def get_group_policy(group_name, policy_name, region=None, key=None, keyid=None, profile=None): ''' Retrieves the specified policy document for the specified group. .. versionadded:: Beryllium CLI example:: salt myminion boto_iam.get_group_policy mygroup policyname ''' conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile) try: info = conn.get_group_policy(group_name, policy_name) log.debug('info for group policy is : {0}'.format(info)) if not info: return False info = info.get_group_policy_response.get_group_policy_result.policy_document info = _unquote(info) info = json.loads(info, object_pairs_hook=odict.OrderedDict) return info except boto.exception.BotoServerError as e: log.debug(e) msg = 'Failed to get group {0} info.' log.error(msg.format(group_name)) return False
def get_role_policy(role_name, policy_name, region=None, key=None, keyid=None, profile=None): ''' Get a role policy. CLI example:: salt myminion boto_iam.get_role_policy myirole mypolicy ''' conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile) try: _policy = conn.get_role_policy(role_name, policy_name) # I _hate_ you for not giving me an object boto. _policy = _policy.get_role_policy_response.policy_document # Policy is url encoded _policy = _unquote(_policy) _policy = json.loads(_policy, object_pairs_hook=odict.OrderedDict) return _policy except boto.exception.BotoServerError: return {}
def describe_role(name, region=None, key=None, keyid=None, profile=None): ''' Get information for a role. CLI Example: .. code-block:: bash salt myminion boto_iam.describe_role myirole ''' conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile) try: info = conn.get_role(name) if not info: return False role = info.get_role_response.get_role_result.role role['assume_role_policy_document'] = json.loads(_unquote( role.assume_role_policy_document )) # If Sid wasn't defined by the user, boto will still return a Sid in # each policy. To properly check idempotently, let's remove the Sid # from the return if it's not actually set. for policy_key, policy in role['assume_role_policy_document'].items(): if policy_key == 'Statement': for val in policy: if 'Sid' in val and not val['Sid']: del val['Sid'] return role except boto.exception.BotoServerError as e: log.debug(e) msg = 'Failed to get {0} information.' log.error(msg.format(name)) return False
def get_group_policy(group_name, policy_name, region=None, key=None, keyid=None, profile=None): ''' Retrieves the specified policy document for the specified group. .. versionadded:: 2015.8.0 CLI Example: .. code-block:: bash salt myminion boto_iam.get_group_policy mygroup policyname ''' conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile) try: info = conn.get_group_policy(group_name, policy_name) log.debug('info for group policy is : {0}'.format(info)) if not info: return False info = info.get_group_policy_response.get_group_policy_result.policy_document info = _unquote(info) info = json.loads(info, object_pairs_hook=odict.OrderedDict) return info except boto.exception.BotoServerError as e: log.debug(e) msg = 'Failed to get group {0} info.' log.error(msg.format(group_name)) return False
def get_user_policy(user_name, policy_name, region=None, key=None, keyid=None, profile=None): ''' Retrieves the specified policy document for the specified user. .. versionadded:: 2015.8.0 CLI Example: .. code-block:: bash salt myminion boto_iam.get_user_policy myuser mypolicyname ''' conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile) try: info = conn.get_user_policy(user_name, policy_name) log.debug('Info for user policy is : {0}.'.format(info)) if not info: return False info = info.get_user_policy_response.get_user_policy_result.policy_document info = _unquote(info) info = json.loads(info, object_pairs_hook=odict.OrderedDict) return info except boto.exception.BotoServerError as e: log.debug(e) msg = 'Failed to get user {0} policy.' log.error(msg.format(user_name)) return False
def export_users(path_prefix='/', region=None, key=None, keyid=None, profile=None): ''' Get all IAM user details. Produces results that can be used to create an sls file. .. versionadded:: Boron CLI Example: salt-call boto_iam.export_users --out=txt | sed "s/local: //" > iam_users.sls ''' conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile) if not conn: return None results = odict.OrderedDict() _users = conn.get_all_users(path_prefix=path_prefix) users = _users.list_users_response.list_users_result.users marker = getattr(_users.list_users_response.list_users_result, 'marker', None) while marker: _users = conn.get_all_users(path_prefix=path_prefix, marker=marker) users = users + _users.list_users_response.list_users_result.users marker = getattr(_users.list_users_response.list_users_result, 'marker', None) for user in users: name = user.user_name _policies = conn.get_all_user_policies(name, max_items=100) _policies = _policies.list_user_policies_response.list_user_policies_result.policy_names policies = {} for policy_name in _policies: _policy = conn.get_user_policy(name, policy_name) _policy = json.loads( _unquote(_policy.get_user_policy_response. get_user_policy_result.policy_document)) policies[policy_name] = _policy user_sls = [] user_sls.append({"name": name}) user_sls.append({"policies": policies}) user_sls.append({"path": user.path}) results["manage user " + name] = {"boto_iam.user_present": user_sls} return _safe_dump(results)
def export_users(path_prefix='/', region=None, key=None, keyid=None, profile=None): ''' Get all IAM user details. Produces results that can be used to create an sls file. .. versionadded:: Boron CLI Example: salt-call boto_iam.export_users --out=txt | sed "s/local: //" > iam_users.sls ''' conn = _get_conn(region=region, key=key, keyid=keyid, profile=profile) if not conn: return None results = odict.OrderedDict() _users = conn.get_all_users(path_prefix=path_prefix) users = _users.list_users_response.list_users_result.users marker = getattr( _users.list_users_response.list_users_result, 'marker', None ) while marker: _users = conn.get_all_users(path_prefix=path_prefix, marker=marker) users = users + _users.list_users_response.list_users_result.users marker = getattr( _users.list_users_response.list_users_result, 'marker', None ) for user in users: name = user.user_name _policies = conn.get_all_user_policies(name, max_items=100) _policies = _policies.list_user_policies_response.list_user_policies_result.policy_names policies = {} for policy_name in _policies: _policy = conn.get_user_policy(name, policy_name) _policy = json.loads(_unquote( _policy.get_user_policy_response.get_user_policy_result.policy_document )) policies[policy_name] = _policy user_sls = [] user_sls.append({"name": name}) user_sls.append({"policies": policies}) user_sls.append({"path": user.path}) results["manage user " + name] = {"boto_iam.user_present": user_sls} return _safe_dump(results)
def get_role_policy(role_name, policy_name, region=None, key=None, keyid=None, profile=None): ''' Get a role policy. CLI example:: salt myminion boto_iam.get_role_policy myirole mypolicy ''' conn = _get_conn(region, key, keyid, profile) if not conn: return False try: _policy = conn.get_role_policy(role_name, policy_name) # I _hate_ you for not giving me an object boto. _policy = _policy.get_role_policy_response.policy_document # Policy is url encoded _policy = _unquote(_policy) _policy = json.loads(_policy, object_pairs_hook=odict.OrderedDict) return _policy except boto.exception.BotoServerError: return {}