def get_user(user, flags=FLAGS.ALL, **conn):
"""
Orchestrates all the calls required to fully build out an IAM User in the following format:
{
"Arn": ...,
"AccessKeys": ...,
"CreateDate": ..., # str
"InlinePolicies": ...,
"ManagedPolicies": ...,
"MFADevices": ...,
"Path": ...,
"UserId": ...,
"UserName": ...,
"SigningCerts": ...
}
:param user: dict MUST contain the UserName and also a combination of either the ARN or the account_number
:param output: Determines whether keys should be returned camelized or underscored.
:param conn: dict containing enough information to make a connection to the desired account.
Must at least have 'assume_role' key.
:return: dict containing fully built out user.
"""
user = modify(user, output='camelized')
_conn_from_args(user, conn)
return registry.build_out(flags,
start_with=user,
pass_datastructure=True,
**conn)
def get_managed_policy(managed_policy, flags=FLAGS.ALL, **conn):
"""
Orchestrates all of the calls required to fully build out an IAM Managed Policy in the following format:
{
"Arn": "...",
"PolicyName": "...",
"PolicyId": "...",
"Path": "...",
"DefaultVersionId": "...",
"AttachmentCount": 123,
"PermissionsBoundaryUsageCount": 123,
"IsAttachable": ...,
"Description": "...",
"CreateDate": "...",
"UpdateDate": "...",
"Document": "...",
"_version": 1
}
:param managed_policy: dict MUST contain the ARN.
:param flags:
:param conn:
:return:
"""
if not managed_policy.get('Arn'):
raise MissingFieldException('Must include Arn.')
_conn_from_args(managed_policy, conn)
return registry.build_out(flags,
start_with=managed_policy,
pass_datastructure=True,
**conn)
def get_server_certificate(server_certificate, flags=FLAGS.BASE, **conn):
"""
Orchestrates all the calls required to fully build out an IAM User in the following format:
{
"Arn": ...,
"ServerCertificateName": ...,
"Path": ...,
"ServerCertificateId": ...,
"UploadDate": ..., # str
"Expiration": ..., # str
"CertificateBody": ...,
"CertificateChain": ...,
"_version": 1
}
:param flags: By default, Users is disabled. This is somewhat expensive as it has to call the
`get_server_certificate` call multiple times.
:param server_certificate: dict MUST contain the ServerCertificateName and also a combination of
either the ARN or the account_number.
:param output: Determines whether keys should be returned camelized or underscored.
:param conn: dict containing enough information to make a connection to the desired account.
Must at least have 'assume_role' key.
:return: dict containing fully built out Server Certificate.
"""
if not server_certificate.get('ServerCertificateName'):
raise MissingFieldException('Must include ServerCertificateName.')
server_certificate = modify(server_certificate, output='camelized')
_conn_from_args(server_certificate, conn)
return registry.build_out(flags, start_with=server_certificate, pass_datastructure=True, **conn)
def get_role(role, output='camelized', **conn):
"""
Orchestrates all the calls required to fully build out an IAM Role in the following format:
{
"Arn": ...,
"AssumeRolePolicyDocument": ...,
"CreateDate": ..., # str
"InlinePolicies": ...,
"InstanceProfiles": ...,
"ManagedPolicies": ...,
"Path": ...,
"RoleId": ...,
"RoleName": ...,
}
:param role: dict containing (at the very least) role_name and/or arn.
:param output: Determines whether keys should be returned camelized or underscored.
:param conn: dict containing enough information to make a connection to the desired account.
Must at least have 'assume_role' key.
:return: dict containing a fully built out role.
"""
role = modify(role, 'camelized')
_conn_from_args(role, conn)
role = _get_base(role, **conn)
role.update(
{
'managed_policies': get_role_managed_policies(role, **conn),
'inline_policies': get_role_inline_policies(role, **conn),
'instance_profiles': get_role_instance_profiles(role, **conn),
'_version': 1
}
)
return modify(role, format=output)
def get_role(role, flags=FLAGS.ALL, **conn):
"""
Orchestrates all the calls required to fully build out an IAM Role in the following format:
{
"Arn": ...,
"AssumeRolePolicyDocument": ...,
"CreateDate": ..., # str
"InlinePolicies": ...,
"InstanceProfiles": ...,
"ManagedPolicies": ...,
"Path": ...,
"RoleId": ...,
"RoleName": ...,
}
:param role: dict containing (at the very least) role_name and/or arn.
:param output: Determines whether keys should be returned camelized or underscored.
:param conn: dict containing enough information to make a connection to the desired account.
Must at least have 'assume_role' key.
:return: dict containing a fully built out role.
"""
role = modify(role, output='camelized')
_conn_from_args(role, conn)
return registry.build_out(flags,
start_with=role,
pass_datastructure=True,
**conn)
def get_all_users(flags=FLAGS.ACCESS_KEYS | FLAGS.MFA_DEVICES
| FLAGS.LOGIN_PROFILE | FLAGS.SIGNING_CERTIFICATES,
**conn):
"""
Returns a list of Users represented as dictionary below:
{
"Arn": ...,
"AccessKeys": ...,
"CreateDate": ..., # str
"InlinePolicies": ...,
"ManagedPolicies": ...,
"MFADevices": ...,
"Path": ...,
"UserId": ...,
"UserName": ...,
"SigningCerts": ...
}
:param flags:
:param conn: dict containing enough information to make a connection to the desired account.
:return: list of dicts containing fully built out user.
"""
users = []
account_users = get_account_authorization_details('User', **conn)
for user in account_users:
temp_user = {
'Arn':
user['Arn'],
'CreateDate':
get_iso_string(user['CreateDate']),
'GroupList':
user['GroupList'],
'InlinePolicies':
user['UserPolicyList'],
'ManagedPolicies': [{
"name": x['PolicyName'],
"arn": x['PolicyArn']
} for x in user['AttachedManagedPolicies']],
'Path':
user['Path'],
'UserId':
user['UserId'],
'UserName':
user['UserName']
}
user = modify(temp_user, output='camelized')
_conn_from_args(user, conn)
users.append(
registry.build_out(flags,
start_with=user,
pass_datastructure=True,
**conn))
return users
def get_user(user, output='camelized', **conn):
"""
Orchestrates all the calls required to fully build out an IAM User in the following format:
{
"Arn": ...,
"AccessKeys": ...,
"CreateDate": ..., # str
"InlinePolicies": ...,
"ManagedPolicies": ...,
"MFADevices": ...,
"Path": ...,
"UserId": ...,
"UserName": ...,
"SigningCerts": ...
}
:param user: dict containing (at the very least) arn or the combination of user_name and account_number
:param output: Determines whether keys should be returned camelized or underscored.
:param conn: dict containing enough information to make a connection to the desired account.
Must at least have 'assume_role' key.
:return: dict containing fully built out user.
"""
user = modify(user, 'camelized')
_conn_from_args(user, conn)
user = _get_base(user, **conn)
user.update({
'access_keys':
get_user_access_keys(user, **conn),
'inline_policies':
get_user_inline_policies(user, **conn),
'managed_policies':
get_user_managed_policies(user, **conn),
'mfa_devices':
get_user_mfa_devices(user, **conn),
'login_profile':
get_user_login_profile(user, **conn),
'signing_certificates':
get_user_signing_certificates(user, **conn),
'_version':
1
})
return modify(user, format=output)
def get_group(group,
flags=FLAGS.BASE | FLAGS.INLINE_POLICIES
| FLAGS.MANAGED_POLICIES,
**conn):
"""
Orchestrates all the calls required to fully build out an IAM Group in the following format:
{
"Arn": ...,
"GroupName": ...,
"Path": ...,
"GroupId": ...,
"CreateDate": ..., # str
"InlinePolicies": ...,
"ManagedPolicies": ..., # These are just the names of the Managed Policies.
"Users": ..., # False by default -- these are just the names of the users.
"_version": 1
}
:param flags: By default, Users is disabled. This is somewhat expensive as it has to call the `get_group` call
multiple times.
:param group: dict MUST contain the GroupName and also a combination of either the ARN or the account_number.
:param output: Determines whether keys should be returned camelized or underscored.
:param conn: dict containing enough information to make a connection to the desired account.
Must at least have 'assume_role' key.
:return: dict containing fully built out Group.
"""
if not group.get('GroupName'):
raise MissingFieldException('Must include GroupName.')
group = modify(group, output='camelized')
_conn_from_args(group, conn)
return registry.build_out(flags,
start_with=group,
pass_datastructure=True,
**conn)