def user(self):
if not self._user:
if self.args.access_key and self.args.secret_key and self.args.region:
self._user = UserContext(aws_access_key=self.args.access_key,
aws_secret_key=self.args.secret_key,
region=self.args.region)
if (self.args.clc or self.args.environment_file) and self.tc:
self._user = self.tc.user
return self._user
def admin(self):
if not self._cloudadmin:
conn_info = self._cloud_admin_connection_info
if (conn_info.get('credpath')
or (conn_info.get('aws_access_key')
and conn_info.get('aws_secret_key'))):
if conn_info.get('credpath'):
conn_info['machine'] = self.cred_depot
else:
conn_info['eucarc'] = self.sysadmin.creds
self._cloudadmin = UserContext(**conn_info)
return self._cloudadmin
def create_user_context(self,
access_key,
secret_key,
account_id=None,
region_domain=None,
ec2_url=None,
s3_url=None,
bootstrap_url=None):
if not (region_domain or s3_url or ec2_url):
raise ValueError(
'Can not derive service endpoints for user. '
'Must supply either region_domain:"{0}", or ec2_url:"{1}" '
's3_url:"{2}"'.format(region_domain, ec2_url, s3_url))
access_key = access_key or self.access_key
secret_key = secret_key or self.secret_key
region_domain = region_domain or self.region_domain
if (not access_key and secret_key and region_domain):
raise ValueError(
'Must supply access_key, secret_key and region domain to '
'create user context')
user = UserContext(aws_access_key=access_key,
aws_secret_key=secret_key,
region=region_domain)
if ec2_url:
user.ec2_url = ec2_url
if s3_url:
user.s3_url = s3_url
if bootstrap_url:
user.bootstrap_url = bootstrap_url
if account_id:
user.account_id = account_id
return user
def user(self):
try:
if not self._user:
if self.args.access_key and self.args.secret_key and self.args.region:
self._user = UserContext(
aws_access_key=self.args.access_key,
aws_secret_key=self.args.secret_key,
region=self.args.region)
if (self.args.clc or self.args.environment_file) and self.tc:
self._user = self.tc.user
except Exception as UE:
self.log.error('{0}\nFailed to create user: {1}'.format(
get_traceback(), UE))
return self._user
def create_user_context(self, access_key, secret_key, account_id=None,
region_domain=None, ec2_url=None, s3_url=None, bootstrap_url=None):
if not (region_domain or s3_url or ec2_url):
raise ValueError('Can not derive service endpoints for user. '
'Must supply either region_domain:"{0}", or ec2_url:"{1}" '
's3_url:"{2}"'.format(region_domain, ec2_url, s3_url))
access_key = access_key or self.access_key
secret_key = secret_key or self.secret_key
region_domain = region_domain or self.region_domain
if (not access_key and secret_key and region_domain):
raise ValueError('Must supply access_key, secret_key and region domain to '
'create user context')
user = UserContext(aws_access_key=access_key, aws_secret_key=secret_key,
region=region_domain)
if ec2_url:
user.ec2_url = ec2_url
if s3_url:
user.s3_url = s3_url
if bootstrap_url:
user.bootstrap_url = bootstrap_url
if account_id:
user.account_id = account_id
return user
def admin(self):
if not self._cloudadmin:
try:
conn_info = self._cloud_admin_connection_info
if (conn_info.get('credpath') or
(conn_info.get('aws_access_key') and conn_info.get('aws_secret_key'))):
if conn_info.get('credpath'):
conn_info['machine'] = self.cred_depot
else:
rc_config = self.sysadmin.creds or {}
rc_config.domain = self.domain
rc_config.region = self.region
conn_info['eucarc'] = rc_config
self._cloudadmin = UserContext(**conn_info)
except Exception as E:
self.log.error('{0}\nError creating admin user, err:"{1}"'
.format(get_traceback(), E))
raise E
return self._cloudadmin
def create_user_using_cloudadmin(self,
aws_account_name=None,
aws_user_name='admin',
aws_account_id=None,
aws_access_key=None,
aws_secret_key=None,
credpath=None,
eucarc=None,
machine=None,
service_connection=None,
path='/',
region=None,
domain=None,
https=None,
validate_certs=False,
boto2_api_version=None,
log_level=None):
if log_level is None:
log_level = self.log.stdout_level or 'DEBUG'
if region is None:
region = self.region
if domain is None:
domain = self.domain
if https is None:
https = self._https
boto2_api_version = boto2_api_version or \
self._test_user_connection_info.get('boto2_api_version', None)
self.log.debug(
'Attempting to create user with params: account:{0}, name:{1}'
'access_key:{2}, secret_key:{3}, credpath:{4}, eucarc:{5}'
', machine:{6}, service_connection:{7}, path:{8}, region:{9},'
'loglevel:{10}, https:{11}, boto2_api_version:{12}'.format(
aws_account_name, aws_user_name, aws_access_key,
aws_secret_key, credpath, eucarc, machine, service_connection,
path, region, log_level, https, boto2_api_version))
service_connection = service_connection or self.sysadmin
if eucarc:
if aws_access_key:
eucarc.access_key = aws_access_key
if aws_secret_key:
eucarc.secret_key = aws_secret_key
if aws_user_name:
eucarc.user_name = aws_user_name
if aws_account_name:
eucarc.account_name = aws_account_name
if aws_account_id:
eucarc.account_id = aws_account_id
return UserContext(eucarc=eucarc,
region=region,
domain=domain,
service_connection=service_connection,
log_level=log_level,
https=https,
boto2_api_version=boto2_api_version)
if aws_access_key and aws_secret_key:
return UserContext(aws_access_key=aws_access_key,
aws_secret_key=aws_secret_key,
aws_account_name=aws_account_name,
aws_user_name=aws_user_name,
region=region,
domain=domain,
service_connection=service_connection,
log_level=log_level,
boto2_api_version=boto2_api_version,
https=https)
if credpath:
return UserContext(credpath=credpath,
region=region,
domain=domain,
machine=machine,
log_level=log_level,
boto2_api_version=boto2_api_version)
user = {}
info = self.admin.iam.get_account(account_name=aws_account_name,
account_id=aws_account_id) or {}
if not info:
info = self.admin.iam.create_account(account_name=aws_account_name,
ignore_existing=True)
aws_account_id = aws_account_id or info.get('account_id', None)
try:
user = self.admin.iam.get_user(user_name=aws_user_name,
delegate_account=aws_account_id)
except BotoServerError as BE:
if int(E.status) == 404:
self.log.debug('User not found, attempting to create...')
if not user:
user = self.admin.iam.create_user(
user_name=aws_user_name,
delegate_account=info.get('account_name'),
path=path)
if not user:
raise RuntimeError(
'Failed to create and/or fetch Account:"{0}", for User:"******"'.
format(aws_account_name, aws_user_name))
else:
info.update(user)
ak = self.admin.iam.get_aws_access_key(
user_name=info.get('user_name'),
delegate_account=info.get('account_name'))
if not ak:
ak = self.admin.iam.create_access_key(
user_name=info.get('user_name'),
delegate_account=info.get('account_name'))
try:
info['access_key_id'] = ak['access_key_id']
except KeyError:
err_msg = (
'Failed to fetch access key for USER:"******", ACCOUNT:"{1}"'.
format(aws_user_name, aws_account_name))
self.log.error('{0}\n{1}'.format(get_traceback(), err_msg))
raise RuntimeError(err_msg)
if self.admin.iam.get_all_signing_certs(
user_name=info.get('user_name'),
delegate_account=info.get('account_name')):
certs = True
else:
certs = False
user = UserContext(aws_access_key=info.get('access_key_id'),
aws_secret_key=info.get('secret_access_key'),
aws_account_name=info.get('account_name'),
aws_user_name=info.get('user_name'),
region=region,
domain=domain,
existing_certs=certs,
machine=self.sysadmin.clc_machine,
service_connection=self.sysadmin,
log_level=log_level,
boto2_api_version=boto2_api_version,
https=https)
user._user_info = self.admin.iam.get_user_info(
user_name=user.user_name, delegate_account=user.account_id)
return user
def create_user_using_cloudadmin(self, aws_account_name=None, aws_user_name='admin',
aws_access_key=None, aws_secret_key=None,
credpath=None, eucarc=None,
machine=None, service_connection=None, path='/',
region=None, domain=None, https=None,
validate_certs=False,
boto2_api_version=None, log_level=None):
if log_level is None:
log_level = self.log.stdout_level or 'DEBUG'
if region is None:
region = self.region
if domain is None:
domain = self.domain
if https is None:
https = self._https
boto2_api_version = boto2_api_version or \
self._test_user_connection_info.get('boto2_api_version', None)
self.log.debug('Attempting to create user with params: account:{0}, name:{1}'
'access_key:{2}, secret_key:{3}, credpath:{4}, eucarc:{5}'
', machine:{6}, service_connection:{7}, path:{8}, region:{9},'
'loglevel:{10}, https:{11}, boto2_api_version:{12}'
.format(aws_account_name, aws_user_name, aws_access_key, aws_secret_key,
credpath, eucarc, machine, service_connection, path, region,
log_level, https, boto2_api_version))
service_connection = service_connection or self.sysadmin
if eucarc:
if aws_access_key:
eucarc.access_key = aws_access_key
if aws_secret_key:
eucarc.secret_key = aws_secret_key
if aws_user_name:
eucarc.user_name = aws_user_name
if aws_account_name:
eucarc.account_name = aws_account_name
return UserContext(eucarc=eucarc,
region=region,
domain=domain,
service_connection=service_connection,
log_level=log_level,
https=https,
boto2_api_version=boto2_api_version)
if aws_access_key and aws_secret_key:
return UserContext(aws_access_key=aws_access_key,
aws_secret_key=aws_secret_key,
aws_account_name=aws_account_name,
aws_user_name=aws_user_name,
region=region,
domain=domain,
service_connection=service_connection,
log_level=log_level,
boto2_api_version=boto2_api_version,
https=https)
if credpath:
return UserContext(credpath=credpath,
region=region,
domain=domain,
machine=machine,
log_level=log_level,
boto2_api_version=boto2_api_version)
info = self.admin.iam.create_account(account_name=aws_account_name,
ignore_existing=True)
if info:
user = self.admin.iam.create_user(user_name=aws_user_name,
delegate_account=info.get('account_name'),
path=path)
info.update(user)
else:
raise RuntimeError('Failed to create and/or fetch Account:"{0}", for User:"******"'
.format(aws_account_name, aws_user_name))
ak = self.admin.iam.get_aws_access_key(user_name=info.get('user_name'),
delegate_account=info.get('account_name'))
if not ak:
ak = self.admin.iam.create_access_key(user_name=info.get('user_name'),
delegate_account=info.get('account_name'))
try:
info['access_key_id'] = ak['access_key_id']
except KeyError:
err_msg = ('Failed to fetch access key for USER:"******", ACCOUNT:"{1}"'
.format(aws_user_name, aws_account_name))
self.log.error('{0}\n{1}'.format(get_traceback(), err_msg))
raise RuntimeError(err_msg)
if self.admin.iam.get_all_signing_certs(user_name=info.get('user_name'),
delegate_account=info.get('account_name')):
certs = True
else:
certs = False
user = UserContext(aws_access_key=info.get('access_key_id'),
aws_secret_key=info.get('secret_access_key'),
aws_account_name=info.get('account_name'),
aws_user_name=info.get('user_name'),
region=region,
domain=domain,
existing_certs=certs,
machine=self.sysadmin.clc_machine,
service_connection=self.sysadmin,
log_level=log_level,
boto2_api_version=boto2_api_version,
https=https)
user._user_info = self.admin.iam.get_user_info(user_name=user.user_name,
delegate_account=user.account_id)
return user
