def configure(create, path, inline_policy, attached_policy, user_name):
"""Create/configure/get IAM user."""
iam_conn = awscontext.GLOBAL.iam
try:
user = iamclient.get_user(iam_conn, user_name)
except exc.NotFoundError:
if not create:
raise
user = None
if not user:
user = iamclient.create_user(iam_conn, user_name, path)
if inline_policy:
_set_user_policy(iam_conn, user_name, inline_policy)
if attached_policy:
_set_attached_policy(iam_conn, user_name, attached_policy)
user['UserPolicies'] = iamclient.list_user_policies(
iam_conn, user_name)
user['AttachedPolicies'] = iamclient.list_attached_user_policies(
iam_conn, user_name)
cli.out(formatter(user))
def delete(force, user_name):
"""Delete IAM user."""
iam_conn = awscontext.GLOBAL.iam
if force:
user_policies = iamclient.list_user_policies(iam_conn, user_name)
for policy in user_policies:
_LOGGER.info('deleting inline policy: %s', policy)
iamclient.delete_user_policy(iam_conn, user_name, policy)
attached_pols = iamclient.list_attached_user_policies(
iam_conn, user_name)
for policy in attached_pols:
_LOGGER.info('detaching policy: %s', policy['PolicyArn'])
iamclient.detach_user_policy(iam_conn, user_name,
policy['PolicyArn'])
groups = iamclient.list_groups_for_user(iam_conn, user_name)
for group in groups:
_LOGGER.info('removing user from group: %s', group)
iamclient.remove_user_from_group(iam_conn, user_name, group)
try:
iamclient.delete_user(iam_conn=iam_conn, user_name=user_name)
except iam_conn.exceptions.DeleteConflictException:
raise click.UsageError('User [%s] has inline or attached '
'policies, or is a member of one or '
'more group, use --force to force '
'delete.' % user_name)
def delete(force, user_name):
"""Delete IAM user."""
iam_conn = awscontext.GLOBAL.iam
if force:
user_policies = iamclient.list_user_policies(iam_conn,
user_name)
for policy in user_policies:
_LOGGER.info('deleting role policy: %s', policy)
iamclient.delete_user_policy(iam_conn, user_name, policy)
attached_pols = iamclient.list_attached_user_policies(iam_conn,
user_name)
for policy in attached_pols:
_LOGGER.info('detaching managed policy: %s',
policy['PolicyName'])
iamclient.detach_user_policy(iam_conn,
user_name,
policy['PolicyArn'])
try:
iamclient.delete_user(iam_conn=iam_conn, user_name=user_name)
except iam_conn.exceptions.DeleteConflictException:
raise click.UsageError('User [%s] has inline or attached '
'policies, use --force to force '
'delete.' % user_name)
def _set_user_policy(iam_conn, user_name, user_policy):
new_pols = []
if user_policy == [':']:
user_policy = []
for pol in user_policy:
policy_name, policy_file = pol.split(':', 2)
new_pols.append(policy_name)
with io.open(policy_file) as f:
policy_document = f.read()
_LOGGER.info('set/updated inline policy: %s', policy_name)
iamclient.put_user_policy(iam_conn, user_name, policy_name,
policy_document)
all_pols = iamclient.list_user_policies(iam_conn, user_name)
for policy_name in all_pols:
if policy_name not in new_pols:
_LOGGER.info('removing inline policy: %s', policy_name)
iamclient.delete_user_policy(iam_conn, user_name, policy_name)