def main(self, **args):
data = {}
recursive_local = self.cli_options.recursive or \
args.get('recursive', False)
recursive_server = self.cli_options.recursive_euca or \
args.get('recursive_euca', False)
self.pretend = self.cli_options.pretend or args.get('pretend', False)
group_name = self.cli_options.group_name or args.get(
'group_name', None)
if recursive_local or (recursive_server and self.pretend):
obj = ListGroupPolicies()
d = obj.main(group_name=group_name)
data['policies'] = d.PolicyNames
obj = GetGroup()
d = obj.main(group_name=group_name)
data['users'] = d.Users
if self.pretend:
return data
else:
obj = RemoveUserFromGroup()
for user in data['users']:
obj.main(group_name=group_name, user_name=user['UserName'])
obj = DeleteGroupPolicy()
for policy in data['policies']:
obj.main(group_name=group_name, policy_name=policy)
if not self.pretend:
return self.send(**args)
def main(self, **args):
recursive_local = self.cli_options.recursive or \
args.get('recursive', False)
recursive_server = self.cli_options.recursive_euca or \
args.get('recursive_euca', False)
self.pretend = self.cli_options.pretend or args.get('pretend', False)
user_name = self.cli_options.user_name or args.get('user_name', None)
if self.pretend and not (recursive_server or recursive_local):
sys.exit('error: argument -p/--pretend must only be used with '
'-r/--recursive')
if recursive_local or (recursive_server and self.pretend):
obj = ListUserPolicies()
d = obj.main(user_name=user_name)
data = {'policies' : d.PolicyNames}
obj = ListGroupsForUser()
d = obj.main(user_name=user_name)
data['groups'] = d.Groups
obj = ListSigningCertificates()
d = obj.main(user_name=user_name)
data['certificates'] = d.Certificates
obj = ListAccessKeys()
d = obj.main(user_name=user_name)
data['access_keys'] = d.AccessKeyMetadata
obj = GetLoginProfile()
try:
d = obj.main(user_name=user_name)
data['login_profile'] = d.LoginProfile
except BotoServerError as err:
if err.error_code == 'NoSuchEntity':
data['login_profile'] = None
else:
raise
if self.pretend:
return data
else:
obj = DeleteAccessKey()
for ak in data['access_keys']:
obj.main(user_name=user_name, user_key_id=ak['AccessKeyId'])
obj = DeleteUserPolicy()
for policy in data['policies']:
obj.main(user_name=user_name, policy_name=policy)
obj = DeleteSigningCertificate()
for cert in data['certificates']:
obj.main(user_name=user_name, certificate_id=cert['CertificateId'])
obj = RemoveUserFromGroup()
for group in data['groups']:
obj.main(group_name=group['GroupName'], user_name=user_name)
if data['login_profile']:
DeleteLoginProfile().main(user_name=user_name)
if not self.pretend:
return self.send(**args)
def main(self):
if self.args['recursive'] or self.args['pretend']:
# Figure out what we'd have to delete
req = GetGroup(config=self.config,
service=self.service,
GroupName=self.args['GroupName'],
DelegateAccount=self.params['DelegateAccount'])
members = req.main().get('Users', [])
req = ListGroupPolicies(
config=self.config,
service=self.service,
GroupName=self.args['GroupName'],
DelegateAccount=self.params['DelegateAccount'])
policies = req.main().get('PolicyNames', [])
else:
# Just in case
members = []
policies = []
if self.args['pretend']:
return {
'members': [member['Arn'] for member in members],
'policies': policies
}
else:
if self.args['recursive']:
member_names = [member['UserName'] for member in members]
req = RemoveUserFromGroup(
config=self.config,
service=self.service,
GroupName=self.args['GroupName'],
user_names=member_names,
DelegateAccount=self.params['DelegateAccount'])
req.main()
for policy in policies:
req = DeleteGroupPolicy(
config=self.config,
service=self.service,
GroupName=self.args['GroupName'],
PolicyName=policy,
DelegateAccount=self.params['DelegateAccount'])
req.main()
return self.send()
def main(self):
if self.args['recursive'] or self.args['pretend']:
# Figure out what we'd have to delete
req = ListAccessKeys(
config=self.config,
service=self.service,
UserName=self.args['UserName'],
DelegateAccount=self.params['DelegateAccount'])
keys = req.main().get('AccessKeyMetadata', [])
req = ListUserPolicies(
config=self.config,
service=self.service,
UserName=self.args['UserName'],
DelegateAccount=self.params['DelegateAccount'])
policies = req.main().get('PolicyNames', [])
req = ListSigningCertificates(
config=self.config,
service=self.service,
UserName=self.args['UserName'],
DelegateAccount=self.params['DelegateAccount'])
certs = req.main().get('Certificates', [])
req = ListGroupsForUser(
config=self.config,
service=self.service,
UserName=self.args['UserName'],
DelegateAccount=self.params['DelegateAccount'])
groups = req.main().get('Groups', [])
req = GetLoginProfile(
config=self.config,
service=self.service,
UserName=self.args['UserName'],
DelegateAccount=self.params['DelegateAccount'])
try:
# This will raise an exception if no login profile is found.
req.main()
has_login_profile = True
except AWSError as err:
if err.code == 'NoSuchEntity':
# It doesn't exist
has_login_profile = False
else:
# Something else went wrong; not our problem
raise
else:
# Just in case
keys = []
policies = []
certs = []
groups = []
has_login_profile = False
if self.args['pretend']:
return {
'keys': keys,
'policies': policies,
'certificates': certs,
'groups': groups,
'has_login_profile': has_login_profile
}
else:
if self.args['recursive']:
for key in keys:
req = DeleteAccessKey(
config=self.config,
service=self.service,
UserName=self.args['UserName'],
AccessKeyId=key['AccessKeyId'],
DelegateAccount=self.params['DelegateAccount'])
req.send()
for policy in policies:
req = DeleteUserPolicy(
config=self.config,
service=self.service,
UserName=self.args['UserName'],
PolicyName=policy,
DelegateAccount=self.params['DelegateAccount'])
req.send()
for cert in certs:
req = DeleteSigningCertificate(
config=self.config,
service=self.service,
UserName=self.args['UserName'],
CertificateId=cert['CertificateId'],
DelegateAccount=self.params['DelegateAccount'])
req.send()
for group in groups:
req = RemoveUserFromGroup(
config=self.config,
service=self.service,
user_names=[self.args['UserName']],
GroupName=group['GroupName'],
DelegateAccount=self.params['DelegateAccount'])
req.send()
if has_login_profile:
req = DeleteLoginProfile(
config=self.config,
service=self.service,
UserName=self.args['UserName'],
DelegateAccount=self.params['DelegateAccount'])
req.send()
return self.send()