def delete_users(): with open(DATA_FILE_NAME, 'rU') as data_file: user_reader = csv.reader(data_file) for row in user_reader: user = row[0] try: iam.delete_login_profile(user) iam.remove_user_from_group(group, user) iam.delete_user(user) print("Deleted " + user) except boto.exception.BotoServerError as e: print "Problems deleting %s. Exiting due to error: %s" % (user, str(e.message)) exit(1) iam.delete_group_policy(group, policy_name) iam.delete_group(group)
def delete_user(module, iam, name): changed = False try: current_keys = [ ck['access_key_id'] for ck in iam.get_all_access_keys( name).list_access_keys_result.access_key_metadata ] for key in current_keys: iam.delete_access_key(key, name) try: login_profile = iam.get_login_profiles( name).get_login_profile_response except boto.exception.BotoServerError as err: error_msg = boto_exception(err) if ('Cannot find Login Profile') in error_msg: iam.delete_user(name) else: iam.delete_login_profile(name) iam.delete_user(name) except Exception as ex: module.fail_json(changed=False, msg="delete failed %s" % ex) if ('must detach all policies first') in error_msg: for policy in iam.get_all_user_policies( name).list_user_policies_result.policy_names: iam.delete_user_policy(name, policy) try: iam.delete_user(name) except boto.exception.BotoServerError as err: error_msg = boto_exception(err) if ('must detach all policies first') in error_msg: module.fail_json( changed=changed, msg= "All inline polices have been removed. Though it appears" "that %s has Managed Polices. This is not " "currently supported by boto. Please detach the polices " "through the console and try again." % name) else: module.fail_json(changed=changed, msg=str(error_msg)) else: changed = True else: module.fail_json(changed=changed, msg=str(error_msg)) else: changed = True return name, changed
def delete_dependencies_first(module, iam, name): changed = False # try to delete any keys try: current_keys = [ck['access_key_id'] for ck in iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata] for key in current_keys: iam.delete_access_key(key, name) changed = True except boto.exception.BotoServerError as err: module.fail_json(changed=changed, msg="Failed to delete keys: %s" % err, exception=traceback.format_exc()) # try to delete login profiles try: login_profile = iam.get_login_profiles(name).get_login_profile_response iam.delete_login_profile(name) changed = True except boto.exception.BotoServerError as err: error_msg = boto_exception(err) if 'Login Profile for User ' + name + ' cannot be found.' not in error_msg: module.fail_json(changed=changed, msg="Failed to delete login profile: %s" % err, exception=traceback.format_exc()) # try to detach policies try: for policy in iam.get_all_user_policies(name).list_user_policies_result.policy_names: iam.delete_user_policy(name, policy) changed = True except boto.exception.BotoServerError as err: error_msg = boto_exception(err) if 'must detach all policies first' in error_msg: module.fail_json(changed=changed, msg="All inline polices have been removed. Though it appears" "that %s has Managed Polices. This is not " "currently supported by boto. Please detach the polices " "through the console and try again." % name) module.fail_json(changed=changed, msg="Failed to delete policies: %s" % err, exception=traceback.format_exc()) # try to deactivate associated MFA devices try: mfa_devices = iam.get_all_mfa_devices(name).get('list_mfa_devices_response', {}).get('list_mfa_devices_result', {}).get('mfa_devices', []) for device in mfa_devices: iam.deactivate_mfa_device(name, device['serial_number']) changed = True except boto.exception.BotoServerError as err: module.fail_json(changed=changed, msg="Failed to deactivate associated MFA devices: %s" % err, exception=traceback.format_exc()) return changed
def delete_dependencies_first(module, iam, name): changed = False # try to delete any keys try: current_keys = [ck['access_key_id'] for ck in iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata] for key in current_keys: iam.delete_access_key(key, name) changed = True except boto.exception.BotoServerError as err: module.fail_json(changed=changed, msg="Failed to delete keys: %s" % err, exception=traceback.format_exc()) # try to delete login profiles try: login_profile = iam.get_login_profiles(name).get_login_profile_response iam.delete_login_profile(name) changed = True except boto.exception.BotoServerError as err: error_msg = boto_exception(err) if 'Cannot find Login Profile' not in error_msg: module.fail_json(changed=changed, msg="Failed to delete login profile: %s" % err, exception=traceback.format_exc()) # try to detach policies try: for policy in iam.get_all_user_policies(name).list_user_policies_result.policy_names: iam.delete_user_policy(name, policy) changed = True except boto.exception.BotoServerError as err: error_msg = boto_exception(err) if 'must detach all policies first' in error_msg: module.fail_json(changed=changed, msg="All inline polices have been removed. Though it appears" "that %s has Managed Polices. This is not " "currently supported by boto. Please detach the polices " "through the console and try again." % name) module.fail_json(changed=changed, msg="Failed to delete policies: %s" % err, exception=traceback.format_exc()) # try to deactivate associated MFA devices try: mfa_devices = iam.get_all_mfa_devices(name).get('list_mfa_devices_response', {}).get('list_mfa_devices_result', {}).get('mfa_devices', []) for device in mfa_devices: iam.deactivate_mfa_device(name, device['serial_number']) changed = True except boto.exception.BotoServerError as err: module.fail_json(changed=changed, msg="Failed to deactivate associated MFA devices: %s" % err, exception=traceback.format_exc()) return changed
def delete_users(): with open(DATA_FILE_NAME, 'rU') as data_file: user_reader = csv.reader(data_file) for row in user_reader: user = row[0] try: iam.delete_login_profile(user) iam.remove_user_from_group(group, user) iam.delete_user(user) print("Deleted " + user) except boto.exception.BotoServerError as e: print "Problems deleting %s. Exiting due to error: %s" % ( user, str(e.message)) exit(1) iam.delete_group_policy(group, policy_name) iam.delete_group(group)
def update_user(module, iam, name, new_name, new_path, key_state, keys, pwd): changed = False name_change = False current_keys, status = \ [ck['access_key_id'] for ck in iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata],\ [ck['status'] for ck in iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata] updated_key_list = {} if new_name or new_path: c_path = iam.get_user(name).get_user_result.user['path'] if (name != new_name) or (c_path != new_path): changed = True user = iam.update_user( name, new_name, new_path).update_user_response.response_metadata user['updates'] = dict( old_username=name, new_username=new_name, old_path=c_path, new_path=new_path) name = new_name name_change = True if pwd: try: iam.update_login_profile(name, pwd) changed = True except boto.exception.BotoServerError: changed = True iam.create_login_profile(name, pwd) else: try: iam.delete_login_profile(name) changed = True except boto.exception.BotoServerError: changed = False if key_state == 'Create': try: new_key = iam.create_access_key( user_name=name).create_access_key_response.create_access_key_result.access_key changed = True except boto.exception.BotoServerError, e: module.fail_json(msg=str(e))
def delete_user(module, iam, name): del_meta = '' try: current_keys = [ck['access_key_id'] for ck in iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata] for key in current_keys: iam.delete_access_key(key, name) try: login_profile = iam.get_login_profiles(name).get_login_profile_response except boto.exception.BotoServerError as err: error_msg = boto_exception(err) if ('Cannot find Login Profile') in error_msg: del_meta = iam.delete_user(name).delete_user_response else: iam.delete_login_profile(name) del_meta = iam.delete_user(name).delete_user_response except Exception as ex: module.fail_json(changed=False, msg="delete failed %s" %ex) if ('must detach all policies first') in error_msg: for policy in iam.get_all_user_policies(name).list_user_policies_result.policy_names: iam.delete_user_policy(name, policy) try: del_meta = iam.delete_user(name) except boto.exception.BotoServerError as err: error_msg = boto_exception(err) if ('must detach all policies first') in error_msg: module.fail_json(changed=changed, msg="All inline polices have been removed. Though it appears" "that %s has Managed Polices. This is not " "currently supported by boto. Please detach the polices " "through the console and try again." % name) else: module.fail_json(changed=changed, msg=str(error_msg)) else: changed = True return del_meta, name, changed else: changed = True return del_meta, name, changed
iam.update_login_profile(name, pwd) changed = True except boto.exception.BotoServerError: try: iam.create_login_profile(name, pwd) changed = True except boto.exception.BotoServerError, err: error_msg = boto_exception(str(err)) if 'Password does not conform to the account password policy' in error_msg: module.fail_json(changed=False, msg="Passsword doesn't conform to policy") else: module.fail_json(msg=error_msg) else: try: iam.delete_login_profile(name) changed = True except boto.exception.BotoServerError: pass if key_state == 'create': try: while key_count > key_qty: new_key = iam.create_access_key( user_name=name ).create_access_key_response.create_access_key_result.access_key key_qty += 1 changed = True except boto.exception.BotoServerError, err: module.fail_json(changed=False, msg=str(err))
try: iam.update_login_profile(name, pwd) changed = True except boto.exception.BotoServerError: try: iam.create_login_profile(name, pwd) changed = True except boto.exception.BotoServerError, err: error_msg = boto_exception(str(err)) if 'Password does not conform to the account password policy' in error_msg: module.fail_json(changed=False, msg="Passsword doesn't conform to policy") else: module.fail_json(msg=error_msg) else: try: iam.delete_login_profile(name) changed = True except boto.exception.BotoServerError: pass if key_state == 'create': try: while key_count > key_qty: new_key = iam.create_access_key( user_name=name).create_access_key_response.create_access_key_result.access_key key_qty += 1 changed = True except boto.exception.BotoServerError, err: module.fail_json(changed=False, msg=str(err))