def group_action(module, iam, name, policy_name, skip, pdoc, state): policy_match = False changed = False msg = '' try: current_policies = [ cp for cp in iam.get_all_group_policies( name).list_group_policies_result.policy_names ] matching_policies = [] for pol in current_policies: if urllib.parse.unquote( iam.get_group_policy( name, pol).get_group_policy_result.policy_document) == pdoc: policy_match = True matching_policies.append(pol) msg = ("The policy document you specified already exists " "under the name %s." % pol) if state == 'present': # If policy document does not already exist (either it's changed # or the policy is not present) or if we're not skipping dupes then # make the put call. Note that the put call does a create or update. if not policy_match or (not skip and policy_name not in matching_policies): changed = True iam.put_group_policy(name, policy_name, pdoc) elif state == 'absent': try: iam.delete_group_policy(name, policy_name) changed = True except boto.exception.BotoServerError as err: error_msg = boto_exception(err) if 'cannot be found.' in error_msg: changed = False module.exit_json(changed=changed, msg="%s policy is already absent" % policy_name) updated_policies = [ cp for cp in iam.get_all_group_policies( name).list_group_policies_result.policy_names ] except boto.exception.BotoServerError as err: error_msg = boto_exception(err) module.fail_json(changed=changed, msg=error_msg) return changed, name, updated_policies, msg
def group_action(module, iam, name, policy_name, skip, pdoc, state): policy_match = False changed = False msg='' try: current_policies = [cp for cp in iam.get_all_group_policies(name). list_group_policies_result. policy_names] pol = "" for pol in current_policies: if urllib.unquote(iam.get_group_policy(name, pol). get_group_policy_result.policy_document) == pdoc: policy_match = True if policy_match: msg=("The policy document you specified already exists " "under the name %s." % pol) break if state == 'present': # If policy document does not already exist (either it's changed # or the policy is not present) or if we're not skipping dupes then # make the put call. Note that the put call does a create or update. if (not policy_match or not skip) and pol != name: changed = True iam.put_group_policy(name, policy_name, pdoc) elif state == 'absent': try: iam.delete_group_policy(name, policy_name) changed = True except boto.exception.BotoServerError as err: error_msg = boto_exception(err) if 'cannot be found.' in error_msg: changed = False module.exit_json(changed=changed, msg="%s policy is already absent" % policy_name) updated_policies = [cp for cp in iam.get_all_group_policies(name). list_group_policies_result. policy_names] except boto.exception.BotoServerError as err: error_msg = boto_exception(err) module.fail_json(changed=changed, msg=error_msg) return changed, name, updated_policies, msg
def create_users(): try: iam.create_group(group) except boto.exception.BotoServerError as e: if e.code == 'EntityAlreadyExists': print e.message + " Will overwrite." else: print "Exception: %s" % str(e) exit(1) # attach policy to group # security policy: allows access to everything but IAM # if the IAM lab is included in the day, then remove the line "NotAction": "iam:*", policy = '''{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "NotAction": "iam:*", "Resource": "*" } ] }''' iam.put_group_policy(group, policy_name, policy) # add users to group with open(DATA_FILE_NAME, 'rU') as data_file: user_reader = csv.reader(data_file) for row in user_reader: user, password = row[0], row[1] try: iam.create_user(user) iam.create_login_profile(user, password) iam.add_user_to_group(group, user) print("Added " + user) except boto.exception.BotoServerError as e: print "Problems creating %s. Exiting due to error: %s" % ( user, str(e.message)) exit(1) print "Users created. They can login to the AWS Console using this link: " + iam.get_signin_url( )
def group_action(module, iam, name, policy_name, skip, pdoc, state): policy_match = False changed = False msg = '' try: current_policies = [ cp for cp in iam.get_all_group_policies( name).list_group_policies_result.policy_names ] for pol in current_policies: if urllib.unquote( iam.get_group_policy( name, pol).get_group_policy_result.policy_document) == pdoc: policy_match = True if policy_match: msg = ("The policy document you specified already exists " "under the name %s." % pol) if state == 'present' and skip: if policy_name not in current_policies and not policy_match: changed = True iam.put_group_policy(name, policy_name, pdoc) elif state == 'present' and not skip: changed = True iam.put_group_policy(name, policy_name, pdoc) elif state == 'absent': try: iam.delete_group_policy(name, policy_name) changed = True except boto.exception.BotoServerError, err: error_msg = boto_exception(err) if 'cannot be found.' in error_msg: changed = False module.exit_json(changed=changed, msg="%s policy is already absent" % policy_name) updated_policies = [ cp for cp in iam.get_all_group_policies( name).list_group_policies_result.policy_names ]
def create_users(): try: iam.create_group(group) except boto.exception.BotoServerError as e: if e.code == 'EntityAlreadyExists': print e.message + " Will overwrite." else: print "Exception: %s" % str(e) exit(1) # attach policy to group # security policy: allows access to everything but IAM # if the IAM lab is included in the day, then remove the line "NotAction": "iam:*", policy = '''{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "NotAction": "iam:*", "Resource": "*" } ] }''' iam.put_group_policy(group, policy_name, policy) # add users to group with open(DATA_FILE_NAME, 'rU') as data_file: user_reader = csv.reader(data_file) for row in user_reader: user, password = row[0], row[1] try: iam.create_user(user) iam.create_login_profile(user, password) iam.add_user_to_group(group, user) print("Added " + user) except boto.exception.BotoServerError as e: print "Problems creating %s. Exiting due to error: %s" % (user, str(e.message)) exit(1) print "Users created. They can login to the AWS Console using this link: " + iam.get_signin_url()
def group_action(module, iam, name, policy_name, skip, pdoc, state): policy_match = False changed = False msg='' try: current_policies = [cp for cp in iam.get_all_group_policies(name). list_group_policies_result. policy_names] for pol in current_policies: if urllib.unquote(iam.get_group_policy(name, pol). get_group_policy_result.policy_document) == pdoc: policy_match = True if policy_match: msg=("The policy document you specified already exists " "under the name %s." % pol) if state == 'present' and skip: if policy_name not in current_policies and not policy_match: changed = True iam.put_group_policy(name, policy_name, pdoc) elif state == 'present' and not skip: changed = True iam.put_group_policy(name, policy_name, pdoc) elif state == 'absent': try: iam.delete_group_policy(name, policy_name) changed = True except boto.exception.BotoServerError, err: error_msg = boto_exception(err) if 'cannot be found.' in error_msg: changed = False module.exit_json(changed=changed, msg="%s policy is already absent" % policy_name) updated_policies = [cp for cp in iam.get_all_group_policies(name). list_group_policies_result. policy_names]