class GetAccountPolicy(IAMRequest):
DESCRIPTION = "[Eucalyptus cloud admin only] Display an account's policy"
ARGS = [
arg_account_name(help='''name or ID of the account the
policy is attached to (required)'''),
Arg('-p',
'--policy-name',
dest='PolicyName',
metavar='POLICY',
required=True,
help='name of the policy to show (required)'),
Arg('--pretty-print',
action='store_true',
route_to=None,
help='reformat the policy for easier reading')
]
def print_result(self, result):
policy_content = urllib.unquote(result['PolicyDocument'])
if self.args['pretty_print']:
try:
policy_json = json.loads(policy_content)
except ValueError:
self.log.debug('JSON parse error', exc_info=True)
raise ValueError(
"policy '{0}' does not appear to be valid JSON".format(
self.args['PolicyName']))
policy_content = json.dumps(policy_json, indent=4)
print policy_content
class DeleteAccount(IAMRequest):
DESCRIPTION = '[Eucalyptus cloud admin only] Delete an account'
ARGS = [arg_account_name(
help='name or ID of the account to delete (required)'),
Arg('-r', '--recursive', dest='Recursive', action='store_const',
const='true', help='''delete all users, groups, and policies
associated with the account as well''')]
class DeleteAccountPolicy(IAMRequest):
DESCRIPTION = ('[Eucalyptus cloud admin only] Remove a policy from an '
'account')
ARGS = [
arg_account_name(help='''name or ID of the account the
policy is attached to (required)'''),
Arg('-p',
'--policy-name',
dest='PolicyName',
metavar='POLICY',
required=True,
help='name of the policy to delete (required)')
]
class ListAccountPolicies(IAMRequest):
DESCRIPTION = ('[Eucalyptus only] List one or all policies '
'policies attached to an account')
ARGS = [arg_account_name(help='''name or ID of the account owning
the policies to list (required)'''),
Arg('-p', '--policy-name', metavar='POLICY', route_to=None,
help='display a specific policy'),
Arg('-v', '--verbose', action='store_true', route_to=None,
help='''display the contents of the resulting policies (in
addition to their names)'''),
Arg('--pretty-print', action='store_true', route_to=None,
help='''when printing the contents of policies, reformat them
for easier reading''')]
LIST_TAGS = ['PolicyNames']
def main(self):
return PaginatedResponse(self, (None,), ('PolicyNames',))
def prepare_for_page(self, page):
# Pages are defined by markers
self.params['Marker'] = page
def get_next_page(self, response):
if response.get('IsTruncated') == 'true':
return response['Marker']
def print_result(self, result):
if self.args.get('policy_name'):
# Look for the specific policy the user asked for
for policy_name in result.get('PolicyNames', []):
if policy_name == self.args['policy_name']:
if self.args['verbose']:
self.print_policy(policy_name)
else:
print policy_name
break
else:
for policy_name in result.get('PolicyNames', []):
print policy_name
if self.args['verbose']:
self.print_policy(policy_name)
def print_policy(self, policy_name):
req = GetAccountPolicy(
service=self.service, AccountName=self.args['AccountName'],
PolicyName=policy_name, pretty_print=self.args['pretty_print'])
response = req.main()
req.print_result(response)
class CreateAccount(IAMRequest, TabifyingMixin):
DESCRIPTION = '[Eucalyptus cloud admin only] Create a new account'
ARGS = [
arg_account_name(nargs='?',
help='''also add an alias (name) to the
new account (required on eucalyptus < 4.2)'''),
Arg('-k',
'--create-accesskey',
action='store_true',
route_to=None,
help='''also create an access key for the new account's
administrator and show it'''),
Arg('-w',
'--write-config',
action='store_true',
route_to=None,
help='''output access keys and region information in the
form of a euca2ools.ini(5) configuration file instead of
by themselves (implies -k)'''),
Arg('-d',
'--domain',
route_to=None,
help='''the DNS domain to
use for region information in configuration file output
(default: based on IAM URL)''')
]
def postprocess(self, result):
if self.args.get('create_accesskey') or self.args.get('write_config'):
obj = CreateAccessKey.from_other(
self,
UserName='******',
DelegateAccount=result['Account']['AccountId'],
write_config=self.args.get('write_config'),
domain=self.args.get('domain'))
key_result = obj.main()
result.update(key_result)
def print_result(self, result):
if self.args.get('write_config'):
result['configfile'].write(sys.stdout)
else:
print self.tabify((result.get('Account', {}).get('AccountName'),
result.get('Account', {}).get('AccountId')))
if 'AccessKey' in result:
print result['AccessKey']['AccessKeyId']
print result['AccessKey']['SecretAccessKey']
class PutAccountPolicy(IAMRequest):
DESCRIPTION = '[Eucalyptus cloud admin only] Attach a policy to an account'
ARGS = [
arg_account_name(help='''name or ID of the account to
attach the policy to (required)'''),
Arg('-p',
'--policy-name',
dest='PolicyName',
metavar='POLICY',
required=True,
help='name of the policy (required)'),
MutuallyExclusiveArgList(
Arg('-o',
'--policy-content',
dest='PolicyDocument',
metavar='POLICY_CONTENT',
help='the policy to attach'),
Arg('-f',
'--policy-document',
dest='PolicyDocument',
metavar='FILE',
type=open,
help='file containing the policy to attach')).required()
]
class CreateAccount(IAMRequest, TabifyingMixin):
DESCRIPTION = '[Eucalyptus cloud admin only] Create a new account'
ARGS = [
arg_account_name(nargs='?',
help='''also add an alias (name) to the
new account (required on eucalyptus < 4.2)'''),
Arg('-k',
'--create-accesskey',
action='store_true',
route_to=None,
help='''also create an access key for the new account's
administrator and show it'''),
Arg('-w',
'--write-config',
action='store_true',
route_to=None,
help='''output access keys and region information in the
form of a euca2ools.ini(5) configuration file instead of
by themselves (implies -k)'''),
Arg('-d',
'--domain',
route_to=None,
help='''the DNS domain to
use for region information in configuration file output
(default: based on IAM URL)'''),
Arg('-l',
'--set-default-user',
action='store_true',
route_to=None,
help='''set this user as the default user for the region
in euca2ools.ini(5) configuration file output. This
option is only useful when used with -w.''')
]
def configure(self):
try:
IAMRequest.configure(self)
except requestbuilder.exceptions.AuthError as err:
if (os.path.exists(CLC_CRED_CHECK_FILE) and len(err.args) > 0
and isinstance(err.args[0], six.string_types)):
msg = ("{0}. If a cloud controller is running, you "
"can assume administrator credentials with "
"eval `clcadmin-assume-system-credentials`")
err.args = (msg.format(err.args[0]), ) + err.args[1:]
raise
def postprocess(self, result):
if self.args.get('create_accesskey') or self.args.get('write_config'):
obj = CreateAccessKey.from_other(
self,
UserName='******',
DelegateAccount=result['Account']['AccountId'],
write_config=self.args.get('write_config'),
domain=self.args.get('domain'),
set_default_user=self.args.get('set_default_user'))
key_result = obj.main()
result.update(key_result)
def print_result(self, result):
if self.args.get('write_config'):
result['configfile'].write(sys.stdout)
else:
print self.tabify((result.get('Account', {}).get('AccountName'),
result.get('Account', {}).get('AccountId')))
if 'AccessKey' in result:
print result['AccessKey']['AccessKeyId']
print result['AccessKey']['SecretAccessKey']