Add args to configure grace periode

lloesche · Jan 30, 2018 · 605233e · 605233e
1 parent 16fc9bd
commit 605233e
Showing 1 changed file with 36 additions and 23 deletions.
diff --git a/report.py b/report.py
@@ -23,34 +23,20 @@
 logging.getLogger('__main__').setLevel(logging.INFO)
 logging.getLogger('UserReport').setLevel(logging.INFO)
 log = logging.getLogger(__name__)
+args = None
 
 
 def main(argv):
+    global args
     p = argparse.ArgumentParser(description='Generate AWS IAM User Report')
-    p.add_argument('--aws-credentials', '-c',
-                   help='AWS Credentials as: SOME_REPORT_NAME,ACCESS_KEY_ID,SECRET_ACCESS_KEY', dest='aws_credentials',
-                   nargs='+', type=aws_credentials)
-    p.add_argument('--smtp-server', help='SMTP Server Hostname', dest='smtp_server', type=str, default='localhost')
-    p.add_argument('--smtp-port', help='SMTP Server Port', dest='smtp_port', type=int, default=25)
-    p.add_argument('--smtp-ssl', help='SMTP Server uses SSL (not STARTTLS)', dest='smtp_ssl', action='store_true',
-                   default=False)
-    p.add_argument('--smtp-login', help='SMTP Server Login', dest='smtp_login', type=str)
-    p.add_argument('--smtp-password', help='SMTP Server Password', dest='smtp_password', type=str)
-    p.add_argument('--smtp-from', help='Email From', dest='smtp_from', type=str, default='[email protected]')
-    p.add_argument('--smtp-to', help='Email To', dest='smtp_to', type=str, nargs='+')
-    p.add_argument('--smtp-subject', help='Email Subject', dest='smtp_subject', type=str,
-                   default='AWS User Report')
-    p.add_argument('--verbose', '-v', help='Verbose logging', dest='verbose', action='store_true', default=False)
-    p.add_argument('--json', help='Dump Report as JSON', dest='fmt_json', action='store_true', default=False)
-    p.add_argument('--header', help='Report Header', dest='report_header', type=str, default='')
-    p.add_argument('--footer', help='Report Footer', dest='report_footer', type=str, default='')
+    p = add_args(p)
     args = p.parse_args(argv)
     if args.verbose:
         logging.getLogger('__main__').setLevel(logging.DEBUG)
         logging.getLogger('UserReport').setLevel(logging.DEBUG)
 
-    reports = get_reports(args)
-    report_html = html_report(reports, args)
+    reports = get_reports()
+    report_html = html_report(reports)
 
     if args.smtp_to:
         if args.fmt_json:
@@ -66,6 +52,32 @@ def main(argv):
             print(report_html)
 
 
+def add_args(p):
+    p.add_argument('--aws-credentials', '-c',
+                   help='AWS Credentials as: SOME_REPORT_NAME,ACCESS_KEY_ID,SECRET_ACCESS_KEY', dest='aws_credentials',
+                   nargs='+', type=aws_credentials)
+    p.add_argument('--smtp-server', help='SMTP Server Hostname', dest='smtp_server', type=str, default='localhost')
+    p.add_argument('--smtp-port', help='SMTP Server Port', dest='smtp_port', type=int, default=25)
+    p.add_argument('--smtp-ssl', help='SMTP Server uses SSL (not STARTTLS)', dest='smtp_ssl', action='store_true',
+                   default=False)
+    p.add_argument('--smtp-login', help='SMTP Server Login', dest='smtp_login', type=str)
+    p.add_argument('--smtp-password', help='SMTP Server Password', dest='smtp_password', type=str)
+    p.add_argument('--smtp-from', help='Email From', dest='smtp_from', type=str, default='[email protected]')
+    p.add_argument('--smtp-to', help='Email To', dest='smtp_to', type=str, nargs='+')
+    p.add_argument('--smtp-subject', help='Email Subject', dest='smtp_subject', type=str,
+                   default='AWS User Report')
+    p.add_argument('--verbose', '-v', help='Verbose logging', dest='verbose', action='store_true', default=False)
+    p.add_argument('--json', help='Dump Report as JSON', dest='fmt_json', action='store_true', default=False)
+    p.add_argument('--header', help='Report Header', dest='report_header', type=str, default='')
+    p.add_argument('--footer', help='Report Footer', dest='report_footer', type=str, default='')
+    p.add_argument('--wait-days',
+                   help='Days after account creation before an account that never logged in is considered dead (Default: 60)',
+                   dest='wait_days', type=int, default=60)
+    p.add_argument('--alert-days', help='Days of inactivity after which an account is considered dead (Default: 365)',
+                   dest='alert_days', type=int, default=365)
+    return p
+
+
 def email_report(args, report_html,
                  report_plain='Unsupported Client. Please view with an Email Client that supports HTML.'):
     log.debug('Sending Report by Email via {}:{}'.format(args.smtp_server, args.smtp_port))
@@ -91,7 +103,7 @@ def email_report(args, report_html,
     s.quit()
 
 
-def get_reports(args):
+def get_reports():
     reports = list()
     if args.aws_credentials:
         for name, access_key_id, secret_access_key in args.aws_credentials:
@@ -103,7 +115,7 @@ def get_reports(args):
     return reports
 
 
-def html_report(reports, args):
+def html_report(reports):
     page_template = """<!doctype html>
     <html lang="en">
     <head>
@@ -178,8 +190,8 @@ def report2html(name, report):
 
     # how many days after account creation before
     # an account that never logged in is considered dead
-    initial_wait_days = 60
-    alert_days = 365  # anything after this will be considered dead
+    initial_wait_days = args.wait_days
+    alert_days = args.alert_days  # anything after this will be considered dead
 
     for user in sorted(report, key=itemgetter('user')):
         r = {
@@ -464,5 +476,6 @@ def default(self, o):
             return o.isoformat()
         return super().default(self, o)
 
+
 if __name__ == "__main__":
     main(sys.argv[1:])