def list_users(args, l, rc): from ambry.util import drop_empty from tabulate import tabulate headers = 'Id User Type Secret'.split() records = [] for k in l.accounts.keys(): acct = l.account(k) if acct.major_type == 'user': try: secret = acct.secret except Exception as e: secret = str(e) # "<corrupt secret>" records.append([acct.account_id, acct.user_id, acct.minor_type, secret]) if not records: return records = drop_empty([headers] + records) prt(tabulate(records[1:], records[0]))
def new_user(args, l, rc): from botocore.exceptions import ClientError client = get_client(args, 'iam') try: r = client.get_user(UserName=args.user_name) prt("User already exists") except ClientError: r = client.create_user(Path=AMBRY_PATH, UserName=args.user_name) iam = get_resource(args, 'iam') user_name = r['User']['UserName'] user = iam.User(user_name) key_pair = user.create_access_key_pair() account = l.find_or_new_account(user.arn) account.name = user.user_name account.major_type = 'iam' account.access_key = key_pair.id account.secret = key_pair.secret l.commit() prt("Created user : {}", user.user_name) prt("arn : {}", user.arn) prt("Access Key : {}", key_pair.id) prt("Secret Key : {}", key_pair.secret)
def new_user(args, l, rc): from botocore.exceptions import ClientError client = get_client(args, 'iam') try: r = client.get_user(UserName=args.user_name) prt("User already exists") except ClientError: r = client.create_user(Path=AMBRY_PATH, UserName=args.user_name) iam = get_resource(args, 'iam') user_name = r['User']['UserName'] user = iam.User(user_name) key_pair = user.create_access_key_pair() account = l.find_or_new_account(user.arn) account.name = user.user_name account.major_type = 'iam' account.access_key = key_pair.id account.secret = key_pair.secret l.commit() prt("Created user : {}", user.user_name ) prt("arn : {}", user.arn) prt("Access Key : {}", key_pair.id) prt("Secret Key : {}", key_pair.secret)
def add_user(args, l, rc): """Add or update a user""" from ambry.util import random_string from getpass import getpass account = l.find_or_new_account(args.user_name) account.major_type = 'user' account.access_key = args.user_name if args.admin: account.minor_type = 'admin' if not account.encrypted_secret or args.secret: account.secret = random_string(20) prt("Secret: {}".format(account.secret)) if args.password: password = args.password elif not account.encrypted_password: password = getpass().strip() else: password = None if password: account.encrypt_password(password) assert account.test(password) account.url = None l.commit()
def run_args(args, l, rc): ui_config = l.ui_config db_init(args, l, rc) prt('export AMBRY_UI_SECRET={} AMBRY_UI_CSRF_SECRET={} AMBRY_UI_TITLE="{}" ' .format(ui_config['secret'], ui_config['csrf_secret'], ui_config['website_title'] ))
def ui_info(args, l, rc): from tabulate import tabulate from __meta__ import __version__ records = [] records.append(['version', __version__]) records.append(['title', l.ui_config['website_title']]) records.append(['vhost', l.ui_config['virtual_host']]) prt(tabulate(records))
def test_user(args, l, rc): from botocore.exceptions import ClientError import boto3 account = get_iam_account(l, args, args.user_name) if not account.access_key: fatal( "Can't test user {}; library does not have record for account ( by arn ) " .format(args.user_name)) session = boto3.Session(aws_access_key_id=account.access_key, aws_secret_access_key=account.secret) root_s3 = get_resource(args, 's3') s3 = session.resource('s3') bn, prefix = split_bucket_name(args.bucket, default=None) root_bucket = root_s3.Bucket(bn) bucket = s3.Bucket(bn) prefixes = [prefix] if prefix else TOP_LEVEL_DIRS for prefix in prefixes: k = prefix + '/test/' + args.user_name rk = k + '-root' ro = root_bucket.put_object(Key=rk, Body=args.user_name) try: o = bucket.Object(rk) c = o.get() read = True except ClientError as e: read = False try: o = bucket.put_object(Key=k, Body=args.user_name) write = True except ClientError as e: write = False try: o.delete() delete = True except ClientError as e: delete = False #ro.delete() prt("{:<35s} {:<5s} {:<5s} {:<6s} {}".format( k, 'read' if read else '', 'write' if write else '', 'delete' if delete else '', 'no access' if not any( (read, write, delete)) else ''))
def test_user(args, l, rc): from botocore.exceptions import ClientError import boto3 account = get_iam_account(l, args, args.user_name) if not account.access_key: fatal("Can't test user {}; library does not have record for account ( by arn ) ".format(args.user_name)) session = boto3.Session(aws_access_key_id=account.access_key, aws_secret_access_key=account.secret) root_s3 = get_resource(args, 's3') s3 = session.resource('s3') bn, prefix = split_bucket_name(args.bucket, default = None) root_bucket = root_s3.Bucket(bn) bucket = s3.Bucket(bn) prefixes = [prefix] if prefix else TOP_LEVEL_DIRS for prefix in prefixes: k = prefix+'/test/'+args.user_name rk = k+'-root' ro = root_bucket.put_object(Key=rk, Body=args.user_name) try: o = bucket.Object(rk) c = o.get() read = True except ClientError as e: read = False try: o = bucket.put_object(Key=k, Body=args.user_name) write = True except ClientError as e: write = False try: o.delete() delete = True except ClientError as e: delete = False #ro.delete() prt("{:<35s} {:<5s} {:<5s} {:<6s} {}".format(k, 'read' if read else '', 'write' if write else '', 'delete' if delete else '', 'no access' if not any((read, write, delete)) else '' ))
def perm(args, l, rc): from botocore.exceptions import ClientError import json iam = get_resource(args, 'iam') bn, prefix = split_bucket_name(args.bucket, default = False) if not prefix: prefixes = TOP_LEVEL_DIRS else: prefixes = [prefix] user = iam.User(args.user_name) b = get_resource(args, 's3').Bucket(bn) try: bucket_policy = b.Policy().policy perms = bucket_policy_to_dict(bucket_policy) except ClientError: perms = {} bucket_policy = None for prefix in prefixes: if args.delete: if (user.arn, prefix) in perms: del perms[(user.name, prefix)] prt("Removed {}/{} from {}".format(bn, prefix, user.name)) else: if args.write: perms[(user.name, prefix)] = 'W' prt("Added write {}/{} to {}".format(bn, prefix, user.name)) has_writes = True else: perms[(user.name, prefix)] = 'R' prt("Added read {}/{} to {}".format(bn, prefix, user.name)) if perms: b = get_resource(args, 's3').Bucket(bn) policy = bucket_dict_to_policy(args, bn, perms) b.Policy().put(Policy=policy) elif bucket_policy: bucket_policy.delete()
def perm(args, l, rc): from botocore.exceptions import ClientError import json iam = get_resource(args, 'iam') bn, prefix = split_bucket_name(args.bucket, default=False) if not prefix: prefixes = TOP_LEVEL_DIRS else: prefixes = [prefix] user = iam.User(args.user_name) b = get_resource(args, 's3').Bucket(bn) try: bucket_policy = b.Policy().policy perms = bucket_policy_to_dict(bucket_policy) except ClientError: perms = {} bucket_policy = None for prefix in prefixes: if args.delete: if (user.arn, prefix) in perms: del perms[(user.name, prefix)] prt("Removed {}/{} from {}".format(bn, prefix, user.name)) else: if args.write: perms[(user.name, prefix)] = 'W' prt("Added write {}/{} to {}".format(bn, prefix, user.name)) has_writes = True else: perms[(user.name, prefix)] = 'R' prt("Added read {}/{} to {}".format(bn, prefix, user.name)) if perms: b = get_resource(args, 's3').Bucket(bn) policy = bucket_dict_to_policy(args, bn, perms) b.Policy().put(Policy=policy) elif bucket_policy: bucket_policy.delete()
def delete_user(args, l, rc): from botocore.exceptions import ClientError client = get_client(args, 'iam') try: resource = get_resource(args, 'iam') user = resource.User(args.user_name) for key in user.access_keys.all(): prt("Deleting user key: {}", key) key.delete() for policy in user.policies.all(): prt("Deleting user policy: {}", policy.name) policy.delete() response = client.delete_user(UserName=args.user_name) prt("Deleted user: {}".format(args.user_name)) except ClientError as e: fatal("Could not delete user: {}".format(e))
def delete_user(args, l, rc): from botocore.exceptions import ClientError client = get_client(args, 'iam') try: resource = get_resource(args, 'iam') user = resource.User(args.user_name) for key in user.access_keys.all(): prt("Deleting user key: {}",key) key.delete() for policy in user.policies.all(): prt("Deleting user policy: {}",policy.name) policy.delete() response = client.delete_user(UserName=args.user_name) prt("Deleted user: {}".format(args.user_name)) except ClientError as e: fatal("Could not delete user: {}".format(e))