def user_action(module, iam, name, policy_name, skip, pdoc, state):
  policy_match = False
  changed = False
  try:
    current_policies = [cp for cp in iam.get_all_user_policies(name).
                                        list_user_policies_result.
                                        policy_names]
    for pol in current_policies:
      '''
      urllib is needed here because boto returns url encoded strings instead
      '''
      if urllib.unquote(iam.get_user_policy(name, pol).
                        get_user_policy_result.policy_document) == pdoc:
        policy_match = True

    if state == 'present' and skip:
      if policy_name not in current_policies and not policy_match:
        changed = True
        iam.put_user_policy(name, policy_name, pdoc)
    elif state == 'present' and not skip:
        changed = True
        iam.put_user_policy(name, policy_name, pdoc)
    elif state == 'absent':
      try:
        iam.delete_user_policy(name, policy_name)
        changed = True
      except boto.exception.BotoServerError, err:
        error_msg = boto_exception(err)
        if 'cannot be found.' in error_msg:
          changed = False
          module.exit_json(changed=changed, msg="%s policy is already absent" % policy_name)

    updated_policies = [cp for cp in iam.get_all_user_policies(name).
                                        list_user_policies_result.
                                        policy_names]
Example #2
0
def user_action(module, iam, name, policy_name, skip, pdoc, state):
  policy_match = False
  changed = False
  try:
    current_policies = [cp for cp in iam.get_all_user_policies(name).
                                        list_user_policies_result.
                                        policy_names]
    for pol in current_policies:
      '''
      urllib is needed here because boto returns url encoded strings instead
      '''
      if urllib.unquote(iam.get_user_policy(name, pol).
                        get_user_policy_result.policy_document) == pdoc:
        policy_match = True

    if state == 'present':
      # If policy document does not already exist (either it's changed
      # or the policy is not present) or if we're not skipping dupes then
      # make the put call.  Note that the put call does a create or update.
      if not policy_match or not skip:
        changed = True
        iam.put_user_policy(name, policy_name, pdoc)
    elif state == 'absent':
      try:
        iam.delete_user_policy(name, policy_name)
        changed = True
      except boto.exception.BotoServerError, err:
        error_msg = boto_exception(err)
        if 'cannot be found.' in error_msg:
          changed = False
          module.exit_json(changed=changed, msg="%s policy is already absent" % policy_name)

    updated_policies = [cp for cp in iam.get_all_user_policies(name).
                                        list_user_policies_result.
                                        policy_names]
Example #3
0
def delete_user(module, iam, name):
    try:
        current_keys = [
            ck['access_key_id'] for ck in iam.get_all_access_keys(
                name).list_access_keys_result.access_key_metadata
        ]
        for key in current_keys:
            iam.delete_access_key(key, name)
        del_meta = iam.delete_user(name).delete_user_response
    except boto.exception.BotoServerError, err:
        error_msg = boto_exception(err)
        if ('must detach all policies first') in error_msg:
            for policy in iam.get_all_user_policies(
                    name).list_user_policies_result.policy_names:
                iam.delete_user_policy(name, policy)
            try:
                del_meta = iam.delete_user(name)
            except boto.exception.BotoServerError, err:
                error_msg = boto_exception(err)
                if ('must detach all policies first') in error_msg:
                    module.fail_json(
                        changed=changed,
                        msg=
                        "All inline polices have been removed. Though it appears"
                        "that %s has Managed Polices. This is not "
                        "currently supported by boto. Please detach the polices "
                        "through the console and try again." % name)
                else:
                    module.fail_json(changed=changed, msg=str(err))
            else:
                changed = True
                return del_meta, name, changed
def delete_user(module, iam, name):
    try:
        current_keys = [ck['access_key_id'] for ck in
            iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata]
        for key in current_keys:
            iam.delete_access_key(key, name)
        del_meta = iam.delete_user(name).delete_user_response
    except boto.exception.BotoServerError, err:
        error_msg = boto_exception(err)
        if ('must detach all policies first') in error_msg:
            for policy in iam.get_all_user_policies(name).list_user_policies_result.policy_names:
                iam.delete_user_policy(name, policy)
            try:
                del_meta = iam.delete_user(name)
            except boto.exception.BotoServerError, err:
                error_msg = boto_exception(err)
                if ('must detach all policies first') in error_msg:
                      module.fail_json(changed=changed, msg="All inline polices have been removed. Though it appears"
                                                            "that %s has Managed Polices. This is not "
                                                            "currently supported by boto. Please detach the polices "
                                                            "through the console and try again." % name)
                else:
                    module.fail_json(changed=changed, msg=str(err))
            else:
                changed = True
                return del_meta, name, changed
Example #5
0
def user_action(module, iam, name, policy_name, skip, pdoc, state):
    policy_match = False
    changed = False
    try:
        current_policies = [
            cp for cp in iam.get_all_user_policies(
                name).list_user_policies_result.policy_names
        ]
        for pol in current_policies:
            '''
      urllib is needed here because boto returns url encoded strings instead
      '''
            if urllib.unquote(
                    iam.get_user_policy(
                        name,
                        pol).get_user_policy_result.policy_document) == pdoc:
                policy_match = True
                if policy_match:
                    msg = ("The policy document you specified already exists "
                           "under the name %s." % pol)
        if state == 'present' and skip:
            if policy_name not in current_policies and not policy_match:
                changed = True
                iam.put_user_policy(name, policy_name, pdoc)
        elif state == 'present' and not skip:
            changed = True
            iam.put_user_policy(name, policy_name, pdoc)
        elif state == 'absent':
            try:
                iam.delete_user_policy(name, policy_name)
                changed = True
            except boto.exception.BotoServerError, err:
                error_msg = boto_exception(err)
                if 'cannot be found.' in error_msg:
                    changed = False
                    module.exit_json(changed=changed,
                                     msg="%s policy is already absent" %
                                     policy_name)

        updated_policies = [
            cp for cp in iam.get_all_user_policies(
                name).list_user_policies_result.policy_names
        ]
Example #6
0
def delete_dependencies_first(module, iam, name):
    changed = False
    # try to delete any keys
    try:
        current_keys = [ck['access_key_id'] for ck in
                        iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata]
        for key in current_keys:
            iam.delete_access_key(key, name)
        changed = True
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg="Failed to delete keys: %s" % err, exception=traceback.format_exc())

    # try to delete login profiles
    try:
        login_profile = iam.get_login_profiles(name).get_login_profile_response
        iam.delete_login_profile(name)
        changed = True
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'Login Profile for User ' + name + ' cannot be found.' not in error_msg:
            module.fail_json(changed=changed, msg="Failed to delete login profile: %s" % err, exception=traceback.format_exc())

    # try to detach policies
    try:
        for policy in iam.get_all_user_policies(name).list_user_policies_result.policy_names:
            iam.delete_user_policy(name, policy)
        changed = True
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'must detach all policies first' in error_msg:
            module.fail_json(changed=changed, msg="All inline polices have been removed. Though it appears"
                                                  "that %s has Managed Polices. This is not "
                                                  "currently supported by boto. Please detach the polices "
                                                  "through the console and try again." % name)
        module.fail_json(changed=changed, msg="Failed to delete policies: %s" % err, exception=traceback.format_exc())

    # try to deactivate associated MFA devices
    try:
        mfa_devices = iam.get_all_mfa_devices(name).get('list_mfa_devices_response', {}).get('list_mfa_devices_result', {}).get('mfa_devices', [])
        for device in mfa_devices:
            iam.deactivate_mfa_device(name, device['serial_number'])
        changed = True
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg="Failed to deactivate associated MFA devices: %s" % err, exception=traceback.format_exc())

    return changed
Example #7
0
def delete_dependencies_first(module, iam, name):
    changed = False
    # try to delete any keys
    try:
        current_keys = [ck['access_key_id'] for ck in
            iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata]
        for key in current_keys:
            iam.delete_access_key(key, name)
        changed = True
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg="Failed to delete keys: %s" % err, exception=traceback.format_exc())

    # try to delete login profiles
    try:
        login_profile = iam.get_login_profiles(name).get_login_profile_response
        iam.delete_login_profile(name)
        changed = True
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'Cannot find Login Profile' not in error_msg:
            module.fail_json(changed=changed, msg="Failed to delete login profile: %s" % err, exception=traceback.format_exc())

    # try to detach policies
    try:
        for policy in iam.get_all_user_policies(name).list_user_policies_result.policy_names:
            iam.delete_user_policy(name, policy)
        changed = True
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'must detach all policies first' in error_msg:
            module.fail_json(changed=changed, msg="All inline polices have been removed. Though it appears"
                                                  "that %s has Managed Polices. This is not "
                                                  "currently supported by boto. Please detach the polices "
                                                  "through the console and try again." % name)
        module.fail_json(changed=changed, msg="Failed to delete policies: %s" % err, exception=traceback.format_exc())

    # try to deactivate associated MFA devices
    try:
        mfa_devices = iam.get_all_mfa_devices(name).get('list_mfa_devices_response', {}).get('list_mfa_devices_result', {}).get('mfa_devices', [])
        for device in mfa_devices:
            iam.deactivate_mfa_device(name, device['serial_number'])
        changed = True
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg="Failed to deactivate associated MFA devices: %s" % err, exception=traceback.format_exc())

    return changed
Example #8
0
     for key in current_keys:
         iam.delete_access_key(key, name)
     try:
         login_profile = iam.get_login_profiles(
             name).get_login_profile_response
     except boto.exception.BotoServerError, err:
         error_msg = boto_exception(err)
         if ('Cannot find Login Profile') in error_msg:
             del_meta = iam.delete_user(name).delete_user_response
     else:
         iam.delete_login_profile(name)
         del_meta = iam.delete_user(name).delete_user_response
 except Exception as ex:
     module.fail_json(changed=False, msg="delete failed %s" % ex)
     if ('must detach all policies first') in error_msg:
         for policy in iam.get_all_user_policies(
                 name).list_user_policies_result.policy_names:
             iam.delete_user_policy(name, policy)
         try:
             del_meta = iam.delete_user(name)
         except boto.exception.BotoServerError, err:
             error_msg = boto_exception(err)
             if ('must detach all policies first') in error_msg:
                 module.fail_json(
                     changed=changed,
                     msg=
                     "All inline polices have been removed. Though it appears"
                     "that %s has Managed Polices. This is not "
                     "currently supported by boto. Please detach the polices "
                     "through the console and try again." % name)
             else:
                 module.fail_json(changed=changed, msg=str(error_msg))