confidant.scripts package

Submodules

confidant.scripts.archive module

class confidant.scripts.archive.ArchiveCredentials(func=None)

Bases: flask_script.commands.Command

Command to permanently archive credentials to an archive dynamodb table.

option_list = [<flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>]

run(days, force, ids)

Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.

confidant.scripts.bootstrap module

class confidant.scripts.bootstrap.DecryptSecretsBootstrap(func=None)

Bases: flask_script.commands.Command

option_list = [<flask_script.commands.Option object>]

run(_out)

Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.

class confidant.scripts.bootstrap.GenerateSecretsBootstrap(func=None)

Bases: flask_script.commands.Command

option_list = [<flask_script.commands.Option object>, <flask_script.commands.Option object>]

run(_in, _out)

Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.

confidant.scripts.manage module

confidant.scripts.manage.main()

confidant.scripts.migrate module

class confidant.scripts.migrate.GeneralCredentialModel(hash_key: Optional[Any] = None, range_key: Optional[Any] = None, _user_instantiated: bool = True, **attributes: Any)

Bases: pynamodb.models.Model

exception DoesNotExist(msg: Optional[str] = None, cause: Optional[Exception] = None)

Bases: pynamodb.exceptions.DoesNotExist

class Meta

Bases: confidant.models.blind_credential.Meta

credential_keys

A unicode set

id

A unicode attribute

class confidant.scripts.migrate.GeneralServiceModel(hash_key: Optional[Any] = None, range_key: Optional[Any] = None, _user_instantiated: bool = True, **attributes: Any)

Bases: pynamodb.models.Model

exception DoesNotExist(msg: Optional[str] = None, cause: Optional[Exception] = None)

Bases: pynamodb.exceptions.DoesNotExist

class Meta

Bases: confidant.models.service.Meta

blind_credentials

A unicode set

credentials

A unicode set

id

A unicode attribute

class confidant.scripts.migrate.MigrateBlindCredentialSetAttribute(func=None)

Bases: flask_script.commands.Command

run()

Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.

class confidant.scripts.migrate.MigrateServiceSetAttribute(func=None)

Bases: flask_script.commands.Command

run()

Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.

class confidant.scripts.migrate.NewUnicodeSetAttribute(hash_key: bool = False, range_key: bool = False, null: Optional[bool] = None, default: Union[_T, Callable[[...], _T], None] = None, default_for_new: Union[Any, Callable[[...], _T], None] = None, attr_name: Optional[str] = None)

Bases: confidant.scripts.migrate.SetMixin, pynamodb.attributes.Attribute

A unicode set

attr_type = 'SS'

deserialize(value)

Deserializes a set

element_deserialize(value)

element_serialize(value)

This serializes unicode / strings out as unicode strings. It does not touch the value if it is already a unicode str :param value: :return:

null = True

serialize(value)

Serializes a set

Because dynamodb doesn’t store empty attributes, empty sets return None

class confidant.scripts.migrate.SetMixin

Bases: object

Adds (de)serialization methods for sets

deserialize(value)

Deserializes a set

serialize(value)

Serializes a set

Because dynamodb doesn’t store empty attributes, empty sets return None

confidant.scripts.migrate.is_old_unicode_set(values)

confidant.scripts.migrate_bool module

class confidant.scripts.migrate_bool.GenericCredential(hash_key: Optional[Any] = None, range_key: Optional[Any] = None, _user_instantiated: bool = True, **attributes: Any)

Bases: pynamodb.models.Model

exception DoesNotExist(msg: Optional[str] = None, cause: Optional[Exception] = None)

Bases: pynamodb.exceptions.DoesNotExist

class Meta

Bases: object

aws_access_key_id = None

aws_secret_access_key = None

aws_session_token = None

base_backoff_ms = 25

connect_timeout_seconds = 1

extra_headers = None

host = None

max_pool_connection = 100

max_pool_connections = 10

max_retry_attempts = 3

read_timeout_seconds = 1

region = 'us-east-1'

table_name = ''

enabled

A class for boolean attributes

id

A unicode attribute

class confidant.scripts.migrate_bool.MigrateBooleanAttribute(func=None)

Bases: flask_script.commands.Command

option_list = (<flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>)

run(RCU, page_size, limit, back_off, update_rate, scan_without_rcu)

Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.

confidant.scripts.migrate_bool.migrate_boolean_attributes(model_class, attribute_names, read_capacity_to_consume_per_second=10, allow_scan_without_rcu=False, mock_conditional_update_failure=False, page_size=None, limit=None, number_of_secs_to_back_off=1, max_items_updated_per_second=1.0)

Migrates boolean attributes per GitHub issue 404. Will scan through all objects and perform a conditional update against any items that store any of the given attribute names as integers. Rate limiting is performed by passing an appropriate value as read_capacity_to_consume_per_second (which defaults to something extremely conservative and slow). Note that updates require provisioned write capacity as well. Please see the DynamoDB docs for more information. Keep in mind that there is not a simple 1:1 mapping between provisioned read capacity and write capacity. Make sure they are balanced. A conservative calculation would assume that every object visted results in an update. The function with log at level INFO the final outcome, and the return values help identify how many items needed changing and how many of them succeed. For example, if you had 10 items in the table and every one of them had an attribute that needed migration, and upon migration we had one item which failed the migration due to a concurrent update by another writer, the return value would be: (10, 1) Suggesting that 9 were updated successfully. It is suggested that the migration step be re-ran until the return value is (0, 0). :param model_class:

The Model class for which you are migrating. This should be the up-to-date Model class using a BooleanAttribute for the relevant attributes.

Parameters

• attribute_names – List of strings that signifiy the names of attributes which are potentially in need of migration.

• read_capacity_to_consume_per_second – Passed along to the underlying rate_limited_scan and intended as the mechanism to rate limit progress. Please see notes below around write capacity.

• allow_scan_without_rcu – Passed along to rate_limited_scan; intended to allow unit tests to pass against DynamoDB Local.

• mock_conditional_update_failure – Only used for unit testing. When True, the conditional update expression used internally is updated such that it is guaranteed to fail. This is meant to trigger the code path in boto, to allow us to unit test that we are jumping through appropriate hoops handling the resulting failure and distinguishing it from other failures.

• page_size – Passed along to the underlying ‘page_size’. Page size of the scan to DynamoDB.

• limit – Passed along to the underlying ‘limit’. Used to limit the number of results returned.

• number_of_secs_to_back_off – Number of seconds to sleep when exceeding capacity.

• max_items_updated_per_second – An upper limit on the rate of items update per second.

Returns

(number_of_items_in_need_of_update, number_of_them_that_failed_due_to_conditional_update)

confidant.scripts.restore module

class confidant.scripts.restore.RestoreCredentials(func=None)

Bases: flask_script.commands.Command

Command to restore credentials from the permanent archive dynamodb table back into the primary storage table.

credential_exists(credential_id)

option_list = [<flask_script.commands.Option object>, <flask_script.commands.Option object>, <flask_script.commands.Option object>]

restore(archive_credentials, force)

run(force, ids, _all)

Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.

save(saves, force=False)

confidant.scripts.utils module

class confidant.scripts.utils.CreateDynamoTables(func=None)

Bases: flask_script.commands.Command

Setup dynamo tables

run()

Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.

class confidant.scripts.utils.ManageGrants(func=None)

Bases: flask_script.commands.Command

run()

Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.

class confidant.scripts.utils.RevokeGrants(func=None)

Bases: flask_script.commands.Command

run()

Runs a command. This must be implemented by the subclass. Should take arguments as configured by the Command options.

Module contents