confidant.scripts package¶
Submodules¶
confidant.scripts.archive module¶
- class confidant.scripts.archive.ArchiveCredentials(func=None)¶
Bases:
CommandCommand to permanently archive credentials to an archive dynamodb table.
- option_list = [<flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>]¶
- run(days, force, ids)¶
Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.
confidant.scripts.bootstrap module¶
- class confidant.scripts.bootstrap.DecryptSecretsBootstrap(func=None)¶
Bases:
Command- option_list = [<flask_script.commands.Option object>]¶
- run(_out)¶
Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.
- class confidant.scripts.bootstrap.GenerateSecretsBootstrap(func=None)¶
Bases:
Command- option_list = [<flask_script.commands.Option object>, <flask_script.commands.Option object>]¶
- run(_in, _out)¶
Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.
confidant.scripts.manage module¶
- confidant.scripts.manage.main()¶
confidant.scripts.migrate module¶
- class confidant.scripts.migrate.GeneralCredentialModel(hash_key: Optional[Any] = None, range_key: Optional[Any] = None, _user_instantiated: bool = True, **attributes: Any)¶
Bases:
Model- exception DoesNotExist(msg: Optional[str] = None, cause: Optional[Exception] = None)¶
Bases:
DoesNotExist
- _attributes = {'credential_keys': <confidant.scripts.migrate.NewUnicodeSetAttribute object>, 'id': <pynamodb.attributes.UnicodeAttribute object>}¶
- _discriminator = None¶
- _dynamo_to_python_attrs = {}¶
- _hash_keyname: Optional[str] = 'id'¶
- _indexes: Dict[str, Index] = {}¶
- credential_keys¶
A unicode set
- id¶
A unicode attribute
- class confidant.scripts.migrate.GeneralServiceModel(hash_key: Optional[Any] = None, range_key: Optional[Any] = None, _user_instantiated: bool = True, **attributes: Any)¶
Bases:
Model- exception DoesNotExist(msg: Optional[str] = None, cause: Optional[Exception] = None)¶
Bases:
DoesNotExist
- _attributes = {'blind_credentials': <confidant.scripts.migrate.NewUnicodeSetAttribute object>, 'credentials': <confidant.scripts.migrate.NewUnicodeSetAttribute object>, 'id': <pynamodb.attributes.UnicodeAttribute object>}¶
- _discriminator = None¶
- _dynamo_to_python_attrs = {}¶
- _hash_keyname: Optional[str] = 'id'¶
- _indexes: Dict[str, Index] = {}¶
- blind_credentials¶
A unicode set
- credentials¶
A unicode set
- id¶
A unicode attribute
- class confidant.scripts.migrate.MigrateBlindCredentialSetAttribute(func=None)¶
Bases:
Command- run()¶
Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.
- class confidant.scripts.migrate.MigrateServiceSetAttribute(func=None)¶
Bases:
Command- run()¶
Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.
- class confidant.scripts.migrate.NewUnicodeSetAttribute(hash_key: bool = False, range_key: bool = False, null: Optional[bool] = None, default: Optional[Union[_T, Callable[[...], _T]]] = None, default_for_new: Optional[Union[Any, Callable[[...], _T]]] = None, attr_name: Optional[str] = None)¶
Bases:
SetMixin,AttributeA unicode set
- attr_type: str = 'SS'¶
- deserialize(value)¶
Deserializes a set
- element_deserialize(value)¶
- element_serialize(value)¶
This serializes unicode / strings out as unicode strings. It does not touch the value if it is already a unicode str :param value: :return:
- null = True¶
- serialize(value)¶
Serializes a set
Because dynamodb doesn’t store empty attributes, empty sets return None
- class confidant.scripts.migrate.SetMixin¶
Bases:
objectAdds (de)serialization methods for sets
- deserialize(value)¶
Deserializes a set
- serialize(value)¶
Serializes a set
Because dynamodb doesn’t store empty attributes, empty sets return None
- confidant.scripts.migrate.is_old_unicode_set(values)¶
confidant.scripts.migrate_bool module¶
- class confidant.scripts.migrate_bool.GenericCredential(hash_key: Optional[Any] = None, range_key: Optional[Any] = None, _user_instantiated: bool = True, **attributes: Any)¶
Bases:
Model- exception DoesNotExist(msg: Optional[str] = None, cause: Optional[Exception] = None)¶
Bases:
DoesNotExist
- class Meta¶
Bases:
object- aws_access_key_id = None¶
- aws_secret_access_key = None¶
- aws_session_token = None¶
- base_backoff_ms = 25¶
- connect_timeout_seconds = 1¶
- extra_headers = None¶
- host = None¶
- max_pool_connection = 100¶
- max_pool_connections = 10¶
- max_retry_attempts = 3¶
- read_timeout_seconds = 1¶
- region = 'us-east-1'¶
- table_name = ''¶
- _attributes = {'enabled': <pynamodb.attributes.BooleanAttribute object>, 'id': <pynamodb.attributes.UnicodeAttribute object>}¶
- _discriminator = None¶
- _dynamo_to_python_attrs = {}¶
- _hash_keyname: Optional[str] = 'id'¶
- _indexes: Dict[str, Index] = {}¶
- enabled¶
A class for boolean attributes
- id¶
A unicode attribute
- class confidant.scripts.migrate_bool.MigrateBooleanAttribute(func=None)¶
Bases:
Command- option_list = (<flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>)¶
- run(RCU, page_size, limit, back_off, update_rate, scan_without_rcu)¶
Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.
- confidant.scripts.migrate_bool._build_actions(model_class, item, attribute_names)¶
Build a list of actions required to update an item.
- confidant.scripts.migrate_bool._build_lba_filter_condition(attribute_names)¶
Build a filter condition suitable for passing to scan/rate_limited_scan, which will filter out any items for which none of the given attributes have native DynamoDB type of ‘N’.
- confidant.scripts.migrate_bool._handle_update_exception(e, item)¶
Handle exceptions of type update.
- confidant.scripts.migrate_bool.migrate_boolean_attributes(model_class, attribute_names, read_capacity_to_consume_per_second=10, allow_scan_without_rcu=False, mock_conditional_update_failure=False, page_size=None, limit=None, number_of_secs_to_back_off=1, max_items_updated_per_second=1.0)¶
Migrates boolean attributes per GitHub issue 404. Will scan through all objects and perform a conditional update against any items that store any of the given attribute names as integers. Rate limiting is performed by passing an appropriate value as
read_capacity_to_consume_per_second(which defaults to something extremely conservative and slow). Note that updates require provisioned write capacity as well. Please see the DynamoDB docs for more information. Keep in mind that there is not a simple 1:1 mapping between provisioned read capacity and write capacity. Make sure they are balanced. A conservative calculation would assume that every object visted results in an update. The function with log at levelINFOthe final outcome, and the return values help identify how many items needed changing and how many of them succeed. For example, if you had 10 items in the table and every one of them had an attribute that needed migration, and upon migration we had one item which failed the migration due to a concurrent update by another writer, the return value would be:(10, 1)Suggesting that 9 were updated successfully. It is suggested that the migration step be re-ran until the return value is(0, 0). :param model_class:The Model class for which you are migrating. This should be the up-to-date Model class using a BooleanAttribute for the relevant attributes.
- Parameters:
attribute_names – List of strings that signifiy the names of attributes which are potentially in need of migration.
read_capacity_to_consume_per_second – Passed along to the underlying rate_limited_scan and intended as the mechanism to rate limit progress. Please see notes below around write capacity.
allow_scan_without_rcu – Passed along to rate_limited_scan; intended to allow unit tests to pass against DynamoDB Local.
mock_conditional_update_failure – Only used for unit testing. When True, the conditional update expression used internally is updated such that it is guaranteed to fail. This is meant to trigger the code path in boto, to allow us to unit test that we are jumping through appropriate hoops handling the resulting failure and distinguishing it from other failures.
page_size – Passed along to the underlying ‘page_size’. Page size of the scan to DynamoDB.
limit – Passed along to the underlying ‘limit’. Used to limit the number of results returned.
number_of_secs_to_back_off – Number of seconds to sleep when exceeding capacity.
max_items_updated_per_second – An upper limit on the rate of items update per second.
- Returns:
(number_of_items_in_need_of_update, number_of_them_that_failed_due_to_conditional_update)
confidant.scripts.restore module¶
- class confidant.scripts.restore.RestoreCredentials(func=None)¶
Bases:
CommandCommand to restore credentials from the permanent archive dynamodb table back into the primary storage table.
- credential_exists(credential_id)¶
- option_list = [<flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>]¶
- restore(archive_credentials, force)¶
- run(force, ids, _all)¶
Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.
- save(saves, force=False)¶
confidant.scripts.utils module¶
- class confidant.scripts.utils.CreateDynamoTables(func=None)¶
Bases:
CommandSetup dynamo tables
- run()¶
Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.