def server_certificate_upload(self,
cert_name=None,
pub_key=None,
priv_key=None,
cert_chain=None):
i = Iam()
if pub_key and os.path.isfile(pub_key):
with open(pub_key, "r") as pub_key_fh:
pub_key = pub_key_fh.read()
logger.info("Read pub_key to internal variable: %s" % pub_key, )
if priv_key and os.path.isfile(priv_key):
with open(priv_key, "r") as priv_key_fh:
priv_key = priv_key_fh.read()
logger.info("Read priv_key to internal variable: %s" % priv_key, )
if cert_chain and os.path.isfile(cert_chain):
with open(cert_chain, "r") as cert_chain_fh:
cert_chain = cert_chain_fh.read()
logger.debug(
"Read cert_chain to internal variable: %s" % cert_chain, )
out = i.upload_server_cert(cert_name=cert_name,
pub_key=pub_key,
priv_key=priv_key,
cert_chain=cert_chain)
print "ServerCertificateId: %s" % out['ServerCertificateMetadata'][
'ServerCertificateId']
def get_login_profile(self, username):
"""
This function is used to validate if a user has a login profile or should have one created
:param username: the username to validate
:return: the login profile information if user has one
"""
from wrapper.iam import Iam
iam = Iam(session=self.session)
ret = iam.get_login_profile(username=username)
return ret
def iam_user_groups(self, username):
"""
This function lists groups of a user
:param username: the user whoes groups should be listed
:return:
"""
from wrapper.iam import Iam
iam = Iam(session=self.session)
ret = iam.list_user_groups(username=username)
return ret
def add_iam_user_to_group(self, username, groupname):
"""
This function adds an iam user to a group
:param username: the username to add
:param groupname: The group where it should be added
:return:
"""
from wrapper.iam import Iam
iam = Iam(session=self.session)
ret = iam.add_iam_user_to_group(username=username, groupname=groupname)
return ret
def iam_user_exists(self, username):
"""
This function tests if an iam user exists or not
:param username: the iam username
:return: true or false
:rtype: bool
"""
from wrapper.iam import Iam
iam = Iam(session=self.session)
ret = iam.iam_user_exists(username=username)
return ret
def get_ami_stacks(self):
"""
This function returns all ami stacks in an account
:return: a dict containing the puppet_roles
"""
from wrapper.ec2 import Ec2
from wrapper.iam import Iam
ec2 = Ec2(session=self.session)
iam = Iam(session=self.session)
account_id = iam.get_account_id()
return ec2.get_ami_stacks(account_id=account_id)
def get_ami_from_tag(self, puppet_role):
from wrapper.ec2 import Ec2
from wrapper.iam import Iam
ec2 = Ec2(session=self.session)
iam_modul = Iam(session=self.session)
account_id = iam_modul.get_account_id()
baseami_object = ec2.get_images(account_id=account_id,
filters=[{
'Name': 'tag:Puppet_role',
'Values': [puppet_role]
}])[0]
return baseami_object
def create_iam_login_profile(self, username, password):
"""
This function creates a login profile for an iam user
:param username: the username that should have the profile added
:param password: the password to create initially
:return:
"""
from wrapper.iam import Iam
iam = Iam(session=self.session)
ret = iam.create_iam_login_profile(username=username,
password=password)
return ret
def create_iam_user(self, username, dryrun, path):
"""
This function creates an iam user
:param username: The requested username
:param dryrun: No changes should be done
:param path: the path for the user. defaults to "/"
:return: the object of the created user
"""
from wrapper.iam import Iam
iam = Iam(session=self.session)
ret = iam.create_iam_user(username=username, dryrun=dryrun, path=path)
return ret
def list_user_credentials(self):
i = Iam()
users = i.list_users()
ret = []
for user in users:
creds = i.list_user_credentials(username=user['UserName'])
for cred in creds:
last_used = i.get_access_key_last_used(
access_key=cred['AccessKeyId'])
cred.update(last_used)
ret.append(cred)
return ret
def server_certificates_info_all(self):
i = Iam()
e = Elb()
out = i.get_server_certs()
elbs = e.get_elbs_from_ssl_cert()
for cert in out:
if cert['Arn'] in elbs:
list = []
for elb in elbs[cert['Arn']]:
list.append(elb.get('LoadBalancerName'))
cert['ELB'] = list
else:
cert['ELB'] = []
return out
def create_instance_lamdba(self, args=None):
"""
This function is invoked by lambda to provision multiple at same time
:param args: A dict with keypairs needed
:return: instance objects created
"""
from wrapper.ec2 import Ec2
from wrapper.iam import Iam
ec2 = Ec2(session=self.session)
iam = Iam(session=self.session)
account_id = iam.get_account_id()
inst_name = args['instance_name'].pop()
# linux or windows userdata formated for start
if 'snappyindex' in args:
logger.debug("Deploying a snappyindex")
snappyindex = args['snappyindex'].pop()
userdata = args['userdata']
userdata = userdata.format(index=snappyindex,
accountid=args['accountid'],
channelname=args['channelname'],
newrelic=args['newrelic'],
broker=args['broker'],
hostname=inst_name,
env=args['env'],
devicestring=args['devicestring'],
branch=args['branch'])
elif 'userdata' in args:
userdata = args['userdata']
else:
userdata = Misc.get_userdata_for_os(ostype=args['ostype']).format(
hostname=inst_name, env=args['env'], account=account_id)
instance = ec2.run_instance(baseamiid=args['baseamiid'],
key_name=args['keypair'],
securitygroup=args['securitygroup'],
instancetype=args['instance_type'],
subnet=args['subnet'].pop(),
user_data=userdata,
shutdown=args['shutdown'],
monitoring=args['monitoring'],
ebsoptimized=args['ebsoptimized'],
dry_run=args['dry_run'],
iam_name=args['iam'])
# add snappyindex to tag
if 'snappyindex' in args:
ec2.tag_resource(instanceid=instance.get('InstanceId'),
tags={
'Name': inst_name,
'Requester': args['requester'],
'Puppet_role': args['puppet_role'],
'Xively_service': args['xively_service'],
'Customer': args['customer'],
'Snappy_index': str(snappyindex),
'Environment': args['env']
})
else:
ec2.tag_resource(instanceid=instance.get('InstanceId'),
tags={
'Name': inst_name,
'Requester': args['requester'],
'Puppet_role': args['puppet_role'],
'Xively_service': args['xively_service'],
'Customer': args['customer'],
'Environment': args['env']
})
return instance
def create_user_credentials(self, username, dryrun):
i = Iam()
creds = i.create_user_credentials(username=username, dryrun=dryrun)
return [creds]
def list_user_groups(self, username):
i = Iam()
ret = i.list_user_groups(username=username)
return ret
def list_iam_groups(self):
i = Iam()
ret = i.list_groups()
return ret
def list_iam_users(self):
i = Iam()
ret = i.list_users()
return ret
def server_certficate_update(self, domain=None, intermediate=False):
i = Iam()
e = Elb()
old_name = "old." + domain
i.update_server_cert(cert_name=old_name, new_name=domain)
logger.debug("Rename certificate")
i.update_server_cert(cert_name=domain, new_name=old_name)
logger.debug("Gathering certificates informations")
# We should query old certs, to test if they have been moved, and it is not an incorrect call being made
old_cert = Misc.get_cert_body(name=old_name)
old_key = Misc.get_cert_body(name=old_name, type="key")
new_cert = Misc.get_cert_body(name=domain)
new_key = Misc.get_cert_body(name=domain, type="key")
logger.debug("Uploading new certificate for domain")
if intermediate:
inter_body = Misc.get_cert_body(domain="intermediate")
i.upload_server_cert(cert_name=domain,
pub_key=new_cert,
priv_key=new_key,
cert_chain=inter_body)
else:
i.upload_server_cert(cert_name=domain,
pub_key=new_cert,
priv_key=new_key)
elbs = e.get_elbs_from_ssl_cert()
old_object = i.get_server_cert(name=old_name)
new_object = i.get_server_cert(name=domain)
if old_object['ServerCertificateMetadata']['Arn'] in elbs:
move_elbs = elbs[old_object['ServerCertificateMetadata']['Arn']]
else:
move_elbs = []
for elb in move_elbs:
logger.info("Migrating ELB %s" % elb.get('LoadBalancerName'))
ports = ssl_ports_in_elb(elb=elb)
for port in ports:
logger.debug('Migrating port %s' % port, )
e.set_elb_ssl_cert(
elb_name=elb.get('LoadBalancerName'),
port=port,
cert=new_object['ServerCertificateMetadata']['Arn'])
logger.info("Deleting old cert")
i.delete_server_certs(cert_name=old_name)
logger.echo("Updated certificate to new one.")
def server_certificate_delete(self, cert_name=None):
i = Iam()
i.delete_server_certs(cert_name=cert_name)
