def create_assetstore_iam_user(bucket_name):
    import boto.iam
    iam = boto.iam.IAMConnection()
    username = bucket_name + '-user'
    iam.create_user(username)

    access_key = iam.create_access_key(username)
    result = access_key['create_access_key_response']['create_access_key_result']['access_key']
    access_key_id = result['access_key_id']
    secret_access_key = result['secret_access_key']

    policyname = username + '-s3-policy'
    policy_json = """{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "s3:*",
          "Effect": "Allow",
          "Resource": [
            "arn:aws:s3:::%s",
            "arn:aws:s3:::%s/*"
          ]
        }
      ]
    }""" % (bucket_name, bucket_name)
    iam.put_user_policy(username, policyname, policy_json)

    return username, access_key_id, secret_access_key
Exemplo n.º 2
0
def create_user(module, iam, name, pwd, path, key_state, key_count):
    key_qty = 0
    keys = []
    try:
        user_meta = iam.create_user(
            name, path).create_user_response.create_user_result.user
        changed = True
        if pwd is not None:
            pwd = iam.create_login_profile(name, pwd)
        if key_state in ['create']:
            if key_count:
                while key_count > key_qty:
                    keys.append(
                        iam.create_access_key(
                            user_name=name).create_access_key_response.
                        create_access_key_result.access_key)
                    key_qty += 1
        else:
            keys = None
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=False, msg=str(err))
    else:
        user_info = dict(created_user=user_meta,
                         password=pwd,
                         access_keys=keys)
        return (user_info, changed)
Exemplo n.º 3
0
def main():
    """The main function."""
    parser = argparse.ArgumentParser(description="Rotate Access Keys.")
    parser.add_argument(
        "-a",
        "--access_key_id",
        help="The access key to rotate and use for authentication."
    )
    parser.add_argument(
        "-s",
        "--secret_access_key",
        help="The secret key to rotate and use for authentication."
    )

    args = parser.parse_args()

    if not args.access_key_id:
        args.access_key_id = raw_input("Enter Access Key: ")
    if not args.secret_access_key:
        args.secret_access_key = raw_input("Enter Secret Key: ")

    iam = boto.iam.connection.IAMConnection(
        aws_access_key_id=args.access_key_id,
        aws_secret_access_key=args.secret_access_key
    )
    get_user_response = iam.get_user()['get_user_response']
    get_user_result = get_user_response['get_user_result']
    user = get_user_result['user']
    user_name = user['user_name']

    try:
        response = iam.create_access_key(user_name)
    except boto.exception.BotoServerError as exception:
        print "Cannot create new keys: %s" % exception
        raise

    ak_response = response['create_access_key_response']
    access_key = ak_response['create_access_key_result']['access_key']
    print """Access Key:\t%s\nSecret Key:\t%s""" % (
        access_key['access_key_id'],
        access_key['secret_access_key']
    )

    ans = raw_input(
        "Ready to delete Access Key %s? (yes/no) " % args.access_key_id
    )

    if ans == "yes":
        try:
            iam.delete_access_key(args.access_key_id, user_name)
        except boto.exception.BotoServerError as exception:
            print "Cannot remove old key: %s" % exception
            raise
    else:
        print "Warning: your old Access Key was kept.",
        print "  Be sure to clean up the mess."
Exemplo n.º 4
0
def main():
    """The main function."""
    parser = argparse.ArgumentParser(description="Rotate Access Keys.")
    parser.add_argument(
        "-a",
        "--access_key_id",
        help="The access key to rotate and use for authentication.")
    parser.add_argument(
        "-s",
        "--secret_access_key",
        help="The secret key to rotate and use for authentication.")

    args = parser.parse_args()

    if not args.access_key_id:
        args.access_key_id = raw_input("Enter Access Key: ")
    if not args.secret_access_key:
        args.secret_access_key = raw_input("Enter Secret Key: ")

    iam = boto.iam.connection.IAMConnection(
        aws_access_key_id=args.access_key_id,
        aws_secret_access_key=args.secret_access_key)
    get_user_response = iam.get_user()['get_user_response']
    get_user_result = get_user_response['get_user_result']
    user = get_user_result['user']
    user_name = user['user_name']

    try:
        response = iam.create_access_key(user_name)
    except boto.exception.BotoServerError as exception:
        print "Cannot create new keys: %s" % exception
        raise

    ak_response = response['create_access_key_response']
    access_key = ak_response['create_access_key_result']['access_key']
    print """Access Key:\t%s\nSecret Key:\t%s""" % (
        access_key['access_key_id'], access_key['secret_access_key'])

    ans = raw_input("Ready to delete Access Key %s? (yes/no) " %
                    args.access_key_id)

    if ans == "yes":
        try:
            iam.delete_access_key(args.access_key_id, user_name)
        except boto.exception.BotoServerError as exception:
            print "Cannot remove old key: %s" % exception
            raise
    else:
        print "Warning: your old Access Key was kept.",
        print "  Be sure to clean up the mess."
Exemplo n.º 5
0
def create_user(iam, name, pwd, path, key_state):
    user_meta = iam.create_user(
        name, path).create_user_response.create_user_result.user
    changed = True
    if pwd is not None:
        pwd = iam.create_login_profile(name, pwd)
    if key_state in ['create', 'active']:
        keys = iam.create_access_key(
            user_name=name).create_access_key_response.\
            create_access_key_result.\
            access_key
    else:
        keys = None
    user_info = dict(created_user=user_meta, password=pwd, access_keys=keys)
    return (user_info, changed)
Exemplo n.º 6
0
def update_user(module, iam, name, new_name, new_path, key_state, keys, pwd):
    changed = False
    name_change = False

    current_keys, status = \
        [ck['access_key_id'] for ck in
         iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata],\
        [ck['status'] for ck in
            iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata]

    updated_key_list = {}

    if new_name or new_path:
        c_path = iam.get_user(name).get_user_result.user['path']
        if (name != new_name) or (c_path != new_path):
            changed = True
            user = iam.update_user(
                name, new_name, new_path).update_user_response.response_metadata
            user['updates'] = dict(
                old_username=name, new_username=new_name, old_path=c_path, new_path=new_path)
            name = new_name
            name_change = True

    if pwd:
        try:
            iam.update_login_profile(name, pwd)
            changed = True
        except boto.exception.BotoServerError:
            changed = True
            iam.create_login_profile(name, pwd)
    else:
        try:
            iam.delete_login_profile(name)
            changed = True
        except boto.exception.BotoServerError:
            changed = False

    if key_state == 'Create':
        try:
            new_key = iam.create_access_key(
                user_name=name).create_access_key_response.create_access_key_result.access_key
            changed = True
        except boto.exception.BotoServerError, e:
            module.fail_json(msg=str(e))
Exemplo n.º 7
0
def create_user(module, iam, name, pwd, path, key_state, key_count):
    key_qty = 0
    keys = []
    try:
        user_meta = iam.create_user(
            name, path).create_user_response.create_user_result.user
        changed = True
        if pwd is not None:
            pwd = iam.create_login_profile(name, pwd)
        if key_state in ['create']:
            if key_count:
                while key_count > key_qty:
                    keys.append(iam.create_access_key(
                        user_name=name).create_access_key_response.\
                        create_access_key_result.\
                        access_key)
                    key_qty += 1
        else:
            keys = None
    except boto.exception.BotoServerError, err:
        module.fail_json(changed=False, msg=str(err))
Exemplo n.º 8
0
    "--secret_access_key",
    help="The secret key to rotate and use for authentication.")

args = parser.parse_args()

if not args.access_key_id:
    args.access_key_id = raw_input("Enter Access Key: ")
if not args.secret_access_key:
    args.secret_access_key = raw_input("Enter Secret Key: ")

iam = boto.iam.connection.IAMConnection(
    aws_access_key_id=args.access_key_id,
    aws_secret_access_key=args.secret_access_key)

try:
    response = iam.create_access_key(args.user)
except boto.exception.BotoServerError as e:
    print "Cannot create new keys: %s" % e
    raise

access_key = response['create_access_key_response'][
    'create_access_key_result']['access_key']
print """Access Key: %s
Secret Key. %s""" % (access_key['access_key_id'],
                     access_key['secret_access_key'])

ans = raw_input("Ready to delete Access Key %s? (yes/no) " %
                args.access_key_id)

if ans == "yes":
    try:
Exemplo n.º 9
0
            changed = True
        except boto.exception.BotoServerError:
            try:
                iam.create_login_profile(name, pwd)
                changed = True
            except boto.exception.BotoServerError, err:
                error_msg = boto_exception(str(err))
                if 'Password does not conform to the account password policy' in error_msg:
                    module.fail_json(changed=False, msg="Passsword doesn't conform to policy")
                else:
                    module.fail_json(msg=error_msg)

    if key_state == 'create':
        try:
            while key_count > key_qty:
                new_key = iam.create_access_key(
                    user_name=name).create_access_key_response.create_access_key_result.access_key
                key_qty += 1
                changed = True

        except boto.exception.BotoServerError, err:
            module.fail_json(changed=False, msg=str(err))

    if keys and key_state:
        for access_key in keys:
            if access_key in current_keys:
                for current_key, current_key_state in zip(current_keys, status):
                    if key_state != current_key_state.lower():
                        try:
                            iam.update_access_key(
                                access_key, key_state.capitalize(), user_name=name)
                        except boto.exception.BotoServerError, err:
Exemplo n.º 10
0
def update_user(module, iam, name, new_name, new_path, key_state, key_count,
                keys, pwd, updated):
    changed = False
    name_change = False
    if updated and new_name:
        name = new_name
    try:
        current_keys = [
            ck['access_key_id'] for ck in iam.get_all_access_keys(
                name).list_access_keys_result.access_key_metadata
        ]
        status = [
            ck['status'] for ck in iam.get_all_access_keys(
                name).list_access_keys_result.access_key_metadata
        ]
        key_qty = len(current_keys)
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'cannot be found' in error_msg and updated:
            current_keys = [
                ck['access_key_id'] for ck in iam.get_all_access_keys(
                    new_name).list_access_keys_result.access_key_metadata
            ]
            status = [
                ck['status'] for ck in iam.get_all_access_keys(
                    new_name).list_access_keys_result.access_key_metadata
            ]
            name = new_name
        else:
            module.fail_json(changed=False, msg=str(err))

    updated_key_list = {}

    if new_name or new_path:
        c_path = iam.get_user(name).get_user_result.user['path']
        if (name != new_name) or (c_path != new_path):
            changed = True
            try:
                if not updated:
                    user = iam.update_user(
                        name, new_user_name=new_name, new_path=new_path
                    ).update_user_response.response_metadata
                else:
                    user = iam.update_user(
                        name, new_path=new_path
                    ).update_user_response.response_metadata
                user['updates'] = dict(old_username=name,
                                       new_username=new_name,
                                       old_path=c_path,
                                       new_path=new_path)
            except boto.exception.BotoServerError as err:
                error_msg = boto_exception(err)
                module.fail_json(changed=False, msg=str(err))
            else:
                if not updated:
                    name_change = True

    if pwd:
        try:
            iam.update_login_profile(name, pwd)
            changed = True
        except boto.exception.BotoServerError:
            try:
                iam.create_login_profile(name, pwd)
                changed = True
            except boto.exception.BotoServerError as err:
                error_msg = boto_exception(str(err))
                if 'Password does not conform to the account password policy' in error_msg:
                    module.fail_json(changed=False,
                                     msg="Password doesn't conform to policy")
                else:
                    module.fail_json(msg=error_msg)

    try:
        current_keys = [
            ck['access_key_id'] for ck in iam.get_all_access_keys(
                name).list_access_keys_result.access_key_metadata
        ]
        status = [
            ck['status'] for ck in iam.get_all_access_keys(
                name).list_access_keys_result.access_key_metadata
        ]
        key_qty = len(current_keys)
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'cannot be found' in error_msg and updated:
            current_keys = [
                ck['access_key_id'] for ck in iam.get_all_access_keys(
                    new_name).list_access_keys_result.access_key_metadata
            ]
            status = [
                ck['status'] for ck in iam.get_all_access_keys(
                    new_name).list_access_keys_result.access_key_metadata
            ]
            name = new_name
        else:
            module.fail_json(changed=False, msg=str(err))

    new_keys = []
    if key_state == 'create':
        try:
            while key_count > key_qty:
                new_keys.append(
                    iam.create_access_key(
                        user_name=name).create_access_key_response.
                    create_access_key_result.access_key)
                key_qty += 1
                changed = True

        except boto.exception.BotoServerError as err:
            module.fail_json(changed=False, msg=str(err))

    if keys and key_state:
        for access_key in keys:
            if key_state in ('active', 'inactive'):
                if access_key in current_keys:
                    for current_key, current_key_state in zip(
                            current_keys, status):
                        if key_state != current_key_state.lower():
                            try:
                                iam.update_access_key(access_key,
                                                      key_state.capitalize(),
                                                      user_name=name)
                                changed = True
                            except boto.exception.BotoServerError as err:
                                module.fail_json(changed=False, msg=str(err))
                else:
                    module.fail_json(msg="Supplied keys not found for %s. "
                                     "Current keys: %s. "
                                     "Supplied key(s): %s" %
                                     (name, current_keys, keys))

            if key_state == 'remove':
                if access_key in current_keys:
                    try:
                        iam.delete_access_key(access_key, user_name=name)
                    except boto.exception.BotoServerError as err:
                        module.fail_json(changed=False, msg=str(err))
                    else:
                        changed = True

    try:
        final_keys, final_key_status = \
            [ck['access_key_id'] for ck in
             iam.get_all_access_keys(name).
             list_access_keys_result.
             access_key_metadata],\
            [ck['status'] for ck in
                iam.get_all_access_keys(name).
                list_access_keys_result.
                access_key_metadata]
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg=str(err))

    for fk, fks in zip(final_keys, final_key_status):
        updated_key_list.update({fk: fks})

    return name_change, updated_key_list, changed, new_keys
Exemplo n.º 11
0
Arquivo: iam.py Projeto: likewg/DevOps
def update_user(module, iam, name, new_name, new_path, key_state, key_count, keys, pwd, updated):
    changed = False
    name_change = False
    if updated and new_name:
        name = new_name
    try:
        current_keys, status = \
            [ck['access_key_id'] for ck in
             iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata],\
            [ck['status'] for ck in
                iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata]
        key_qty = len(current_keys)
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'cannot be found' in error_msg and updated:
            current_keys, status = \
            [ck['access_key_id'] for ck in
             iam.get_all_access_keys(new_name).list_access_keys_result.access_key_metadata],\
            [ck['status'] for ck in
                iam.get_all_access_keys(new_name).list_access_keys_result.access_key_metadata]
            name = new_name
        else:
            module.fail_json(changed=False, msg=str(err))

    updated_key_list = {}

    if new_name or new_path:
        c_path = iam.get_user(name).get_user_result.user['path']
        if (name != new_name) or (c_path != new_path):
            changed = True
            try:
                if not updated:
                    user = iam.update_user(
                        name, new_user_name=new_name, new_path=new_path).update_user_response.response_metadata
                else:
                    user = iam.update_user(
                        name, new_path=new_path).update_user_response.response_metadata
                user['updates'] = dict(
                    old_username=name, new_username=new_name, old_path=c_path, new_path=new_path)
            except boto.exception.BotoServerError as err:
                error_msg = boto_exception(err)
                module.fail_json(changed=False, msg=str(err))
            else:
                if not updated:
                    name_change = True

    if pwd:
        try:
            iam.update_login_profile(name, pwd)
            changed = True
        except boto.exception.BotoServerError:
            try:
                iam.create_login_profile(name, pwd)
                changed = True
            except boto.exception.BotoServerError as err:
                error_msg = boto_exception(str(err))
                if 'Password does not conform to the account password policy' in error_msg:
                    module.fail_json(changed=False, msg="Password doesn't conform to policy")
                else:
                    module.fail_json(msg=error_msg)

    if key_state == 'create':
        try:
            while key_count > key_qty:
                new_key = iam.create_access_key(
                    user_name=name).create_access_key_response.create_access_key_result.access_key
                key_qty += 1
                changed = True

        except boto.exception.BotoServerError as err:
            module.fail_json(changed=False, msg=str(err))

    if keys and key_state:
        for access_key in keys:
            if access_key in current_keys:
                for current_key, current_key_state in zip(current_keys, status):
                    if key_state != current_key_state.lower():
                        try:
                            iam.update_access_key(
                                access_key, key_state.capitalize(), user_name=name)
                        except boto.exception.BotoServerError as err:
                            module.fail_json(changed=False, msg=str(err))
                        else:
                            changed = True

                if key_state == 'remove':
                    try:
                        iam.delete_access_key(access_key, user_name=name)
                    except boto.exception.BotoServerError as err:
                        module.fail_json(changed=False, msg=str(err))
                    else:
                        changed = True

    try:
        final_keys, final_key_status = \
            [ck['access_key_id'] for ck in
             iam.get_all_access_keys(name).
             list_access_keys_result.
             access_key_metadata],\
            [ck['status'] for ck in
                iam.get_all_access_keys(name).
                list_access_keys_result.
                access_key_metadata]
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg=str(err))

    for fk, fks in zip(final_keys, final_key_status):
        updated_key_list.update({fk: fks})

    return name_change, updated_key_list, changed
Exemplo n.º 12
0
            changed = True
        except boto.exception.BotoServerError:
            try:
                iam.create_login_profile(name, pwd)
                changed = True
            except boto.exception.BotoServerError, err:
                error_msg = boto_exception(str(err))
                if 'Password does not conform to the account password policy' in error_msg:
                    module.fail_json(changed=False, msg="Passsword doesn't conform to policy")
                else:
                    module.fail_json(msg=error_msg)

    if key_state == 'create':
        try:
            while key_count > key_qty:
                new_key = iam.create_access_key(
                    user_name=name).create_access_key_response.create_access_key_result.access_key
                key_qty += 1
                changed = True

        except boto.exception.BotoServerError, err:
            module.fail_json(changed=False, msg=str(err))

    if keys and key_state:
        for access_key in keys:
            if access_key in current_keys:
                for current_key, current_key_state in zip(current_keys, status):
                    if key_state != current_key_state.lower():
                        try:
                            iam.update_access_key(
                                access_key, key_state.capitalize(), user_name=name)
                        except boto.exception.BotoServerError, err:
Exemplo n.º 13
0
        error_msg = boto_exception(err)
        if 'cannot be found' in error_msg and updated:
            current_keys, status = \
            [ck['access_key_id'] for ck in
             iam.get_all_access_keys(new_name).list_access_keys_result.access_key_metadata],\
            [ck['status'] for ck in
                iam.get_all_access_keys(new_name).list_access_keys_result.access_key_metadata]
            name = new_name
        else:
            module.fail_json(changed=False, msg=str(err))

    new_keys = []
    if key_state == 'create':
        try:
            while key_count > key_qty:
                new_keys.append(iam.create_access_key(
                    user_name=name).create_access_key_response.create_access_key_result.access_key)
                key_qty += 1
                changed = True

        except boto.exception.BotoServerError, err:
            module.fail_json(changed=False, msg=str(err))

    if keys and key_state:
        for access_key in keys:
            if key_state in ('active','inactive'):
                if access_key in current_keys:
                    for current_key, current_key_state in zip(current_keys, status):
                        if current_key == access_key:
                            if key_state != current_key_state.lower():
                                try:
                                    iam.update_access_key(
Exemplo n.º 14
0
        )

args = parser.parse_args()

if not args.access_key_id:
    args.access_key_id = raw_input("Enter Access Key: ")
if not args.secret_access_key:
    args.secret_access_key = raw_input("Enter Secret Key: ")

iam = boto.iam.connection.IAMConnection(
        aws_access_key_id=args.access_key_id,
        aws_secret_access_key=args.secret_access_key
        )

try:
    response = iam.create_access_key(args.user)
except boto.exception.BotoServerError as e:
    print "Cannot create new keys: %s" % e
    raise

access_key = response['create_access_key_response']['create_access_key_result']['access_key']
print """Access Key: %s
Secret Key. %s""" % (
        access_key['access_key_id'],
        access_key['secret_access_key']
        )

ans = raw_input("Ready to delete Access Key %s? (yes/no) " % args.access_key_id)

if ans == "yes":
    try: