def delete_ssh_key(self, key_name):
if key_name in self.get_ssh_keys():
ec2 = get_root_ec2_connection()
ec2.get_key_pair(key_name).delete
audit_log("Delete SSH key %s" % (key_name))
dbh.execute("BEGIN EXCLUSIVE")
dbh.execute("""
DELETE FROM ssh_keys WHERE key_name=? AND user_name=?
""", [key_name, self.user_name])
dbh.execute("COMMIT")
def delete_ssh_key(self, key_name):
if key_name in self.get_ssh_keys():
ec2 = get_root_ec2_connection()
ec2.get_key_pair(key_name).delete
audit_log("Delete SSH key %s" % (key_name))
dbh.execute("BEGIN EXCLUSIVE")
dbh.execute(
"""
DELETE FROM ssh_keys WHERE key_name=? AND user_name=?
""", [key_name, self.user_name])
dbh.execute("COMMIT")
def delete_access_key(self, access_key):
self.init_iam
self.init_access_keys
key_names = filter(lambda x: x['key'] == access_key, self.access_keys)
iam = get_root_IAM_connection()
if len(key_names):
iam.delete_access_key(access_key, self.user_name)
audit_log("Deleted access key %s" % (access_key))
dbh.execute("BEGIN EXCLUSIVE")
dbh.execute("""
DELETE FROM access_keys WHERE access_key=? AND user_name=?
""", [access_key, self.user_name])
dbh.execute("COMMIT")
def delete_access_key(self, access_key):
self.init_iam
self.init_access_keys
key_names = filter(lambda x: x['key'] == access_key, self.access_keys)
iam = get_root_IAM_connection()
if len(key_names):
iam.delete_access_key(access_key, self.user_name)
audit_log("Deleted access key %s" % (access_key))
dbh.execute("BEGIN EXCLUSIVE")
dbh.execute(
"""
DELETE FROM access_keys WHERE access_key=? AND user_name=?
""", [access_key, self.user_name])
dbh.execute("COMMIT")
def create_access_key(self):
iam_root = get_root_IAM_connection()
response = iam_root.create_access_key(self.user_name)
audit_log("Creating access key %s for %s" % (
self.user_name, response.access_key_id
))
dbh.execute("BEGIN EXCLUSIVE")
dbh.execute("""
INSERT OR IGNORE INTO access_keys (
user_name,
access_key,
secret_access_key
) VALUES (?, ?, ?)
""", [self.user_name,
str(response.access_key_id), str(response.secret_access_key)])
dbh.execute("COMMIT")
self.init_access_keys()
def create_ssh_key(self, key_name):
key_name = re.sub(r'[^-a-zA-Z0-9_]', '', key_name)
if not key_name.startswith("%s-" % (self.user_name)):
full_name = "%s-%s" % (self.user_name, key_name)
else:
full_name = key_name
ec2 = get_root_ec2_connection()
keypair = ec2.create_key_pair(key_name=full_name)
audit_log("Creating SSH keypair %s for %s" %
(full_name, self.user_name))
dbh.execute("BEGIN EXCLUSIVE")
dbh.execute(
"""
INSERT OR REPLACE INTO ssh_keys
(user_name, key_name, private_key, fingerprint)
VALUES (?, ?, ?, ?)
""",
[self.user_name, full_name, keypair.material, keypair.fingerprint])
dbh.execute("COMMIT")
def create_access_key(self):
iam_root = get_root_IAM_connection()
response = iam_root.create_access_key(self.user_name)
audit_log("Creating access key %s for %s" %
(self.user_name, response.access_key_id))
dbh.execute("BEGIN EXCLUSIVE")
dbh.execute(
"""
INSERT OR IGNORE INTO access_keys (
user_name,
access_key,
secret_access_key
) VALUES (?, ?, ?)
""", [
self.user_name,
str(response.access_key_id),
str(response.secret_access_key)
])
dbh.execute("COMMIT")
self.init_access_keys()
def create_ssh_key(self, key_name):
key_name = re.sub(r'[^-a-zA-Z0-9_]', '', key_name)
if not key_name.startswith("%s-" % (self.user_name)):
full_name = "%s-%s" % (self.user_name, key_name)
else:
full_name = key_name
ec2 = get_root_ec2_connection()
keypair = ec2.create_key_pair(
key_name = full_name
)
audit_log("Creating SSH keypair %s for %s" % (
full_name, self.user_name
))
dbh.execute("BEGIN EXCLUSIVE")
dbh.execute("""
INSERT OR REPLACE INTO ssh_keys
(user_name, key_name, private_key, fingerprint)
VALUES (?, ?, ?, ?)
""", [self.user_name, full_name, keypair.material, keypair.fingerprint])
dbh.execute("COMMIT")
def make_user(user_name):
audit_log("Creating user %s" % (user_name))
iam_root = get_root_IAM_connection()
iam_delete_user(iam_root, user_name)
iam_root.create_user(user_name)
iam_root.add_user_to_group("students", user_name)
iam_root.put_user_policy(
user_name, "%s-user" % (user_name),
simplejson.dumps(simplejson.loads(get_user_policy(user_name))))
password = random_password()
iam_root.create_login_profile(user_name, password)
now = datetime.datetime.utcnow().isoformat()
dbh.execute("BEGIN EXCLUSIVE")
dbh.execute(
"""
INSERT OR REPLACE INTO users (user_name, create_time, create_account, login_password)
VALUES (?, ?, ?, ?)
""", [user_name, now, real_username(), password])
dbh.execute("COMMIT;")
user = User(user_name)
return user
def make_user(user_name):
audit_log("Creating user %s" % (user_name))
iam_root = get_root_IAM_connection()
iam_delete_user(iam_root, user_name)
iam_root.create_user(user_name)
iam_root.add_user_to_group("students", user_name)
iam_root.put_user_policy(
user_name,
"%s-user" % (user_name),
simplejson.dumps(simplejson.loads(get_user_policy(user_name)))
)
password = random_password()
iam_root.create_login_profile(user_name, password)
now = datetime.datetime.utcnow().isoformat()
dbh.execute("BEGIN EXCLUSIVE")
dbh.execute("""
INSERT OR REPLACE INTO users (user_name, create_time, create_account, login_password)
VALUES (?, ?, ?, ?)
""", [user_name, now, real_username(), password])
dbh.execute("COMMIT;")
user = User(user_name)
return user
def run_instances(self, instance_info):
info_without_ud = instance_info.copy()
if 'user_data' in info_without_ud:
del info_without_ud['user_data']
old_cost = self.cost_instances()
extra_cost = self.cost_proposal(instance_info['instance_type'],
instance_info['count'])
if not instance_info['key_name'].startswith(self.user_name):
audit_log("Rejecting instance request %s (for %s) because of key" %
(self.user_name, info_without_ud))
raise Exception("Needs to be associated with SSH key")
if old_cost + extra_cost > SPEND_LIMIT:
audit_log(
"Rejecting instance request %s (for %s) because of cost" %
(self.user_name, info_without_ud))
raise Exception("Excessive instance cost")
ec2 = get_root_ec2_connection()
audit_log("Making instance requset %s for %s" %
(info_without_ud, self.user_name))
if instance_info['use_spot']:
spot_price = INSTANCE_COST[
instance_info['instance_type']] * SPOT_BASE
spot_requests = ec2.request_spot_instances(
price=spot_price,
image_id=instance_info['image_id'],
count=instance_info['count'],
key_name=instance_info['key_name'],
security_groups=instance_info['security_groups'],
user_data=instance_info.get('user_data'),
instance_type=instance_info['instance_type'],
placement=instance_info.get('availability_zone', None)
#, availability_zone_group=instance_info.get('placement_group', None)
)
return spot_requests
else:
reservation = ec2.run_instances(
image_id=instance_info['image_id'],
min_count=instance_info['count'],
max_count=instance_info['count'],
key_name=instance_info['key_name'],
security_groups=instance_info['security_groups'],
user_data=instance_info['user_data'],
instance_type=instance_info['instance_type'],
placement=instance_info.get('availability_zone', None)
#, placement_group=instance_info.get('placement_group', None)
)
return reservation
def run_instances(self, instance_info):
info_without_ud = instance_info.copy()
if 'user_data' in info_without_ud:
del info_without_ud['user_data']
old_cost = self.cost_instances()
extra_cost = self.cost_proposal(
instance_info['instance_type'],
instance_info['count']
)
if not instance_info['key_name'].startswith(self.user_name):
audit_log("Rejecting instance request %s (for %s) because of key" % (self.user_name, info_without_ud))
raise Exception("Needs to be associated with SSH key")
if old_cost + extra_cost > SPEND_LIMIT:
audit_log("Rejecting instance request %s (for %s) because of cost" % (self.user_name, info_without_ud))
raise Exception("Excessive instance cost")
ec2 = get_root_ec2_connection()
audit_log("Making instance requset %s for %s" % (
info_without_ud, self.user_name
))
if instance_info['use_spot']:
spot_price = INSTANCE_COST[instance_info['instance_type']] * SPOT_BASE
spot_requests = ec2.request_spot_instances(
price=spot_price,
image_id=instance_info['image_id'],
count=instance_info['count'],
key_name=instance_info['key_name'],
security_groups=instance_info['security_groups'],
user_data=instance_info.get('user_data'),
instance_type=instance_info['instance_type'],
placement=instance_info.get('availability_zone', None)
#, availability_zone_group=instance_info.get('placement_group', None)
)
return spot_requests
else:
reservation = ec2.run_instances(
image_id=instance_info['image_id'],
min_count=instance_info['count'],
max_count=instance_info['count'],
key_name=instance_info['key_name'],
security_groups=instance_info['security_groups'],
user_data=instance_info['user_data'],
instance_type=instance_info['instance_type'],
placement=instance_info.get('availability_zone', None)
#, placement_group=instance_info.get('placement_group', None)
)
return reservation