Skip to main content

Automation Tools for CloudHealth

Project description


Python3 library and CLI tools to manage CloudHealth. Currently only includes a tool to create and manage CloudHealth perspectives. Plans to expand to account and tenant management.


Installation for normal everyday usage is done via `pip`.

pip3 install chtools

For Development a `requirements-dev.txt` file has been provided for installation of necessary Python packages needed for development and testing.


You will need a CloudHealth API Key to use any of these utilities. You can get your CloudHealth API key by the steps outlined here -

You can set the API Key either via a `CH_API_KEY` environment variable or via a `--api-key` argument.

As a provider you can specify a `--client-api-id` argument to perform actions against a tenant.


These tools are installed into your path to be used via the CLI.

### perspective-tool

The perspective-tool provides a programmatic way to interact with perspectives. It can do this either via [raw JSON schemas as described in the CloudHealth API Guide]( or via YAML based spec files.

The YAML based spec files are based on the JSON schema, but some "syntactical sugar" has been implemented to make them a bit more human friendly. YAML spec files support the following features:

* In the schema a rule can either ba a `filter` rule or a `categorize` rule. In the Web UI the `filter` rules are refereed to as `search` rules. Spec files allow you to use `filter` and `search` interchangeably.
* You don't need to worry about ref_ids or constructing Dynamic Groupings. You can reference the name of a perspective group you'd like the rule to use instead of needing the ref_id. `perspective-tool` will retrieve the correct ref_id based on the name or generate a new one if it's a new perspective group. This means new perspective groups are created just by referring to them.
* In the schema, `filter` rules use the `to` key to determine the perspective group it references, while `categorize` uses `ref_id`. Spec files allow you to use `to` for `categorize` as well, this makes things a bit more consistent between the two rule types. *Note: `categorize` rules currently have both a `to` and `name` keys, but spec will likely drop the need to specify the `name` key in the future.*
* The schema has many keys that require only a single item list as a value. Spec files support these as just string values.
* Spec files support lists of asset types for `filter` rules. A rule in the schema can only apply to a single asset type. This can lead to many rules that do almost the exact same thing. For example to get all taggable financial assets into a perspective group you need to includes rules for the assets: `AwsAsset`, `AwsTaggableAsset` & `AwsEmrCluster` *(it's possible the last one `AwsEmrCluster` is no longer needed)*. If you had three tags you wanted use to put into a single perspective group, then you would need 9 rules, 1 per tag per asset type. This features does need to be used with caution as some asset types don't really make sense with certain condition clauses. Recommended to just stick to combining asset types that utilize `tag_field`. Asset types included in a list like this should be considered logical ORs.

List of CLI arguments can be found via the help. Refer to the actual output of help to ensure latest info.
usage: perspective-tool [-h] [--api-key API_KEY]
[--client-api-id CLIENT_API_ID] [--name NAME]
[--spec-file SPEC_FILE] [--schema-file SCHEMA_FILE]
[--log-level LOG_LEVEL]

Create and manage perspectives from the command line.

positional arguments:
Perspective action to take.

optional arguments:
-h, --help show this help message and exit
--api-key API_KEY CloudHealth API Key. May also be set via the
CH_API_KEY environmental variable.
--client-api-id CLIENT_API_ID
CloudHealth client API ID.
--name NAME Name of the perspective to get or delete. Name for
create or update will come from the spec or schema
--spec-file SPEC_FILE
Path to the file containing YAML spec used to create
or update the perspective.
--schema-file SCHEMA_FILE
Path to the file containing JSON schema used to create
or update the perspective.
--log-level LOG_LEVEL
Log level sent to the console.


**Warning:** Due to a bug in the CloudHealth API groups are unable to be removed from perspectives via the API. Groups that should be deleted via the API will have their associated rules deleted, this will cause them to appear aqua green the Web UI making it easy to identify what should be remove. CleadHealth has acknowledged the bug, but it's unclear when it will be fixed.

Being familiar with [CloudHealth Perspective Schemas]( will help when dealing with spec files.

Examples of spec files can be found in `tests/specs`.

It's also a good idea create a rule in the Web GUI and then use the `perspective-tool` to look at the YAML spec for that perspective. Getting the YAML spec for a perspective can be done using a command such as:

perspective-tool get-spec --name test-perspective

Spec files used by `perspective-tool` are in YAML and support the following top-level keys, which all are required. Note all keys are lower case.

* name: Name of the perspective.
* include_in_reports: string 'true' or 'false'.
* rules: A list of rule mappings.

Each rule is a YAML mapping, with two types of rules `filter` and `categorize`.

`filter` rules have the following keys:

* type: either `filter` or `search`
* asset: either a string of a valid asset type or a list of valid asset types. Again some asset types may not make sense together in the same rule.
* to: The name of the perspective group that resources matching this rule should be assigned to. New groups will be created as needed.
* condition: A YAML mapping with the following keys:
* clauses: a list of clauses. It's really best to just go look at examples in `tests/specs` for what clauses look look. There can be nuances from one clause type to another, so best to create the rule in web GUI and then export the spec and see how it's been generated.
* combine_with: required and only allowed if the list of clauses include more than one item. Set to either OR or AND (uppercase) based on how you want the clauses evaluated.

`categorize` rules have the following keys for categorizing by tag. If you want to categorize by something else, then create the rule in web GUI and then export the spec and see how it's been generated.
* type: `categorize`
* asset: a string of a valid asset type (list not supported here for now, not sure API will support).
* to: The name of the perspective group resources matching this rule should be assigned to. New groups will be created as needed. Should be the set to be the same as `name`.
* name: This is the name that will of the perspective group that will be displayed. Should be the set to be the same as `to`.
* tag_field: The name of the tag to categorize by.

#### Caveats
The goal is for this tool to be somewhat generic, but it has really only been tested for certain use cases specific to deal with AWS resources.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

chtools-2.0.1.tar.gz (12.6 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page