diff --git a/.github/workflows/ci-master.yml b/.github/workflows/ci-master.yml index 1d638230b15..037a275b174 100644 --- a/.github/workflows/ci-master.yml +++ b/.github/workflows/ci-master.yml @@ -91,7 +91,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-python@v1 with: - python-version: 3.8 + python-version: 3.7 - name: Set up cache uses: actions/cache@v1 with: @@ -103,10 +103,10 @@ jobs: pip install tox codecov - name: Install Deps run: | - tox -e py38 --notest + tox -e py37 --notest - name: Test run: | - tox -e py38 + tox -e py37 Docs: # todo, figure out how to fast cache the tox directory here. diff --git a/poetry.lock b/poetry.lock index b6df45e7ab4..8bf3398736e 100644 --- a/poetry.lock +++ b/poetry.lock @@ -86,10 +86,10 @@ description = "The AWS SDK for Python" name = "boto3" optional = false python-versions = "*" -version = "1.13.12" +version = "1.13.14" [package.dependencies] -botocore = ">=1.16.12,<1.17.0" +botocore = ">=1.16.14,<1.17.0" jmespath = ">=0.7.1,<1.0.0" s3transfer = ">=0.3.0,<0.4.0" @@ -99,7 +99,7 @@ description = "Low-level, data-driven core of boto 3." name = "botocore" optional = false python-versions = "*" -version = "1.16.12" +version = "1.16.14" [package.dependencies] docutils = ">=0.10,<0.16" @@ -760,15 +760,15 @@ description = "tox is a generic virtualenv management and test command line tool name = "tox" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7" -version = "3.15.0" +version = "3.15.1" [package.dependencies] colorama = ">=0.4.1" -filelock = ">=3.0.0,<4" +filelock = ">=3.0.0" packaging = ">=14" -pluggy = ">=0.12.0,<1" -py = ">=1.4.17,<2" -six = ">=1.14.0,<2" +pluggy = ">=0.12.0" +py = ">=1.4.17" +six = ">=1.14.0" toml = ">=0.9.4" virtualenv = ">=16.0.0,<20.0.0 || >20.0.0,<20.0.1 || >20.0.1,<20.0.2 || >20.0.2,<20.0.3 || >20.0.3,<20.0.4 || >20.0.4,<20.0.5 || >20.0.5,<20.0.6 || >20.0.6,<20.0.7 || >20.0.7" @@ -777,8 +777,8 @@ python = "<3.8" version = ">=0.12,<2" [package.extras] -docs = ["sphinx (>=2.0.0,<3)", "towncrier (>=18.5.0)", "pygments-github-lexers (>=0.0.5)", "sphinxcontrib-autoprogram (>=0.1.5)"] -testing = ["freezegun (>=0.3.11,<1)", "pathlib2 (>=2.3.3,<3)", "pytest (>=4.0.0,<6)", "pytest-cov (>=2.5.1,<3)", "pytest-mock (>=1.10.0,<2)", "pytest-xdist (>=1.22.2,<2)", "pytest-randomly (>=1.0.0,<4)", "flaky (>=3.4.0,<4)", "psutil (>=5.6.1,<6)"] +docs = ["sphinx (>=2.0.0)", "towncrier (>=18.5.0)", "pygments-github-lexers (>=0.0.5)", "sphinxcontrib-autoprogram (>=0.1.5)"] +testing = ["freezegun (>=0.3.11)", "pathlib2 (>=2.3.3)", "pytest (>=4.0.0)", "pytest-cov (>=2.5.1)", "pytest-mock (>=1.10.0)", "pytest-xdist (>=1.22.2)", "pytest-randomly (>=1.0.0)", "flaky (>=3.4.0)", "psutil (>=5.6.1)"] [[package]] category = "dev" @@ -848,7 +848,7 @@ description = "Virtual Python Environment builder" name = "virtualenv" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,>=2.7" -version = "20.0.20" +version = "20.0.21" [package.dependencies] appdirs = ">=1.4.3,<2" @@ -951,12 +951,12 @@ bleach = [ {file = "bleach-3.1.5.tar.gz", hash = "sha256:3c4c520fdb9db59ef139915a5db79f8b51bc2a7257ea0389f30c846883430a4b"}, ] boto3 = [ - {file = "boto3-1.13.12-py2.py3-none-any.whl", hash = "sha256:bf1346365829525dfd8dbbafb5dbfd7383ad0872370301643d65c6190f7f5813"}, - {file = "boto3-1.13.12.tar.gz", hash = "sha256:c46f31f085de660b95162c66057bae9ebb1658a245c9210162cee9671b0ff678"}, + {file = "boto3-1.13.14-py2.py3-none-any.whl", hash = "sha256:74d78ca0fd706f447a5f787d88214b298b213b1eddf2e8197051a0844df45146"}, + {file = "boto3-1.13.14.tar.gz", hash = "sha256:703157e8f16c57133fde0082a2d8b99ca6d36120ca4479df1464df80dd148a87"}, ] botocore = [ - {file = "botocore-1.16.12-py2.py3-none-any.whl", hash = "sha256:446c9279105f596765ece99b61656f76c5d5003556cd8301dd506d4f70e18940"}, - {file = "botocore-1.16.12.tar.gz", hash = "sha256:b75a5dc97f9ac795139ea2c651c07a8522e31dc280db17243e2b20e5c210547b"}, + {file = "botocore-1.16.14-py2.py3-none-any.whl", hash = "sha256:c8a5647069f978ae664987ebdeffaef0eb2910e88a52fcc8d52c9eb014fed8cc"}, + {file = "botocore-1.16.14.tar.gz", hash = "sha256:a8e4cb8ed5a7e59fce935c9a550ccf616e9d5a053d02c374832610c2e377ca92"}, ] certifi = [ {file = "certifi-2020.4.5.1-py2.py3-none-any.whl", hash = "sha256:1d987a998c75633c40847cc966fcf5904906c920a7f17ef374f5aa4282abd304"}, @@ -1279,8 +1279,8 @@ toml = [ {file = "toml-0.10.1.tar.gz", hash = "sha256:926b612be1e5ce0634a2ca03470f95169cf16f939018233a670519cb4ac58b0f"}, ] tox = [ - {file = "tox-3.15.0-py2.py3-none-any.whl", hash = "sha256:8d97bfaf70053ed3db56f57377288621f1bcc7621446d301927d18df93b1c4c3"}, - {file = "tox-3.15.0.tar.gz", hash = "sha256:af09c19478e8fc7ce7555b3d802ddf601b82684b874812c5857f774b8aee1b67"}, + {file = "tox-3.15.1-py2.py3-none-any.whl", hash = "sha256:322dfdf007d7d53323f767badcb068a5cfa7c44d8aabb698d131b28cf44e62c4"}, + {file = "tox-3.15.1.tar.gz", hash = "sha256:8c9ad9b48659d291c5bc78bcabaa4d680d627687154b812fa52baedaa94f9f83"}, ] tqdm = [ {file = "tqdm-4.46.0-py2.py3-none-any.whl", hash = "sha256:acdafb20f51637ca3954150d0405ff1a7edde0ff19e38fb99a80a66210d2a28f"}, @@ -1299,8 +1299,8 @@ vcrpy = [ {file = "vcrpy-4.0.2.tar.gz", hash = "sha256:9740c5b1b63626ec55cefb415259a2c77ce00751e97b0f7f214037baaf13c7bf"}, ] virtualenv = [ - {file = "virtualenv-20.0.20-py2.py3-none-any.whl", hash = "sha256:b4c14d4d73a0c23db267095383c4276ef60e161f94fde0427f2f21a0132dde74"}, - {file = "virtualenv-20.0.20.tar.gz", hash = "sha256:fd0e54dec8ac96c1c7c87daba85f0a59a7c37fe38748e154306ca21c73244637"}, + {file = "virtualenv-20.0.21-py2.py3-none-any.whl", hash = "sha256:a730548b27366c5e6cbdf6f97406d861cccece2e22275e8e1a757aeff5e00c70"}, + {file = "virtualenv-20.0.21.tar.gz", hash = "sha256:a116629d4e7f4d03433b8afa27f43deba09d48bc48f5ecefa4f015a178efb6cf"}, ] wcwidth = [ {file = "wcwidth-0.1.9-py2.py3-none-any.whl", hash = "sha256:cafe2186b3c009a04067022ce1dcd79cb38d8d65ee4f4791b8888d6599d1bbe1"}, diff --git a/requirements.txt b/requirements.txt index 5b8806b07c6..e6f20a1d69a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,12 +1,12 @@ apipkg==1.5 -appdirs==1.4.3 +appdirs==1.4.4 argcomplete==1.11.1 atomicwrites==1.4.0; sys_platform == "win32" attrs==19.3.0 aws-xray-sdk==2.5.0 bleach==3.1.5 -boto3==1.13.5 -botocore==1.16.5 +boto3==1.13.14 +botocore==1.16.14 certifi==2020.4.5.1 cffi==1.14.0; sys_platform == "linux" chardet==3.0.4 @@ -15,16 +15,15 @@ coverage==5.1 cryptography==2.9.2; sys_platform == "linux" distlib==0.3.0 docutils==0.15.2 -entrypoints==0.3 execnet==1.7.1 filelock==3.0.12 -flake8==3.7.9 +flake8==3.8.1 future==0.18.2 idna==2.9 importlib-metadata==1.6.0 importlib-resources==1.5.0; python_version < "3.7" jeepney==0.4.3; sys_platform == "linux" -jmespath==0.9.5 +jmespath==0.10.0 jsonpatch==1.25 jsonpickle==1.4.1 jsonpointer==2.0 @@ -32,17 +31,17 @@ jsonschema==3.2.0 keyring==21.2.1 mccabe==0.6.1 mock==4.0.2 -more-itertools==8.2.0 -multidict==4.7.5; python_version >= "3.6" -packaging==20.3 +more-itertools==8.3.0 +multidict==4.7.6; python_version >= "3.6" +packaging==20.4 pkginfo==1.5.0.1 placebo==0.9.0 pluggy==0.13.1 psutil==5.7.0 py==1.8.1 -pycodestyle==2.5.0 +pycodestyle==2.6.0 pycparser==2.20; sys_platform == "linux" -pyflakes==2.1.1 +pyflakes==2.2.0 pygments==2.6.1 pyparsing==2.4.7 pyrsistent==0.16.0 @@ -62,13 +61,13 @@ secretstorage==3.1.2; sys_platform == "linux" six==1.14.0 tabulate==0.8.7 termcolor==1.1.0 -toml==0.10.0 -tox==3.15.0 +toml==0.10.1 +tox==3.15.1 tqdm==4.46.0 twine==3.1.1 urllib3==1.25.9 vcrpy==4.0.2 -virtualenv==20.0.20 +virtualenv==20.0.21 wcwidth==0.1.9 webencodings==0.5.1 wrapt==1.12.1 diff --git a/tools/c7n_azure/poetry.lock b/tools/c7n_azure/poetry.lock index 70c8f551f0c..c8a224d3a61 100644 --- a/tools/c7n_azure/poetry.lock +++ b/tools/c7n_azure/poetry.lock @@ -789,10 +789,10 @@ description = "The AWS SDK for Python" name = "boto3" optional = false python-versions = "*" -version = "1.13.12" +version = "1.13.14" [package.dependencies] -botocore = ">=1.16.12,<1.17.0" +botocore = ">=1.16.14,<1.17.0" jmespath = ">=0.7.1,<1.0.0" s3transfer = ">=0.3.0,<0.4.0" @@ -802,7 +802,7 @@ description = "Low-level, data-driven core of boto 3." name = "botocore" optional = false python-versions = "*" -version = "1.16.12" +version = "1.16.14" [package.dependencies] docutils = ">=0.10,<0.16" @@ -1665,12 +1665,12 @@ bcrypt = [ {file = "bcrypt-3.1.7.tar.gz", hash = "sha256:0b0069c752ec14172c5f78208f1863d7ad6755a6fae6fe76ec2c80d13be41e42"}, ] boto3 = [ - {file = "boto3-1.13.12-py2.py3-none-any.whl", hash = "sha256:bf1346365829525dfd8dbbafb5dbfd7383ad0872370301643d65c6190f7f5813"}, - {file = "boto3-1.13.12.tar.gz", hash = "sha256:c46f31f085de660b95162c66057bae9ebb1658a245c9210162cee9671b0ff678"}, + {file = "boto3-1.13.14-py2.py3-none-any.whl", hash = "sha256:74d78ca0fd706f447a5f787d88214b298b213b1eddf2e8197051a0844df45146"}, + {file = "boto3-1.13.14.tar.gz", hash = "sha256:703157e8f16c57133fde0082a2d8b99ca6d36120ca4479df1464df80dd148a87"}, ] botocore = [ - {file = "botocore-1.16.12-py2.py3-none-any.whl", hash = "sha256:446c9279105f596765ece99b61656f76c5d5003556cd8301dd506d4f70e18940"}, - {file = "botocore-1.16.12.tar.gz", hash = "sha256:b75a5dc97f9ac795139ea2c651c07a8522e31dc280db17243e2b20e5c210547b"}, + {file = "botocore-1.16.14-py2.py3-none-any.whl", hash = "sha256:c8a5647069f978ae664987ebdeffaef0eb2910e88a52fcc8d52c9eb014fed8cc"}, + {file = "botocore-1.16.14.tar.gz", hash = "sha256:a8e4cb8ed5a7e59fce935c9a550ccf616e9d5a053d02c374832610c2e377ca92"}, ] c7n = [] certifi = [ diff --git a/tools/c7n_azure/requirements.txt b/tools/c7n_azure/requirements.txt index f87d02cff26..c25adcbf264 100644 --- a/tools/c7n_azure/requirements.txt +++ b/tools/c7n_azure/requirements.txt @@ -31,7 +31,7 @@ azure-mgmt-datalake-nspkg==3.0.1 azure-mgmt-datalake-store==0.5.0 azure-mgmt-dns==3.0.0 azure-mgmt-eventgrid==2.2.0 -azure-mgmt-eventhub==3.0.0 +azure-mgmt-eventhub==3.1.0 azure-mgmt-hdinsight==1.4.0 azure-mgmt-iothub==0.10.0 azure-mgmt-keyvault==1.1.0 @@ -67,10 +67,10 @@ humanfriendly==4.18 idna==2.9 importlib-metadata==1.6.0 isodate==0.6.0 -jmespath==0.9.5 +jmespath==0.10.0 jsonpickle==1.4.1 knack==0.6.3 -msrest==0.6.13 +msrest==0.6.14 msrestazure==0.6.3 netaddr==0.7.19 oauthlib==3.1.0 diff --git a/tools/c7n_azure/setup.py b/tools/c7n_azure/setup.py index bf77f8e3523..e22910af8df 100644 --- a/tools/c7n_azure/setup.py +++ b/tools/c7n_azure/setup.py @@ -63,14 +63,14 @@ 'azure-storage-blob>=2.1,<2.2', 'azure-storage-file>=2.1.0,<3.0.0', 'azure-storage-queue>=2.1,<2.2', - 'boto3 (>=1.13.5,<2.0.0)', - 'botocore (>=1.16.5,<2.0.0)', + 'boto3 (>=1.13.14,<2.0.0)', + 'botocore (>=1.16.14,<2.0.0)', 'c7n (>=0.9.2,<0.10.0)', 'click>=7.0,<8.0', 'distlib>=0.3.0,<0.4.0', 'docutils (>=0.15.2,<0.16.0)', 'importlib-metadata (>=1.6.0,<2.0.0)', - 'jmespath (>=0.9.5,<0.10.0)', + 'jmespath (>=0.10.0,<0.11.0)', 'jsonpickle>=1.2,<2.0', 'jsonschema (>=3.2.0,<4.0.0)', 'netaddr>=0.7.19,<0.8.0', diff --git a/tools/c7n_gcp/poetry.lock b/tools/c7n_gcp/poetry.lock index 7bf4eb021f2..b53a8e8e93f 100644 --- a/tools/c7n_gcp/poetry.lock +++ b/tools/c7n_gcp/poetry.lock @@ -43,10 +43,10 @@ description = "The AWS SDK for Python" name = "boto3" optional = false python-versions = "*" -version = "1.13.12" +version = "1.13.14" [package.dependencies] -botocore = ">=1.16.12,<1.17.0" +botocore = ">=1.16.14,<1.17.0" jmespath = ">=0.7.1,<1.0.0" s3transfer = ">=0.3.0,<0.4.0" @@ -56,7 +56,7 @@ description = "Low-level, data-driven core of boto 3." name = "botocore" optional = false python-versions = "*" -version = "1.16.12" +version = "1.16.14" [package.dependencies] docutils = ">=0.10,<0.16" @@ -261,7 +261,7 @@ description = "A comprehensive HTTP client library." name = "httplib2" optional = false python-versions = "*" -version = "0.17.3" +version = "0.18.0" [[package]] category = "main" @@ -603,12 +603,12 @@ attrs = [ {file = "attrs-19.3.0.tar.gz", hash = "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72"}, ] boto3 = [ - {file = "boto3-1.13.12-py2.py3-none-any.whl", hash = "sha256:bf1346365829525dfd8dbbafb5dbfd7383ad0872370301643d65c6190f7f5813"}, - {file = "boto3-1.13.12.tar.gz", hash = "sha256:c46f31f085de660b95162c66057bae9ebb1658a245c9210162cee9671b0ff678"}, + {file = "boto3-1.13.14-py2.py3-none-any.whl", hash = "sha256:74d78ca0fd706f447a5f787d88214b298b213b1eddf2e8197051a0844df45146"}, + {file = "boto3-1.13.14.tar.gz", hash = "sha256:703157e8f16c57133fde0082a2d8b99ca6d36120ca4479df1464df80dd148a87"}, ] botocore = [ - {file = "botocore-1.16.12-py2.py3-none-any.whl", hash = "sha256:446c9279105f596765ece99b61656f76c5d5003556cd8301dd506d4f70e18940"}, - {file = "botocore-1.16.12.tar.gz", hash = "sha256:b75a5dc97f9ac795139ea2c651c07a8522e31dc280db17243e2b20e5c210547b"}, + {file = "botocore-1.16.14-py2.py3-none-any.whl", hash = "sha256:c8a5647069f978ae664987ebdeffaef0eb2910e88a52fcc8d52c9eb014fed8cc"}, + {file = "botocore-1.16.14.tar.gz", hash = "sha256:a8e4cb8ed5a7e59fce935c9a550ccf616e9d5a053d02c374832610c2e377ca92"}, ] c7n = [] cachetools = [ @@ -664,8 +664,8 @@ googleapis-common-protos = [ {file = "googleapis-common-protos-1.51.0.tar.gz", hash = "sha256:013c91704279119150e44ef770086fdbba158c1f978a6402167d47d5409e226e"}, ] httplib2 = [ - {file = "httplib2-0.17.3-py3-none-any.whl", hash = "sha256:6d9722decd2deacd486ef10c5dd5e2f120ca3ba8736842b90509afcdc16488b1"}, - {file = "httplib2-0.17.3.tar.gz", hash = "sha256:39dd15a333f67bfb70798faa9de8a6e99c819da6ad82b77f9a259a5c7b1225a2"}, + {file = "httplib2-0.18.0-py3-none-any.whl", hash = "sha256:4f6988e6399a2546b525a037d56da34aed4d149bbdc0e78523018d5606c26e74"}, + {file = "httplib2-0.18.0.tar.gz", hash = "sha256:b0e1f3ed76c97380fe2485bc47f25235453b40ef33ca5921bb2897e257a49c4c"}, ] idna = [ {file = "idna-2.9-py2.py3-none-any.whl", hash = "sha256:a068a21ceac8a4d63dbfd964670474107f541babbd2250d61922f029858365fa"}, diff --git a/tools/c7n_gcp/requirements.txt b/tools/c7n_gcp/requirements.txt index 7de752a0464..7a6f95d12e0 100644 --- a/tools/c7n_gcp/requirements.txt +++ b/tools/c7n_gcp/requirements.txt @@ -2,16 +2,16 @@ cachetools==4.1.0 certifi==2020.4.5.1 chardet==3.0.4 google-api-core==1.17.0 -google-api-python-client==1.8.2 -google-auth==1.14.2 +google-api-python-client==1.8.3 +google-auth==1.15.0 google-auth-httplib2==0.0.3 google-cloud-core==1.3.0 google-cloud-logging==1.15.0 google-cloud-monitoring==0.34.0 googleapis-common-protos==1.51.0 -httplib2==0.17.3 +httplib2==0.18.0 idna==2.9 -protobuf==3.11.3 +protobuf==3.12.0 pyasn1==0.4.8 pyasn1-modules==0.2.8 pytz==2020.1 diff --git a/tools/c7n_gcp/setup.py b/tools/c7n_gcp/setup.py index 172913933db..306477c7d94 100644 --- a/tools/c7n_gcp/setup.py +++ b/tools/c7n_gcp/setup.py @@ -12,8 +12,8 @@ install_requires = \ ['argcomplete (>=1.11.1,<2.0.0)', 'attrs (>=19.3.0,<20.0.0)', - 'boto3 (>=1.13.5,<2.0.0)', - 'botocore (>=1.16.5,<2.0.0)', + 'boto3 (>=1.13.14,<2.0.0)', + 'botocore (>=1.16.14,<2.0.0)', 'c7n (>=0.9.2,<0.10.0)', 'docutils (>=0.15.2,<0.16.0)', 'google-api-python-client>=1.7,<2.0', @@ -21,7 +21,7 @@ 'google-cloud-logging>=1.14,<2.0', 'google-cloud-monitoring>=0.34.0,<0.35.0', 'importlib-metadata (>=1.6.0,<2.0.0)', - 'jmespath (>=0.9.5,<0.10.0)', + 'jmespath (>=0.10.0,<0.11.0)', 'jsonschema (>=3.2.0,<4.0.0)', 'pyrsistent (>=0.16.0,<0.17.0)', 'python-dateutil (>=2.8.1,<3.0.0)', diff --git a/tools/c7n_kube/poetry.lock b/tools/c7n_kube/poetry.lock index 3c901f47e8e..250c381367a 100644 --- a/tools/c7n_kube/poetry.lock +++ b/tools/c7n_kube/poetry.lock @@ -43,10 +43,10 @@ description = "The AWS SDK for Python" name = "boto3" optional = false python-versions = "*" -version = "1.13.12" +version = "1.13.14" [package.dependencies] -botocore = ">=1.16.12,<1.17.0" +botocore = ">=1.16.14,<1.17.0" jmespath = ">=0.7.1,<1.0.0" s3transfer = ">=0.3.0,<0.4.0" @@ -56,7 +56,7 @@ description = "Low-level, data-driven core of boto 3." name = "botocore" optional = false python-versions = "*" -version = "1.16.12" +version = "1.16.14" [package.dependencies] docutils = ">=0.10,<0.16" @@ -546,12 +546,12 @@ attrs = [ {file = "attrs-19.3.0.tar.gz", hash = "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72"}, ] boto3 = [ - {file = "boto3-1.13.12-py2.py3-none-any.whl", hash = "sha256:bf1346365829525dfd8dbbafb5dbfd7383ad0872370301643d65c6190f7f5813"}, - {file = "boto3-1.13.12.tar.gz", hash = "sha256:c46f31f085de660b95162c66057bae9ebb1658a245c9210162cee9671b0ff678"}, + {file = "boto3-1.13.14-py2.py3-none-any.whl", hash = "sha256:74d78ca0fd706f447a5f787d88214b298b213b1eddf2e8197051a0844df45146"}, + {file = "boto3-1.13.14.tar.gz", hash = "sha256:703157e8f16c57133fde0082a2d8b99ca6d36120ca4479df1464df80dd148a87"}, ] botocore = [ - {file = "botocore-1.16.12-py2.py3-none-any.whl", hash = "sha256:446c9279105f596765ece99b61656f76c5d5003556cd8301dd506d4f70e18940"}, - {file = "botocore-1.16.12.tar.gz", hash = "sha256:b75a5dc97f9ac795139ea2c651c07a8522e31dc280db17243e2b20e5c210547b"}, + {file = "botocore-1.16.14-py2.py3-none-any.whl", hash = "sha256:c8a5647069f978ae664987ebdeffaef0eb2910e88a52fcc8d52c9eb014fed8cc"}, + {file = "botocore-1.16.14.tar.gz", hash = "sha256:a8e4cb8ed5a7e59fce935c9a550ccf616e9d5a053d02c374832610c2e377ca92"}, ] c7n = [] cachetools = [ diff --git a/tools/c7n_kube/requirements.txt b/tools/c7n_kube/requirements.txt index 52b7815defb..f58dfb4d3ec 100644 --- a/tools/c7n_kube/requirements.txt +++ b/tools/c7n_kube/requirements.txt @@ -1,7 +1,7 @@ cachetools==4.1.0 certifi==2020.4.5.1 chardet==3.0.4 -google-auth==1.14.2 +google-auth==1.15.0 idna==2.9 kubernetes==10.0.1 oauthlib==3.1.0 diff --git a/tools/c7n_kube/setup.py b/tools/c7n_kube/setup.py index 0f555aaf179..6a309bb11a0 100644 --- a/tools/c7n_kube/setup.py +++ b/tools/c7n_kube/setup.py @@ -16,12 +16,12 @@ install_requires = \ ['argcomplete (>=1.11.1,<2.0.0)', 'attrs (>=19.3.0,<20.0.0)', - 'boto3 (>=1.13.5,<2.0.0)', - 'botocore (>=1.16.5,<2.0.0)', + 'boto3 (>=1.13.14,<2.0.0)', + 'botocore (>=1.16.14,<2.0.0)', 'c7n (>=0.9.2,<0.10.0)', 'docutils (>=0.15.2,<0.16.0)', 'importlib-metadata (>=1.6.0,<2.0.0)', - 'jmespath (>=0.9.5,<0.10.0)', + 'jmespath (>=0.10.0,<0.11.0)', 'jsonschema (>=3.2.0,<4.0.0)', 'kubernetes>=10.0.1,<11.0.0', 'pyrsistent (>=0.16.0,<0.17.0)', diff --git a/tools/c7n_logexporter/poetry.lock b/tools/c7n_logexporter/poetry.lock index 82cc1fc2f67..cd255e6e72b 100644 --- a/tools/c7n_logexporter/poetry.lock +++ b/tools/c7n_logexporter/poetry.lock @@ -34,10 +34,10 @@ description = "The AWS SDK for Python" name = "boto3" optional = false python-versions = "*" -version = "1.13.12" +version = "1.13.14" [package.dependencies] -botocore = ">=1.16.12,<1.17.0" +botocore = ">=1.16.14,<1.17.0" jmespath = ">=0.7.1,<1.0.0" s3transfer = ">=0.3.0,<0.4.0" @@ -47,7 +47,7 @@ description = "Low-level, data-driven core of boto 3." name = "botocore" optional = false python-versions = "*" -version = "1.16.12" +version = "1.16.14" [package.dependencies] docutils = ">=0.10,<0.16" @@ -242,12 +242,12 @@ attrs = [ {file = "attrs-19.3.0.tar.gz", hash = "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72"}, ] boto3 = [ - {file = "boto3-1.13.12-py2.py3-none-any.whl", hash = "sha256:bf1346365829525dfd8dbbafb5dbfd7383ad0872370301643d65c6190f7f5813"}, - {file = "boto3-1.13.12.tar.gz", hash = "sha256:c46f31f085de660b95162c66057bae9ebb1658a245c9210162cee9671b0ff678"}, + {file = "boto3-1.13.14-py2.py3-none-any.whl", hash = "sha256:74d78ca0fd706f447a5f787d88214b298b213b1eddf2e8197051a0844df45146"}, + {file = "boto3-1.13.14.tar.gz", hash = "sha256:703157e8f16c57133fde0082a2d8b99ca6d36120ca4479df1464df80dd148a87"}, ] botocore = [ - {file = "botocore-1.16.12-py2.py3-none-any.whl", hash = "sha256:446c9279105f596765ece99b61656f76c5d5003556cd8301dd506d4f70e18940"}, - {file = "botocore-1.16.12.tar.gz", hash = "sha256:b75a5dc97f9ac795139ea2c651c07a8522e31dc280db17243e2b20e5c210547b"}, + {file = "botocore-1.16.14-py2.py3-none-any.whl", hash = "sha256:c8a5647069f978ae664987ebdeffaef0eb2910e88a52fcc8d52c9eb014fed8cc"}, + {file = "botocore-1.16.14.tar.gz", hash = "sha256:a8e4cb8ed5a7e59fce935c9a550ccf616e9d5a053d02c374832610c2e377ca92"}, ] c7n = [] click = [ diff --git a/tools/c7n_logexporter/setup.py b/tools/c7n_logexporter/setup.py index be40ee474b3..66073193148 100644 --- a/tools/c7n_logexporter/setup.py +++ b/tools/c7n_logexporter/setup.py @@ -12,13 +12,13 @@ install_requires = \ ['argcomplete (>=1.11.1,<2.0.0)', 'attrs (>=19.3.0,<20.0.0)', - 'boto3 (>=1.13.5,<2.0.0)', - 'botocore (>=1.16.5,<2.0.0)', + 'boto3 (>=1.13.14,<2.0.0)', + 'botocore (>=1.16.14,<2.0.0)', 'c7n (>=0.9.2,<0.10.0)', 'click>=7.0,<8.0', 'docutils (>=0.15.2,<0.16.0)', 'importlib-metadata (>=1.6.0,<2.0.0)', - 'jmespath (>=0.9.5,<0.10.0)', + 'jmespath (>=0.10.0,<0.11.0)', 'jsonschema (>=3.2.0,<4.0.0)', 'pyrsistent (>=0.16.0,<0.17.0)', 'python-dateutil (>=2.8.1,<3.0.0)', diff --git a/tools/c7n_mailer/poetry.lock b/tools/c7n_mailer/poetry.lock index 538fac28f04..bf5158208a7 100644 --- a/tools/c7n_mailer/poetry.lock +++ b/tools/c7n_mailer/poetry.lock @@ -27,10 +27,10 @@ description = "The AWS SDK for Python" name = "boto3" optional = false python-versions = "*" -version = "1.13.12" +version = "1.13.14" [package.dependencies] -botocore = ">=1.16.12,<1.17.0" +botocore = ">=1.16.14,<1.17.0" jmespath = ">=0.7.1,<1.0.0" s3transfer = ">=0.3.0,<0.4.0" @@ -40,7 +40,7 @@ description = "Low-level, data-driven core of boto 3." name = "botocore" optional = false python-versions = "*" -version = "1.16.12" +version = "1.16.14" [package.dependencies] docutils = ">=0.10,<0.16" @@ -464,12 +464,12 @@ attrs = [ {file = "attrs-19.3.0.tar.gz", hash = "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72"}, ] boto3 = [ - {file = "boto3-1.13.12-py2.py3-none-any.whl", hash = "sha256:bf1346365829525dfd8dbbafb5dbfd7383ad0872370301643d65c6190f7f5813"}, - {file = "boto3-1.13.12.tar.gz", hash = "sha256:c46f31f085de660b95162c66057bae9ebb1658a245c9210162cee9671b0ff678"}, + {file = "boto3-1.13.14-py2.py3-none-any.whl", hash = "sha256:74d78ca0fd706f447a5f787d88214b298b213b1eddf2e8197051a0844df45146"}, + {file = "boto3-1.13.14.tar.gz", hash = "sha256:703157e8f16c57133fde0082a2d8b99ca6d36120ca4479df1464df80dd148a87"}, ] botocore = [ - {file = "botocore-1.16.12-py2.py3-none-any.whl", hash = "sha256:446c9279105f596765ece99b61656f76c5d5003556cd8301dd506d4f70e18940"}, - {file = "botocore-1.16.12.tar.gz", hash = "sha256:b75a5dc97f9ac795139ea2c651c07a8522e31dc280db17243e2b20e5c210547b"}, + {file = "botocore-1.16.14-py2.py3-none-any.whl", hash = "sha256:c8a5647069f978ae664987ebdeffaef0eb2910e88a52fcc8d52c9eb014fed8cc"}, + {file = "botocore-1.16.14.tar.gz", hash = "sha256:a8e4cb8ed5a7e59fce935c9a550ccf616e9d5a053d02c374832610c2e377ca92"}, ] certifi = [ {file = "certifi-2020.4.5.1-py2.py3-none-any.whl", hash = "sha256:1d987a998c75633c40847cc966fcf5904906c920a7f17ef374f5aa4282abd304"}, diff --git a/tools/c7n_mailer/requirements.txt b/tools/c7n_mailer/requirements.txt index 2476fc424c7..cf5ffdeb36c 100644 --- a/tools/c7n_mailer/requirements.txt +++ b/tools/c7n_mailer/requirements.txt @@ -1,6 +1,6 @@ attrs==19.3.0 -boto3==1.13.5 -botocore==1.16.5 +boto3==1.13.14 +botocore==1.16.14 certifi==2020.4.5.1 chardet==3.0.4 datadog==0.34.1 @@ -9,7 +9,7 @@ docutils==0.15.2 idna==2.9 importlib-metadata==1.6.0 jinja2==2.11.2 -jmespath==0.9.5 +jmespath==0.10.0 jsonpatch==1.25 jsonpointer==2.0 jsonschema==3.2.0 @@ -20,10 +20,10 @@ pyrsistent==0.16.0 python-dateutil==2.8.1 python-http-client==3.2.7 pyyaml==5.3.1 -redis==3.5.0 +redis==3.5.2 requests==2.23.0 s3transfer==0.3.3 -sendgrid==6.3.0 +sendgrid==6.3.1 six==1.14.0 urllib3==1.25.9 zipp==3.1.0 diff --git a/tools/c7n_mailer/setup.py b/tools/c7n_mailer/setup.py index 89f7850e148..91767f93966 100644 --- a/tools/c7n_mailer/setup.py +++ b/tools/c7n_mailer/setup.py @@ -30,7 +30,7 @@ 'name': 'c7n-mailer', 'version': '0.6.1', 'description': 'Cloud Custodian - Reference Mailer', - 'long_description': '# c7n-mailer: Custodian Mailer\n\n[//]: # ( !!! IMPORTANT !!! )\n[//]: # (This file is moved during document generation.)\n[//]: # (Only edit the original document at ./tools/c7n_mailer/README.md)\n\nA mailer implementation for Custodian. Outbound mail delivery is still somewhat\norganization-specific, so this at the moment serves primarily as an example\nimplementation.\n\n> The Cloud Custodian Mailer can now be easily run in a Docker container. Click [here](https://hub.docker.com/r/cloudcustodian/mailer) for details.\n\n\n## Message Relay\n\nCustodian Mailer subscribes to an SQS queue, looks up users, and sends email\nvia SES and/or send notification to DataDog. Custodian lambda and instance policies can send to it. SQS queues\nshould be cross-account enabled for sending between accounts.\n\n\n## Tutorial\n\nOur goal in starting out with the Custodian mailer is to install the mailer,\nand run a policy that triggers an email to your inbox.\n\n1. [Install](#developer-install-os-x-el-capitan) the mailer on your laptop (if you are not running as a [Docker container](https://hub.docker.com/r/cloudcustodian/mailer)\n - or use `pip install c7n-mailer`\n2. In your text editor, create a `mailer.yml` file to hold your mailer config.\n3. In the AWS console, create a new standard SQS queue (quick create is fine).\n Copy the queue URL to `queue_url` in `mailer.yml`.\n4. In AWS, locate or create a role that has read access to the queue. Grab the\n role ARN and set it as `role` in `mailer.yml`.\n\nThere are different notification endpoints options, you can combine both.\n\n### Email:\nMake sure your email address is verified in SES, and set it as\n`from_address` in `mailer.yml`. By default SES is in sandbox mode where you\nmust\n[verify](http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html)\nevery individual recipient of emails. If need be, make an AWS support ticket to\nbe taken out of SES sandbox mode.\n\nYour `mailer.yml` should now look something like this:\n\n```yaml\nqueue_url: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\nrole: arn:aws:iam::123456790:role/c7n-mailer-test\nfrom_address: you@example.com\n```\n\nYou can also set `region` if you are in a region other than `us-east-1` as well as `lambda_tags` to give the mailer tags.\n\n```yaml\nregion: us-east-2\nlambda_tags:\n owner: ops\n```\n\nNow let\'s make a Custodian policy to populate your mailer queue. Create a\n`test-policy.yml` file with this content (update `to` and `queue` to match your\nenvironment)\n\n```yaml\n policies:\n - name: c7n-mailer-test\n resource: sqs\n filters:\n - "tag:MailerTest": absent\n actions:\n - type: notify\n template: default\n priority_header: \'2\'\n subject: testing the c7n mailer\n to:\n - you@example.com\n transport:\n type: sqs\n queue: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\n```\n\n### DataDog:\nThe standard way to do a DataDog integration is use the\nc7n integration with AWS CloudWatch and use the\n[DataDog integration with AWS](https://docs.datadoghq.com/integrations/amazon_web_services/)\nto collect CloudWatch metrics. The mailer/messenger integration is only\nfor the case you don\'t want or you can\'t use AWS CloudWatch.\n\nNote this integration requires the additional dependency of datadog python bindings:\n```\npip install datadog\n```\n\nYour `mailer.yml` should now look something like this:\n\n```yaml\nqueue_url: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\nrole: arn:aws:iam::123456790:role/c7n-mailer-test\ndatadog_api_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX\ndatadog_application_key: YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY\n```\n\n(Also set `region` if you are in a region other than `us-east-1`.)\n\nNow let\'s make a Custodian policy to populate your mailer queue. Create a\n`test-policy.yml`:\n\n```yaml\npolicies:\n - name: c7n-mailer-test\n resource: ebs\n filters:\n - Attachments: []\n actions:\n - type: notify\n to:\n - datadog://?metric_name=datadog.metric.name&metric_value_tag=Size\n transport:\n type: sqs\n queue: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\n```\n\nThere is a special `to` format that specifies datadog delivery, and includes the datadog configuration via url parameters.\n- metric_name: is the name of the metrics send to DataDog\n- metric_value_tag: by default the metric value send to DataDog is `1` but if you want to use one of the tags returned in the policy you can set it with the attribute `metric_value_tag`, for example in the `test-policy.yml` the value used is the size of the EBS volume. The value must be a number and it\'s transformed to a float value.\n\n### Slack:\n\nThe Custodian mailer supports Slack messaging as a separate notification mechanism for the SQS transport method. To enable Slack integration, you must specify a Slack token in the `slack_token` field under the `mailer.yml` file.\n\n```yaml\nqueue_url: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\nrole: arn:aws:iam::123456790:role/c7n-mailer-test\nslack_token: xoxo-token123\n```\n\nTo enable Slack messaging, several unique fields are evaluated in the policy, as shown in the below example:\n\n```\npolicies:\n - name: c7n-mailer-test\n resource: ebs\n filters:\n - Attachments: []\n actions:\n - type: notify\n slack_template: slack\n to:\n - slack://owners\n - slack://foo@bar.com\n - slack://#custodian-test\n - slack://webhook/#c7n-webhook-test\n - slack://tag/resource_tag\n - https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX\n transport:\n type: sqs\n queue: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\n```\n\nSlack messages support use of a unique template field specified by `slack_template`. This field is unique and usage will not break\nexisting functionality for messages also specifying an email template in the `template` field. This field is optional, however,\nand if not specified, the mailer will use the default value `slack_default`.\n\nSlack integration for the mailer supports several flavors of messaging, listed below. These are not mutually exclusive and any combination of the types can be used, but the preferred method is [incoming webhooks](https://api.slack.com/incoming-webhooks).\n\n| Requires `slack_token` | Key | Type | Notes |\n|:---------------------------:|:--------------------------------------------------------------------------------|:-------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| No | `https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX` | string | **(PREFERRED)** Send to an [incoming webhook](https://api.slack.com/incoming-webhooks) (the channel is defined in the webhook) |\n| Yes | `slack://owners` | string | Send to the recipient list generated within email delivery logic |\n| Yes | `slack://foo@bar.com` | string | Send to the recipient specified by email address foo@bar.com |\n| Yes | `slack://#custodian-test` | string | Send to the Slack channel indicated in string, i.e. #custodian-test |\n| No | `slack://webhook/#c7n-webhook-test` | string | **(DEPRECATED)** Send to a Slack webhook; appended with the target channel. **IMPORTANT**: *This requires a `slack_webhook` value defined in the `mailer.yml`.* |\n| Yes | `slack://tag/resource-tag` | string | Send to target found in resource tag. Example of value in tag: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX |\n\nSlack delivery can also be set via a resource\'s tag name. For example, using "slack://tag/slack_channel" will look for a tag name of \'slack_channel\', and if matched on a resource will deliver the message to the value of that resource\'s tag:\n\n`slack_channel:https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX`\n\nDelivery via tag has been tested with webhooks but should support all delivery methods.\n\n### Splunk HTTP Event Collector (HEC)\n\nThe Custodian mailer supports delivery to the HTTP Event Collector (HEC) endpoint of a Splunk instance as a separate notification mechanism for the SQS transport method. To enable Splunk HEC integration, you must specify the URL to the HEC endpoint as well as a valid username and token:\n\n```yaml\nqueue_url: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\nrole: arn:aws:iam::123456790:role/c7n-mailer-test\nsplunk_hec_url: https://http-inputs-foo.splunkcloud.com/services/collector/event\nsplunk_hec_token: 268b3cc2-f32e-4a19-a1e8-aee08d86ca7f\n```\n\nTo send events for a policy to the Splunk HEC endpoint, add a ``to`` address notify action specifying the name of the Splunk index to send events to in the form ``splunkhec://indexName``:\n\n```\npolicies:\n - name: c7n-mailer-test\n resource: ebs\n filters:\n - Attachments: []\n actions:\n - type: notify\n to:\n - splunkhec://myIndexName\n transport:\n type: sqs\n queue: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\n```\n\nThe ``splunkhec://indexName`` address type can be combined in the same notify action with other destination types (e.g. email, Slack, DataDog, etc).\n\n### Now run:\n\n```\nc7n-mailer --config mailer.yml --update-lambda && custodian run -c test-policy.yml -s .\n```\n\nNote: You can set the profile via environment variable e.g. `export AWS_DEFAULT_PROFILE=foo`\n\nYou should see output similar to the following:\n\n```\n(env) $ c7n-mailer --config mailer.yml --update-lambda && custodian run -c test-policy.yml -s .\nDEBUG:custodian.lambda:Created custodian lambda archive size: 3.01mb\n2017-01-12 07:55:16,227: custodian.policy:INFO Running policy c7n-mailer-test resource: sqs region:default c7n:0.8.22.0\n2017-01-12 07:55:16,229: custodian.policy:INFO policy: c7n-mailer-test resource:sqs has count:1 time:0.00\n2017-01-12 07:55:18,017: custodian.actions:INFO sent message:dead-beef policy:c7n-mailer-test template:default count:1\n2017-01-12 07:55:18,017: custodian.policy:INFO policy: c7n-mailer-test action: notify resources: 1 execution_time: 1.79\n(env) $\n```\n\nCheck the AWS console for a new Lambda named `cloud-custodian-mailer`. The\nmailer runs every five minutes, so wait a bit and then look for an email in\nyour inbox. If it doesn\'t appear, look in the lambda\'s logs for debugging\ninformation. If it does, congratulations! You are off and running with the\nCustodian mailer.\n\n\n## Usage & Configuration\n\nOnce [installed](#developer-install-os-x-el-capitan) you should have a\n`c7n-mailer` executable on your path:\naws\n```\n(env) $ c7n-mailer\nusage: c7n-mailer [-h] -c CONFIG\nc7n-mailer: error: argument -c/--config is required\n(env) $\n```\n\nFundamentally what `c7n-mailer` does is deploy a Lambda (using\n[Mu](http://cloudcustodian.io/docs/policy/mu.html)) based on\nconfiguration you specify in a YAML file. Here is [the\nschema](./c7n_mailer/cli.py#L11-L41) to which the file must conform,\nand here is a description of the options:\n\n| Required? | Key | Type | Notes |\n|:---------:|:----------------|:-----------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ✅ | `queue_url` | string | the queue to listen to for messages |\n| | `from_address` | string | default from address |\n| | `contact_tags` | array of strings | tags that we should look at for address information |\n\n#### Standard Lambda Function Config\n\n| Required? | Key | Type |\n|:---------:|:---------------------|:-----------------|\n| | `dead_letter_config` | object |\n| | `memory` | integer |\n| | `region` | string |\n| ✅ | `role` | string |\n| | `runtime` | string |\n| | `security_groups` | array of strings |\n| | `subnets` | array of strings |\n| | `timeout` | integer |\n\n#### Standard Azure Functions Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:----------------------|:-------|:---------------------------------------------------------------------------------------|\n| | `function_properties` | object | Contains `appInsights`, `storageAccount` and `servicePlan` objects |\n| | `appInsights` | object | Contains `name`, `location` and `resourceGroupName` properties |\n| | `storageAccount` | object | Contains `name`, `location` and `resourceGroupName` properties |\n| | `servicePlan` | object | Contains `name`, `location`, `resourceGroupName`, `skuTier` and `skuName` properties |\n| | `name` | string | |\n| | `location` | string | Default: `west us 2` |\n| | `resourceGroupName` | string | Default `cloud-custodian` |\n| | `skuTier` | string | Default: `Basic` |\n| | `skuName` | string | Default: `B1` |\n\n\n\n\n#### Mailer Infrastructure Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:----------------------------|:--------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| | `cache_engine` | string | cache engine; either sqlite or redis |\n| | `cross_accounts` | object | account to assume back into for sending to SNS topics |\n| | `debug` | boolean | debug on/off |\n| | `ldap_bind_dn` | string | eg: ou=people,dc=example,dc=com |\n| | `ldap_bind_user` | string | eg: FOO\\\\BAR |\n| | `ldap_bind_password` | string | ldap bind password |\n| | `ldap_bind_password_in_kms` | boolean | defaults to true, most people (except capone) want to set this to false. If set to true, make sure `ldap_bind_password` contains your KMS encrypted ldap bind password as a base64-encoded string. |\n| | `ldap_email_attribute` | string | |\n| | `ldap_email_key` | string | eg \'mail\' |\n| | `ldap_manager_attribute` | string | eg \'manager\' |\n| | `ldap_uid_attribute` | string | |\n| | `ldap_uid_regex` | string | |\n| | `ldap_uid_tags` | string | |\n| | `ldap_uri` | string | eg \'ldaps://example.com:636\' |\n| | `redis_host` | string | redis host if cache_engine == redis |\n| | `redis_port` | integer | redis port, default: 6369 |\n| | `ses_region` | string | AWS region that handles SES API calls |\n\n#### SMTP Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:----------------|:-----------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| | `smtp_server` | string | to configure your lambda role to talk to smtpd in your private vpc, see [here](https://docs.aws.amazon.com/lambda/latest/dg/vpc.html) | |\n| | `smtp_port` | integer | smtp port (default is 25) |\n| | `smtp_ssl` | boolean | this defaults to True |\n| | `smtp_username` | string | |\n| | `smtp_password` | secured string | |\n\nIf `smtp_server` is unset, `c7n_mailer` will use AWS SES or Azure SendGrid.\n\n#### DataDog Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:--------------------------|:-------|:-------------------------|\n| | `datadog_api_key` | string | DataDog API key. |\n| | `datadog_application_key` | string | Datadog application key. |\n\nThese fields are not necessary if c7n_mailer is run in a instance/lambda/etc with the DataDog agent.\n\n#### Slack Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:--------------|:-------|:----------------|\n| | `slack_token` | string | Slack API token |\n\n#### SendGrid Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:-------------------|:---------------|:-------------------|\n| | `sendgrid_api_key` | secured string | SendGrid API token |\n\n\n#### Splunk HEC Config\n\nThe following configuration items are *all* optional. The ones marked "Required for Splunk" are only required if you\'re sending notifications to ``splunkhec://`` destinations.\n\n| Required for Splunk? | Key | Type | Notes |\n|:--------------------:|:------------------------|:-----------------|:-----------------------------------------------------------------------------------------------------------------------------------|\n| ✅ | `splunk_hec_url` | string | URL to your Splunk HTTP Event Collector endpoint |\n| ✅ | `splunk_hec_token` | string | Splunk HEC authentication token for specified username |\n| | `splunk_remove_paths` | array of strings | List of [RFC6901](http://tools.ietf.org/html/rfc6901) JSON Pointers to remove from the event, if present, before sending to Splunk |\n| | `splunk_actions_list` | boolean | If true, add an `actions` list to the top-level message sent to Splunk, containing the names of all non-notify actions taken |\n| | `splunk_max_attempts` | integer | Maximum number of times to try POSTing data to Splunk HEC (default 4) |\n| | `splunk_hec_max_length` | integer | Maximum data length that Splunk HEC accepts; an error will be logged for any message sent over this length |\n\n#### SDK Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:--------------|:-------|:------|\n| | `http_proxy` | string | |\n| | `https_proxy` | string | |\n| | `profile` | string | |\n\n\n#### Secured String\n\nIn order to ensure sensitive data is not stored plaintext in a policy, `c7n-mailer` supports secured\nstrings. You can treat it as a regular `string` or use `secured string` features.\n\n##### AWS\n\nYou can use KMS to encrypt your secrets and use encrypted secret in mailer policy.\nCustodian tries to decrypt the string using KMS, if it fails c7n treats it as a plaintext secret.\n\n```yaml\n plaintext_secret: \n secured_string: \n```\n\n##### Azure\n\nYou can store your secrets in Azure Key Vault secrets and reference them from the policy.\n\n```yaml\n plaintext_secret: \n secured_string:\n type: azure.keyvault\n secret: https://your-vault.vault.azure.net/secrets/your-secret\n```\n\nNote: `secrets.get` permission on the KeyVault for the Service Principal is required.\n\n## Configuring a policy to send email\n\nOutbound email can be added to any policy by including the `notify` action.\n\n```yaml\n\npolicies:\n - name: bad-apples\n resource: asg\n filters:\n - "tag:ASV": absent\n actions:\n - type: notify\n template: default\n template_format: \'html\'\n priority_header: \'1\'\n subject: fix your tags\n to:\n - resource-owner\n owner_absent_contact:\n - foo@example.com\n transport:\n type: sqs\n queue: https://sqs.us-east-1.amazonaws.com/80101010101/cloud-custodian-message-relay\n```\n\nSo breaking it down, you add an action of type `notify`. You can specify a\ntemplate that\'s used to format the email; customizing templates is described\n[below](#writing-an-email-template).\n\nThe `to` list specifies the intended recipient for the email. You can specify\neither an email address, an SNS topic, a Datadog Metric, or a special value. The special values\nare either\n\n- `resource-owner`, in which case the email will be sent to the listed\n `OwnerContact` tag on the resource that matched the policy, or\n- `event-owner` for push-based/realtime policies that will send to the user\n that was responsible for the underlying event.\n- `priority_header` to indicate the importance of an email with [headers](https://www.chilkatsoft.com/p/p_471.asp). Different emails clients will display stars, exclamation points or flags depending on the value. Should be an string from 1 to 5.\n\nBoth of these special values are best effort, i.e., if no `OwnerContact` tag is\nspecified then `resource-owner` email will not be delivered, and in the case of\n`event-owner` an instance role or system account will not result in an email.\n\nThe optional `owner_absent_contact` list specifies email addresses to notify only if\nthe `resource-owner` special option was unable to find any matching owner contact\ntags.\n\nIn addition, you may choose to use a custom tag instead of the default `OwnerContact`. In order to configure this, the mailer.yaml must be modified to include the contact_tags and the custom tag. The `resource-owner` will now email the custom tag instead of `OwnerContact`. \n\n```yaml\ncontact_tags:\n - "custom_tag"\n```\n\n\nFor reference purposes, the JSON Schema of the `notify` action:\n\n```json\n{\n "type": "object",\n "required": ["type", "transport", "to"],\n "properties": {\n "type": {"enum": ["notify"]},\n "to": {"type": "array", "items": {"type": "string"}},\n "owner_absent_contact": {"type": "array", "items": {"type": "string"}},\n "subject": {"type": "string"},\n "priority_header": {"type": "string"},\n "template": {"type": "string"},\n "transport": {\n "type": "object",\n "required": ["type", "queue"],\n "properties": {\n "queue": {"type": "string"},\n "region": {"type": "string"},\n "type": {"enum": ["sqs"]}\n }\n }\n }\n}\n```\n\n## Using on Azure\n\nRequires:\n\n- `c7n_azure` package. See [Installing Azure Plugin](https://cloudcustodian.io/docs/azure/gettingstarted.html#azure-install-cc)\n- SendGrid account. See [Using SendGrid with Azure](https://docs.microsoft.com/en-us/azure/sendgrid-dotnet-how-to-send-email)\n- [Azure Storage Queue](https://azure.microsoft.com/en-us/services/storage/queues/)\n\nThe mailer supports an Azure Storage Queue transport and SendGrid delivery on Azure.\nConfiguration for this scenario requires only minor changes from AWS deployments.\n\nYou will need to grant `Storage Queue Data Contributor` role on the Queue for the identity\nmailer is running under.\n\nThe notify action in your policy will reflect transport type `asq` with the URL\nto an Azure Storage Queue. For example:\n\n```yaml\npolicies:\n - name: azure-notify\n resource: azure.resourcegroup\n description: send a message to a mailer instance\n actions:\n - type: notify\n template: default\n priority_header: \'2\'\n subject: Hello from C7N Mailer\n to:\n - you@youremail.com\n transport:\n type: asq\n queue: https://storageaccount.queue.core.windows.net/queuename\n```\n\nIn your mailer configuration, you\'ll need to provide your SendGrid API key as well as\nprefix your queue URL with `asq://` to let mailer know what type of queue it is:\n\n```yaml\nqueue_url: asq://storageaccount.queue.core.windows.net/queuename\nfrom_address: you@youremail.com\nsendgrid_api_key: SENDGRID_API_KEY\n```\n\nThe mailer will transmit all messages found on the queue on each execution, and will retry\nsending 3 times in the event of a failure calling SendGrid. After the retries the queue\nmessage will be discarded.\n\nIn addition, SendGrid delivery on Azure supports using resource tags to send emails. For example, in the `to` field:\n\n```yaml\nto:\n - tag:OwnerEmail\n```\n\nThis will find the email address associated with the resource\'s `OwnerEmail` tag, and send an email to the specified address.\nIf no tag is found, or the associated email address is invalid, no email will be sent. \n\n#### Deploying Azure Functions\n\nThe `--update-lambda` CLI option will also deploy Azure Functions if you have an Azure\nmailer configuration.\n\n`c7n-mailer --config mailer.yml --update-lambda`\n\nwhere a simple `mailer.yml` using Consumption functions may look like:\n\n```yaml\nqueue_url: asq://storage.queue.core.windows.net/custodian\nfrom_address: foo@mail.com\nsendgrid_api_key: \nfunction_properties:\n servicePlan:\n name: \'testmailer1\'\n```\n\n## Writing an email template\n\nTemplates are authored in [jinja2](http://jinja.pocoo.org/docs/dev/templates/).\nDrop a file with the `.j2` extension into the a templates directory, and send a pull request to this\nrepo. You can then reference it in the `notify` action as the `template`\nvariable by file name minus extension. Templates ending with `.html.j2` are\nsent as HTML-formatted emails, all others are sent as plain text.\n\nYou can use `-t` or `--templates` cli argument to pass custom folder with your templates.\n\nThe following variables are available when rendering templates:\n\n| variable | value |\n|:------------------|:-------------------------------------------------------------|\n| `recipient` | email address |\n| `resources` | list of resources that matched the policy filters |\n| `event` | for CWE-push-based lambda policies, the event that triggered |\n| `action` | `notify` action that generated this SQS message |\n| `policy` | policy that triggered this notify action |\n| `account` | short name of the aws account |\n| `region` | region the policy was executing in |\n| `execution_start` | The time policy started executing |\n\nThe following extra global functions are available:\n\n| signature | behavior |\n|:-----------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------|\n| `format_struct(struct)` | pretty print a json structure |\n| `resource_tag(resource, key)` | retrieve a tag value from a resource or return an empty string, aliased as get_resource_tag_value |\n| `format_resource(resource, resource_type)` | renders a one line summary of a resource |\n| `date_time_format(utc_str, tz_str=\'US/Eastern\', format=\'%Y %b %d %H:%M %Z\')` | customize rendering of an utc datetime string |\n| `search(expression, value)` | jmespath search value using expression |\n| `yaml_safe(value)` | yaml dumper |\n\nThe following extra jinja filters are available:\n\n| filter | behavior |\n|:-----------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| utc_string|date_time_format(tz_str=\'US/Pacific\', format=\'%Y %b %d %H:%M %Z\') | pretty [format](https://docs.python.org/2/library/datetime.html#strftime-strptime-behavior) the date / time |\n| 30|get_date_time_delta | Convert a time [delta](https://docs.python.org/2/library/datetime.html#datetime.timedelta) like \'30\' days in the future, to a datetime string. You can also use negative values for the past. |\n\n\n## Developer Install (OS X El Capitan)\n\nClone the repository:\n```\n$ git clone https://github.com/cloud-custodian/cloud-custodian\n```\nInstall dependencies (with virtualenv):\n```\n$ virtualenv c7n_mailer\n$ source c7n_mailer/bin/activate\n$ cd tools/c7n_mailer\n$ pip install -r requirements.txt\n```\nInstall the extensions:\n```\npython setup.py develop\n```\n\n## Testing Templates and Recipients\n\nA ``c7n-mailer-replay`` entrypoint is provided to assist in testing email notifications\nand templates. This script operates on an actual SQS message from cloud-custodian itself,\nwhich you can either retrieve from the SQS queue or replicate locally. By default it expects\nthe message file to be base64-encoded, gzipped JSON, just like c7n sends to SQS. With the\n``-p`` | ``--plain`` argument, it will expect the message file to contain plain JSON.\n\n``c7n-mailer-replay`` has three main modes of operation:\n\n* With no additional arguments, it will render the template specified by the policy the\n message is for, and actually send mail from the local machine as ``c7n-mailer`` would.\n This only works with SES, not SMTP.\n* With the ``-T`` | ``--template-print`` argument, it will log the email addresses that would\n receive mail, and print the rendered message body template to STDOUT.\n* With the ``-d`` | ``--dry-run`` argument, it will print the actual email body (including headers)\n that would be sent, for each message that would be sent, to STDOUT.\n \n#### Testing Templates for Azure\n\nThe ``c7n-mailer-replay`` entrypoint can be used to test templates for Azure with either of the arguments:\n* ``-T`` | ``--template-print`` \n* ``-d`` | ``--dry-run`` \n \nRunning ``c7n-mailer-replay`` without either of these arguments will throw an error as it will attempt\nto authorize with AWS. \n\nThe following is an example for retrieving a sample message to test against templates:\n\n* Run a policy with the notify action, providing the name of the template to test, to populate the queue.\n\n* Using the azure cli, save the message locally: \n```\n$ az storage message get --queue-name --account-name --query \'[].content\' > test_message.gz\n```\n* The example message can be provided to ``c7n-mailer-replay`` by running:\n\n```\n$ c7n-mailer-replay test_message.gz -T --config mailer.yml\n```\n', + 'long_description': '# c7n-mailer: Custodian Mailer\n\n[//]: # ( !!! IMPORTANT !!! )\n[//]: # (This file is moved during document generation.)\n[//]: # (Only edit the original document at ./tools/c7n_mailer/README.md)\n\nA mailer implementation for Custodian. Outbound mail delivery is still somewhat\norganization-specific, so this at the moment serves primarily as an example\nimplementation.\n\n> The Cloud Custodian Mailer can now be easily run in a Docker container. Click [here](https://hub.docker.com/r/cloudcustodian/mailer) for details.\n\n\n## Message Relay\n\nCustodian Mailer subscribes to an SQS queue, looks up users, and sends email\nvia SES and/or send notification to DataDog. Custodian lambda and instance policies can send to it. SQS queues\nshould be cross-account enabled for sending between accounts.\n\n\n## Tutorial\n\nOur goal in starting out with the Custodian mailer is to install the mailer,\nand run a policy that triggers an email to your inbox.\n\n1. [Install](#developer-install-os-x-el-capitan) the mailer on your laptop (if you are not running as a [Docker container](https://hub.docker.com/r/cloudcustodian/mailer)\n - or use `pip install c7n-mailer`\n2. In your text editor, create a `mailer.yml` file to hold your mailer config.\n3. In the AWS console, create a new standard SQS queue (quick create is fine).\n Copy the queue URL to `queue_url` in `mailer.yml`.\n4. In AWS, locate or create a role that has read access to the queue. Grab the\n role ARN and set it as `role` in `mailer.yml`.\n\nThere are different notification endpoints options, you can combine both.\n\n### Email:\nMake sure your email address is verified in SES, and set it as\n`from_address` in `mailer.yml`. By default SES is in sandbox mode where you\nmust\n[verify](http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html)\nevery individual recipient of emails. If need be, make an AWS support ticket to\nbe taken out of SES sandbox mode.\n\nYour `mailer.yml` should now look something like this:\n\n```yaml\nqueue_url: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\nrole: arn:aws:iam::123456790:role/c7n-mailer-test\nfrom_address: you@example.com\n```\n\nYou can also set `region` if you are in a region other than `us-east-1` as well as `lambda_tags` to give the mailer tags.\n\n```yaml\nregion: us-east-2\nlambda_tags:\n owner: ops\n```\n\nNow let\'s make a Custodian policy to populate your mailer queue. Create a\n`test-policy.yml` file with this content (update `to` and `queue` to match your\nenvironment)\n\n```yaml\n policies:\n - name: c7n-mailer-test\n resource: sqs\n filters:\n - "tag:MailerTest": absent\n actions:\n - type: notify\n template: default\n priority_header: \'2\'\n subject: testing the c7n mailer\n to:\n - you@example.com\n transport:\n type: sqs\n queue: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\n```\n\n### DataDog:\nThe standard way to do a DataDog integration is use the\nc7n integration with AWS CloudWatch and use the\n[DataDog integration with AWS](https://docs.datadoghq.com/integrations/amazon_web_services/)\nto collect CloudWatch metrics. The mailer/messenger integration is only\nfor the case you don\'t want or you can\'t use AWS CloudWatch.\n\nNote this integration requires the additional dependency of datadog python bindings:\n```\npip install datadog\n```\n\nYour `mailer.yml` should now look something like this:\n\n```yaml\nqueue_url: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\nrole: arn:aws:iam::123456790:role/c7n-mailer-test\ndatadog_api_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX\ndatadog_application_key: YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY\n```\n\n(Also set `region` if you are in a region other than `us-east-1`.)\n\nNow let\'s make a Custodian policy to populate your mailer queue. Create a\n`test-policy.yml`:\n\n```yaml\npolicies:\n - name: c7n-mailer-test\n resource: ebs\n filters:\n - Attachments: []\n actions:\n - type: notify\n to:\n - datadog://?metric_name=datadog.metric.name&metric_value_tag=Size\n transport:\n type: sqs\n queue: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\n```\n\nThere is a special `to` format that specifies datadog delivery, and includes the datadog configuration via url parameters.\n- metric_name: is the name of the metrics send to DataDog\n- metric_value_tag: by default the metric value send to DataDog is `1` but if you want to use one of the tags returned in the policy you can set it with the attribute `metric_value_tag`, for example in the `test-policy.yml` the value used is the size of the EBS volume. The value must be a number and it\'s transformed to a float value.\n\n### Slack:\n\nThe Custodian mailer supports Slack messaging as a separate notification mechanism for the SQS transport method. To enable Slack integration, you must specify a Slack token in the `slack_token` field under the `mailer.yml` file.\n\n```yaml\nqueue_url: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\nrole: arn:aws:iam::123456790:role/c7n-mailer-test\nslack_token: xoxo-token123\n```\n\nTo enable Slack messaging, several unique fields are evaluated in the policy, as shown in the below example:\n\n```\npolicies:\n - name: c7n-mailer-test\n resource: ebs\n filters:\n - Attachments: []\n actions:\n - type: notify\n slack_template: slack\n to:\n - slack://owners\n - slack://foo@bar.com\n - slack://#custodian-test\n - slack://webhook/#c7n-webhook-test\n - slack://tag/resource_tag\n - https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX\n transport:\n type: sqs\n queue: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\n```\n\nSlack messages support use of a unique template field specified by `slack_template`. This field is unique and usage will not break\nexisting functionality for messages also specifying an email template in the `template` field. This field is optional, however,\nand if not specified, the mailer will use the default value `slack_default`.\n\nSlack integration for the mailer supports several flavors of messaging, listed below. These are not mutually exclusive and any combination of the types can be used, but the preferred method is [incoming webhooks](https://api.slack.com/incoming-webhooks).\n\n| Requires `slack_token` | Key | Type | Notes |\n|:---------------------------:|:--------------------------------------------------------------------------------|:-------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| No | `https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX` | string | **(PREFERRED)** Send to an [incoming webhook](https://api.slack.com/incoming-webhooks) (the channel is defined in the webhook) |\n| Yes | `slack://owners` | string | Send to the recipient list generated within email delivery logic |\n| Yes | `slack://foo@bar.com` | string | Send to the recipient specified by email address foo@bar.com |\n| Yes | `slack://#custodian-test` | string | Send to the Slack channel indicated in string, i.e. #custodian-test |\n| No | `slack://webhook/#c7n-webhook-test` | string | **(DEPRECATED)** Send to a Slack webhook; appended with the target channel. **IMPORTANT**: *This requires a `slack_webhook` value defined in the `mailer.yml`.* |\n| Yes | `slack://tag/resource-tag` | string | Send to target found in resource tag. Example of value in tag: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX |\n\nSlack delivery can also be set via a resource\'s tag name. For example, using "slack://tag/slack_channel" will look for a tag name of \'slack_channel\', and if matched on a resource will deliver the message to the value of that resource\'s tag:\n\n`slack_channel:https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX`\n\nDelivery via tag has been tested with webhooks but should support all delivery methods.\n\n### Splunk HTTP Event Collector (HEC)\n\nThe Custodian mailer supports delivery to the HTTP Event Collector (HEC) endpoint of a Splunk instance as a separate notification mechanism for the SQS transport method. To enable Splunk HEC integration, you must specify the URL to the HEC endpoint as well as a valid username and token:\n\n```yaml\nqueue_url: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\nrole: arn:aws:iam::123456790:role/c7n-mailer-test\nsplunk_hec_url: https://http-inputs-foo.splunkcloud.com/services/collector/event\nsplunk_hec_token: 268b3cc2-f32e-4a19-a1e8-aee08d86ca7f\n```\n\nTo send events for a policy to the Splunk HEC endpoint, add a ``to`` address notify action specifying the name of the Splunk index to send events to in the form ``splunkhec://indexName``:\n\n```\npolicies:\n - name: c7n-mailer-test\n resource: ebs\n filters:\n - Attachments: []\n actions:\n - type: notify\n to:\n - splunkhec://myIndexName\n transport:\n type: sqs\n queue: https://sqs.us-east-1.amazonaws.com/1234567890/c7n-mailer-test\n```\n\nThe ``splunkhec://indexName`` address type can be combined in the same notify action with other destination types (e.g. email, Slack, DataDog, etc).\n\n### Now run:\n\n```\nc7n-mailer --config mailer.yml --update-lambda && custodian run -c test-policy.yml -s .\n```\n\nNote: You can set the profile via environment variable e.g. `export AWS_DEFAULT_PROFILE=foo`\n\nYou should see output similar to the following:\n\n```\n(env) $ c7n-mailer --config mailer.yml --update-lambda && custodian run -c test-policy.yml -s .\nDEBUG:custodian.lambda:Created custodian lambda archive size: 3.01mb\n2017-01-12 07:55:16,227: custodian.policy:INFO Running policy c7n-mailer-test resource: sqs region:default c7n:0.8.22.0\n2017-01-12 07:55:16,229: custodian.policy:INFO policy: c7n-mailer-test resource:sqs has count:1 time:0.00\n2017-01-12 07:55:18,017: custodian.actions:INFO sent message:dead-beef policy:c7n-mailer-test template:default count:1\n2017-01-12 07:55:18,017: custodian.policy:INFO policy: c7n-mailer-test action: notify resources: 1 execution_time: 1.79\n(env) $\n```\n\nCheck the AWS console for a new Lambda named `cloud-custodian-mailer`. The\nmailer runs every five minutes, so wait a bit and then look for an email in\nyour inbox. If it doesn\'t appear, look in the lambda\'s logs for debugging\ninformation. If it does, congratulations! You are off and running with the\nCustodian mailer.\n\n\n## Usage & Configuration\n\nOnce [installed](#developer-install-os-x-el-capitan) you should have a\n`c7n-mailer` executable on your path:\naws\n```\n(env) $ c7n-mailer\nusage: c7n-mailer [-h] -c CONFIG\nc7n-mailer: error: argument -c/--config is required\n(env) $\n```\n\nFundamentally what `c7n-mailer` does is deploy a Lambda (using\n[Mu](http://cloudcustodian.io/docs/policy/mu.html)) based on\nconfiguration you specify in a YAML file. Here is [the\nschema](./c7n_mailer/cli.py#L11-L41) to which the file must conform,\nand here is a description of the options:\n\n| Required? | Key | Type | Notes |\n|:---------:|:----------------|:-----------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ✅ | `queue_url` | string | the queue to listen to for messages |\n| | `from_address` | string | default from address |\n| | `endpoint_url` | string | SQS API URL (for use with VPC Endpoints) |\n| | `contact_tags` | array of strings | tags that we should look at for address information |\n\n#### Standard Lambda Function Config\n\n| Required? | Key | Type |\n|:---------:|:---------------------|:-----------------|\n| | `dead_letter_config` | object |\n| | `memory` | integer |\n| | `region` | string |\n| ✅ | `role` | string |\n| | `runtime` | string |\n| | `security_groups` | array of strings |\n| | `subnets` | array of strings |\n| | `timeout` | integer |\n\n#### Standard Azure Functions Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:----------------------|:-------|:---------------------------------------------------------------------------------------|\n| | `function_properties` | object | Contains `appInsights`, `storageAccount` and `servicePlan` objects |\n| | `appInsights` | object | Contains `name`, `location` and `resourceGroupName` properties |\n| | `storageAccount` | object | Contains `name`, `location` and `resourceGroupName` properties |\n| | `servicePlan` | object | Contains `name`, `location`, `resourceGroupName`, `skuTier` and `skuName` properties |\n| | `name` | string | |\n| | `location` | string | Default: `west us 2` |\n| | `resourceGroupName` | string | Default `cloud-custodian` |\n| | `skuTier` | string | Default: `Basic` |\n| | `skuName` | string | Default: `B1` |\n\n\n\n\n#### Mailer Infrastructure Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:----------------------------|:--------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| | `cache_engine` | string | cache engine; either sqlite or redis |\n| | `cross_accounts` | object | account to assume back into for sending to SNS topics |\n| | `debug` | boolean | debug on/off |\n| | `ldap_bind_dn` | string | eg: ou=people,dc=example,dc=com |\n| | `ldap_bind_user` | string | eg: FOO\\\\BAR |\n| | `ldap_bind_password` | string | ldap bind password |\n| | `ldap_bind_password_in_kms` | boolean | defaults to true, most people (except capone) want to set this to false. If set to true, make sure `ldap_bind_password` contains your KMS encrypted ldap bind password as a base64-encoded string. |\n| | `ldap_email_attribute` | string | |\n| | `ldap_email_key` | string | eg \'mail\' |\n| | `ldap_manager_attribute` | string | eg \'manager\' |\n| | `ldap_uid_attribute` | string | |\n| | `ldap_uid_regex` | string | |\n| | `ldap_uid_tags` | string | |\n| | `ldap_uri` | string | eg \'ldaps://example.com:636\' |\n| | `redis_host` | string | redis host if cache_engine == redis |\n| | `redis_port` | integer | redis port, default: 6369 |\n| | `ses_region` | string | AWS region that handles SES API calls |\n\n#### SMTP Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:----------------|:-----------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| | `smtp_server` | string | to configure your lambda role to talk to smtpd in your private vpc, see [here](https://docs.aws.amazon.com/lambda/latest/dg/vpc.html) | |\n| | `smtp_port` | integer | smtp port (default is 25) |\n| | `smtp_ssl` | boolean | this defaults to True |\n| | `smtp_username` | string | |\n| | `smtp_password` | secured string | |\n\nIf `smtp_server` is unset, `c7n_mailer` will use AWS SES or Azure SendGrid.\n\n#### DataDog Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:--------------------------|:-------|:-------------------------|\n| | `datadog_api_key` | string | DataDog API key. |\n| | `datadog_application_key` | string | Datadog application key. |\n\nThese fields are not necessary if c7n_mailer is run in a instance/lambda/etc with the DataDog agent.\n\n#### Slack Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:--------------|:-------|:----------------|\n| | `slack_token` | string | Slack API token |\n\n#### SendGrid Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:-------------------|:---------------|:-------------------|\n| | `sendgrid_api_key` | secured string | SendGrid API token |\n\n\n#### Splunk HEC Config\n\nThe following configuration items are *all* optional. The ones marked "Required for Splunk" are only required if you\'re sending notifications to ``splunkhec://`` destinations.\n\n| Required for Splunk? | Key | Type | Notes |\n|:--------------------:|:------------------------|:-----------------|:-----------------------------------------------------------------------------------------------------------------------------------|\n| ✅ | `splunk_hec_url` | string | URL to your Splunk HTTP Event Collector endpoint |\n| ✅ | `splunk_hec_token` | string | Splunk HEC authentication token for specified username |\n| | `splunk_remove_paths` | array of strings | List of [RFC6901](http://tools.ietf.org/html/rfc6901) JSON Pointers to remove from the event, if present, before sending to Splunk |\n| | `splunk_actions_list` | boolean | If true, add an `actions` list to the top-level message sent to Splunk, containing the names of all non-notify actions taken |\n| | `splunk_max_attempts` | integer | Maximum number of times to try POSTing data to Splunk HEC (default 4) |\n| | `splunk_hec_max_length` | integer | Maximum data length that Splunk HEC accepts; an error will be logged for any message sent over this length |\n\n#### SDK Config\n\n| Required? | Key | Type | Notes |\n|:---------:|:--------------|:-------|:------|\n| | `http_proxy` | string | |\n| | `https_proxy` | string | |\n| | `profile` | string | |\n\n\n#### Secured String\n\nIn order to ensure sensitive data is not stored plaintext in a policy, `c7n-mailer` supports secured\nstrings. You can treat it as a regular `string` or use `secured string` features.\n\n##### AWS\n\nYou can use KMS to encrypt your secrets and use encrypted secret in mailer policy.\nCustodian tries to decrypt the string using KMS, if it fails c7n treats it as a plaintext secret.\n\n```yaml\n plaintext_secret: \n secured_string: \n```\n\n##### Azure\n\nYou can store your secrets in Azure Key Vault secrets and reference them from the policy.\n\n```yaml\n plaintext_secret: \n secured_string:\n type: azure.keyvault\n secret: https://your-vault.vault.azure.net/secrets/your-secret\n```\n\nNote: `secrets.get` permission on the KeyVault for the Service Principal is required.\n\n## Configuring a policy to send email\n\nOutbound email can be added to any policy by including the `notify` action.\n\n```yaml\n\npolicies:\n - name: bad-apples\n resource: asg\n filters:\n - "tag:ASV": absent\n actions:\n - type: notify\n template: default\n template_format: \'html\'\n priority_header: \'1\'\n subject: fix your tags\n to:\n - resource-owner\n owner_absent_contact:\n - foo@example.com\n transport:\n type: sqs\n queue: https://sqs.us-east-1.amazonaws.com/80101010101/cloud-custodian-message-relay\n```\n\nSo breaking it down, you add an action of type `notify`. You can specify a\ntemplate that\'s used to format the email; customizing templates is described\n[below](#writing-an-email-template).\n\nThe `to` list specifies the intended recipient for the email. You can specify\neither an email address, an SNS topic, a Datadog Metric, or a special value. The special values\nare either\n\n- `resource-owner`, in which case the email will be sent to the listed\n `OwnerContact` tag on the resource that matched the policy, or\n- `event-owner` for push-based/realtime policies that will send to the user\n that was responsible for the underlying event.\n- `priority_header` to indicate the importance of an email with [headers](https://www.chilkatsoft.com/p/p_471.asp). Different emails clients will display stars, exclamation points or flags depending on the value. Should be an string from 1 to 5.\n\nBoth of these special values are best effort, i.e., if no `OwnerContact` tag is\nspecified then `resource-owner` email will not be delivered, and in the case of\n`event-owner` an instance role or system account will not result in an email.\n\nThe optional `owner_absent_contact` list specifies email addresses to notify only if\nthe `resource-owner` special option was unable to find any matching owner contact\ntags.\n\nIn addition, you may choose to use a custom tag instead of the default `OwnerContact`. In order to configure this, the mailer.yaml must be modified to include the contact_tags and the custom tag. The `resource-owner` will now email the custom tag instead of `OwnerContact`.\n\n```yaml\ncontact_tags:\n - "custom_tag"\n```\n\n\nFor reference purposes, the JSON Schema of the `notify` action:\n\n```json\n{\n "type": "object",\n "required": ["type", "transport", "to"],\n "properties": {\n "type": {"enum": ["notify"]},\n "to": {"type": "array", "items": {"type": "string"}},\n "owner_absent_contact": {"type": "array", "items": {"type": "string"}},\n "subject": {"type": "string"},\n "priority_header": {"type": "string"},\n "template": {"type": "string"},\n "transport": {\n "type": "object",\n "required": ["type", "queue"],\n "properties": {\n "queue": {"type": "string"},\n "region": {"type": "string"},\n "type": {"enum": ["sqs"]}\n }\n }\n }\n}\n```\n\n## Using on Azure\n\nRequires:\n\n- `c7n_azure` package. See [Installing Azure Plugin](https://cloudcustodian.io/docs/azure/gettingstarted.html#azure-install-cc)\n- SendGrid account. See [Using SendGrid with Azure](https://docs.microsoft.com/en-us/azure/sendgrid-dotnet-how-to-send-email)\n- [Azure Storage Queue](https://azure.microsoft.com/en-us/services/storage/queues/)\n\nThe mailer supports an Azure Storage Queue transport and SendGrid delivery on Azure.\nConfiguration for this scenario requires only minor changes from AWS deployments.\n\nYou will need to grant `Storage Queue Data Contributor` role on the Queue for the identity\nmailer is running under.\n\nThe notify action in your policy will reflect transport type `asq` with the URL\nto an Azure Storage Queue. For example:\n\n```yaml\npolicies:\n - name: azure-notify\n resource: azure.resourcegroup\n description: send a message to a mailer instance\n actions:\n - type: notify\n template: default\n priority_header: \'2\'\n subject: Hello from C7N Mailer\n to:\n - you@youremail.com\n transport:\n type: asq\n queue: https://storageaccount.queue.core.windows.net/queuename\n```\n\nIn your mailer configuration, you\'ll need to provide your SendGrid API key as well as\nprefix your queue URL with `asq://` to let mailer know what type of queue it is:\n\n```yaml\nqueue_url: asq://storageaccount.queue.core.windows.net/queuename\nfrom_address: you@youremail.com\nsendgrid_api_key: SENDGRID_API_KEY\n```\n\nThe mailer will transmit all messages found on the queue on each execution, and will retry\nsending 3 times in the event of a failure calling SendGrid. After the retries the queue\nmessage will be discarded.\n\nIn addition, SendGrid delivery on Azure supports using resource tags to send emails. For example, in the `to` field:\n\n```yaml\nto:\n - tag:OwnerEmail\n```\n\nThis will find the email address associated with the resource\'s `OwnerEmail` tag, and send an email to the specified address.\nIf no tag is found, or the associated email address is invalid, no email will be sent.\n\n#### Deploying Azure Functions\n\nThe `--update-lambda` CLI option will also deploy Azure Functions if you have an Azure\nmailer configuration.\n\n`c7n-mailer --config mailer.yml --update-lambda`\n\nwhere a simple `mailer.yml` using Consumption functions may look like:\n\n```yaml\nqueue_url: asq://storage.queue.core.windows.net/custodian\nfrom_address: foo@mail.com\nsendgrid_api_key: \nfunction_properties:\n servicePlan:\n name: \'testmailer1\'\n```\n\n## Writing an email template\n\nTemplates are authored in [jinja2](http://jinja.pocoo.org/docs/dev/templates/).\nDrop a file with the `.j2` extension into the a templates directory, and send a pull request to this\nrepo. You can then reference it in the `notify` action as the `template`\nvariable by file name minus extension. Templates ending with `.html.j2` are\nsent as HTML-formatted emails, all others are sent as plain text.\n\nYou can use `-t` or `--templates` cli argument to pass custom folder with your templates.\n\nThe following variables are available when rendering templates:\n\n| variable | value |\n|:------------------|:-------------------------------------------------------------|\n| `recipient` | email address |\n| `resources` | list of resources that matched the policy filters |\n| `event` | for CWE-push-based lambda policies, the event that triggered |\n| `action` | `notify` action that generated this SQS message |\n| `policy` | policy that triggered this notify action |\n| `account` | short name of the aws account |\n| `region` | region the policy was executing in |\n| `execution_start` | The time policy started executing |\n\nThe following extra global functions are available:\n\n| signature | behavior |\n|:-----------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------|\n| `format_struct(struct)` | pretty print a json structure |\n| `resource_tag(resource, key)` | retrieve a tag value from a resource or return an empty string, aliased as get_resource_tag_value |\n| `format_resource(resource, resource_type)` | renders a one line summary of a resource |\n| `date_time_format(utc_str, tz_str=\'US/Eastern\', format=\'%Y %b %d %H:%M %Z\')` | customize rendering of an utc datetime string |\n| `search(expression, value)` | jmespath search value using expression |\n| `yaml_safe(value)` | yaml dumper |\n\nThe following extra jinja filters are available:\n\n| filter | behavior |\n|:-----------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| utc_string|date_time_format(tz_str=\'US/Pacific\', format=\'%Y %b %d %H:%M %Z\') | pretty [format](https://docs.python.org/2/library/datetime.html#strftime-strptime-behavior) the date / time |\n| 30|get_date_time_delta | Convert a time [delta](https://docs.python.org/2/library/datetime.html#datetime.timedelta) like \'30\' days in the future, to a datetime string. You can also use negative values for the past. |\n\n\n## Developer Install (OS X El Capitan)\n\nClone the repository:\n```\n$ git clone https://github.com/cloud-custodian/cloud-custodian\n```\nInstall dependencies (with virtualenv):\n```\n$ virtualenv c7n_mailer\n$ source c7n_mailer/bin/activate\n$ cd tools/c7n_mailer\n$ pip install -r requirements.txt\n```\nInstall the extensions:\n```\npython setup.py develop\n```\n\n## Testing Templates and Recipients\n\nA ``c7n-mailer-replay`` entrypoint is provided to assist in testing email notifications\nand templates. This script operates on an actual SQS message from cloud-custodian itself,\nwhich you can either retrieve from the SQS queue or replicate locally. By default it expects\nthe message file to be base64-encoded, gzipped JSON, just like c7n sends to SQS. With the\n``-p`` | ``--plain`` argument, it will expect the message file to contain plain JSON.\n\n``c7n-mailer-replay`` has three main modes of operation:\n\n* With no additional arguments, it will render the template specified by the policy the\n message is for, and actually send mail from the local machine as ``c7n-mailer`` would.\n This only works with SES, not SMTP.\n* With the ``-T`` | ``--template-print`` argument, it will log the email addresses that would\n receive mail, and print the rendered message body template to STDOUT.\n* With the ``-d`` | ``--dry-run`` argument, it will print the actual email body (including headers)\n that would be sent, for each message that would be sent, to STDOUT.\n\n#### Testing Templates for Azure\n\nThe ``c7n-mailer-replay`` entrypoint can be used to test templates for Azure with either of the arguments:\n* ``-T`` | ``--template-print``\n* ``-d`` | ``--dry-run``\n\nRunning ``c7n-mailer-replay`` without either of these arguments will throw an error as it will attempt\nto authorize with AWS.\n\nThe following is an example for retrieving a sample message to test against templates:\n\n* Run a policy with the notify action, providing the name of the template to test, to populate the queue.\n\n* Using the azure cli, save the message locally:\n```\n$ az storage message get --queue-name --account-name --query \'[].content\' > test_message.gz\n```\n* The example message can be provided to ``c7n-mailer-replay`` by running:\n\n```\n$ c7n-mailer-replay test_message.gz -T --config mailer.yml\n```\n', 'long_description_content_type': 'text/markdown', 'author': 'Cloud Custodian Project', 'author_email': None, diff --git a/tools/c7n_org/poetry.lock b/tools/c7n_org/poetry.lock index ea7aaffb191..b5dd9b387d4 100644 --- a/tools/c7n_org/poetry.lock +++ b/tools/c7n_org/poetry.lock @@ -43,10 +43,10 @@ description = "The AWS SDK for Python" name = "boto3" optional = false python-versions = "*" -version = "1.13.12" +version = "1.13.14" [package.dependencies] -botocore = ">=1.16.12,<1.17.0" +botocore = ">=1.16.14,<1.17.0" jmespath = ">=0.7.1,<1.0.0" s3transfer = ">=0.3.0,<0.4.0" @@ -56,7 +56,7 @@ description = "Low-level, data-driven core of boto 3." name = "botocore" optional = false python-versions = "*" -version = "1.16.12" +version = "1.16.14" [package.dependencies] docutils = ">=0.10,<0.16" @@ -351,12 +351,12 @@ attrs = [ {file = "attrs-19.3.0.tar.gz", hash = "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72"}, ] boto3 = [ - {file = "boto3-1.13.12-py2.py3-none-any.whl", hash = "sha256:bf1346365829525dfd8dbbafb5dbfd7383ad0872370301643d65c6190f7f5813"}, - {file = "boto3-1.13.12.tar.gz", hash = "sha256:c46f31f085de660b95162c66057bae9ebb1658a245c9210162cee9671b0ff678"}, + {file = "boto3-1.13.14-py2.py3-none-any.whl", hash = "sha256:74d78ca0fd706f447a5f787d88214b298b213b1eddf2e8197051a0844df45146"}, + {file = "boto3-1.13.14.tar.gz", hash = "sha256:703157e8f16c57133fde0082a2d8b99ca6d36120ca4479df1464df80dd148a87"}, ] botocore = [ - {file = "botocore-1.16.12-py2.py3-none-any.whl", hash = "sha256:446c9279105f596765ece99b61656f76c5d5003556cd8301dd506d4f70e18940"}, - {file = "botocore-1.16.12.tar.gz", hash = "sha256:b75a5dc97f9ac795139ea2c651c07a8522e31dc280db17243e2b20e5c210547b"}, + {file = "botocore-1.16.14-py2.py3-none-any.whl", hash = "sha256:c8a5647069f978ae664987ebdeffaef0eb2910e88a52fcc8d52c9eb014fed8cc"}, + {file = "botocore-1.16.14.tar.gz", hash = "sha256:a8e4cb8ed5a7e59fce935c9a550ccf616e9d5a053d02c374832610c2e377ca92"}, ] c7n = [] click = [ diff --git a/tools/c7n_org/setup.py b/tools/c7n_org/setup.py index a221068dbba..4625d0c543b 100644 --- a/tools/c7n_org/setup.py +++ b/tools/c7n_org/setup.py @@ -12,13 +12,13 @@ install_requires = \ ['argcomplete (>=1.11.1,<2.0.0)', 'attrs (>=19.3.0,<20.0.0)', - 'boto3 (>=1.13.5,<2.0.0)', - 'botocore (>=1.16.5,<2.0.0)', + 'boto3 (>=1.13.14,<2.0.0)', + 'botocore (>=1.16.14,<2.0.0)', 'c7n (>=0.9.2,<0.10.0)', 'click>=7.0,<8.0', 'docutils (>=0.15.2,<0.16.0)', 'importlib-metadata (>=1.6.0,<2.0.0)', - 'jmespath (>=0.9.5,<0.10.0)', + 'jmespath (>=0.10.0,<0.11.0)', 'jsonschema (>=3.2.0,<4.0.0)', 'pyrsistent (>=0.16.0,<0.17.0)', 'python-dateutil (>=2.8.1,<3.0.0)', diff --git a/tools/c7n_policystream/poetry.lock b/tools/c7n_policystream/poetry.lock index 979fecff36e..a05b09b1e5f 100644 --- a/tools/c7n_policystream/poetry.lock +++ b/tools/c7n_policystream/poetry.lock @@ -43,10 +43,10 @@ description = "The AWS SDK for Python" name = "boto3" optional = false python-versions = "*" -version = "1.13.12" +version = "1.13.14" [package.dependencies] -botocore = ">=1.16.12,<1.17.0" +botocore = ">=1.16.14,<1.17.0" jmespath = ">=0.7.1,<1.0.0" s3transfer = ">=0.3.0,<0.4.0" @@ -56,7 +56,7 @@ description = "Low-level, data-driven core of boto 3." name = "botocore" optional = false python-versions = "*" -version = "1.16.12" +version = "1.16.14" [package.dependencies] docutils = ">=0.10,<0.16" @@ -412,12 +412,12 @@ attrs = [ {file = "attrs-19.3.0.tar.gz", hash = "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72"}, ] boto3 = [ - {file = "boto3-1.13.12-py2.py3-none-any.whl", hash = "sha256:bf1346365829525dfd8dbbafb5dbfd7383ad0872370301643d65c6190f7f5813"}, - {file = "boto3-1.13.12.tar.gz", hash = "sha256:c46f31f085de660b95162c66057bae9ebb1658a245c9210162cee9671b0ff678"}, + {file = "boto3-1.13.14-py2.py3-none-any.whl", hash = "sha256:74d78ca0fd706f447a5f787d88214b298b213b1eddf2e8197051a0844df45146"}, + {file = "boto3-1.13.14.tar.gz", hash = "sha256:703157e8f16c57133fde0082a2d8b99ca6d36120ca4479df1464df80dd148a87"}, ] botocore = [ - {file = "botocore-1.16.12-py2.py3-none-any.whl", hash = "sha256:446c9279105f596765ece99b61656f76c5d5003556cd8301dd506d4f70e18940"}, - {file = "botocore-1.16.12.tar.gz", hash = "sha256:b75a5dc97f9ac795139ea2c651c07a8522e31dc280db17243e2b20e5c210547b"}, + {file = "botocore-1.16.14-py2.py3-none-any.whl", hash = "sha256:c8a5647069f978ae664987ebdeffaef0eb2910e88a52fcc8d52c9eb014fed8cc"}, + {file = "botocore-1.16.14.tar.gz", hash = "sha256:a8e4cb8ed5a7e59fce935c9a550ccf616e9d5a053d02c374832610c2e377ca92"}, ] c7n = [] certifi = [ diff --git a/tools/c7n_policystream/requirements.txt b/tools/c7n_policystream/requirements.txt index ddb664a896d..8e0b89e5697 100644 --- a/tools/c7n_policystream/requirements.txt +++ b/tools/c7n_policystream/requirements.txt @@ -1,11 +1,11 @@ -boto3==1.13.5 -botocore==1.16.5 +boto3==1.13.14 +botocore==1.16.14 certifi==2020.4.5.1 chardet==3.0.4 click==7.1.2 docutils==0.15.2 idna==2.9 -jmespath==0.9.5 +jmespath==0.10.0 pygit2==1.0.3 python-dateutil==2.8.1 pyyaml==5.3.1 diff --git a/tools/c7n_policystream/setup.py b/tools/c7n_policystream/setup.py index 058813e0f19..229a21949c7 100644 --- a/tools/c7n_policystream/setup.py +++ b/tools/c7n_policystream/setup.py @@ -8,15 +8,14 @@ install_requires = \ ['argcomplete (>=1.11.1,<2.0.0)', 'attrs (>=19.3.0,<20.0.0)', - 'boto3 (>=1.13.5,<2.0.0)', + 'boto3 (>=1.13.14,<2.0.0)', 'boto3>=1.12.0,<2.0.0', - 'botocore (>=1.16.5,<2.0.0)', + 'botocore (>=1.16.14,<2.0.0)', 'c7n (>=0.9.2,<0.10.0)', 'click>=7.0,<8.0', 'docutils (>=0.15.2,<0.16.0)', 'importlib-metadata (>=1.6.0,<2.0.0)', - 'jmespath (>=0.9.5,<0.10.0)', - 'jmespath>=0.9.4,<0.10.0', + 'jmespath (>=0.10.0,<0.11.0)', 'jsonschema (>=3.2.0,<4.0.0)', 'pygit2>=1.0,<1.1', 'pyrsistent (>=0.16.0,<0.17.0)', diff --git a/tools/c7n_sphinxext/poetry.lock b/tools/c7n_sphinxext/poetry.lock index da2257922dd..6fe6d6d222a 100644 --- a/tools/c7n_sphinxext/poetry.lock +++ b/tools/c7n_sphinxext/poetry.lock @@ -53,10 +53,10 @@ description = "The AWS SDK for Python" name = "boto3" optional = false python-versions = "*" -version = "1.13.12" +version = "1.13.14" [package.dependencies] -botocore = ">=1.16.12,<1.17.0" +botocore = ">=1.16.14,<1.17.0" jmespath = ">=0.7.1,<1.0.0" s3transfer = ">=0.3.0,<0.4.0" @@ -66,7 +66,7 @@ description = "Low-level, data-driven core of boto 3." name = "botocore" optional = false python-versions = "*" -version = "1.16.12" +version = "1.16.14" [package.dependencies] docutils = ">=0.10,<0.16" @@ -542,12 +542,12 @@ babel = [ {file = "Babel-2.8.0.tar.gz", hash = "sha256:1aac2ae2d0d8ea368fa90906567f5c08463d98ade155c0c4bfedd6a0f7160e38"}, ] boto3 = [ - {file = "boto3-1.13.12-py2.py3-none-any.whl", hash = "sha256:bf1346365829525dfd8dbbafb5dbfd7383ad0872370301643d65c6190f7f5813"}, - {file = "boto3-1.13.12.tar.gz", hash = "sha256:c46f31f085de660b95162c66057bae9ebb1658a245c9210162cee9671b0ff678"}, + {file = "boto3-1.13.14-py2.py3-none-any.whl", hash = "sha256:74d78ca0fd706f447a5f787d88214b298b213b1eddf2e8197051a0844df45146"}, + {file = "boto3-1.13.14.tar.gz", hash = "sha256:703157e8f16c57133fde0082a2d8b99ca6d36120ca4479df1464df80dd148a87"}, ] botocore = [ - {file = "botocore-1.16.12-py2.py3-none-any.whl", hash = "sha256:446c9279105f596765ece99b61656f76c5d5003556cd8301dd506d4f70e18940"}, - {file = "botocore-1.16.12.tar.gz", hash = "sha256:b75a5dc97f9ac795139ea2c651c07a8522e31dc280db17243e2b20e5c210547b"}, + {file = "botocore-1.16.14-py2.py3-none-any.whl", hash = "sha256:c8a5647069f978ae664987ebdeffaef0eb2910e88a52fcc8d52c9eb014fed8cc"}, + {file = "botocore-1.16.14.tar.gz", hash = "sha256:a8e4cb8ed5a7e59fce935c9a550ccf616e9d5a053d02c374832610c2e377ca92"}, ] c7n = [] certifi = [ diff --git a/tools/c7n_sphinxext/requirements.txt b/tools/c7n_sphinxext/requirements.txt index d70c5c55810..553adb82378 100644 --- a/tools/c7n_sphinxext/requirements.txt +++ b/tools/c7n_sphinxext/requirements.txt @@ -10,7 +10,7 @@ imagesize==1.2.0 jinja2==2.11.2 markdown==3.0.1 markupsafe==1.1.1 -packaging==20.3 +packaging==20.4 pygments==2.6.1 pyparsing==2.4.7 pytz==2020.1 diff --git a/tools/c7n_sphinxext/setup.py b/tools/c7n_sphinxext/setup.py index 4142f694a9d..061b9990ae6 100644 --- a/tools/c7n_sphinxext/setup.py +++ b/tools/c7n_sphinxext/setup.py @@ -14,12 +14,12 @@ 'Sphinx>=3.0,<3.1', 'argcomplete (>=1.11.1,<2.0.0)', 'attrs (>=19.3.0,<20.0.0)', - 'boto3 (>=1.13.5,<2.0.0)', - 'botocore (>=1.16.5,<2.0.0)', + 'boto3 (>=1.13.14,<2.0.0)', + 'botocore (>=1.16.14,<2.0.0)', 'c7n (>=0.9.2,<0.10.0)', 'docutils (>=0.15.2,<0.16.0)', 'importlib-metadata (>=1.6.0,<2.0.0)', - 'jmespath (>=0.9.5,<0.10.0)', + 'jmespath (>=0.10.0,<0.11.0)', 'jsonschema (>=3.2.0,<4.0.0)', 'pyrsistent (>=0.16.0,<0.17.0)', 'python-dateutil (>=2.8.1,<3.0.0)', diff --git a/tools/c7n_trailcreator/poetry.lock b/tools/c7n_trailcreator/poetry.lock index bdfebe2be03..0c8562bfc2e 100644 --- a/tools/c7n_trailcreator/poetry.lock +++ b/tools/c7n_trailcreator/poetry.lock @@ -34,10 +34,10 @@ description = "The AWS SDK for Python" name = "boto3" optional = false python-versions = "*" -version = "1.13.12" +version = "1.13.14" [package.dependencies] -botocore = ">=1.16.12,<1.17.0" +botocore = ">=1.16.14,<1.17.0" jmespath = ">=0.7.1,<1.0.0" s3transfer = ">=0.3.0,<0.4.0" @@ -47,7 +47,7 @@ description = "Low-level, data-driven core of boto 3." name = "botocore" optional = false python-versions = "*" -version = "1.16.12" +version = "1.16.14" [package.dependencies] docutils = ">=0.10,<0.16" @@ -259,12 +259,12 @@ attrs = [ {file = "attrs-19.3.0.tar.gz", hash = "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72"}, ] boto3 = [ - {file = "boto3-1.13.12-py2.py3-none-any.whl", hash = "sha256:bf1346365829525dfd8dbbafb5dbfd7383ad0872370301643d65c6190f7f5813"}, - {file = "boto3-1.13.12.tar.gz", hash = "sha256:c46f31f085de660b95162c66057bae9ebb1658a245c9210162cee9671b0ff678"}, + {file = "boto3-1.13.14-py2.py3-none-any.whl", hash = "sha256:74d78ca0fd706f447a5f787d88214b298b213b1eddf2e8197051a0844df45146"}, + {file = "boto3-1.13.14.tar.gz", hash = "sha256:703157e8f16c57133fde0082a2d8b99ca6d36120ca4479df1464df80dd148a87"}, ] botocore = [ - {file = "botocore-1.16.12-py2.py3-none-any.whl", hash = "sha256:446c9279105f596765ece99b61656f76c5d5003556cd8301dd506d4f70e18940"}, - {file = "botocore-1.16.12.tar.gz", hash = "sha256:b75a5dc97f9ac795139ea2c651c07a8522e31dc280db17243e2b20e5c210547b"}, + {file = "botocore-1.16.14-py2.py3-none-any.whl", hash = "sha256:c8a5647069f978ae664987ebdeffaef0eb2910e88a52fcc8d52c9eb014fed8cc"}, + {file = "botocore-1.16.14.tar.gz", hash = "sha256:a8e4cb8ed5a7e59fce935c9a550ccf616e9d5a053d02c374832610c2e377ca92"}, ] c7n = [] c7n-org = [] diff --git a/tools/c7n_trailcreator/setup.py b/tools/c7n_trailcreator/setup.py index 72f816840b6..cb11c90ee87 100644 --- a/tools/c7n_trailcreator/setup.py +++ b/tools/c7n_trailcreator/setup.py @@ -12,15 +12,15 @@ install_requires = \ ['argcomplete (>=1.11.1,<2.0.0)', 'attrs (>=19.3.0,<20.0.0)', - 'boto3 (>=1.13.5,<2.0.0)', - 'botocore (>=1.16.5,<2.0.0)', + 'boto3 (>=1.13.14,<2.0.0)', + 'botocore (>=1.16.14,<2.0.0)', 'c7n (>=0.9.2,<0.10.0)', 'c7n-org (>=0.6.1,<0.7.0)', 'click (>=7.1.2,<8.0.0)', 'click>=7.0,<8.0', 'docutils (>=0.15.2,<0.16.0)', 'importlib-metadata (>=1.6.0,<2.0.0)', - 'jmespath (>=0.9.5,<0.10.0)', + 'jmespath (>=0.10.0,<0.11.0)', 'jsonschema (>=3.2.0,<4.0.0)', 'pyrsistent (>=0.16.0,<0.17.0)', 'python-dateutil (>=2.8.1,<3.0.0)',