def aws_assume_role(session, assertion, role_arn, principal_arn, duration=3600): client = aws_client('sts') return client.assume_role_with_saml( RoleArn=role_arn, PrincipalArn=principal_arn, SAMLAssertion=b64encode(assertion).decode(), DurationSeconds=duration)
def get_args(): ap = ArgumentParser() m = ap.add_mutually_exclusive_group(required=True) m.add_argument('--symbol', help='The official symbol (as written in UNBIS)') m.add_argument('--list', help='Text file with a list of symbols') ap.add_argument( '--ods_symbol', help='The symbol used by ODS if it differs from the official symbol') ap.add_argument('--language', help='ODS language code') ap.add_argument('--overwrite', action='store_true') ap.add_argument('--skip_check', action='store_true') # get from AWS if not provided ssm = aws_client('ssm', region_name='us-east-1') def param(name): return None if os.environ.get('DLX_DL_TESTING') else ssm.get_parameter( Name=name)['Parameter']['Value'] c = ap.add_argument_group( 'credentials', description= 'these arguments are automatically supplied by AWS SSM if AWS credentials are configured' ) c.add_argument('--dlx_connect', default=param('connect-string'), help='MongoDB connection string') c.add_argument('--s3_bucket', default=param('dlx-s3-bucket'), help='S3 bucket') return ap.parse_args()
def __init__(self, access_key: str, access_secret: str, region: str, bucket: str, url_prefix: str = None, public: bool = False): super().__init__(public) self.bucket = bucket self.region = region self.url_prefix = url_prefix self.client = aws_client('s3', aws_access_key_id=access_key, aws_secret_access_key=access_secret, region_name=region)
def setUp(self): self.aws_account_alias = "" self.aws_account_state = "present" self.aws_access_key = "test-key" self.aws_secret_key = "test-secret" # Set `test-alias` as an alias value # which is already being used by some # other user self.existing_alias = "test-alias" self.module = self._get_module() self.client = aws_client("iam", aws_access_key_id=self.aws_access_key, aws_secret_access_key=self.aws_secret_key) self.stubber = Stubber(self.client)
def main(): argument_spec = dict( aws_account_alias=dict(default=None, required=False), aws_account_state=dict(default=None, required=True, choices=["present", "absent"]), aws_access_key=dict(default=None, required=True), aws_secret_key=dict(default=None, required=True), ) module = AnsibleModule(argument_spec=argument_spec) if not HAS_BOTO: module.fail_json(msg='This module requires boto3, please install it') aws_account_alias = module.params.get('aws_account_alias') aws_account_state = module.params.get('aws_account_state') aws_access_key_id = module.params.get('aws_access_key') aws_secret_key = module.params.get('aws_secret_key') # Test for empty string values not covered by # required=True parameter condition if not aws_access_key_id: try: aws_access_key_id = os.environ["AWS_ACCESS_KEY_ID"] except: module.fail_json( msg="empty value for required argument: aws_access_key_id") if not aws_secret_key: try: aws_secret_access_key = os.environ["AWS_SECRET_ACCESS_KEY"] except: module.fail_json( msg="empty value for required argument: aws_secret_key") client = aws_client(SERVICE, aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_key) # Initialize variables to track module exit state changed = False user_id = get_user_id(module, client) current_account_alias = get_account_alias(module, client) # Module need to make changes only if 'aws_account_alias' is set if aws_account_alias: # Module should only set alias if 'aws_account_alias' # is not already set to the required value if aws_account_alias != current_account_alias and aws_account_state == "present": changed = set_account_alias(module, client, aws_account_alias) current_account_alias = aws_account_alias # Module should only delete alias if 'current_account_alias' # is already set to the given 'aws_account_alias' value elif aws_account_alias == current_account_alias and aws_account_state == "absent": changed = delete_account_alias(module, client, aws_account_alias) current_account_alias = get_account_alias(module, client) # Set module exit state module.exit_json(changed=changed, aws_account_id=user_id, aws_account_alias=current_account_alias)