Exemplo n.º 1
0
def bucket_cleanup():
    config_file = ck.config.get_config_file()
    config = configparser.ConfigParser()

    with ck.config.rlock:
        config.read(config_file)

    option = 's3-bucket'
    if config.has_section('aws') and config.has_option('aws', option):
        old_s3_params = ck.get_s3_params()
    else:
        old_s3_params = None

    new_bucket = 'cloudknot-travis-build-45814031-351c-4b27-9a40-672c971f7e83'
    ck.set_s3_params(bucket=new_bucket)

    yield None

    s3_params = ck.get_s3_params()
    bucket_policy = s3_params.policy

    if (old_s3_params is None) or bucket_policy == old_s3_params.policy:
        iam = ck.aws.clients['iam']
        response = iam.list_policies(Scope='Local', PathPrefix='/cloudknot/')

        policy_dict = [
            p for p in response.get('Policies')
            if p['PolicyName'] == bucket_policy
        ][0]

        arn = policy_dict['Arn']

        response = iam.list_policy_versions(PolicyArn=arn)

        # Get non-default versions
        versions = [
            v for v in response.get('Versions') if not v['IsDefaultVersion']
        ]

        # Delete the non-default versions
        for v in versions:
            iam.delete_policy_version(PolicyArn=arn, VersionId=v['VersionId'])

        response = iam.list_entities_for_policy(PolicyArn=arn,
                                                EntityFilter='Role')

        roles = response.get('PolicyRoles')
        for role in roles:
            iam.detach_role_policy(RoleName=role['RoleName'], PolicyArn=arn)

        try:
            iam.delete_policy(PolicyArn=arn)
        except Exception:
            pass

    if old_s3_params:
        ck.set_s3_params(bucket=old_s3_params.bucket,
                         policy=old_s3_params.policy,
                         sse=old_s3_params.sse)
Exemplo n.º 2
0
def bucket_cleanup():
    ck.set_s3_params(bucket='cloudknot-travis-build-45814031-351c-'
                            '4b27-9a40-672c971f7e83')
    yield None
    s3_params = ck.get_s3_params()
    bucket = s3_params.bucket
    bucket_policy = s3_params.policy

    s3 = ck.aws.clients['s3']
    s3.delete_bucket(Bucket=bucket)

    iam = ck.aws.clients['iam']
    response = iam.list_policies(
        Scope='Local',
        PathPrefix='/cloudknot/'
    )

    policy_dict = [p for p in response.get('Policies')
                   if p['PolicyName'] == bucket_policy][0]

    arn = policy_dict['Arn']

    response = iam.list_policy_versions(
        PolicyArn=arn
    )

    # Get non-default versions
    versions = [v for v in response.get('Versions')
                if not v['IsDefaultVersion']]

    # Get the oldest version and delete it
    for v in versions:
        iam.delete_policy_version(
            PolicyArn=arn,
            VersionId=v['VersionId']
        )

    response = iam.list_entities_for_policy(
        PolicyArn=arn,
        EntityFilter='Role'
    )

    roles = response.get('PolicyRoles')
    for role in roles:
        iam.detach_role_policy(
            RoleName=role['RoleName'],
            PolicyArn=arn
        )

    iam.delete_policy(PolicyArn=arn)
Exemplo n.º 3
0
def bucket_cleanup(aws_credentials):
    config_file = ck.config.get_config_file()
    config = configparser.ConfigParser()

    with ck.config.rlock:
        config.read(config_file)

    option = "s3-bucket"
    if config.has_section("aws") and config.has_option("aws", option):
        old_s3_params = ck.get_s3_params()
    else:
        old_s3_params = None

    new_bucket = bucket_name
    ck.set_s3_params(bucket=new_bucket)

    yield None

    s3_params = ck.get_s3_params()
    bucket_policy = s3_params.policy

    if (old_s3_params is None) or bucket_policy == old_s3_params.policy:
        iam = ck.aws.clients["iam"]
        paginator = iam.get_paginator("list_policies")
        response_iterator = paginator.paginate(Scope="Local",
                                               PathPrefix="/cloudknot/")

        # response_iterator is a list of dicts. First convert to list of lists
        # and then flatten to a single list
        response_policies = [
            response["Policies"] for response in response_iterator
        ]
        policies = [lst for sublist in response_policies for lst in sublist]

        aws_policies = {d["PolicyName"]: d["Arn"] for d in policies}

        arn = aws_policies[bucket_policy]
        paginator = iam.get_paginator("list_policy_versions")
        response_iterator = paginator.paginate(PolicyArn=arn)

        # Get non-default versions
        # response_iterator is a list of dicts. First convert to list of
        # lists. Then flatten to a single list and filter
        response_versions = [
            response["Versions"] for response in response_iterator
        ]
        versions = [lst for sublist in response_versions for lst in sublist]
        versions = [v for v in versions if not v["IsDefaultVersion"]]

        # Delete the non-default versions
        for v in versions:
            iam.delete_policy_version(PolicyArn=arn, VersionId=v["VersionId"])

        response = iam.list_entities_for_policy(PolicyArn=arn,
                                                EntityFilter="Role")

        roles = response.get("PolicyRoles")
        for role in roles:
            iam.detach_role_policy(RoleName=role["RoleName"], PolicyArn=arn)

        try:
            iam.delete_policy(PolicyArn=arn)
        except Exception:
            pass

    if old_s3_params:
        ck.set_s3_params(
            bucket=old_s3_params.bucket,
            policy=old_s3_params.policy,
            sse=old_s3_params.sse,
        )