path: root/python-dragoneye.spec

%global _empty_manifest_terminate_build 0
Name:		python-dragoneye
Version:	0.0.77
Release:	1
Summary:	Multi-cloud data scan tool
License:	MIT License
URL:		https://github.com/indeni/dragoneye
Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/a6/81/7078b571cc760fdd90df8d6f6066cc4752011d37e208bdf803ab9d0f2f91/dragoneye-0.0.77.tar.gz
BuildArch:	noarch

Requires:	python3-pyjq
Requires:	python3-boto3
Requires:	python3-PyYAML
Requires:	python3-backoff
Requires:	python3-requests
Requires:	python3-click
Requires:	python3-click-aliases
Requires:	python3-oauth2client
Requires:	python3-google-api-python-client

%description
![Dragoneye](dragoneye_header.png)

![CD](https://github.com/indeni/dragoneye/actions/workflows/cd.yaml/badge.svg) 
![PyPI](https://img.shields.io/badge/python-3.7+-blue.svg)
![GitHub license](https://img.shields.io/badge/license-MIT-brightgreen.svg)
![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)

# dragoneye
dragoneye is a Python tool that is used to collect data about a cloud environment using the cloud provider's APIs. It is intended to function as component in other tools who have the need to collect data quickly (multi-threaded), or as a command line to collect a snapshot of a cloud account.

dragoneye currently supports AWS (AssumeRole and AccessKey based collection) and Azure (with client secret).

# Setup
Clone this git repository, navigate to the root directory where `setup.py` is located and run:
```
pip install .
```
(note the period at the end of the command)

We recommend doing this within a virtual environment, like so:
```
python3.9 -m venv ./venv
. ./venv/bin/activate
pip install .
```

# Usage

## Programmatic Usage
Create an instance of one of the CollectRequest classes, such as AwsAccessKeyCollectRequest, AwsAssumeRoleCollectRequest, AzureCollectRequest and call the `collect` function. For example:

```python
from dragoneye import AwsScanner, AwsCloudScanSettings, AwsSessionFactory, AzureScanner, AzureCloudScanSettings, AzureAuthorizer, GcpCloudScanSettings, GcpCredentialsFactory, GcpScanner

### AWS ###
aws_settings = AwsCloudScanSettings(
    commands_path='/Users/dev/python/dragoneye/aws_commands_example.yaml',
    account_name='default', default_region='us-east-1', regions_filter=['us-east-1']
)

#### Using environment variables
session = AwsSessionFactory.get_session(profile_name=None, region='us-east-1')  # Raises exception if authentication is unsuccessful
aws_scan_output_directory = AwsScanner(session, aws_settings).scan()

#### Using an AWS Profile
session = AwsSessionFactory.get_session(profile_name='MyProfile', region='us-east-1')  # Raises exception if authentication is unsuccessful
aws_scan_output_directory = AwsScanner(session, aws_settings).scan()

#### Assume Role
session = AwsSessionFactory.get_session_using_assume_role(external_id='...',
                                                          role_arn="...",
                                                          region='us-east-1')
aws_scan_output_directory = AwsScanner(session, aws_settings).scan()

### Azure ###
azure_settings = AzureCloudScanSettings(
    commands_path='/Users/dev/python/dragoneye/azure_commands_example.yaml',
    subscription_id='...',
    account_name='my-account'
)

#### Using a registered application in Azure AD
token = AzureAuthorizer.get_authorization_token(
    tenant_id='...',
    client_id='...',
    client_secret='...'
)  # Raises exception if authentication is unsuccessful
azure_scan_output_directory = AzureScanner(token, azure_settings).scan()

### GCP ###
gcp_settings = GcpCloudScanSettings(commands_path='/Users/dev/python/dragoneye/gcp_commands_example.yaml',
                                    account_name='gcp', project_id='project-id')

# Authenticating by GCP default auth mechanism:
#    Checks environment in order of precedence:
#    - Environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to
#      a file with stored credentials information.
#    - Stored "well known" file associated with `gcloud` command line tool.
#    - Google App Engine (production and testing)
#    - Google Compute Engine production environment.
default_credentials = GcpCredentialsFactory.get_default_credentials()
# Using a file that contains the service account credentials 
service_account_file_credentials = GcpCredentialsFactory.from_service_account_file('filepath.json')
# Using a dictionary that contains the service account credentials (the content of the file from above example)
service_account_dict_credentials = GcpCredentialsFactory.from_service_account_info({'...': '...'})
# Using impersonation method (service_account_A allowing service_account_B to generate short-lived credentials of service_account_A)
impersonation_credentials = GcpCredentialsFactory.impersonate(default_credentials, 'client_email@google.com', ['https://www.googleapis.com/auth/compute.readonly'])
# Authenticating from an AWS resource via a credentials config file defined by the 'Workload Identity Federation'
wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_file('filepath.json')
# Same as above, but with the content of the above file
wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_info({'...': '...'})

gcp_scan_output_directory = GcpScanner(default_credentials, gcp_settings)
```

## CLI usage

### For collecting data from AWS
Dragoneye will use the same mechanisms boto3 uses for authentication. It will generally look for 
AWS_ACCESS_KEY_ID, etc. as environment variables.
```
dragoneye aws
```

### For collecting data from Azure
You can authenticate in one of two ways:
1. `az login`, which will allow dragoneye to use credentials loaded through Azure CLI.
2. With client id and secret of an application registered in your Azure AD.
```
dragoneye azure
```

### For collecting data from GP
You can authenticate in several ways:
1. `gcloud auth application-default login`, which will allow dragoneye to use credentials loaded through GCP CLI.
2. With service account credentials - either a file, or its content.
3. With impersonation mechanism; service_account_A allowing service_account_B to generate short-lived credentials of service_account_A
4. With Workload Identity Federation mechanism, authenticating from AWS.
```
dragoneye gcp
```



%package -n python3-dragoneye
Summary:	Multi-cloud data scan tool
Provides:	python-dragoneye
BuildRequires:	python3-devel
BuildRequires:	python3-setuptools
BuildRequires:	python3-pip
%description -n python3-dragoneye
![Dragoneye](dragoneye_header.png)

![CD](https://github.com/indeni/dragoneye/actions/workflows/cd.yaml/badge.svg) 
![PyPI](https://img.shields.io/badge/python-3.7+-blue.svg)
![GitHub license](https://img.shields.io/badge/license-MIT-brightgreen.svg)
![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)

# dragoneye
dragoneye is a Python tool that is used to collect data about a cloud environment using the cloud provider's APIs. It is intended to function as component in other tools who have the need to collect data quickly (multi-threaded), or as a command line to collect a snapshot of a cloud account.

dragoneye currently supports AWS (AssumeRole and AccessKey based collection) and Azure (with client secret).

# Setup
Clone this git repository, navigate to the root directory where `setup.py` is located and run:
```
pip install .
```
(note the period at the end of the command)

We recommend doing this within a virtual environment, like so:
```
python3.9 -m venv ./venv
. ./venv/bin/activate
pip install .
```

# Usage

## Programmatic Usage
Create an instance of one of the CollectRequest classes, such as AwsAccessKeyCollectRequest, AwsAssumeRoleCollectRequest, AzureCollectRequest and call the `collect` function. For example:

```python
from dragoneye import AwsScanner, AwsCloudScanSettings, AwsSessionFactory, AzureScanner, AzureCloudScanSettings, AzureAuthorizer, GcpCloudScanSettings, GcpCredentialsFactory, GcpScanner

### AWS ###
aws_settings = AwsCloudScanSettings(
    commands_path='/Users/dev/python/dragoneye/aws_commands_example.yaml',
    account_name='default', default_region='us-east-1', regions_filter=['us-east-1']
)

#### Using environment variables
session = AwsSessionFactory.get_session(profile_name=None, region='us-east-1')  # Raises exception if authentication is unsuccessful
aws_scan_output_directory = AwsScanner(session, aws_settings).scan()

#### Using an AWS Profile
session = AwsSessionFactory.get_session(profile_name='MyProfile', region='us-east-1')  # Raises exception if authentication is unsuccessful
aws_scan_output_directory = AwsScanner(session, aws_settings).scan()

#### Assume Role
session = AwsSessionFactory.get_session_using_assume_role(external_id='...',
                                                          role_arn="...",
                                                          region='us-east-1')
aws_scan_output_directory = AwsScanner(session, aws_settings).scan()

### Azure ###
azure_settings = AzureCloudScanSettings(
    commands_path='/Users/dev/python/dragoneye/azure_commands_example.yaml',
    subscription_id='...',
    account_name='my-account'
)

#### Using a registered application in Azure AD
token = AzureAuthorizer.get_authorization_token(
    tenant_id='...',
    client_id='...',
    client_secret='...'
)  # Raises exception if authentication is unsuccessful
azure_scan_output_directory = AzureScanner(token, azure_settings).scan()

### GCP ###
gcp_settings = GcpCloudScanSettings(commands_path='/Users/dev/python/dragoneye/gcp_commands_example.yaml',
                                    account_name='gcp', project_id='project-id')

# Authenticating by GCP default auth mechanism:
#    Checks environment in order of precedence:
#    - Environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to
#      a file with stored credentials information.
#    - Stored "well known" file associated with `gcloud` command line tool.
#    - Google App Engine (production and testing)
#    - Google Compute Engine production environment.
default_credentials = GcpCredentialsFactory.get_default_credentials()
# Using a file that contains the service account credentials 
service_account_file_credentials = GcpCredentialsFactory.from_service_account_file('filepath.json')
# Using a dictionary that contains the service account credentials (the content of the file from above example)
service_account_dict_credentials = GcpCredentialsFactory.from_service_account_info({'...': '...'})
# Using impersonation method (service_account_A allowing service_account_B to generate short-lived credentials of service_account_A)
impersonation_credentials = GcpCredentialsFactory.impersonate(default_credentials, 'client_email@google.com', ['https://www.googleapis.com/auth/compute.readonly'])
# Authenticating from an AWS resource via a credentials config file defined by the 'Workload Identity Federation'
wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_file('filepath.json')
# Same as above, but with the content of the above file
wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_info({'...': '...'})

gcp_scan_output_directory = GcpScanner(default_credentials, gcp_settings)
```

## CLI usage

### For collecting data from AWS
Dragoneye will use the same mechanisms boto3 uses for authentication. It will generally look for 
AWS_ACCESS_KEY_ID, etc. as environment variables.
```
dragoneye aws
```

### For collecting data from Azure
You can authenticate in one of two ways:
1. `az login`, which will allow dragoneye to use credentials loaded through Azure CLI.
2. With client id and secret of an application registered in your Azure AD.
```
dragoneye azure
```

### For collecting data from GP
You can authenticate in several ways:
1. `gcloud auth application-default login`, which will allow dragoneye to use credentials loaded through GCP CLI.
2. With service account credentials - either a file, or its content.
3. With impersonation mechanism; service_account_A allowing service_account_B to generate short-lived credentials of service_account_A
4. With Workload Identity Federation mechanism, authenticating from AWS.
```
dragoneye gcp
```



%package help
Summary:	Development documents and examples for dragoneye
Provides:	python3-dragoneye-doc
%description help
![Dragoneye](dragoneye_header.png)

![CD](https://github.com/indeni/dragoneye/actions/workflows/cd.yaml/badge.svg) 
![PyPI](https://img.shields.io/badge/python-3.7+-blue.svg)
![GitHub license](https://img.shields.io/badge/license-MIT-brightgreen.svg)
![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)

# dragoneye
dragoneye is a Python tool that is used to collect data about a cloud environment using the cloud provider's APIs. It is intended to function as component in other tools who have the need to collect data quickly (multi-threaded), or as a command line to collect a snapshot of a cloud account.

dragoneye currently supports AWS (AssumeRole and AccessKey based collection) and Azure (with client secret).

# Setup
Clone this git repository, navigate to the root directory where `setup.py` is located and run:
```
pip install .
```
(note the period at the end of the command)

We recommend doing this within a virtual environment, like so:
```
python3.9 -m venv ./venv
. ./venv/bin/activate
pip install .
```

# Usage

## Programmatic Usage
Create an instance of one of the CollectRequest classes, such as AwsAccessKeyCollectRequest, AwsAssumeRoleCollectRequest, AzureCollectRequest and call the `collect` function. For example:

```python
from dragoneye import AwsScanner, AwsCloudScanSettings, AwsSessionFactory, AzureScanner, AzureCloudScanSettings, AzureAuthorizer, GcpCloudScanSettings, GcpCredentialsFactory, GcpScanner

### AWS ###
aws_settings = AwsCloudScanSettings(
    commands_path='/Users/dev/python/dragoneye/aws_commands_example.yaml',
    account_name='default', default_region='us-east-1', regions_filter=['us-east-1']
)

#### Using environment variables
session = AwsSessionFactory.get_session(profile_name=None, region='us-east-1')  # Raises exception if authentication is unsuccessful
aws_scan_output_directory = AwsScanner(session, aws_settings).scan()

#### Using an AWS Profile
session = AwsSessionFactory.get_session(profile_name='MyProfile', region='us-east-1')  # Raises exception if authentication is unsuccessful
aws_scan_output_directory = AwsScanner(session, aws_settings).scan()

#### Assume Role
session = AwsSessionFactory.get_session_using_assume_role(external_id='...',
                                                          role_arn="...",
                                                          region='us-east-1')
aws_scan_output_directory = AwsScanner(session, aws_settings).scan()

### Azure ###
azure_settings = AzureCloudScanSettings(
    commands_path='/Users/dev/python/dragoneye/azure_commands_example.yaml',
    subscription_id='...',
    account_name='my-account'
)

#### Using a registered application in Azure AD
token = AzureAuthorizer.get_authorization_token(
    tenant_id='...',
    client_id='...',
    client_secret='...'
)  # Raises exception if authentication is unsuccessful
azure_scan_output_directory = AzureScanner(token, azure_settings).scan()

### GCP ###
gcp_settings = GcpCloudScanSettings(commands_path='/Users/dev/python/dragoneye/gcp_commands_example.yaml',
                                    account_name='gcp', project_id='project-id')

# Authenticating by GCP default auth mechanism:
#    Checks environment in order of precedence:
#    - Environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to
#      a file with stored credentials information.
#    - Stored "well known" file associated with `gcloud` command line tool.
#    - Google App Engine (production and testing)
#    - Google Compute Engine production environment.
default_credentials = GcpCredentialsFactory.get_default_credentials()
# Using a file that contains the service account credentials 
service_account_file_credentials = GcpCredentialsFactory.from_service_account_file('filepath.json')
# Using a dictionary that contains the service account credentials (the content of the file from above example)
service_account_dict_credentials = GcpCredentialsFactory.from_service_account_info({'...': '...'})
# Using impersonation method (service_account_A allowing service_account_B to generate short-lived credentials of service_account_A)
impersonation_credentials = GcpCredentialsFactory.impersonate(default_credentials, 'client_email@google.com', ['https://www.googleapis.com/auth/compute.readonly'])
# Authenticating from an AWS resource via a credentials config file defined by the 'Workload Identity Federation'
wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_file('filepath.json')
# Same as above, but with the content of the above file
wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_info({'...': '...'})

gcp_scan_output_directory = GcpScanner(default_credentials, gcp_settings)
```

## CLI usage

### For collecting data from AWS
Dragoneye will use the same mechanisms boto3 uses for authentication. It will generally look for 
AWS_ACCESS_KEY_ID, etc. as environment variables.
```
dragoneye aws
```

### For collecting data from Azure
You can authenticate in one of two ways:
1. `az login`, which will allow dragoneye to use credentials loaded through Azure CLI.
2. With client id and secret of an application registered in your Azure AD.
```
dragoneye azure
```

### For collecting data from GP
You can authenticate in several ways:
1. `gcloud auth application-default login`, which will allow dragoneye to use credentials loaded through GCP CLI.
2. With service account credentials - either a file, or its content.
3. With impersonation mechanism; service_account_A allowing service_account_B to generate short-lived credentials of service_account_A
4. With Workload Identity Federation mechanism, authenticating from AWS.
```
dragoneye gcp
```



%prep
%autosetup -n dragoneye-0.0.77

%build
%py3_build

%install
%py3_install
install -d -m755 %{buildroot}/%{_pkgdocdir}
if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
if [ -d usr/lib ]; then
	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/lib64 ]; then
	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .

%files -n python3-dragoneye -f filelist.lst
%dir %{python3_sitelib}/*

%files help -f doclist.lst
%{_docdir}/*

%changelog
* Mon May 29 2023 Python_Bot <Python_Bot@openeuler.org> - 0.0.77-1
- Package Spec generated