def create(self): if (self.cli_args.name is None or self.cli_args.name is ''): message = "Account name is required" CLIResponse.send_error_out(message) if (self.cli_args.password is None): message = "Account login password is required" CLIResponse.send_error_out(message) passwordResetRequired = False if (self.cli_args.password_reset_required): passwordResetRequired = True # Get host value from url https://iam.seagate.com:9443 url_parse_result = urllib.parse.urlparse(Config.endpoint) epoch_t = datetime.datetime.utcnow() body = urllib.parse.urlencode({ 'Action': 'CreateAccountLoginProfile', 'AccountName': self.cli_args.name, 'Password': self.cli_args.password, 'PasswordResetRequired': passwordResetRequired }) headers = { 'content-type': 'application/x-www-form-urlencoded', 'Accept': 'text/plain' } headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t, url_parse_result.netloc, Config.service, Config.default_region) headers['X-Amz-Date'] = get_timestamp(epoch_t) if (headers['Authorization'] is None): message = "Failed to generate v4 signature" CLIResponse.send_error_out(message) result = ConnMan.send_post_request(body, headers) # Validate response if (result['status'] == 201): profile = CreateAccountLoginProfileResponse(result) if profile.is_valid_response(): profile.print_profile_info() else: # unlikely message corruption case in network message = "Account login profile was created. For details try get account login profile." CLIResponse.send_success_out(message) elif (result['status'] == 503): message = "Failed to create Account login profile.\n" \ "An error occurred (503) when calling the CreateAccountLoginProfile operation : " + result['reason'] CLIResponse.send_error_out(message) else: message = "Failed to create Account login profile.\n" error = ErrorResponse(result) message += error.get_error_message() CLIResponse.send_error_out(message)
def list(self): try: result = self.iam_client.list_saml_providers() except Exception as ex: message = "Exception occured while listing SAML providers.\n" message += str(ex) CLIResponse.send_error_out(message) for provider in result['SAMLProviderList']: print("ARN = %s, ValidUntil = %s" % (provider['Arn'], provider['ValidUntil']))
def create(self): if (self.cli_args.file is None): message = "Assume role policy document is required to create role." CLIResponse.send_error_out(message) if (self.cli_args.name is None): print("RoleName is required to create role.") CLIResponse.send_error_out(message) file_path = os.path.abspath(self.cli_args.file) if (not os.path.isfile(file_path)): message = "File " + file_path + " not found." CLIResponse.send_error_out(message) with open(file_path, "r") as assume_role_file: assume_role_policy = assume_role_file.read() role_args = {} role_args['AssumeRolePolicyDocument'] = assume_role_policy role_args['RoleName'] = self.cli_args.name if (not self.cli_args.path is None): role_args['Path'] = self.cli_args.path try: result = self.iam_client.create_role(**role_args) except Exception as ex: message = "Exception occured while creating role." message += str(ex) CLIResponse.send_error_out(message) print("RoleId = %s, RoleName = %s, ARN = %s, Path = %s" % (result['Role']['RoleId'], result['Role']['RoleName'], result['Role']['Arn'], result['Role']['Path']))
def update(self): if (self.cli_args.file is None): message = "SAML Metadata Document is required to update saml provider." CLIResponse.send_error_out(message) if (self.cli_args.arn is None): message = "SAML Provider ARN is required to update saml provider." CLIResponse.send_error_out(message) file_path = os.path.abspath(self.cli_args.file) if (not os.path.isfile(file_path)): message = "File " + file_path + " not found." CLIResponse.send_error_out(message) with open(file_path, "r") as saml_metadata_file: saml_metadata = saml_metadata_file.read() saml_provider_args = {} saml_provider_args['SAMLMetadataDocument'] = saml_metadata saml_provider_args['SAMLProviderArn'] = self.cli_args.arn try: self.iam_client.update_saml_provider(**saml_provider_args) except Exception as ex: message = "Exception occured while updating SAML provider.\n" message += str(ex) CLIResponse.send_error_out(message) message = "SAML provider Updated." CLIResponse.send_success_out(message)
def create(self): if (self.cli_args.file is None): message = "SAML Metadata Document is required to create role" CLIResponse.send_error_out(message) if (self.cli_args.name is None): message = "Provider name is required to create SAML provider." CLIResponse.send_error_out(message) file_path = os.path.abspath(self.cli_args.file) if (not os.path.isfile(file_path)): message = "File " + file_path + " not found." CLIResponse.send_error_out(message) with open(file_path, "r") as saml_metadata_file: saml_metadata = saml_metadata_file.read() saml_provider_args = {} saml_provider_args['SAMLMetadataDocument'] = saml_metadata saml_provider_args['Name'] = self.cli_args.name try: result = self.iam_client.create_saml_provider(**saml_provider_args) except Exception as ex: message = "Exception occured while creating saml provider.\n" message += str(ex) CLIResponse.send_error_out(message) message = "SAMLProviderArn = %s" % (result['SAMLProviderArn']) CLIResponse.send_success_out(message)
def list(self): role_args = {} if (not self.cli_args.path is None): role_args['PathPrefix'] = self.cli_args.path try: result = self.iam_client.list_roles(**role_args) except Exception as ex: message = "Exception occured while listing roles.\n" message += str(ex) CLIResponse.send_error_out(message) for role in result['Roles']: print( "RoleId = %s, RoleName = %s, ARN = %s, Path = %s" % (role['RoleId'], role['RoleName'], role['Arn'], role['Path']))
def delete(self): if (self.cli_args.name is None): print("Role name is required to delete role.") CLIResponse.send_error_out(message) role_args = {} role_args['RoleName'] = self.cli_args.name try: self.iam_client.delete_role(**role_args) except Exception as ex: message = "Exception occured while deleting role." message += str(ex) CLIResponse.send_error_out(message) message = "Role deleted." CLIResponse.send_success_out(message)
def delete(self): if (self.cli_args.arn is None): message = "SAML Provider ARN is required to delete." CLIResponse.send_error_out(message) saml_provider_args = {} saml_provider_args['SAMLProviderArn'] = self.cli_args.arn try: self.iam_client.delete_saml_provider(**saml_provider_args) except Exception as ex: message = "Exception occured while deleting SAML provider.\n" message += str(ex) CLIResponse.send_error_out(message) message = "SAML provider deleted." CLIResponse.send_success_out(message)
def get(self): if (self.cli_args.name is None): message = "User name is required for getting Login Profile" CLIResponse.send_error_out(message) user_args = {} user_args['UserName'] = self.cli_args.name try: result = self.iam_client.get_login_profile(**user_args) except Exception as ex: message = "Failed to get Login Profile for " + user_args[ 'UserName'] + "\n" message += str(ex) CLIResponse.send_error_out(message) profile = (result['LoginProfile']) print("Login Profile %s %s %s" % (profile['CreateDate'], profile['PasswordResetRequired'], profile['UserName']))
def create(self): if (self.cli_args.name is None): message = "User name is required for user login-profile creation" CLIResponse.send_error_out(message) if (self.cli_args.password is None): message = "User password is required for user login-profile creation" CLIResponse.send_error_out(message) user_args = {} user_args['UserName'] = self.cli_args.name user_args['Password'] = self.cli_args.password user_args['PasswordResetRequired'] = False if (self.cli_args.password_reset_required): user_args['PasswordResetRequired'] = True try: result = self.iam_client.create_login_profile(**user_args) except Exception as ex: message = "Failed to create userloginprofile.\n" message += str(ex) CLIResponse.send_error_out(message) profile = (result['LoginProfile']) print("Login Profile %s %s %s" % (profile['CreateDate'], profile['PasswordResetRequired'], profile['UserName']))
def list(self): # Get host value from url https://iam.seagate.com:9443 if (self.cli_args.name is None): message = "Account name is required." CLIResponse.send_error_out(message) url_parse_result = urllib.parse.urlparse(Config.endpoint) epoch_t = datetime.datetime.utcnow() body = urllib.parse.urlencode({ 'Action': 'GetAccountLoginProfile', 'AccountName': self.cli_args.name }) headers = { 'content-type': 'application/x-www-form-urlencoded', 'Accept': 'text/plain' } headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t, url_parse_result.netloc, Config.service, Config.default_region) headers['X-Amz-Date'] = get_timestamp(epoch_t) if (self.cli_args.session_token is not None): headers['X-Amz-Security-Token'] = self.cli_args.session_token if (headers['Authorization'] is None): message = "Failed to generate v4 signature" CLIResponse.send_error_out(message) response = ConnMan.send_post_request(body, headers) if response['status'] == 200: accounts = GetAccountLoginProfileResponse(response) if accounts.is_valid_response(): accounts.print_account_login_profile_info() else: # unlikely message corruption case in network message = "Failed to list login profile" CLIResponse.send_success_out(message) elif (response['status'] == 503): message = "Failed to get login profile\n" \ "An error occurred (503) when calling the GetAccountLoginProfile operation : " + response['reason'] CLIResponse.send_error_out(message) else: message = "Failed to get login profile\n" error = ErrorResponse(response) message += error.get_error_message() CLIResponse.send_error_out(message)
def delete(self): if self.cli_args.name is None: print('Account name is required.') CLIResponse.send_error_out(message) # Get host value from url https://iam.seagate.com:9443 url_parse_result = urllib.parse.urlparse(Config.endpoint) epoch_t = datetime.datetime.utcnow() account_params = { 'Action': 'DeleteAccount', 'AccountName': self.cli_args.name } if self.cli_args.force: account_params['force'] = True epoch_t = datetime.datetime.utcnow() body = urllib.parse.urlencode(account_params) headers = { 'content-type': 'application/x-www-form-urlencoded', 'Accept': 'text/plain' } headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t, url_parse_result.netloc, Config.service, Config.default_region) headers['X-Amz-Date'] = get_timestamp(epoch_t) if (self.cli_args.session_token is not None): headers['X-Amz-Security-Token'] = self.cli_args.session_token if (headers['Authorization'] is None): print("Failed to generate v4 signature") CLIResponse.send_error_out(message) response = ConnMan.send_post_request(body, headers) if response['status'] == 200: print('Account deleted successfully.') elif (response['status'] == 503): message = "Account cannot be deleted.\n" \ "An error occurred (503) when calling the DeleteAccount operation : " + response['reason'] CLIResponse.send_error_out(message) else: message = 'Account cannot be deleted.\n' error = ErrorResponse(response) message += error.get_error_message() CLIResponse.send_error_out(message)
def create(self): policy_args = {} if (self.cli_args.name is None): message = "Group name is required." CLIResponse.send_error_out(message) policy_args['GroupName'] = self.cli_args.name if (not self.cli_args.path is None): policy_args['Path'] = self.cli_args.path try: result = self.iam_client.create_group(**policy_args) except Exception as ex: message = "Exception occured while creating group.\n" message += str(ex) CLIResponse.send_error_out(message) print("GroupId = %s, GroupName = %s, Arn = %s" % ( result['Group']['GroupId'], result['Group']['GroupName'], result['Group']['Arn'], ))
def create(self): if self.cli_args.name is None: message = "Account name is required." CLIResponse.send_error_out(message) if self.cli_args.email is None: message = "Email Id of the user is required to create an Account" CLIResponse.send_error_out(message) # Get host value from url https://iam.seagate.com:9443 url_parse_result = urllib.parse.urlparse(Config.endpoint) epoch_t = datetime.datetime.utcnow() body = urllib.parse.urlencode({ 'Action': 'CreateAccount', 'AccountName': self.cli_args.name, 'Email': self.cli_args.email }) headers = { 'content-type': 'application/x-www-form-urlencoded', 'Accept': 'text/plain' } headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t, url_parse_result.netloc, Config.service, Config.default_region) headers['X-Amz-Date'] = get_timestamp(epoch_t) if (headers['Authorization'] is None): print("Failed to generate v4 signature") sys.exit(1) response = ConnMan.send_post_request(body, headers) if (response['status'] == 201): account = CreateAccountResponse(response) if account.is_valid_response(): account.print_account_info() else: # unlikely message corruption case in network message = "Account was created. For account details try account listing." CLIResponse.send_success_out(message) elif (response['status'] == 503): message = "Account wasn't created.\n" \ "An error occurred (503) when calling the CreateAccount operation : " + response['reason'] CLIResponse.send_error_out(message) else: message = "Account wasn't created.\n" error = ErrorResponse(response) message += error.get_error_message() CLIResponse.send_error_out(message)
def create(self): policy_args = {} if (self.cli_args.name is None): message = "Policy name is required." CLIResponse.send_error_out(message) if (self.cli_args.file is None): message = "Policy document is required." CLIResponse.send_error_out(message) file_path = os.path.abspath(self.cli_args.file) if (not os.path.isfile(file_path)): message = "Policy file " + file_path + " not found." CLIResponse.send_error_out(message) policy_args['PolicyName'] = self.cli_args.name with open(file_path, "r") as policy_file: policy = policy_file.read() policy_args['PolicyDocument'] = policy if (not self.cli_args.path is None): policy_args['Path'] = self.cli_args.path if (not self.cli_args.description is None): policy_args['Description'] = self.cli_args.description try: result = self.iam_client.create_policy(**policy_args) except Exception as ex: message = "Exception occured while creating policy.\n" message += str(ex) CLIResponse.send_error_out(message) print( "PolicyId = %s, PolicyName = %s, Arn = %s, DefaultVersionId = %s" % (result['Policy']['PolicyId'], result['Policy']['PolicyName'], result['Policy']['Arn'], result['Policy']['DefaultVersionId']))
def list(self): # Get host value from url https://iam.seagate.com:9443 url_parse_result = urllib.parse.urlparse(Config.endpoint) epoch_t = datetime.datetime.utcnow() showAll = False if (self.cli_args.showall): showAll = True body = urllib.parse.urlencode({ 'Action': 'ListAccounts', 'ShowAll': showAll }) headers = { 'content-type': 'application/x-www-form-urlencoded', 'Accept': 'text/plain' } headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t, url_parse_result.netloc, Config.service, Config.default_region) headers['X-Amz-Date'] = get_timestamp(epoch_t) if (headers['Authorization'] is None): print("Failed to generate v4 signature") CLIResponse.send_error_out(message) response = ConnMan.send_post_request(body, headers) if response['status'] == 200: accounts = ListAccountResponse(response) if accounts.is_valid_response(): accounts.print_account_listing() else: # unlikely message corruption case in network print("Failed to list accounts.") sys.exit(0) elif (response['status'] == 503): message = "Failed to list accounts!\n" \ "An error occurred (503) when calling the ListAccounts operation : " + response['reason'] CLIResponse.send_error_out(message) else: message = "Failed to list accounts!\n" error = ErrorResponse(response) message += error.get_error_message() CLIResponse.send_error_out(message)
def changepassword(self): if (self.cli_args.old_password is None): message = "OldPassword is required for changing user password" CLIResponse.send_error_out(message) if (self.cli_args.new_password is None): message = "NewPassword is required for changing user password" CLIResponse.send_error_out(message) user_args = {} user_args['OldPassword'] = self.cli_args.old_password user_args['NewPassword'] = self.cli_args.new_password try: result = self.iam_client.change_password(**user_args) message = "ChangePassword is successful" CLIResponse.send_success_out(message) except Exception as ex: message = "ChangePassword failed\n" message += str(ex) CLIResponse.send_error_out(message)
def create(self): if (self.cli_args.name is None): message = "Name is required to create federation token." CLIResponse.send_error_out(message) federation_token_args = {} federation_token_args['Name'] = self.cli_args.name if (not self.cli_args.duration is None): federation_token_args['DurationSeconds'] = self.cli_args.duration if (not self.cli_args.file is None): file_path = os.path.abspath(self.cli_args.file) if (not os.path.isfile(file_path)): message = "Policy file " + file_path + " not found." CLIResponse.send_error_out(message) with open(file_path, "r") as federation_token_file: policy = federation_token_file.read() federation_token_args['Policy'] = policy try: result = self.sts_client.get_federation_token( **federation_token_args) except Exception as ex: message = "Exception occured while creating federation token.\n" message += str(ex) CLIResponse.send_error_out(message) print( "FederatedUserId = %s, AccessKeyId = %s, SecretAccessKey = %s, SessionToken = %s" % (result['FederatedUser']['FederatedUserId'], result['Credentials']['AccessKeyId'], result['Credentials']['SecretAccessKey'], result['Credentials']['SessionToken']))
def update(self): if (self.cli_args.name is None): message = "UserName is required for UpdateUserLoginProfile" CLIResponse.send_error_out(message) user_args = {} user_args['UserName'] = self.cli_args.name if (not self.cli_args.password is None): user_args['Password'] = self.cli_args.password user_args['PasswordResetRequired'] = False if (self.cli_args.password_reset_required): user_args['PasswordResetRequired'] = True if (self.cli_args.password is None) and ( self.cli_args.password_reset_required is False) and (self.cli_args.no_password_reset_required is False): message = "Please provide password or password-reset flag" CLIResponse.send_error_out(message) try: result = self.iam_client.update_login_profile(**user_args) message = "UpdateUserLoginProfile is successful" CLIResponse.send_success_out(message) except Exception as ex: message = "UpdateUserLoginProfile failed\n" message += str(ex) CLIResponse.send_error_out(message)
def create(self): if(self.cli_args.saml_principal_arn is None): message = "SAML principal ARN is required." CLIResponse.send_error_out(message) if(self.cli_args.saml_role_arn is None): message = "SAML role ARN is required." CLIResponse.send_error_out(message) if(self.cli_args.saml_assertion is None): message = "SAML assertion is required." CLIResponse.send_error_out(message) assertion_file_path = os.path.abspath(self.cli_args.saml_assertion) if(not os.path.isfile(assertion_file_path)): message = "Saml assertion file not found." CLIResponse.send_error_out(message) with open (assertion_file_path, "r") as saml_assertion_file: assertion = saml_assertion_file.read() assume_role_with_saml_args = {} assume_role_with_saml_args['SAMLAssertion'] = assertion assume_role_with_saml_args['RoleArn'] = self.cli_args.saml_role_arn assume_role_with_saml_args['PrincipalArn'] = self.cli_args.saml_principal_arn if(not self.cli_args.duration is None): assume_role_with_saml_args['DurationSeconds'] = self.cli_args.duration if(not self.cli_args.file is None): file_path = os.path.abspath(self.cli_args.file) if(not os.path.isfile(file_path)): message = "Policy file not found. " + file_path CLIResponse.send_error_out(message) with open (file_path, "r") as federation_token_file: policy = federation_token_file.read() assume_role_with_saml_args['Policy'] = policy try: result = self.sts_client.assume_role_with_saml(**assume_role_with_saml_args) except Exception as ex: message = "Exception occured while creating credentials with saml.\n" message += str(ex) CLIResponse.send_error_out(message) print("AssumedRoleId- %s, AccessKeyId- %s, SecretAccessKey- %s, SessionToken- %s" % ( result['AssumedRoleUser']['AssumedRoleId'], result['Credentials']['AccessKeyId'], result['Credentials']['SecretAccessKey'], result['Credentials']['SessionToken'],))
def create(self): if (self.cli_args.account_name is None): message = "Account Name is required for getting auth credentials" CLIResponse.send_error_out(message) if (self.cli_args.password is None): message = "Account password is required for getting auth credentials" CLIResponse.send_error_out(message) url_parse_result = urllib.parse.urlparse(Config.endpoint) epoch_t = datetime.datetime.utcnow() if (self.cli_args.name is None): if (self.cli_args.duration is None): body = urllib.parse.urlencode({ 'Action': 'GetTempAuthCredentials', 'AccountName': self.cli_args.account_name, 'Password': self.cli_args.password }) else: body = urllib.parse.urlencode({ 'Action': 'GetTempAuthCredentials', 'AccountName': self.cli_args.account_name, 'Password': self.cli_args.password, 'Duration': self.cli_args.duration }) else: if (self.cli_args.duration is None): body = urllib.parse.urlencode({ 'Action': 'GetTempAuthCredentials', 'AccountName': self.cli_args.account_name, 'Password': self.cli_args.password, 'UserName': self.cli_args.name }) else: body = urllib.parse.urlencode({ 'Action': 'GetTempAuthCredentials', 'AccountName': self.cli_args.account_name, 'Password': self.cli_args.password, 'Duration': self.cli_args.duration, 'UserName': self.cli_args.name }) headers = { 'content-type': 'application/x-www-form-urlencoded', 'Accept': 'text/plain' } headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t, url_parse_result.netloc, Config.service, Config.default_region) headers['X-Amz-Date'] = get_timestamp(epoch_t) if (headers['Authorization'] is None): message = "Failed to generate v4 signature" CLIResponse.send_error_out(message) response = ConnMan.send_post_request(body, headers) if (response['status'] == 201): credentials = GetTempAuthCredentialsResponse(response) credentials.print_credentials() elif (response['status'] == 503): message = "GetTempAuthCredentials not successful\n" \ + "An error occurred (503) when calling the GetTempAuthCredentials operation : " + response['reason'] CLIResponse.send_error_out(message) else: message = "GetTempAuthCredentials not successful\n" error = ErrorResponse(response) message += error.get_error_message() CLIResponse.send_error_out(message)
def update(self): if (self.cli_args.name is None): message = "Account name is required for UpdateAccountLoginProfile" CLIResponse.send_error_out(message) passwordResetRequired = False if (self.cli_args.password_reset_required): passwordResetRequired = True if (self.cli_args.password is None) and ( self.cli_args.password_reset_required is False) and (self.cli_args.no_password_reset_required is False): message = "Please provide password or password-reset flag" CLIResponse.send_error_out(message) # Get host value from url https://iam.seagate.com:9443 url_parse_result = urllib.parse.urlparse(Config.endpoint) epoch_t = datetime.datetime.utcnow() if (self.cli_args.password is None): body = urllib.parse.urlencode({ 'Action': 'UpdateAccountLoginProfile', 'AccountName': self.cli_args.name, 'PasswordResetRequired': passwordResetRequired }) else: body = urllib.parse.urlencode({ 'Action': 'UpdateAccountLoginProfile', 'AccountName': self.cli_args.name, 'Password': self.cli_args.password, 'PasswordResetRequired': passwordResetRequired }) headers = { 'content-type': 'application/x-www-form-urlencoded', 'Accept': 'text/plain' } headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t, url_parse_result.netloc, Config.service, Config.default_region) headers['X-Amz-Date'] = get_timestamp(epoch_t) if (self.cli_args.session_token is not None): headers['X-Amz-Security-Token'] = self.cli_args.session_token if (headers['Authorization'] is None): message = "Failed to generate v4 signature" CLIResponse.send_error_out(message) result = ConnMan.send_post_request(body, headers) # Validate response if (result['status'] == 200): message = "Account login profile updated." CLIResponse.send_success_out(message) elif (result['status'] == 503): message = "Failed to update Account login profile.\n" \ "An error occurred (503) when calling the UpdateAccountLoginProfile operation : " + result['reason'] CLIResponse.send_error_out(message) else: message = "Account login profile wasn't Updated." error = ErrorResponse(result) message += error.get_error_message() CLIResponse.send_error_out(message)
def load_config(self, cli_args): conf_home_dir = os.path.join(os.path.expanduser('~'), '.sgs3iamcli') conf_file = os.path.join(conf_home_dir, 'config.yaml') if not os.path.isfile(conf_file): try: os.stat(conf_home_dir) except: os.mkdir(conf_home_dir) shutil.copy(os.path.join(self.get_conf_dir(), 's3iamclicfg.yaml'), conf_file) if not os.access(conf_file, os.R_OK): message = "Failed to read " + conf_file + " it doesn't have read access" CLIResponse.send_error_out(message) with open(conf_file, 'r') as f: config = yaml.safe_load(f) service = Config.service.upper() if not cli_args.no_ssl: Config.use_ssl = True service = service + '_HTTPS' Config.ca_cert_file = config['SSL']['CA_CERT_FILE'] if ('~' == Config.ca_cert_file[0]): Config.ca_cert_file = os.path.expanduser( '~') + Config.ca_cert_file[1:len(Config.ca_cert_file)] Config.check_ssl_hostname = config['SSL']['CHECK_SSL_HOSTNAME'] Config.verify_ssl_cert = config['SSL']['VERIFY_SSL_CERT'] if Config.endpoint != None: Config.endpoint = config['ENDPOINTS'][service] """ SG_ACCESS_KEY, SG_SECRET_KEY, SG_LDAP_USER, SG_LDAP_PASSWD credentials are taken from one of the following sources in descending order of priority. 1. CLI options 2. Declared environment variables 3. '~/.sgs3iamcli/config.yaml' file 4. Asking user to enter i.e prompt """ # Take credentials from '~/.sgs3iamcli/config.yaml' file if (cli_args.access_key == None and cli_args.secret_key == None): if 'SG_ACCESS_KEY' in config and config['SG_ACCESS_KEY'] and \ 'SG_SECRET_KEY' in config and config['SG_SECRET_KEY']: cli_args.access_key = config['SG_ACCESS_KEY'] cli_args.secret_key = config['SG_SECRET_KEY'] if (cli_args.ldapuser == None and cli_args.ldappasswd == None): if ('SG_LDAP_USER' in config and config['SG_LDAP_USER']) and \ ('SG_LDAP_PASSWD' in config and config['SG_LDAP_PASSWD']): cli_args.ldapuser = config['SG_LDAP_USER'] cli_args.ldappasswd = config['SG_LDAP_PASSWD'] if config['BOTO']['ENABLE_LOGGER']: logging.basicConfig(filename=config['BOTO']['LOG_FILE_PATH'], level=config['BOTO']['LOG_LEVEL']) if 'DEFAULT_REGION' in config and config['DEFAULT_REGION']: Config.default_region = config['DEFAULT_REGION'] else: Config.default_region = 'us-west2'
def run(self): show_hidden_args = '--hidden_help' in sys.argv parser = argparse.ArgumentParser(usage=self.iam_usage()) parser.add_argument("action", help="Action to be performed.") parser.add_argument("-n", "--name", help="User Name.") parser.add_argument("-a", "--account_name", help="Account Name.") parser.add_argument("-e", "--email", help="Email id.") parser.add_argument("-p", "--path", help="Path or Path Prefix.") parser.add_argument("-f", "--file", help="File Path.") parser.add_argument("-d", "--duration", help="Access Key Duration.", type=int) parser.add_argument("-k", "--access_key_update", help="Access Key to be updated or deleted.") parser.add_argument("-s", "--status", help="Active/Inactive") parser.add_argument("--force", help="Delete account forcefully.", action='store_true') parser.add_argument("--access_key", help="Access Key Id.") parser.add_argument("--secret_key", help="Secret Key.") parser.add_argument("--password", help="Password.") parser.add_argument("--old_password", help="Old Password.") parser.add_argument("--new_password", help="New Password.") parser.add_argument("--password-reset-required", help="Password reset required on next login.", action='store_true') parser.add_argument("--no-password-reset-required", help="No password reset required on next login.", action='store_true') parser.add_argument("--ldapuser", help="Ldap User Id.") parser.add_argument("--ldappasswd", help="Ldap Password.") parser.add_argument("--session_token", help="Session Token.") parser.add_argument("--arn", help="ARN.") parser.add_argument("--description", help="Description of the entity.") parser.add_argument("--saml_principal_arn", help="SAML Principal ARN." if show_hidden_args else argparse.SUPPRESS) parser.add_argument( "--saml_role_arn", help="SAML Role ARN." if show_hidden_args else argparse.SUPPRESS) parser.add_argument("--saml_assertion", help="File containing SAML assertion." if show_hidden_args else argparse.SUPPRESS) parser.add_argument("--new_user", help="New user name.") parser.add_argument("--no-ssl", help="Use HTTP protocol.", action='store_true') parser.add_argument("--hidden_help", dest='hidden_help', action='store_true', help=argparse.SUPPRESS) parser.add_argument( "--showall", help="Lists all the accounts internal and external", action='store_true') cli_args = parser.parse_args() if cli_args.hidden_help is True and cli_args.action == 'show': parser.print_help() print(self.iam_usage_hidden()) sys.exit() controller_action = self.load_controller_action() """ Check if the action is valid. Note - class name and module name are the same """ try: class_name = controller_action[ cli_args.action.lower()]['controller'] except Exception as ex: message = "Action not found.\n" message += str(ex) CLIResponse.send_error_out(message) # Get service for the action if (not 'service' in controller_action[cli_args.action.lower()].keys()): print( "Set the service(iam/s3/sts) for the action in the controller_action.yml." ) sys.exit() Config.service = controller_action[cli_args.action.lower()]['service'] # Load configurations self.load_config(cli_args) if (cli_args.action.lower() in ["createaccount", "listaccounts", "resetaccountaccesskey"]): # Take credentials from declared environment variables if ('SG_LDAP_USER' in os.environ) and ('SG_LDAP_PASSWD' in os.environ): cli_args.ldapuser = os.environ['SG_LDAP_USER'] cli_args.ldappasswd = os.environ['SG_LDAP_PASSWD'] # Take credentials by asking user to enter i.e prompt if (cli_args.ldapuser is None) and (cli_args.ldappasswd is None): cli_args.ldapuser = input("Enter Ldap User Id: ") if not cli_args.ldapuser: message = "Provide Ldap User Id." CLIResponse.send_error_out(message) cli_args.ldappasswd = getpass.getpass("Enter Ldap password: "******"Provide Ldap password." CLIResponse.send_error_out(message) cli_args.access_key = cli_args.ldapuser cli_args.secret_key = cli_args.ldappasswd elif (cli_args.action.lower() in ["gettempauthcredentials"]): cli_args.access_key = "" cli_args.secret_key = "" else: # Take credentials from declared environment variables if ('SG_ACCESS_KEY' in os.environ) and ('SG_SECRET_KEY' in os.environ): cli_args.access_key = os.environ['SG_ACCESS_KEY'] cli_args.secret_key = os.environ['SG_SECRET_KEY'] # Take credentials by asking user to enter i.e prompt if (cli_args.access_key is None) and (cli_args.secret_key is None): cli_args.access_key = input("Enter Access Key: ") if not cli_args.access_key: message = "Provide access key." CLIResponse.send_error_out(message) cli_args.secret_key = getpass.getpass("Enter Secret Key: ") if not cli_args.secret_key: message = "Provide secret key." CLIResponse.send_error_out(message) Credentials.access_key = cli_args.access_key Credentials.secret_key = cli_args.secret_key # Create boto3.session object using the access key id and the secret key session = self.get_session(cli_args.access_key, cli_args.secret_key, cli_args.session_token) # Create boto3.client object. client = self.get_client(session) # If module is not specified in the controller_action.yaml, then assume # class name as the module name. if ('module' in controller_action[cli_args.action.lower()].keys()): module_name = controller_action[cli_args.action.lower()]['module'] else: module_name = class_name.lower() try: module = self.import_module(module_name) except Exception as ex: message = "Internal error. Module %s not found\n" % class_name message += str(ex) CLIResponse.send_error_out(message) # Create an object of the controller (user, role etc) try: controller_obj = self.str_to_class(module, class_name)(client, cli_args) except Exception as ex: message = "Internal error. Class %s not found\n" % class_name message += str(ex) CLIResponse.send_error_out(message) action = controller_action[cli_args.action.lower()]['action'] # Call the method of the controller i.e Create, Delete, Update, List or ChangePassword try: getattr(controller_obj, action)() except Exception as ex: message = str(ex) CLIResponse.send_error_out(message)