Python put_user_policy Exemples, boto.iam.put_user_policy Python Exemples

Exemple #1

0

Afficher le fichier

Fichier : iam_policy_custom.py Projet : ministryofjustice/opg-ansible-roles

def user_action(module, iam, name, policy_name, skip, pdoc, state):
  policy_match = False
  changed = False
  try:
    current_policies = [cp for cp in iam.get_all_user_policies(name).
                                        list_user_policies_result.
                                        policy_names]
    for pol in current_policies:
      '''
      urllib is needed here because boto returns url encoded strings instead
      '''
      if urllib.unquote(iam.get_user_policy(name, pol).
                        get_user_policy_result.policy_document) == pdoc:
        policy_match = True

    if state == 'present' and skip:
      if policy_name not in current_policies and not policy_match:
        changed = True
        iam.put_user_policy(name, policy_name, pdoc)
    elif state == 'present' and not skip:
        changed = True
        iam.put_user_policy(name, policy_name, pdoc)
    elif state == 'absent':
      try:
        iam.delete_user_policy(name, policy_name)
        changed = True
      except boto.exception.BotoServerError, err:
        error_msg = boto_exception(err)
        if 'cannot be found.' in error_msg:
          changed = False
          module.exit_json(changed=changed, msg="%s policy is already absent" % policy_name)

    updated_policies = [cp for cp in iam.get_all_user_policies(name).
                                        list_user_policies_result.
                                        policy_names]

Exemple #2

0

Afficher le fichier

Fichier : create_pod_s3_assetstore.py Projet : zhangyl927/Covalic_Deploy

def create_assetstore_iam_user(bucket_name):
    import boto.iam
    iam = boto.iam.IAMConnection()
    username = bucket_name + '-user'
    iam.create_user(username)

    access_key = iam.create_access_key(username)
    result = access_key['create_access_key_response']['create_access_key_result']['access_key']
    access_key_id = result['access_key_id']
    secret_access_key = result['secret_access_key']

    policyname = username + '-s3-policy'
    policy_json = """{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "s3:*",
          "Effect": "Allow",
          "Resource": [
            "arn:aws:s3:::%s",
            "arn:aws:s3:::%s/*"
          ]
        }
      ]
    }""" % (bucket_name, bucket_name)
    iam.put_user_policy(username, policyname, policy_json)

    return username, access_key_id, secret_access_key

Exemple #3

0

Afficher le fichier

Fichier : iam_policy.py Projet : shreddy0362/vagrant-

def user_action(module, iam, name, policy_name, skip, pdoc, state):
  policy_match = False
  changed = False
  try:
    current_policies = [cp for cp in iam.get_all_user_policies(name).
                                        list_user_policies_result.
                                        policy_names]
    for pol in current_policies:
      '''
      urllib is needed here because boto returns url encoded strings instead
      '''
      if urllib.unquote(iam.get_user_policy(name, pol).
                        get_user_policy_result.policy_document) == pdoc:
        policy_match = True

    if state == 'present':
      # If policy document does not already exist (either it's changed
      # or the policy is not present) or if we're not skipping dupes then
      # make the put call.  Note that the put call does a create or update.
      if not policy_match or not skip:
        changed = True
        iam.put_user_policy(name, policy_name, pdoc)
    elif state == 'absent':
      try:
        iam.delete_user_policy(name, policy_name)
        changed = True
      except boto.exception.BotoServerError, err:
        error_msg = boto_exception(err)
        if 'cannot be found.' in error_msg:
          changed = False
          module.exit_json(changed=changed, msg="%s policy is already absent" % policy_name)

    updated_policies = [cp for cp in iam.get_all_user_policies(name).
                                        list_user_policies_result.
                                        policy_names]

Exemple #4

0

Afficher le fichier

def user_action(module, iam, name, policy_name, skip, pdoc, state):
    policy_match = False
    changed = False
    try:
        current_policies = [
            cp for cp in iam.get_all_user_policies(
                name).list_user_policies_result.policy_names
        ]
        for pol in current_policies:
            '''
      urllib is needed here because boto returns url encoded strings instead
      '''
            if urllib.unquote(
                    iam.get_user_policy(
                        name,
                        pol).get_user_policy_result.policy_document) == pdoc:
                policy_match = True
                if policy_match:
                    msg = ("The policy document you specified already exists "
                           "under the name %s." % pol)
        if state == 'present' and skip:
            if policy_name not in current_policies and not policy_match:
                changed = True
                iam.put_user_policy(name, policy_name, pdoc)
        elif state == 'present' and not skip:
            changed = True
            iam.put_user_policy(name, policy_name, pdoc)
        elif state == 'absent':
            try:
                iam.delete_user_policy(name, policy_name)
                changed = True
            except boto.exception.BotoServerError, err:
                error_msg = boto_exception(err)
                if 'cannot be found.' in error_msg:
                    changed = False
                    module.exit_json(changed=changed,
                                     msg="%s policy is already absent" %
                                     policy_name)

        updated_policies = [
            cp for cp in iam.get_all_user_policies(
                name).list_user_policies_result.policy_names
        ]