def set_users_groups(module, iam, name, groups, updated=None, new_name=None):
""" Sets groups for a user, will purge groups not explicitly passed, while
retaining pre-existing groups that also are in the new list.
"""
changed = False
if updated:
name = new_name
try:
orig_users_groups = [
og['group_name'] for og in iam.get_groups_for_user(
name).list_groups_for_user_result.groups
]
remove_groups = [
rg for rg in frozenset(orig_users_groups).difference(groups)
]
new_groups = [
ng for ng in frozenset(groups).difference(orig_users_groups)
]
except boto.exception.BotoServerError as err:
module.fail_json(changed=changed, msg=str(err))
else:
if len(orig_users_groups) > 0:
for new in new_groups:
iam.add_user_to_group(new, name)
for rm in remove_groups:
iam.remove_user_from_group(rm, name)
else:
for group in groups:
try:
iam.add_user_to_group(group, name)
except boto.exception.BotoServerError as err:
error_msg = boto_exception(err)
if ('The group with name %s cannot be found.' %
group) in error_msg:
module.fail_json(changed=False,
msg="Group %s doesn't exist" % group)
if len(remove_groups) > 0 or len(new_groups) > 0:
changed = True
return (groups, changed)
def create_users():
try:
iam.create_group(group)
except boto.exception.BotoServerError as e:
if e.code == 'EntityAlreadyExists':
print e.message + " Will overwrite."
else:
print "Exception: %s" % str(e)
exit(1)
# attach policy to group
# security policy: allows access to everything but IAM
# if the IAM lab is included in the day, then remove the line "NotAction": "iam:*",
policy = '''{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
}
]
}'''
iam.put_group_policy(group, policy_name, policy)
# add users to group
with open(DATA_FILE_NAME, 'rU') as data_file:
user_reader = csv.reader(data_file)
for row in user_reader:
user, password = row[0], row[1]
try:
iam.create_user(user)
iam.create_login_profile(user, password)
iam.add_user_to_group(group, user)
print("Added " + user)
except boto.exception.BotoServerError as e:
print "Problems creating %s. Exiting due to error: %s" % (
user, str(e.message))
exit(1)
print "Users created. They can login to the AWS Console using this link: " + iam.get_signin_url(
)
def create_users():
try:
iam.create_group(group)
except boto.exception.BotoServerError as e:
if e.code == 'EntityAlreadyExists':
print e.message + " Will overwrite."
else:
print "Exception: %s" % str(e)
exit(1)
# attach policy to group
# security policy: allows access to everything but IAM
# if the IAM lab is included in the day, then remove the line "NotAction": "iam:*",
policy = '''{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
}
]
}'''
iam.put_group_policy(group, policy_name, policy)
# add users to group
with open(DATA_FILE_NAME, 'rU') as data_file:
user_reader = csv.reader(data_file)
for row in user_reader:
user, password = row[0], row[1]
try:
iam.create_user(user)
iam.create_login_profile(user, password)
iam.add_user_to_group(group, user)
print("Added " + user)
except boto.exception.BotoServerError as e:
print "Problems creating %s. Exiting due to error: %s" % (user, str(e.message))
exit(1)
print "Users created. They can login to the AWS Console using this link: " + iam.get_signin_url()
def set_users_groups(module, iam, name, groups, updated=None,
new_name=None):
""" Sets groups for a user, will purge groups not explicitly passed, while
retaining pre-existing groups that also are in the new list.
"""
changed = False
if updated:
name = new_name
try:
orig_users_groups = [og['group_name'] for og in iam.get_groups_for_user(
name).list_groups_for_user_result.groups]
remove_groups = [
rg for rg in frozenset(orig_users_groups).difference(groups)]
new_groups = [
ng for ng in frozenset(groups).difference(orig_users_groups)]
except boto.exception.BotoServerError as err:
module.fail_json(changed=changed, msg=str(err))
else:
if len(orig_users_groups) > 0:
for new in new_groups:
iam.add_user_to_group(new, name)
for rm in remove_groups:
iam.remove_user_from_group(rm, name)
else:
for group in groups:
try:
iam.add_user_to_group(group, name)
except boto.exception.BotoServerError as err:
error_msg = boto_exception(err)
if ('The group with name %s cannot be found.' % group) in error_msg:
module.fail_json(changed=False, msg="Group %s doesn't exist" % group)
if len(remove_groups) > 0 or len(new_groups) > 0:
changed = True
return (groups, changed)
def set_users_groups(iam, name, groups):
""" Sets groups for a user, will purge groups not explictly passed, while
retaining pre-existing groups that also are in the new list.
"""
changed = False
orig_users_groups = [og['group_name'] for og in iam.get_groups_for_user(
name).list_groups_for_user_result.groups]
remove_groups = [
rg for rg in frozenset(orig_users_groups).difference(groups)]
new_groups = [
ng for ng in frozenset(groups).difference(orig_users_groups)]
if len(orig_users_groups) > 0:
for new in new_groups:
iam.add_user_to_group(new, name)
for rm in remove_groups:
iam.remove_user_from_group(rm, name)
else:
for group in groups:
iam.add_user_to_group(group, name)
if len(remove_groups) > 0 or len(new_groups) > 0:
changed = True
return (groups, changed)
if updated:
name = new_name
try:
orig_users_groups = [og['group_name'] for og in iam.get_groups_for_user(
name).list_groups_for_user_result.groups]
remove_groups = [
rg for rg in frozenset(orig_users_groups).difference(groups)]
new_groups = [
ng for ng in frozenset(groups).difference(orig_users_groups)]
except boto.exception.BotoServerError, err:
module.fail_json(changed=changed, msg=str(err))
else:
if len(orig_users_groups) > 0:
for new in new_groups:
iam.add_user_to_group(new, name)
for rm in remove_groups:
iam.remove_user_from_group(rm, name)
else:
for group in groups:
try:
iam.add_user_to_group(group, name)
except boto.exception.BotoServerError, err:
error_msg = boto_exception(err)
if ('The group with name %s cannot be found.' % group) in error_msg:
module.fail_json(changed=False, msg="Group %s doesn't exist" % group)
if len(remove_groups) > 0 or len(new_groups) > 0:
changed = True
if updated:
name = new_name
try:
orig_users_groups = [og['group_name'] for og in iam.get_groups_for_user(
name).list_groups_for_user_result.groups]
remove_groups = [
rg for rg in frozenset(orig_users_groups).difference(groups)]
new_groups = [
ng for ng in frozenset(groups).difference(orig_users_groups)]
except boto.exception.BotoServerError, err:
module.fail_json(changed=changed, msg=str(err))
else:
if len(orig_users_groups) > 0:
for new in new_groups:
iam.add_user_to_group(new, name)
for rm in remove_groups:
iam.remove_user_from_group(rm, name)
else:
for group in groups:
try:
iam.add_user_to_group(group, name)
except boto.exception.BotoServerError, err:
error_msg = boto_exception(err)
if ('The group with name %s cannot be found.' % group) in error_msg:
module.fail_json(changed=False, msg="Group %s doesn't exist" % group)
if len(remove_groups) > 0 or len(new_groups) > 0:
changed = True
