def update(self):
if (self.cli_args.file is None):
message = "SAML Metadata Document is required to update saml provider."
CLIResponse.send_error_out(message)
if (self.cli_args.arn is None):
message = "SAML Provider ARN is required to update saml provider."
CLIResponse.send_error_out(message)
file_path = os.path.abspath(self.cli_args.file)
if (not os.path.isfile(file_path)):
message = "File " + file_path + " not found."
CLIResponse.send_error_out(message)
with open(file_path, "r") as saml_metadata_file:
saml_metadata = saml_metadata_file.read()
saml_provider_args = {}
saml_provider_args['SAMLMetadataDocument'] = saml_metadata
saml_provider_args['SAMLProviderArn'] = self.cli_args.arn
try:
self.iam_client.update_saml_provider(**saml_provider_args)
except Exception as ex:
message = "Exception occured while updating SAML provider.\n"
message += str(ex)
CLIResponse.send_error_out(message)
message = "SAML provider Updated."
CLIResponse.send_success_out(message)
def create(self):
if (self.cli_args.file is None):
message = "SAML Metadata Document is required to create role"
CLIResponse.send_error_out(message)
if (self.cli_args.name is None):
message = "Provider name is required to create SAML provider."
CLIResponse.send_error_out(message)
file_path = os.path.abspath(self.cli_args.file)
if (not os.path.isfile(file_path)):
message = "File " + file_path + " not found."
CLIResponse.send_error_out(message)
with open(file_path, "r") as saml_metadata_file:
saml_metadata = saml_metadata_file.read()
saml_provider_args = {}
saml_provider_args['SAMLMetadataDocument'] = saml_metadata
saml_provider_args['Name'] = self.cli_args.name
try:
result = self.iam_client.create_saml_provider(**saml_provider_args)
except Exception as ex:
message = "Exception occured while creating saml provider.\n"
message += str(ex)
CLIResponse.send_error_out(message)
message = "SAMLProviderArn = %s" % (result['SAMLProviderArn'])
CLIResponse.send_success_out(message)
def list(self):
try:
result = self.iam_client.list_saml_providers()
except Exception as ex:
message = "Exception occured while listing SAML providers.\n"
message += str(ex)
CLIResponse.send_error_out(message)
for provider in result['SAMLProviderList']:
print("ARN = %s, ValidUntil = %s" %
(provider['Arn'], provider['ValidUntil']))
def create(self):
if (self.cli_args.file is None):
message = "Assume role policy document is required to create role."
CLIResponse.send_error_out(message)
if (self.cli_args.name is None):
print("RoleName is required to create role.")
CLIResponse.send_error_out(message)
file_path = os.path.abspath(self.cli_args.file)
if (not os.path.isfile(file_path)):
message = "File " + file_path + " not found."
CLIResponse.send_error_out(message)
with open(file_path, "r") as assume_role_file:
assume_role_policy = assume_role_file.read()
role_args = {}
role_args['AssumeRolePolicyDocument'] = assume_role_policy
role_args['RoleName'] = self.cli_args.name
if (not self.cli_args.path is None):
role_args['Path'] = self.cli_args.path
try:
result = self.iam_client.create_role(**role_args)
except Exception as ex:
message = "Exception occured while creating role."
message += str(ex)
CLIResponse.send_error_out(message)
print("RoleId = %s, RoleName = %s, ARN = %s, Path = %s" %
(result['Role']['RoleId'], result['Role']['RoleName'],
result['Role']['Arn'], result['Role']['Path']))
def list(self):
# Get host value from url https://iam.seagate.com:9443
if (self.cli_args.name is None):
message = "Account name is required."
CLIResponse.send_error_out(message)
url_parse_result = urllib.parse.urlparse(Config.endpoint)
epoch_t = datetime.datetime.utcnow()
body = urllib.parse.urlencode({
'Action': 'GetAccountLoginProfile',
'AccountName': self.cli_args.name
})
headers = {
'content-type': 'application/x-www-form-urlencoded',
'Accept': 'text/plain'
}
headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t,
url_parse_result.netloc,
Config.service,
Config.default_region)
headers['X-Amz-Date'] = get_timestamp(epoch_t)
if (self.cli_args.session_token is not None):
headers['X-Amz-Security-Token'] = self.cli_args.session_token
if (headers['Authorization'] is None):
message = "Failed to generate v4 signature"
CLIResponse.send_error_out(message)
response = ConnMan.send_post_request(body, headers)
if response['status'] == 200:
accounts = GetAccountLoginProfileResponse(response)
if accounts.is_valid_response():
accounts.print_account_login_profile_info()
else:
# unlikely message corruption case in network
message = "Failed to list login profile"
CLIResponse.send_success_out(message)
elif (response['status'] == 503):
message = "Failed to get login profile\n" \
"An error occurred (503) when calling the GetAccountLoginProfile operation : " + response['reason']
CLIResponse.send_error_out(message)
else:
message = "Failed to get login profile\n"
error = ErrorResponse(response)
message += error.get_error_message()
CLIResponse.send_error_out(message)
def list(self):
role_args = {}
if (not self.cli_args.path is None):
role_args['PathPrefix'] = self.cli_args.path
try:
result = self.iam_client.list_roles(**role_args)
except Exception as ex:
message = "Exception occured while listing roles.\n"
message += str(ex)
CLIResponse.send_error_out(message)
for role in result['Roles']:
print(
"RoleId = %s, RoleName = %s, ARN = %s, Path = %s" %
(role['RoleId'], role['RoleName'], role['Arn'], role['Path']))
def create(self):
if self.cli_args.name is None:
message = "Account name is required."
CLIResponse.send_error_out(message)
if self.cli_args.email is None:
message = "Email Id of the user is required to create an Account"
CLIResponse.send_error_out(message)
# Get host value from url https://iam.seagate.com:9443
url_parse_result = urllib.parse.urlparse(Config.endpoint)
epoch_t = datetime.datetime.utcnow()
body = urllib.parse.urlencode({
'Action': 'CreateAccount',
'AccountName': self.cli_args.name,
'Email': self.cli_args.email
})
headers = {
'content-type': 'application/x-www-form-urlencoded',
'Accept': 'text/plain'
}
headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t,
url_parse_result.netloc,
Config.service,
Config.default_region)
headers['X-Amz-Date'] = get_timestamp(epoch_t)
if (headers['Authorization'] is None):
print("Failed to generate v4 signature")
sys.exit(1)
response = ConnMan.send_post_request(body, headers)
if (response['status'] == 201):
account = CreateAccountResponse(response)
if account.is_valid_response():
account.print_account_info()
else:
# unlikely message corruption case in network
message = "Account was created. For account details try account listing."
CLIResponse.send_success_out(message)
elif (response['status'] == 503):
message = "Account wasn't created.\n" \
"An error occurred (503) when calling the CreateAccount operation : " + response['reason']
CLIResponse.send_error_out(message)
else:
message = "Account wasn't created.\n"
error = ErrorResponse(response)
message += error.get_error_message()
CLIResponse.send_error_out(message)
def get(self):
if (self.cli_args.name is None):
message = "User name is required for getting Login Profile"
CLIResponse.send_error_out(message)
user_args = {}
user_args['UserName'] = self.cli_args.name
try:
result = self.iam_client.get_login_profile(**user_args)
except Exception as ex:
message = "Failed to get Login Profile for " + user_args[
'UserName'] + "\n"
message += str(ex)
CLIResponse.send_error_out(message)
profile = (result['LoginProfile'])
print("Login Profile %s %s %s" %
(profile['CreateDate'], profile['PasswordResetRequired'],
profile['UserName']))
def create(self):
if (self.cli_args.name is None):
message = "User name is required for user login-profile creation"
CLIResponse.send_error_out(message)
if (self.cli_args.password is None):
message = "User password is required for user login-profile creation"
CLIResponse.send_error_out(message)
user_args = {}
user_args['UserName'] = self.cli_args.name
user_args['Password'] = self.cli_args.password
user_args['PasswordResetRequired'] = False
if (self.cli_args.password_reset_required):
user_args['PasswordResetRequired'] = True
try:
result = self.iam_client.create_login_profile(**user_args)
except Exception as ex:
message = "Failed to create userloginprofile.\n"
message += str(ex)
CLIResponse.send_error_out(message)
profile = (result['LoginProfile'])
print("Login Profile %s %s %s" %
(profile['CreateDate'], profile['PasswordResetRequired'],
profile['UserName']))
def delete(self):
if self.cli_args.name is None:
print('Account name is required.')
CLIResponse.send_error_out(message)
# Get host value from url https://iam.seagate.com:9443
url_parse_result = urllib.parse.urlparse(Config.endpoint)
epoch_t = datetime.datetime.utcnow()
account_params = {
'Action': 'DeleteAccount',
'AccountName': self.cli_args.name
}
if self.cli_args.force:
account_params['force'] = True
epoch_t = datetime.datetime.utcnow()
body = urllib.parse.urlencode(account_params)
headers = {
'content-type': 'application/x-www-form-urlencoded',
'Accept': 'text/plain'
}
headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t,
url_parse_result.netloc,
Config.service,
Config.default_region)
headers['X-Amz-Date'] = get_timestamp(epoch_t)
if (self.cli_args.session_token is not None):
headers['X-Amz-Security-Token'] = self.cli_args.session_token
if (headers['Authorization'] is None):
print("Failed to generate v4 signature")
CLIResponse.send_error_out(message)
response = ConnMan.send_post_request(body, headers)
if response['status'] == 200:
print('Account deleted successfully.')
elif (response['status'] == 503):
message = "Account cannot be deleted.\n" \
"An error occurred (503) when calling the DeleteAccount operation : " + response['reason']
CLIResponse.send_error_out(message)
else:
message = 'Account cannot be deleted.\n'
error = ErrorResponse(response)
message += error.get_error_message()
CLIResponse.send_error_out(message)
def create(self):
policy_args = {}
if (self.cli_args.name is None):
message = "Group name is required."
CLIResponse.send_error_out(message)
policy_args['GroupName'] = self.cli_args.name
if (not self.cli_args.path is None):
policy_args['Path'] = self.cli_args.path
try:
result = self.iam_client.create_group(**policy_args)
except Exception as ex:
message = "Exception occured while creating group.\n"
message += str(ex)
CLIResponse.send_error_out(message)
print("GroupId = %s, GroupName = %s, Arn = %s" % (
result['Group']['GroupId'],
result['Group']['GroupName'],
result['Group']['Arn'],
))
def changepassword(self):
if (self.cli_args.old_password is None):
message = "OldPassword is required for changing user password"
CLIResponse.send_error_out(message)
if (self.cli_args.new_password is None):
message = "NewPassword is required for changing user password"
CLIResponse.send_error_out(message)
user_args = {}
user_args['OldPassword'] = self.cli_args.old_password
user_args['NewPassword'] = self.cli_args.new_password
try:
result = self.iam_client.change_password(**user_args)
message = "ChangePassword is successful"
CLIResponse.send_success_out(message)
except Exception as ex:
message = "ChangePassword failed\n"
message += str(ex)
CLIResponse.send_error_out(message)
def create(self):
policy_args = {}
if (self.cli_args.name is None):
message = "Policy name is required."
CLIResponse.send_error_out(message)
if (self.cli_args.file is None):
message = "Policy document is required."
CLIResponse.send_error_out(message)
file_path = os.path.abspath(self.cli_args.file)
if (not os.path.isfile(file_path)):
message = "Policy file " + file_path + " not found."
CLIResponse.send_error_out(message)
policy_args['PolicyName'] = self.cli_args.name
with open(file_path, "r") as policy_file:
policy = policy_file.read()
policy_args['PolicyDocument'] = policy
if (not self.cli_args.path is None):
policy_args['Path'] = self.cli_args.path
if (not self.cli_args.description is None):
policy_args['Description'] = self.cli_args.description
try:
result = self.iam_client.create_policy(**policy_args)
except Exception as ex:
message = "Exception occured while creating policy.\n"
message += str(ex)
CLIResponse.send_error_out(message)
print(
"PolicyId = %s, PolicyName = %s, Arn = %s, DefaultVersionId = %s" %
(result['Policy']['PolicyId'], result['Policy']['PolicyName'],
result['Policy']['Arn'], result['Policy']['DefaultVersionId']))
def list(self):
# Get host value from url https://iam.seagate.com:9443
url_parse_result = urllib.parse.urlparse(Config.endpoint)
epoch_t = datetime.datetime.utcnow()
showAll = False
if (self.cli_args.showall):
showAll = True
body = urllib.parse.urlencode({
'Action': 'ListAccounts',
'ShowAll': showAll
})
headers = {
'content-type': 'application/x-www-form-urlencoded',
'Accept': 'text/plain'
}
headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t,
url_parse_result.netloc,
Config.service,
Config.default_region)
headers['X-Amz-Date'] = get_timestamp(epoch_t)
if (headers['Authorization'] is None):
print("Failed to generate v4 signature")
CLIResponse.send_error_out(message)
response = ConnMan.send_post_request(body, headers)
if response['status'] == 200:
accounts = ListAccountResponse(response)
if accounts.is_valid_response():
accounts.print_account_listing()
else:
# unlikely message corruption case in network
print("Failed to list accounts.")
sys.exit(0)
elif (response['status'] == 503):
message = "Failed to list accounts!\n" \
"An error occurred (503) when calling the ListAccounts operation : " + response['reason']
CLIResponse.send_error_out(message)
else:
message = "Failed to list accounts!\n"
error = ErrorResponse(response)
message += error.get_error_message()
CLIResponse.send_error_out(message)
def delete(self):
if (self.cli_args.name is None):
print("Role name is required to delete role.")
CLIResponse.send_error_out(message)
role_args = {}
role_args['RoleName'] = self.cli_args.name
try:
self.iam_client.delete_role(**role_args)
except Exception as ex:
message = "Exception occured while deleting role."
message += str(ex)
CLIResponse.send_error_out(message)
message = "Role deleted."
CLIResponse.send_success_out(message)
def delete(self):
if (self.cli_args.arn is None):
message = "SAML Provider ARN is required to delete."
CLIResponse.send_error_out(message)
saml_provider_args = {}
saml_provider_args['SAMLProviderArn'] = self.cli_args.arn
try:
self.iam_client.delete_saml_provider(**saml_provider_args)
except Exception as ex:
message = "Exception occured while deleting SAML provider.\n"
message += str(ex)
CLIResponse.send_error_out(message)
message = "SAML provider deleted."
CLIResponse.send_success_out(message)
def update(self):
if (self.cli_args.name is None):
message = "UserName is required for UpdateUserLoginProfile"
CLIResponse.send_error_out(message)
user_args = {}
user_args['UserName'] = self.cli_args.name
if (not self.cli_args.password is None):
user_args['Password'] = self.cli_args.password
user_args['PasswordResetRequired'] = False
if (self.cli_args.password_reset_required):
user_args['PasswordResetRequired'] = True
if (self.cli_args.password is None) and (
self.cli_args.password_reset_required is
False) and (self.cli_args.no_password_reset_required is False):
message = "Please provide password or password-reset flag"
CLIResponse.send_error_out(message)
try:
result = self.iam_client.update_login_profile(**user_args)
message = "UpdateUserLoginProfile is successful"
CLIResponse.send_success_out(message)
except Exception as ex:
message = "UpdateUserLoginProfile failed\n"
message += str(ex)
CLIResponse.send_error_out(message)
def create(self):
if (self.cli_args.name is None):
message = "Name is required to create federation token."
CLIResponse.send_error_out(message)
federation_token_args = {}
federation_token_args['Name'] = self.cli_args.name
if (not self.cli_args.duration is None):
federation_token_args['DurationSeconds'] = self.cli_args.duration
if (not self.cli_args.file is None):
file_path = os.path.abspath(self.cli_args.file)
if (not os.path.isfile(file_path)):
message = "Policy file " + file_path + " not found."
CLIResponse.send_error_out(message)
with open(file_path, "r") as federation_token_file:
policy = federation_token_file.read()
federation_token_args['Policy'] = policy
try:
result = self.sts_client.get_federation_token(
**federation_token_args)
except Exception as ex:
message = "Exception occured while creating federation token.\n"
message += str(ex)
CLIResponse.send_error_out(message)
print(
"FederatedUserId = %s, AccessKeyId = %s, SecretAccessKey = %s, SessionToken = %s"
% (result['FederatedUser']['FederatedUserId'],
result['Credentials']['AccessKeyId'],
result['Credentials']['SecretAccessKey'],
result['Credentials']['SessionToken']))
def create(self):
if(self.cli_args.saml_principal_arn is None):
message = "SAML principal ARN is required."
CLIResponse.send_error_out(message)
if(self.cli_args.saml_role_arn is None):
message = "SAML role ARN is required."
CLIResponse.send_error_out(message)
if(self.cli_args.saml_assertion is None):
message = "SAML assertion is required."
CLIResponse.send_error_out(message)
assertion_file_path = os.path.abspath(self.cli_args.saml_assertion)
if(not os.path.isfile(assertion_file_path)):
message = "Saml assertion file not found."
CLIResponse.send_error_out(message)
with open (assertion_file_path, "r") as saml_assertion_file:
assertion = saml_assertion_file.read()
assume_role_with_saml_args = {}
assume_role_with_saml_args['SAMLAssertion'] = assertion
assume_role_with_saml_args['RoleArn'] = self.cli_args.saml_role_arn
assume_role_with_saml_args['PrincipalArn'] = self.cli_args.saml_principal_arn
if(not self.cli_args.duration is None):
assume_role_with_saml_args['DurationSeconds'] = self.cli_args.duration
if(not self.cli_args.file is None):
file_path = os.path.abspath(self.cli_args.file)
if(not os.path.isfile(file_path)):
message = "Policy file not found. " + file_path
CLIResponse.send_error_out(message)
with open (file_path, "r") as federation_token_file:
policy = federation_token_file.read()
assume_role_with_saml_args['Policy'] = policy
try:
result = self.sts_client.assume_role_with_saml(**assume_role_with_saml_args)
except Exception as ex:
message = "Exception occured while creating credentials with saml.\n"
message += str(ex)
CLIResponse.send_error_out(message)
print("AssumedRoleId- %s, AccessKeyId- %s, SecretAccessKey- %s, SessionToken- %s" % (
result['AssumedRoleUser']['AssumedRoleId'],
result['Credentials']['AccessKeyId'],
result['Credentials']['SecretAccessKey'],
result['Credentials']['SessionToken'],))
def create(self):
if (self.cli_args.account_name is None):
message = "Account Name is required for getting auth credentials"
CLIResponse.send_error_out(message)
if (self.cli_args.password is None):
message = "Account password is required for getting auth credentials"
CLIResponse.send_error_out(message)
url_parse_result = urllib.parse.urlparse(Config.endpoint)
epoch_t = datetime.datetime.utcnow()
if (self.cli_args.name is None):
if (self.cli_args.duration is None):
body = urllib.parse.urlencode({
'Action':
'GetTempAuthCredentials',
'AccountName':
self.cli_args.account_name,
'Password':
self.cli_args.password
})
else:
body = urllib.parse.urlencode({
'Action':
'GetTempAuthCredentials',
'AccountName':
self.cli_args.account_name,
'Password':
self.cli_args.password,
'Duration':
self.cli_args.duration
})
else:
if (self.cli_args.duration is None):
body = urllib.parse.urlencode({
'Action': 'GetTempAuthCredentials',
'AccountName': self.cli_args.account_name,
'Password': self.cli_args.password,
'UserName': self.cli_args.name
})
else:
body = urllib.parse.urlencode({
'Action': 'GetTempAuthCredentials',
'AccountName': self.cli_args.account_name,
'Password': self.cli_args.password,
'Duration': self.cli_args.duration,
'UserName': self.cli_args.name
})
headers = {
'content-type': 'application/x-www-form-urlencoded',
'Accept': 'text/plain'
}
headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t,
url_parse_result.netloc,
Config.service,
Config.default_region)
headers['X-Amz-Date'] = get_timestamp(epoch_t)
if (headers['Authorization'] is None):
message = "Failed to generate v4 signature"
CLIResponse.send_error_out(message)
response = ConnMan.send_post_request(body, headers)
if (response['status'] == 201):
credentials = GetTempAuthCredentialsResponse(response)
credentials.print_credentials()
elif (response['status'] == 503):
message = "GetTempAuthCredentials not successful\n" \
+ "An error occurred (503) when calling the GetTempAuthCredentials operation : " + response['reason']
CLIResponse.send_error_out(message)
else:
message = "GetTempAuthCredentials not successful\n"
error = ErrorResponse(response)
message += error.get_error_message()
CLIResponse.send_error_out(message)
def update(self):
if (self.cli_args.name is None):
message = "Account name is required for UpdateAccountLoginProfile"
CLIResponse.send_error_out(message)
passwordResetRequired = False
if (self.cli_args.password_reset_required):
passwordResetRequired = True
if (self.cli_args.password is None) and (
self.cli_args.password_reset_required is
False) and (self.cli_args.no_password_reset_required is False):
message = "Please provide password or password-reset flag"
CLIResponse.send_error_out(message)
# Get host value from url https://iam.seagate.com:9443
url_parse_result = urllib.parse.urlparse(Config.endpoint)
epoch_t = datetime.datetime.utcnow()
if (self.cli_args.password is None):
body = urllib.parse.urlencode({
'Action':
'UpdateAccountLoginProfile',
'AccountName':
self.cli_args.name,
'PasswordResetRequired':
passwordResetRequired
})
else:
body = urllib.parse.urlencode({
'Action':
'UpdateAccountLoginProfile',
'AccountName':
self.cli_args.name,
'Password':
self.cli_args.password,
'PasswordResetRequired':
passwordResetRequired
})
headers = {
'content-type': 'application/x-www-form-urlencoded',
'Accept': 'text/plain'
}
headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t,
url_parse_result.netloc,
Config.service,
Config.default_region)
headers['X-Amz-Date'] = get_timestamp(epoch_t)
if (self.cli_args.session_token is not None):
headers['X-Amz-Security-Token'] = self.cli_args.session_token
if (headers['Authorization'] is None):
message = "Failed to generate v4 signature"
CLIResponse.send_error_out(message)
result = ConnMan.send_post_request(body, headers)
# Validate response
if (result['status'] == 200):
message = "Account login profile updated."
CLIResponse.send_success_out(message)
elif (result['status'] == 503):
message = "Failed to update Account login profile.\n" \
"An error occurred (503) when calling the UpdateAccountLoginProfile operation : " + result['reason']
CLIResponse.send_error_out(message)
else:
message = "Account login profile wasn't Updated."
error = ErrorResponse(result)
message += error.get_error_message()
CLIResponse.send_error_out(message)
def create(self):
if (self.cli_args.name is None or self.cli_args.name is ''):
message = "Account name is required"
CLIResponse.send_error_out(message)
if (self.cli_args.password is None):
message = "Account login password is required"
CLIResponse.send_error_out(message)
passwordResetRequired = False
if (self.cli_args.password_reset_required):
passwordResetRequired = True
# Get host value from url https://iam.seagate.com:9443
url_parse_result = urllib.parse.urlparse(Config.endpoint)
epoch_t = datetime.datetime.utcnow()
body = urllib.parse.urlencode({
'Action':
'CreateAccountLoginProfile',
'AccountName':
self.cli_args.name,
'Password':
self.cli_args.password,
'PasswordResetRequired':
passwordResetRequired
})
headers = {
'content-type': 'application/x-www-form-urlencoded',
'Accept': 'text/plain'
}
headers['Authorization'] = sign_request_v4('POST', '/', body, epoch_t,
url_parse_result.netloc,
Config.service,
Config.default_region)
headers['X-Amz-Date'] = get_timestamp(epoch_t)
if (headers['Authorization'] is None):
message = "Failed to generate v4 signature"
CLIResponse.send_error_out(message)
result = ConnMan.send_post_request(body, headers)
# Validate response
if (result['status'] == 201):
profile = CreateAccountLoginProfileResponse(result)
if profile.is_valid_response():
profile.print_profile_info()
else:
# unlikely message corruption case in network
message = "Account login profile was created. For details try get account login profile."
CLIResponse.send_success_out(message)
elif (result['status'] == 503):
message = "Failed to create Account login profile.\n" \
"An error occurred (503) when calling the CreateAccountLoginProfile operation : " + result['reason']
CLIResponse.send_error_out(message)
else:
message = "Failed to create Account login profile.\n"
error = ErrorResponse(result)
message += error.get_error_message()
CLIResponse.send_error_out(message)
def run(self):
show_hidden_args = '--hidden_help' in sys.argv
parser = argparse.ArgumentParser(usage=self.iam_usage())
parser.add_argument("action", help="Action to be performed.")
parser.add_argument("-n", "--name", help="User Name.")
parser.add_argument("-a", "--account_name", help="Account Name.")
parser.add_argument("-e", "--email", help="Email id.")
parser.add_argument("-p", "--path", help="Path or Path Prefix.")
parser.add_argument("-f", "--file", help="File Path.")
parser.add_argument("-d",
"--duration",
help="Access Key Duration.",
type=int)
parser.add_argument("-k",
"--access_key_update",
help="Access Key to be updated or deleted.")
parser.add_argument("-s", "--status", help="Active/Inactive")
parser.add_argument("--force",
help="Delete account forcefully.",
action='store_true')
parser.add_argument("--access_key", help="Access Key Id.")
parser.add_argument("--secret_key", help="Secret Key.")
parser.add_argument("--password", help="Password.")
parser.add_argument("--old_password", help="Old Password.")
parser.add_argument("--new_password", help="New Password.")
parser.add_argument("--password-reset-required",
help="Password reset required on next login.",
action='store_true')
parser.add_argument("--no-password-reset-required",
help="No password reset required on next login.",
action='store_true')
parser.add_argument("--ldapuser", help="Ldap User Id.")
parser.add_argument("--ldappasswd", help="Ldap Password.")
parser.add_argument("--session_token", help="Session Token.")
parser.add_argument("--arn", help="ARN.")
parser.add_argument("--description", help="Description of the entity.")
parser.add_argument("--saml_principal_arn",
help="SAML Principal ARN."
if show_hidden_args else argparse.SUPPRESS)
parser.add_argument(
"--saml_role_arn",
help="SAML Role ARN." if show_hidden_args else argparse.SUPPRESS)
parser.add_argument("--saml_assertion",
help="File containing SAML assertion."
if show_hidden_args else argparse.SUPPRESS)
parser.add_argument("--new_user", help="New user name.")
parser.add_argument("--no-ssl",
help="Use HTTP protocol.",
action='store_true')
parser.add_argument("--hidden_help",
dest='hidden_help',
action='store_true',
help=argparse.SUPPRESS)
parser.add_argument(
"--showall",
help="Lists all the accounts internal and external",
action='store_true')
cli_args = parser.parse_args()
if cli_args.hidden_help is True and cli_args.action == 'show':
parser.print_help()
print(self.iam_usage_hidden())
sys.exit()
controller_action = self.load_controller_action()
"""
Check if the action is valid.
Note - class name and module name are the same
"""
try:
class_name = controller_action[
cli_args.action.lower()]['controller']
except Exception as ex:
message = "Action not found.\n"
message += str(ex)
CLIResponse.send_error_out(message)
# Get service for the action
if (not 'service'
in controller_action[cli_args.action.lower()].keys()):
print(
"Set the service(iam/s3/sts) for the action in the controller_action.yml."
)
sys.exit()
Config.service = controller_action[cli_args.action.lower()]['service']
# Load configurations
self.load_config(cli_args)
if (cli_args.action.lower()
in ["createaccount", "listaccounts", "resetaccountaccesskey"]):
# Take credentials from declared environment variables
if ('SG_LDAP_USER' in os.environ) and ('SG_LDAP_PASSWD'
in os.environ):
cli_args.ldapuser = os.environ['SG_LDAP_USER']
cli_args.ldappasswd = os.environ['SG_LDAP_PASSWD']
# Take credentials by asking user to enter i.e prompt
if (cli_args.ldapuser is None) and (cli_args.ldappasswd is None):
cli_args.ldapuser = input("Enter Ldap User Id: ")
if not cli_args.ldapuser:
message = "Provide Ldap User Id."
CLIResponse.send_error_out(message)
cli_args.ldappasswd = getpass.getpass("Enter Ldap password: "******"Provide Ldap password."
CLIResponse.send_error_out(message)
cli_args.access_key = cli_args.ldapuser
cli_args.secret_key = cli_args.ldappasswd
elif (cli_args.action.lower() in ["gettempauthcredentials"]):
cli_args.access_key = ""
cli_args.secret_key = ""
else:
# Take credentials from declared environment variables
if ('SG_ACCESS_KEY' in os.environ) and ('SG_SECRET_KEY'
in os.environ):
cli_args.access_key = os.environ['SG_ACCESS_KEY']
cli_args.secret_key = os.environ['SG_SECRET_KEY']
# Take credentials by asking user to enter i.e prompt
if (cli_args.access_key is None) and (cli_args.secret_key is None):
cli_args.access_key = input("Enter Access Key: ")
if not cli_args.access_key:
message = "Provide access key."
CLIResponse.send_error_out(message)
cli_args.secret_key = getpass.getpass("Enter Secret Key: ")
if not cli_args.secret_key:
message = "Provide secret key."
CLIResponse.send_error_out(message)
Credentials.access_key = cli_args.access_key
Credentials.secret_key = cli_args.secret_key
# Create boto3.session object using the access key id and the secret key
session = self.get_session(cli_args.access_key, cli_args.secret_key,
cli_args.session_token)
# Create boto3.client object.
client = self.get_client(session)
# If module is not specified in the controller_action.yaml, then assume
# class name as the module name.
if ('module' in controller_action[cli_args.action.lower()].keys()):
module_name = controller_action[cli_args.action.lower()]['module']
else:
module_name = class_name.lower()
try:
module = self.import_module(module_name)
except Exception as ex:
message = "Internal error. Module %s not found\n" % class_name
message += str(ex)
CLIResponse.send_error_out(message)
# Create an object of the controller (user, role etc)
try:
controller_obj = self.str_to_class(module, class_name)(client,
cli_args)
except Exception as ex:
message = "Internal error. Class %s not found\n" % class_name
message += str(ex)
CLIResponse.send_error_out(message)
action = controller_action[cli_args.action.lower()]['action']
# Call the method of the controller i.e Create, Delete, Update, List or ChangePassword
try:
getattr(controller_obj, action)()
except Exception as ex:
message = str(ex)
CLIResponse.send_error_out(message)
def load_config(self, cli_args):
conf_home_dir = os.path.join(os.path.expanduser('~'), '.sgs3iamcli')
conf_file = os.path.join(conf_home_dir, 'config.yaml')
if not os.path.isfile(conf_file):
try:
os.stat(conf_home_dir)
except:
os.mkdir(conf_home_dir)
shutil.copy(os.path.join(self.get_conf_dir(), 's3iamclicfg.yaml'),
conf_file)
if not os.access(conf_file, os.R_OK):
message = "Failed to read " + conf_file + " it doesn't have read access"
CLIResponse.send_error_out(message)
with open(conf_file, 'r') as f:
config = yaml.safe_load(f)
service = Config.service.upper()
if not cli_args.no_ssl:
Config.use_ssl = True
service = service + '_HTTPS'
Config.ca_cert_file = config['SSL']['CA_CERT_FILE']
if ('~' == Config.ca_cert_file[0]):
Config.ca_cert_file = os.path.expanduser(
'~') + Config.ca_cert_file[1:len(Config.ca_cert_file)]
Config.check_ssl_hostname = config['SSL']['CHECK_SSL_HOSTNAME']
Config.verify_ssl_cert = config['SSL']['VERIFY_SSL_CERT']
if Config.endpoint != None:
Config.endpoint = config['ENDPOINTS'][service]
"""
SG_ACCESS_KEY, SG_SECRET_KEY, SG_LDAP_USER, SG_LDAP_PASSWD credentials are taken from one of the
following sources in descending order of priority.
1. CLI options
2. Declared environment variables
3. '~/.sgs3iamcli/config.yaml' file
4. Asking user to enter i.e prompt
"""
# Take credentials from '~/.sgs3iamcli/config.yaml' file
if (cli_args.access_key == None and cli_args.secret_key == None):
if 'SG_ACCESS_KEY' in config and config['SG_ACCESS_KEY'] and \
'SG_SECRET_KEY' in config and config['SG_SECRET_KEY']:
cli_args.access_key = config['SG_ACCESS_KEY']
cli_args.secret_key = config['SG_SECRET_KEY']
if (cli_args.ldapuser == None and cli_args.ldappasswd == None):
if ('SG_LDAP_USER' in config and config['SG_LDAP_USER']) and \
('SG_LDAP_PASSWD' in config and config['SG_LDAP_PASSWD']):
cli_args.ldapuser = config['SG_LDAP_USER']
cli_args.ldappasswd = config['SG_LDAP_PASSWD']
if config['BOTO']['ENABLE_LOGGER']:
logging.basicConfig(filename=config['BOTO']['LOG_FILE_PATH'],
level=config['BOTO']['LOG_LEVEL'])
if 'DEFAULT_REGION' in config and config['DEFAULT_REGION']:
Config.default_region = config['DEFAULT_REGION']
else:
Config.default_region = 'us-west2'
