%global _empty_manifest_terminate_build 0 Name: python-dragoneye Version: 0.0.77 Release: 1 Summary: Multi-cloud data scan tool License: MIT License URL: https://github.com/indeni/dragoneye Source0: https://mirrors.aliyun.com/pypi/web/packages/a6/81/7078b571cc760fdd90df8d6f6066cc4752011d37e208bdf803ab9d0f2f91/dragoneye-0.0.77.tar.gz BuildArch: noarch Requires: python3-pyjq Requires: python3-boto3 Requires: python3-PyYAML Requires: python3-backoff Requires: python3-requests Requires: python3-click Requires: python3-click-aliases Requires: python3-oauth2client Requires: python3-google-api-python-client %description ![Dragoneye](dragoneye_header.png) ![CD](https://github.com/indeni/dragoneye/actions/workflows/cd.yaml/badge.svg) ![PyPI](https://img.shields.io/badge/python-3.7+-blue.svg) ![GitHub license](https://img.shields.io/badge/license-MIT-brightgreen.svg) ![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg) # dragoneye dragoneye is a Python tool that is used to collect data about a cloud environment using the cloud provider's APIs. It is intended to function as component in other tools who have the need to collect data quickly (multi-threaded), or as a command line to collect a snapshot of a cloud account. dragoneye currently supports AWS (AssumeRole and AccessKey based collection) and Azure (with client secret). # Setup Clone this git repository, navigate to the root directory where `setup.py` is located and run: ``` pip install . ``` (note the period at the end of the command) We recommend doing this within a virtual environment, like so: ``` python3.9 -m venv ./venv . ./venv/bin/activate pip install . ``` # Usage ## Programmatic Usage Create an instance of one of the CollectRequest classes, such as AwsAccessKeyCollectRequest, AwsAssumeRoleCollectRequest, AzureCollectRequest and call the `collect` function. For example: ```python from dragoneye import AwsScanner, AwsCloudScanSettings, AwsSessionFactory, AzureScanner, AzureCloudScanSettings, AzureAuthorizer, GcpCloudScanSettings, GcpCredentialsFactory, GcpScanner ### AWS ### aws_settings = AwsCloudScanSettings( commands_path='/Users/dev/python/dragoneye/aws_commands_example.yaml', account_name='default', default_region='us-east-1', regions_filter=['us-east-1'] ) #### Using environment variables session = AwsSessionFactory.get_session(profile_name=None, region='us-east-1') # Raises exception if authentication is unsuccessful aws_scan_output_directory = AwsScanner(session, aws_settings).scan() #### Using an AWS Profile session = AwsSessionFactory.get_session(profile_name='MyProfile', region='us-east-1') # Raises exception if authentication is unsuccessful aws_scan_output_directory = AwsScanner(session, aws_settings).scan() #### Assume Role session = AwsSessionFactory.get_session_using_assume_role(external_id='...', role_arn="...", region='us-east-1') aws_scan_output_directory = AwsScanner(session, aws_settings).scan() ### Azure ### azure_settings = AzureCloudScanSettings( commands_path='/Users/dev/python/dragoneye/azure_commands_example.yaml', subscription_id='...', account_name='my-account' ) #### Using a registered application in Azure AD token = AzureAuthorizer.get_authorization_token( tenant_id='...', client_id='...', client_secret='...' ) # Raises exception if authentication is unsuccessful azure_scan_output_directory = AzureScanner(token, azure_settings).scan() ### GCP ### gcp_settings = GcpCloudScanSettings(commands_path='/Users/dev/python/dragoneye/gcp_commands_example.yaml', account_name='gcp', project_id='project-id') # Authenticating by GCP default auth mechanism: # Checks environment in order of precedence: # - Environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to # a file with stored credentials information. # - Stored "well known" file associated with `gcloud` command line tool. # - Google App Engine (production and testing) # - Google Compute Engine production environment. default_credentials = GcpCredentialsFactory.get_default_credentials() # Using a file that contains the service account credentials service_account_file_credentials = GcpCredentialsFactory.from_service_account_file('filepath.json') # Using a dictionary that contains the service account credentials (the content of the file from above example) service_account_dict_credentials = GcpCredentialsFactory.from_service_account_info({'...': '...'}) # Using impersonation method (service_account_A allowing service_account_B to generate short-lived credentials of service_account_A) impersonation_credentials = GcpCredentialsFactory.impersonate(default_credentials, 'client_email@google.com', ['https://www.googleapis.com/auth/compute.readonly']) # Authenticating from an AWS resource via a credentials config file defined by the 'Workload Identity Federation' wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_file('filepath.json') # Same as above, but with the content of the above file wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_info({'...': '...'}) gcp_scan_output_directory = GcpScanner(default_credentials, gcp_settings) ``` ## CLI usage ### For collecting data from AWS Dragoneye will use the same mechanisms boto3 uses for authentication. It will generally look for AWS_ACCESS_KEY_ID, etc. as environment variables. ``` dragoneye aws ``` ### For collecting data from Azure You can authenticate in one of two ways: 1. `az login`, which will allow dragoneye to use credentials loaded through Azure CLI. 2. With client id and secret of an application registered in your Azure AD. ``` dragoneye azure ``` ### For collecting data from GP You can authenticate in several ways: 1. `gcloud auth application-default login`, which will allow dragoneye to use credentials loaded through GCP CLI. 2. With service account credentials - either a file, or its content. 3. With impersonation mechanism; service_account_A allowing service_account_B to generate short-lived credentials of service_account_A 4. With Workload Identity Federation mechanism, authenticating from AWS. ``` dragoneye gcp ``` %package -n python3-dragoneye Summary: Multi-cloud data scan tool Provides: python-dragoneye BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-dragoneye ![Dragoneye](dragoneye_header.png) ![CD](https://github.com/indeni/dragoneye/actions/workflows/cd.yaml/badge.svg) ![PyPI](https://img.shields.io/badge/python-3.7+-blue.svg) ![GitHub license](https://img.shields.io/badge/license-MIT-brightgreen.svg) ![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg) # dragoneye dragoneye is a Python tool that is used to collect data about a cloud environment using the cloud provider's APIs. It is intended to function as component in other tools who have the need to collect data quickly (multi-threaded), or as a command line to collect a snapshot of a cloud account. dragoneye currently supports AWS (AssumeRole and AccessKey based collection) and Azure (with client secret). # Setup Clone this git repository, navigate to the root directory where `setup.py` is located and run: ``` pip install . ``` (note the period at the end of the command) We recommend doing this within a virtual environment, like so: ``` python3.9 -m venv ./venv . ./venv/bin/activate pip install . ``` # Usage ## Programmatic Usage Create an instance of one of the CollectRequest classes, such as AwsAccessKeyCollectRequest, AwsAssumeRoleCollectRequest, AzureCollectRequest and call the `collect` function. For example: ```python from dragoneye import AwsScanner, AwsCloudScanSettings, AwsSessionFactory, AzureScanner, AzureCloudScanSettings, AzureAuthorizer, GcpCloudScanSettings, GcpCredentialsFactory, GcpScanner ### AWS ### aws_settings = AwsCloudScanSettings( commands_path='/Users/dev/python/dragoneye/aws_commands_example.yaml', account_name='default', default_region='us-east-1', regions_filter=['us-east-1'] ) #### Using environment variables session = AwsSessionFactory.get_session(profile_name=None, region='us-east-1') # Raises exception if authentication is unsuccessful aws_scan_output_directory = AwsScanner(session, aws_settings).scan() #### Using an AWS Profile session = AwsSessionFactory.get_session(profile_name='MyProfile', region='us-east-1') # Raises exception if authentication is unsuccessful aws_scan_output_directory = AwsScanner(session, aws_settings).scan() #### Assume Role session = AwsSessionFactory.get_session_using_assume_role(external_id='...', role_arn="...", region='us-east-1') aws_scan_output_directory = AwsScanner(session, aws_settings).scan() ### Azure ### azure_settings = AzureCloudScanSettings( commands_path='/Users/dev/python/dragoneye/azure_commands_example.yaml', subscription_id='...', account_name='my-account' ) #### Using a registered application in Azure AD token = AzureAuthorizer.get_authorization_token( tenant_id='...', client_id='...', client_secret='...' ) # Raises exception if authentication is unsuccessful azure_scan_output_directory = AzureScanner(token, azure_settings).scan() ### GCP ### gcp_settings = GcpCloudScanSettings(commands_path='/Users/dev/python/dragoneye/gcp_commands_example.yaml', account_name='gcp', project_id='project-id') # Authenticating by GCP default auth mechanism: # Checks environment in order of precedence: # - Environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to # a file with stored credentials information. # - Stored "well known" file associated with `gcloud` command line tool. # - Google App Engine (production and testing) # - Google Compute Engine production environment. default_credentials = GcpCredentialsFactory.get_default_credentials() # Using a file that contains the service account credentials service_account_file_credentials = GcpCredentialsFactory.from_service_account_file('filepath.json') # Using a dictionary that contains the service account credentials (the content of the file from above example) service_account_dict_credentials = GcpCredentialsFactory.from_service_account_info({'...': '...'}) # Using impersonation method (service_account_A allowing service_account_B to generate short-lived credentials of service_account_A) impersonation_credentials = GcpCredentialsFactory.impersonate(default_credentials, 'client_email@google.com', ['https://www.googleapis.com/auth/compute.readonly']) # Authenticating from an AWS resource via a credentials config file defined by the 'Workload Identity Federation' wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_file('filepath.json') # Same as above, but with the content of the above file wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_info({'...': '...'}) gcp_scan_output_directory = GcpScanner(default_credentials, gcp_settings) ``` ## CLI usage ### For collecting data from AWS Dragoneye will use the same mechanisms boto3 uses for authentication. It will generally look for AWS_ACCESS_KEY_ID, etc. as environment variables. ``` dragoneye aws ``` ### For collecting data from Azure You can authenticate in one of two ways: 1. `az login`, which will allow dragoneye to use credentials loaded through Azure CLI. 2. With client id and secret of an application registered in your Azure AD. ``` dragoneye azure ``` ### For collecting data from GP You can authenticate in several ways: 1. `gcloud auth application-default login`, which will allow dragoneye to use credentials loaded through GCP CLI. 2. With service account credentials - either a file, or its content. 3. With impersonation mechanism; service_account_A allowing service_account_B to generate short-lived credentials of service_account_A 4. With Workload Identity Federation mechanism, authenticating from AWS. ``` dragoneye gcp ``` %package help Summary: Development documents and examples for dragoneye Provides: python3-dragoneye-doc %description help ![Dragoneye](dragoneye_header.png) ![CD](https://github.com/indeni/dragoneye/actions/workflows/cd.yaml/badge.svg) ![PyPI](https://img.shields.io/badge/python-3.7+-blue.svg) ![GitHub license](https://img.shields.io/badge/license-MIT-brightgreen.svg) ![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg) # dragoneye dragoneye is a Python tool that is used to collect data about a cloud environment using the cloud provider's APIs. It is intended to function as component in other tools who have the need to collect data quickly (multi-threaded), or as a command line to collect a snapshot of a cloud account. dragoneye currently supports AWS (AssumeRole and AccessKey based collection) and Azure (with client secret). # Setup Clone this git repository, navigate to the root directory where `setup.py` is located and run: ``` pip install . ``` (note the period at the end of the command) We recommend doing this within a virtual environment, like so: ``` python3.9 -m venv ./venv . ./venv/bin/activate pip install . ``` # Usage ## Programmatic Usage Create an instance of one of the CollectRequest classes, such as AwsAccessKeyCollectRequest, AwsAssumeRoleCollectRequest, AzureCollectRequest and call the `collect` function. For example: ```python from dragoneye import AwsScanner, AwsCloudScanSettings, AwsSessionFactory, AzureScanner, AzureCloudScanSettings, AzureAuthorizer, GcpCloudScanSettings, GcpCredentialsFactory, GcpScanner ### AWS ### aws_settings = AwsCloudScanSettings( commands_path='/Users/dev/python/dragoneye/aws_commands_example.yaml', account_name='default', default_region='us-east-1', regions_filter=['us-east-1'] ) #### Using environment variables session = AwsSessionFactory.get_session(profile_name=None, region='us-east-1') # Raises exception if authentication is unsuccessful aws_scan_output_directory = AwsScanner(session, aws_settings).scan() #### Using an AWS Profile session = AwsSessionFactory.get_session(profile_name='MyProfile', region='us-east-1') # Raises exception if authentication is unsuccessful aws_scan_output_directory = AwsScanner(session, aws_settings).scan() #### Assume Role session = AwsSessionFactory.get_session_using_assume_role(external_id='...', role_arn="...", region='us-east-1') aws_scan_output_directory = AwsScanner(session, aws_settings).scan() ### Azure ### azure_settings = AzureCloudScanSettings( commands_path='/Users/dev/python/dragoneye/azure_commands_example.yaml', subscription_id='...', account_name='my-account' ) #### Using a registered application in Azure AD token = AzureAuthorizer.get_authorization_token( tenant_id='...', client_id='...', client_secret='...' ) # Raises exception if authentication is unsuccessful azure_scan_output_directory = AzureScanner(token, azure_settings).scan() ### GCP ### gcp_settings = GcpCloudScanSettings(commands_path='/Users/dev/python/dragoneye/gcp_commands_example.yaml', account_name='gcp', project_id='project-id') # Authenticating by GCP default auth mechanism: # Checks environment in order of precedence: # - Environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to # a file with stored credentials information. # - Stored "well known" file associated with `gcloud` command line tool. # - Google App Engine (production and testing) # - Google Compute Engine production environment. default_credentials = GcpCredentialsFactory.get_default_credentials() # Using a file that contains the service account credentials service_account_file_credentials = GcpCredentialsFactory.from_service_account_file('filepath.json') # Using a dictionary that contains the service account credentials (the content of the file from above example) service_account_dict_credentials = GcpCredentialsFactory.from_service_account_info({'...': '...'}) # Using impersonation method (service_account_A allowing service_account_B to generate short-lived credentials of service_account_A) impersonation_credentials = GcpCredentialsFactory.impersonate(default_credentials, 'client_email@google.com', ['https://www.googleapis.com/auth/compute.readonly']) # Authenticating from an AWS resource via a credentials config file defined by the 'Workload Identity Federation' wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_file('filepath.json') # Same as above, but with the content of the above file wif_credentials = GcpCredentialsFactory.from_aws_credentials_config_info({'...': '...'}) gcp_scan_output_directory = GcpScanner(default_credentials, gcp_settings) ``` ## CLI usage ### For collecting data from AWS Dragoneye will use the same mechanisms boto3 uses for authentication. It will generally look for AWS_ACCESS_KEY_ID, etc. as environment variables. ``` dragoneye aws ``` ### For collecting data from Azure You can authenticate in one of two ways: 1. `az login`, which will allow dragoneye to use credentials loaded through Azure CLI. 2. With client id and secret of an application registered in your Azure AD. ``` dragoneye azure ``` ### For collecting data from GP You can authenticate in several ways: 1. `gcloud auth application-default login`, which will allow dragoneye to use credentials loaded through GCP CLI. 2. With service account credentials - either a file, or its content. 3. With impersonation mechanism; service_account_A allowing service_account_B to generate short-lived credentials of service_account_A 4. With Workload Identity Federation mechanism, authenticating from AWS. ``` dragoneye gcp ``` %prep %autosetup -n dragoneye-0.0.77 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-dragoneye -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Fri Jun 09 2023 Python_Bot - 0.0.77-1 - Package Spec generated