Cloud Auxiliary is a python wrapper and orchestration module for interacting with cloud providers
Project description
# cloudaux
[](https://gitter.im/Netflix-Skunkworks/cloudaux?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[](https://pypi.python.org/pypi/cloudaux/)
[](https://travis-ci.org/Netflix-Skunkworks/cloudaux)
[](https://coveralls.io/github/Netflix-Skunkworks/cloudaux?branch=master)
Cloud Auxiliary is a python wrapper and orchestration module for interacting with cloud providers.
## Documentation
- [CloudAux](README.md "CloudAux Readme") [THIS FILE]
- [AWS](cloudaux/aws/README.md "Amazon Web Services Docs")
- [GCP](cloudaux/gcp/README.md "Google Cloud Platform Docs")
- [OpenStack](cloudaux/openstack/README.md "OpenStack Docs")
## Features
AWS:
- intelligent connection caching.
- handles pagination for certain client methods.
- rate limit handling, with exponential backoff.
- multi-account sts:assumerole abstraction.
- orchestrates all the calls required to fully describe an item.
- control which attributes are returned with flags.
GCP:
- choosing the best client based on service
- client caching
- general caching and stats decorators available
- basic support for non-specified discovery-API services
- control which attributes are returned with flags.
OpenStack:
- intelligent connection caching.
- generalized OpenStack SDK generator usage.
- orchestrates all the calls required to fully describe an item.
- control which attributes are returned flags.
## Orchestration Supported Technologies
AWS:
- IAM Role
- IAM User
- IAM SAML Provider
- [S3](cloudaux/orchestration/aws/s3.md)
- ELB (v1)
- ELBv2 (ALB)
- [Lambda Functions](cloudaux/orchestration/aws/lambda_function.md)
- [Glacier](cloudaux/orchestration/aws/glacier.md)
- [EC2 Image](cloudaux/orchestration/aws/image.md)
- [Cloudwatch Events](cloudaux/orchestration/aws/events.md)
- [SQS](cloudaux/orchestration/aws/sqs.md)
GCP:
- IAM Service Accounts
- Network/Subnetworks
- Storage Buckets
OpenStack:
- Network/Subnet
- Floating IP/Router/Port
- User
- Instance/Image
- Load Balancer
- Object Storage Container
## Install
pip install cloudaux
For GCP support run:
pip install cloudaux\[gcp\]
For OpenStack support run:
pip install cloudaux\[openstack\]
## Examples
### AWS Example
# Using wrapper methods:
from cloudaux.aws.sqs import get_queue, get_messages
conn_details = {
'account_number': '111111111111',
'assume_role': 'MyRole',
'session_name': 'MySession',
'region': 'us-east-1'
}
queue = get_queue(queue_name='MyQueue', **conn_details)
messages = get_messages(queue=queue)
# Using the CloudAux class
from cloudaux import CloudAux
CloudAux.go('kms.client.list_aliases', **conn_details)
ca = CloudAux(**conn_details)
ca.call('kms.client.list_aliases')
# directly asking for a boto3 connection:
from cloudaux.aws.sts import boto3_cached_conn
conn = boto3_cached_conn('ec2', **conn_details)
# Over your entire environment:
from cloudaux.decorators import iter_account_region
accounts = ['000000000000', '111111111111']
conn_details = {
'assume_role': 'MyRole',
'session_name': 'MySession',
'conn_type': 'boto3'
}
@iter_account_region('kms', accounts=accounts, regions=['us-east-1'], **conn_details)
def list_keys(conn=None):
return conn.list_keys()['Keys']
### GCP Example
# directly asking for a client:
from cloudaux.aws.gcp.auth import get_client
client = get_client('gce', **conn_details)
# Over your entire environment:
from cloudaux.gcp.decorators import iter_project
projects = ['my-project-one', 'my-project-two']
# To specify per-project key_files, you can do thie following:
# projects = [
# {'project': 'my-project-one', key_file='/path/to/project-one.json'},
# {'project': 'my-project-two', key_file='/path/to/project-two.json'}
# ]
#
# To specify a single key_file for all projects, use the key_file argument
# to the decorator
# @iter_project(projects=projects, key_file='/path/to/key.json')
#
# To use default credentials, omit the key_file argument
# @iter_project(projects=projects)
from cloudaux.gcp.iam import list_serviceaccounts
from cloudaux.orchestration.gcp.iam.serviceaccount import get_serviceaccount_complete
@iter_project(projects=projects, key_file='/path/to/key.json')
def test_iter(**kwargs):
accounts = list_serviceaccounts(**kwargs)
ret = []
for account in accounts:
ret.append(get_serviceaccount_complete(service_account=account['name']))
return ret
### OpenStack Example
from cloudaux.openstack.decorators import _connect
conn = _connect(cloud_name, region, yaml_file):
# Over your entire environment:
from cloudaux.openstack.decorators import iter_account_region, get_regions
@iter_account_region(account_regions=get_regions())
def list_networks(conn=None, service='network', generator='security_groups'):
from cloudaux.openstack.utils import list_items
list_items(**kwargs)
## Orchestration Example
### AWS IAM Role
from cloudaux.orchestration.aws.iam.role import get_role, FLAGS
# account_number may be extracted from the ARN of the role passed to get_role
# if not included in conn.
conn = dict(
assume_role='SecurityMonkey', # or whichever role you wish to assume into
session_name='cloudaux',
region='us-east-1'
)
role = get_role(
dict(arn='arn:aws:iam::000000000000:role/myRole', role_name='myRole'),
output='camelized', # optional: {camelized underscored}
flags=FLAGS.ALL, # optional
**conn)
# The flags parameter is optional but allows the user to indicate that
# only a subset of the full item description is required.
# IAM Role Flag Options:
# BASE, MANAGED_POLICIES, INLINE_POLICIES, INSTANCE_PROFILES, ALL (default)
# For instance: flags=FLAGS.MANAGED_POLICIES | FLAGS.INSTANCE_PROFILES
# cloudaux makes a number of calls to obtain a full description of the role
print(json.dumps(role, indent=4, sort_keys=True))
{
"Arn": ...,
"AssumeRolePolicyDocument": ...,
"CreateDate": ..., # str
"InlinePolicies": ...,
"InstanceProfiles": ...,
"ManagedPolicies": ...,
"Path": ...,
"RoleId": ...,
"RoleName": ...,
"_version": 1 # Orchestration results return a _Version
}
### GCP IAM Service Account
from cloudaux.orchestration.gcp.iam.serviceaccount import get_serviceaccount_complete, FLAGS
sa_name = 'projects/my-project-one/serviceAccounts/service-account-key@my-project-one.iam.gserviceaccount.com'
sa = get_serviceaccount_complete(sa_name, flags=FLAGS.ALL, **conn_details)
print(json.dumps(sa, indent=4, sort_keys=True))
# Flag options for Service Accounts are BASE, KEYS, POLICY, ALL (default).
{
"DisplayName": "service-account",
"Email": "service-account@my-project-one.iam.gserviceaccount.com",
"Etag": "BwUzTDvWgHw=",
"Keys": [
{
"KeyAlgorithm": "KEY_ALG_RSA_2048",
"Name": "projects/my-project-one/serviceAccounts/service-account@my-project-one.iam.gserviceaccount.com/keys/8be0096886f6ed5cf51abb463d3448c8aee6c6b6",
"ValidAfterTime": "2016-06-30T18:26:45Z",
"ValidBeforeTime": "2026-06-28T18:26:45Z"
},
...
],
"Name": "projects/my-project-one/serviceAccounts/service-account@my-project-one.iam.gserviceaccount.com",
"Oauth2ClientId": "115386704809902483492",
"Policy": [
{
"Members": [
"user:test-user@gmail.com"
],
"Role": "roles/iam.serviceAccountActor"
}
],
"ProjectId": "my-project-one",
"UniqueId": "115386704809902483492"
}
### OpenStack Security Group
from cloudaux.orchestration.openstack.security_group import get_security_group, FLAGS
secgroup = get_security_group(result, flags=flags, **kwargs)
# The flags parameter is optional but allows the user to indicate that
# only a subset of the full item description is required.
# Security Group Flag Options:
# RULES, INSTANCES (default)
# For instance: flags=FLAGS.RULES | FLAGS.INSTANCES
print(json.dumps(secgroup, indent=4, sort_keys=True))
{
"assigned_to": [
{
"instance_id": "..."
}
],
"created_at": "...",
"description": "...",
"id": "...",
"location": "...",
"name": "...",
"project_id": "...",
"revision_number": 3,
"rules": [
{
"rule_type": "...",
"remote_group_id": "...",
"from_port": "...",
"description": "...",
"tags": [],
"to_port": "...",
"ethertype": "...",
"created_at": "...",
"updated_at": "...",
"security_group_id": "...",
"revision_number": 0,
"tenant_id": "...",
"project_id": "..."",
"id": "...",
"cidr_ip": "...",
"ip_protocol": "..."
},
],
"updated_at": "..."
}
[](https://gitter.im/Netflix-Skunkworks/cloudaux?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[](https://pypi.python.org/pypi/cloudaux/)
[](https://travis-ci.org/Netflix-Skunkworks/cloudaux)
[](https://coveralls.io/github/Netflix-Skunkworks/cloudaux?branch=master)
Cloud Auxiliary is a python wrapper and orchestration module for interacting with cloud providers.
## Documentation
- [CloudAux](README.md "CloudAux Readme") [THIS FILE]
- [AWS](cloudaux/aws/README.md "Amazon Web Services Docs")
- [GCP](cloudaux/gcp/README.md "Google Cloud Platform Docs")
- [OpenStack](cloudaux/openstack/README.md "OpenStack Docs")
## Features
AWS:
- intelligent connection caching.
- handles pagination for certain client methods.
- rate limit handling, with exponential backoff.
- multi-account sts:assumerole abstraction.
- orchestrates all the calls required to fully describe an item.
- control which attributes are returned with flags.
GCP:
- choosing the best client based on service
- client caching
- general caching and stats decorators available
- basic support for non-specified discovery-API services
- control which attributes are returned with flags.
OpenStack:
- intelligent connection caching.
- generalized OpenStack SDK generator usage.
- orchestrates all the calls required to fully describe an item.
- control which attributes are returned flags.
## Orchestration Supported Technologies
AWS:
- IAM Role
- IAM User
- IAM SAML Provider
- [S3](cloudaux/orchestration/aws/s3.md)
- ELB (v1)
- ELBv2 (ALB)
- [Lambda Functions](cloudaux/orchestration/aws/lambda_function.md)
- [Glacier](cloudaux/orchestration/aws/glacier.md)
- [EC2 Image](cloudaux/orchestration/aws/image.md)
- [Cloudwatch Events](cloudaux/orchestration/aws/events.md)
- [SQS](cloudaux/orchestration/aws/sqs.md)
GCP:
- IAM Service Accounts
- Network/Subnetworks
- Storage Buckets
OpenStack:
- Network/Subnet
- Floating IP/Router/Port
- User
- Instance/Image
- Load Balancer
- Object Storage Container
## Install
pip install cloudaux
For GCP support run:
pip install cloudaux\[gcp\]
For OpenStack support run:
pip install cloudaux\[openstack\]
## Examples
### AWS Example
# Using wrapper methods:
from cloudaux.aws.sqs import get_queue, get_messages
conn_details = {
'account_number': '111111111111',
'assume_role': 'MyRole',
'session_name': 'MySession',
'region': 'us-east-1'
}
queue = get_queue(queue_name='MyQueue', **conn_details)
messages = get_messages(queue=queue)
# Using the CloudAux class
from cloudaux import CloudAux
CloudAux.go('kms.client.list_aliases', **conn_details)
ca = CloudAux(**conn_details)
ca.call('kms.client.list_aliases')
# directly asking for a boto3 connection:
from cloudaux.aws.sts import boto3_cached_conn
conn = boto3_cached_conn('ec2', **conn_details)
# Over your entire environment:
from cloudaux.decorators import iter_account_region
accounts = ['000000000000', '111111111111']
conn_details = {
'assume_role': 'MyRole',
'session_name': 'MySession',
'conn_type': 'boto3'
}
@iter_account_region('kms', accounts=accounts, regions=['us-east-1'], **conn_details)
def list_keys(conn=None):
return conn.list_keys()['Keys']
### GCP Example
# directly asking for a client:
from cloudaux.aws.gcp.auth import get_client
client = get_client('gce', **conn_details)
# Over your entire environment:
from cloudaux.gcp.decorators import iter_project
projects = ['my-project-one', 'my-project-two']
# To specify per-project key_files, you can do thie following:
# projects = [
# {'project': 'my-project-one', key_file='/path/to/project-one.json'},
# {'project': 'my-project-two', key_file='/path/to/project-two.json'}
# ]
#
# To specify a single key_file for all projects, use the key_file argument
# to the decorator
# @iter_project(projects=projects, key_file='/path/to/key.json')
#
# To use default credentials, omit the key_file argument
# @iter_project(projects=projects)
from cloudaux.gcp.iam import list_serviceaccounts
from cloudaux.orchestration.gcp.iam.serviceaccount import get_serviceaccount_complete
@iter_project(projects=projects, key_file='/path/to/key.json')
def test_iter(**kwargs):
accounts = list_serviceaccounts(**kwargs)
ret = []
for account in accounts:
ret.append(get_serviceaccount_complete(service_account=account['name']))
return ret
### OpenStack Example
from cloudaux.openstack.decorators import _connect
conn = _connect(cloud_name, region, yaml_file):
# Over your entire environment:
from cloudaux.openstack.decorators import iter_account_region, get_regions
@iter_account_region(account_regions=get_regions())
def list_networks(conn=None, service='network', generator='security_groups'):
from cloudaux.openstack.utils import list_items
list_items(**kwargs)
## Orchestration Example
### AWS IAM Role
from cloudaux.orchestration.aws.iam.role import get_role, FLAGS
# account_number may be extracted from the ARN of the role passed to get_role
# if not included in conn.
conn = dict(
assume_role='SecurityMonkey', # or whichever role you wish to assume into
session_name='cloudaux',
region='us-east-1'
)
role = get_role(
dict(arn='arn:aws:iam::000000000000:role/myRole', role_name='myRole'),
output='camelized', # optional: {camelized underscored}
flags=FLAGS.ALL, # optional
**conn)
# The flags parameter is optional but allows the user to indicate that
# only a subset of the full item description is required.
# IAM Role Flag Options:
# BASE, MANAGED_POLICIES, INLINE_POLICIES, INSTANCE_PROFILES, ALL (default)
# For instance: flags=FLAGS.MANAGED_POLICIES | FLAGS.INSTANCE_PROFILES
# cloudaux makes a number of calls to obtain a full description of the role
print(json.dumps(role, indent=4, sort_keys=True))
{
"Arn": ...,
"AssumeRolePolicyDocument": ...,
"CreateDate": ..., # str
"InlinePolicies": ...,
"InstanceProfiles": ...,
"ManagedPolicies": ...,
"Path": ...,
"RoleId": ...,
"RoleName": ...,
"_version": 1 # Orchestration results return a _Version
}
### GCP IAM Service Account
from cloudaux.orchestration.gcp.iam.serviceaccount import get_serviceaccount_complete, FLAGS
sa_name = 'projects/my-project-one/serviceAccounts/service-account-key@my-project-one.iam.gserviceaccount.com'
sa = get_serviceaccount_complete(sa_name, flags=FLAGS.ALL, **conn_details)
print(json.dumps(sa, indent=4, sort_keys=True))
# Flag options for Service Accounts are BASE, KEYS, POLICY, ALL (default).
{
"DisplayName": "service-account",
"Email": "service-account@my-project-one.iam.gserviceaccount.com",
"Etag": "BwUzTDvWgHw=",
"Keys": [
{
"KeyAlgorithm": "KEY_ALG_RSA_2048",
"Name": "projects/my-project-one/serviceAccounts/service-account@my-project-one.iam.gserviceaccount.com/keys/8be0096886f6ed5cf51abb463d3448c8aee6c6b6",
"ValidAfterTime": "2016-06-30T18:26:45Z",
"ValidBeforeTime": "2026-06-28T18:26:45Z"
},
...
],
"Name": "projects/my-project-one/serviceAccounts/service-account@my-project-one.iam.gserviceaccount.com",
"Oauth2ClientId": "115386704809902483492",
"Policy": [
{
"Members": [
"user:test-user@gmail.com"
],
"Role": "roles/iam.serviceAccountActor"
}
],
"ProjectId": "my-project-one",
"UniqueId": "115386704809902483492"
}
### OpenStack Security Group
from cloudaux.orchestration.openstack.security_group import get_security_group, FLAGS
secgroup = get_security_group(result, flags=flags, **kwargs)
# The flags parameter is optional but allows the user to indicate that
# only a subset of the full item description is required.
# Security Group Flag Options:
# RULES, INSTANCES (default)
# For instance: flags=FLAGS.RULES | FLAGS.INSTANCES
print(json.dumps(secgroup, indent=4, sort_keys=True))
{
"assigned_to": [
{
"instance_id": "..."
}
],
"created_at": "...",
"description": "...",
"id": "...",
"location": "...",
"name": "...",
"project_id": "...",
"revision_number": 3,
"rules": [
{
"rule_type": "...",
"remote_group_id": "...",
"from_port": "...",
"description": "...",
"tags": [],
"to_port": "...",
"ethertype": "...",
"created_at": "...",
"updated_at": "...",
"security_group_id": "...",
"revision_number": 0,
"tenant_id": "...",
"project_id": "..."",
"id": "...",
"cidr_ip": "...",
"ip_protocol": "..."
},
],
"updated_at": "..."
}
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cloudaux-1.5.0.tar.gz
(49.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cloudaux-1.5.0.tar.gz.
File metadata
- Download URL: cloudaux-1.5.0.tar.gz
- Upload date:
- Size: 49.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.19.1 setuptools/28.8.0 requests-toolbelt/0.8.0 tqdm/4.24.0 CPython/3.6.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d4f80c48b054d73f5c27c19b0ce00dd5121aebf6b61c978f14d5145edd719f98
|
|
| MD5 |
91cb4dd75627f47929f273776cc55901
|
|
| BLAKE2b-256 |
6609a3ac6b3c44eb601ef6d1a214052ba0a994ed192baf97d36cc1143c6dd250
|
File details
Details for the file cloudaux-1.5.0-py2.py3-none-any.whl.
File metadata
- Download URL: cloudaux-1.5.0-py2.py3-none-any.whl
- Upload date:
- Size: 77.6 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.19.1 setuptools/28.8.0 requests-toolbelt/0.8.0 tqdm/4.24.0 CPython/3.6.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1b970b678d06ea6683a23779097cc2e38c3aaa75e994aaecab9d988faa957f99
|
|
| MD5 |
ad988e1547d7cd65ea91fbfbab0e5f45
|
|
| BLAKE2b-256 |
b7056a2621bd9083ef3525939334e280a0ad15c7f151d1b625c1275150cdf18d
|
