commands_path='/Users/dev/python/dragoneye/gcp_commands_example.yaml', + account_name='gcp', project_id='project-id') + +# Authenticating by GCP default auth mechanism: +# Checks environment in order of precedence: +# - Environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to +# a file with stored credentials information. +# - Stored "well known" file associated with `gcloud` command line tool. +# - Google App Engine (production and testing) +# - Google Compute Engine production environment. +default_credentials = GcpCredentialsFactory.get_default_credentials() +# Using a file that contains the service account credentials +service_account_file_credentials = GcpCredentialsFactory.from_service_account_file('filepath.json') +# Using a dictionary that contains the service account credentials (the content of the file from above example) +service_account_dict_credentials = GcpCredentialsFactory.from_service_account_info({'...': '...'}) +# Using impersonation method (service_account_A allowing service_account_B to generate short-lived credentials of service_account_A) +impersonation_credentials = GcpCredentialsFactory.impersonate(default_credentials, 'client_email@google.com', ['https://www.googleapis.com/auth/compute.readonly']) +# Authenticating from an AWS resource via a credentials config file defined by the 'Workload Identity Federation' +wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_file('filepath.json') +# Same as above, but with the content of the above file +wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_info({'...': '...'}) + +gcp_scan_output_directory = GcpScanner(default_credentials, gcp_settings) +``` + +## CLI usage + +### For collecting data from AWS +Dragoneye will use the same mechanisms boto3 uses for authentication. It will generally look for +AWS_ACCESS_KEY_ID, etc. as environment variables. +``` +dragoneye aws +``` + +### For collecting data from Azure +You can authenticate in one of two ways: +1. `az login`, which will allow dragoneye to use credentials loaded through Azure CLI. +2. With client id and secret of an application registered in your Azure AD. +``` +dragoneye azure +``` + +### For collecting data from GP +You can authenticate in several ways: +1. `gcloud auth application-default login`, which will allow dragoneye to use credentials loaded through GCP CLI. +2. With service account credentials - either a file, or its content. +3. With impersonation mechanism; service_account_A allowing service_account_B to generate short-lived credentials of service_account_A +4. With Workload Identity Federation mechanism, authenticating from AWS. +``` +dragoneye gcp +``` + + + +%package help +Summary: Development documents and examples for dragoneye +Provides: python3-dragoneye-doc +%description help + + + + + + + +# dragoneye +dragoneye is a Python tool that is used to collect data about a cloud environment using the cloud provider's APIs. It is intended to function as component in other tools who have the need to collect data quickly (multi-threaded), or as a command line to collect a snapshot of a cloud account. + +dragoneye currently supports AWS (AssumeRole and AccessKey based collection) and Azure (with client secret). + +# Setup +Clone this git repository, navigate to the root directory where `setup.py` is located and run: +``` +pip install . +``` +(note the period at the end of the command) + +We recommend doing this within a virtual environment, like so: +``` +python3.9 -m venv ./venv +. ./venv/bin/activate +pip install . +``` + +# Usage + +## Programmatic Usage +Create an instance of one of the CollectRequest classes, such as AwsAccessKeyCollectRequest, AwsAssumeRoleCollectRequest, AzureCollectRequest and call the `collect` function. For example: + +```python +from dragoneye import AwsScanner, AwsCloudScanSettings, AwsSessionFactory, AzureScanner, AzureCloudScanSettings, AzureAuthorizer, GcpCloudScanSettings, GcpCredentialsFactory, GcpScanner + +### AWS ### +aws_settings = AwsCloudScanSettings( + commands_path='/Users/dev/python/dragoneye/aws_commands_example.yaml', + account_name='default', default_region='us-east-1', regions_filter=['us-east-1'] +) + +#### Using environment variables +session = AwsSessionFactory.get_session(profile_name=None, region='us-east-1') # Raises exception if authentication is unsuccessful +aws_scan_output_directory = AwsScanner(session, aws_settings).scan() + +#### Using an AWS Profile +session = AwsSessionFactory.get_session(profile_name='MyProfile', region='us-east-1') # Raises exception if authentication is unsuccessful +aws_scan_output_directory = AwsScanner(session, aws_settings).scan() + +#### Assume Role +session = AwsSessionFactory.get_session_using_assume_role(external_id='...', + role_arn="...", + region='us-east-1') +aws_scan_output_directory = AwsScanner(session, aws_settings).scan() + +### Azure ### +azure_settings = AzureCloudScanSettings( + commands_path='/Users/dev/python/dragoneye/azure_commands_example.yaml', + subscription_id='...', + account_name='my-account' +) + +#### Using a registered application in Azure AD +token = AzureAuthorizer.get_authorization_token( + tenant_id='...', + client_id='...', + client_secret='...' +) # Raises exception if authentication is unsuccessful +azure_scan_output_directory = AzureScanner(token, azure_settings).scan() + +### GCP ### +gcp_settings = GcpCloudScanSettings(commands_path='/Users/dev/python/dragoneye/gcp_commands_example.yaml', + account_name='gcp', project_id='project-id') + +# Authenticating by GCP default auth mechanism: +# Checks environment in order of precedence: +# - Environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to +# a file with stored credentials information. +# - Stored "well known" file associated with `gcloud` command line tool. +# - Google App Engine (production and testing) +# - Google Compute Engine production environment. +default_credentials = GcpCredentialsFactory.get_default_credentials() +# Using a file that contains the service account credentials +service_account_file_credentials = GcpCredentialsFactory.from_service_account_file('filepath.json') +# Using a dictionary that contains the service account credentials (the content of the file from above example) +service_account_dict_credentials = GcpCredentialsFactory.from_service_account_info({'...': '...'}) +# Using impersonation method (service_account_A allowing service_account_B to generate short-lived credentials of service_account_A) +impersonation_credentials = GcpCredentialsFactory.impersonate(default_credentials, 'client_email@google.com', ['https://www.googleapis.com/auth/compute.readonly']) +# Authenticating from an AWS resource via a credentials config file defined by the 'Workload Identity Federation' +wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_file('filepath.json') +# Same as above, but with the content of the above file +wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_info({'...': '...'}) + +gcp_scan_output_directory = GcpScanner(default_credentials, gcp_settings) +``` + +## CLI usage + +### For collecting data from AWS +Dragoneye will use the same mechanisms boto3 uses for authentication. It will generally look for +AWS_ACCESS_KEY_ID, etc. as environment variables. +``` +dragoneye aws +``` + +### For collecting data from Azure +You can authenticate in one of two ways: +1. `az login`, which will allow dragoneye to use credentials loaded through Azure CLI. +2. With client id and secret of an application registered in your Azure AD. +``` +dragoneye azure +``` + +### For collecting data from GP +You can authenticate in several ways: +1. `gcloud auth application-default login`, which will allow dragoneye to use credentials loaded through GCP CLI. +2. With service account credentials - either a file, or its content. +3. With impersonation mechanism; service_account_A allowing service_account_B to generate short-lived credentials of service_account_A +4. With Workload Identity Federation mechanism, authenticating from AWS. +``` +dragoneye gcp +``` + + + +%prep +%autosetup -n dragoneye-0.0.77 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-dragoneye -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Mon May 29 2023 Python_Bot <Python_Bot@openeuler.org> - 0.0.77-1 +- Package Spec generated @@ -0,0 +1 @@ +91fd8ff0527dc9d29c38c3a115e365a4 dragoneye-0.0.77.tar.gz |