-
Notifications
You must be signed in to change notification settings - Fork 13
/
generate-POAM-inventory.py
135 lines (119 loc) · 4.5 KB
/
generate-POAM-inventory.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
import json
import logging
import subprocess
import os
#
#
# For the tooling and production jumpboxes:
# Login to each jumpbox and take note of the container number.
# Run:
# python3 cg-scripts/generate-POAM-inventory.py > inv.csv
# then exit.
# Copy the CSV to your local clipboard by running :
# fly -t ci i -j "jumpbox/container-bosh-{environment}" -s jumpbox -b "{container-number}" -- cat inv.csv | pbcopy
# where {environment} is production or tooling and container-number is the number from the first step.
# goal: produce a CSV with lines of:
# `Unique Asset Identifier` - can be any arbirtary name - we use the VM name with BOSH ID
# IPv4 - hopefully obvious what this means
# IPv6 - we don't currently include this
# DNS name - not currently included
# NetBIOS name - not currently included
# MAC Address - not currently included
# Asset Weight - always 5
# Authenticated Scan - always 'Agent Based'
# Baseline Configuration Name - always Ubuntu Stemcell
# OS Name[ - e.g. Ubuntu
# OS Version - e.g. 14.04.1
# Location - Cloud Provider's Availability zone name
# Asset type - what it is (e.g. EC2)
# Virtual - is it a VM
# Public - is it public-internet-facing
# In latest scan - is it supposed to be in the latest scan (yes)
# Comment - optional comments
#
# call out the ones we don't use, so they're easier to replace if we do use them
# use empty string rather than None to make printing easier later
IPV6 = ""
DNS_NAME = ""
NETBIOS_NAME = ""
MAC_ADDR = ""
ASSET_WEIGHT = "5"
AUTH_SCAN = "Agent Based"
BASELINE_CONFIGURATION = "Ubuntu Stemcell"
OS_NAME = "Ubuntu"
ASSET_TYPE = "EC2"
VIRTUAL = "Yes"
PUBLIC = "No"
IN_LATEST_SCAN = "Yes"
COMMENT = "" # no comment
# map our az names to AWS's
bosh_az_to_aws_az = {"z1": "us-gov-west-1a", "z2": "us-gov-west-1b"}
def get_os_version_from_stemcell(stemcell):
"""Return the OS version for a stemcell name"""
stemcell_name = stemcell["name"].lower()
version = None
# TODO: validate minor version, as it may change in the future
if "bionic" in stemcell_name:
version = "18.04.1"
elif "xenial" in stemcell_name:
version = "16.04.5"
elif "trusty" in stemcell_name:
version = "14.04.1"
return version
def get_deployment_to_os_map():
"""Return a dict of deployment name to deployment stemcell name"""
response = subprocess.check_output(["bosh", "curl", "/deployments"]).decode()
deployments = json.loads(response)
deployment_to_os = {}
for deployment in deployments:
versions = set()
for stemcell in deployment["stemcells"]:
version = get_os_version_from_stemcell(stemcell)
if version is None:
logging.warning("Could not determine version for %s", str(stemcell))
versions.add(version)
if len(versions) > 1:
logging.warning( "more than one stemcell in use for %s - using first of %s", deployment["name"], str(versions))
deployment_to_os[deployment["name"]] = list(versions)[0]
return deployment_to_os
def get_inventory(deployment_to_os_version):
"""Return the rows that will actually make our inventory"""
inventory = []
for deployment, version in deployment_to_os_version.items():
response = subprocess.check_output(
["bosh", "curl", "/deployments/{}/vms".format(deployment)]
).decode()
vms = json.loads(response)
for vm in vms:
hostname = (deployment + "-" + vm["job"] + "-" + str(vm["index"]) +
"-cf-" + os.environ["BOSH_DIRECTOR_NAME"].lower() + "/" + vm["id"])
inventory.append(
[
hostname,
vm["ips"][0],
IPV6,
DNS_NAME,
NETBIOS_NAME,
MAC_ADDR,
ASSET_WEIGHT,
AUTH_SCAN,
BASELINE_CONFIGURATION,
OS_NAME,
version,
bosh_az_to_aws_az[vm["az"]],
ASSET_TYPE,
VIRTUAL,
PUBLIC,
IN_LATEST_SCAN,
COMMENT,
]
)
return inventory
def main():
deployment_to_os_version = get_deployment_to_os_map()
inventory = get_inventory(deployment_to_os_version)
for item in inventory:
# N.B. if we fail to get the version, it will show up as the string 'None'
print(",".join([str(element) for element in item]))
if __name__ == "__main__":
main()