class GetGroup(IAMRequest): DESCRIPTION = 'List all the users in a group' ARGS = [arg_group(help='name of the group to enumerate (required)'), AS_ACCOUNT] LIST_TAGS = ['Users'] def main(self): return PaginatedResponse(self, (None,), ('Users',)) def prepare_for_page(self, page): # Pages are defined by markers self.params['Marker'] = page # pylint: disable=no-self-use def get_next_page(self, response): if response.get('IsTruncated') == 'true': return response['Marker'] # pylint: enable=no-self-use # pylint: disable=no-self-use def print_result(self, result): print result['Group']['Arn'] print ' ', 'users' for user in result.get('Users', []): print ' ', user['Arn']
class ListGroupPolicies(IAMRequest): DESCRIPTION = 'List one or all policies attached to a group' ARGS = [ arg_group(help='group owning the policies to list (required)'), Arg('-p', '--policy-name', metavar='POLICY', route_to=None, help='display a specific policy'), Arg('-v', '--verbose', action='store_true', route_to=None, help='''display the contents of the resulting policies (in addition to their names)'''), Arg('--pretty-print', action='store_true', route_to=None, help='''when printing the contents of policies, reformat them for easier reading'''), AS_ACCOUNT ] LIST_TAGS = ['PolicyNames'] def main(self): return PaginatedResponse(self, (None, ), ('PolicyNames', )) def prepare_for_page(self, page): # Pages are defined by markers self.params['Marker'] = page def get_next_page(self, response): if response.get('IsTruncated') == 'true': return response['Marker'] def print_result(self, result): if self.args.get('policy_name'): # Look for the specific policy the user asked for for policy_name in result.get('PolicyNames', []): if policy_name == self.args['policy_name']: if self.args['verbose']: self.print_policy(policy_name) else: print policy_name break else: for policy_name in result.get('PolicyNames', []): print policy_name if self.args['verbose']: self.print_policy(policy_name) def print_policy(self, policy_name): req = GetGroupPolicy.from_other( self, GroupName=self.args['GroupName'], PolicyName=policy_name, pretty_print=self.args['pretty_print'], DelegateAccount=self.params.get('DelegateAccount')) response = req.main() req.print_result(response)
class AddUserToGroup(IAMRequest): DESCRIPTION = 'Add a user to a group' ARGS = [ arg_group(help='the group to add the user to (required)'), Arg('-u', '--user-name', dest='UserName', required=True, help='the user to add (required)'), AS_ACCOUNT ]
class DeleteGroupPolicy(IAMRequest): DESCRIPTION = 'Remove a policy from a group' ARGS = [ arg_group(help='group the policy is attached to (required)'), Arg('-p', '--policy-name', dest='PolicyName', metavar='POLICY', required=True, help='name of the policy to delete (required)'), AS_ACCOUNT ]
class AddGroupPolicy(IAMRequest): DESCRIPTION = ('Add a new policy to a group. To add more complex policies ' 'than this tool supports, see euare-groupuploadpolicy(1).') ARGS = [ arg_group(help='group to attach the policy to (required)'), Arg('-p', '--policy-name', metavar='POLICY', required=True, help='name of the new policy (required)'), Arg('-e', '--effect', choices=('Allow', 'Deny'), required=True, help='whether the new policy should Allow or Deny (required)'), Arg('-a', '--action', dest='actions', action='append', required=True, help='''action(s) the policy should apply to (at least one required)'''), Arg('-r', '--resource', dest='resources', action='append', required=True, help='''resource(s) the policy should apply to (at least one required)'''), Arg('-o', '--output', action='store_true', help='display the newly-created policy'), AS_ACCOUNT ] def main(self): policy = build_iam_policy(self.args['effect'], self.args['resources'], self.args['actions']) policy_doc = json.dumps(policy) req = PutGroupPolicy.from_other( self, GroupName=self.args['GroupName'], PolicyName=self.args['policy_name'], PolicyDocument=policy_doc, DelegateAccount=self.params['DelegateAccount']) response = req.main() response['PolicyDocument'] = policy_doc return response def print_result(self, result): if self.args['output']: print result['PolicyDocument']
class CreateGroup(IAMRequest): DESCRIPTION = 'Create a new group' ARGS = [arg_group(help='name of the new group (required)'), Arg('-p', '--path', dest='Path', help='path for the new group (default: "/")'), Arg('-v', '--verbose', action='store_true', route_to=None, help="print the new group's ARN and GUID"), AS_ACCOUNT] def print_result(self, result): if self.args['verbose']: print result['Group']['Arn'] print result['Group']['GroupId']
class PutGroupPolicy(IAMRequest): DESCRIPTION = 'Attach a policy to a group' ARGS = [arg_group(help='group to attach the policy to (required)'), Arg('-p', '--policy-name', dest='PolicyName', metavar='POLICY', required=True, help='name of the policy (required)'), MutuallyExclusiveArgList( Arg('-o', '--policy-content', dest='PolicyDocument', metavar='POLICY_CONTENT', help='the policy to attach'), Arg('-f', '--policy-document', dest='PolicyDocument', metavar='FILE', type=open, help='file containing the policy to attach')) .required(), AS_ACCOUNT]
class UpdateGroup(IAMRequest): DESCRIPTION = 'Change the name and/or path of a group' ARGS = [ arg_group(help='name of the group to update (required)'), Arg('-n', '--new-group-name', dest='NewGroupName', metavar='GROUP', help='new name for the group'), Arg('-p', '--new-path', dest='NewPath', metavar='PATH', help='new path for the group'), AS_ACCOUNT ]
class RemoveUserFromGroup(IAMRequest): DESCRIPTION = 'Remove a user from a group' ARGS = [Arg('-u', '--user-name', dest='user_names', metavar='USER', action='append', route_to=None, required=True, help='user to remove from the group (required)'), arg_group(help='group to remove the user from (required)'), AS_ACCOUNT] def main(self): for user in self.args['user_names']: self.params['UserName'] = user self.send() # The response doesn't actually contain anything of interest, so don't # bother returning anything return None
class GetGroupPolicy(IAMRequest): DESCRIPTION = "Display a group's policy" ARGS = [arg_group(help='group the policy is attached to (required)'), Arg('-p', '--policy-name', dest='PolicyName', metavar='POLICY', required=True, help='name of the policy to show (required)'), Arg('--pretty-print', action='store_true', route_to=None, help='reformat the policy for easier reading'), AS_ACCOUNT] def print_result(self, result): policy_content = urllib.unquote(result['PolicyDocument']) if self.args['pretty_print']: try: policy_json = json.loads(policy_content) except ValueError: self.log.debug('JSON parse error', exc_info=True) raise ValueError( "policy '{0}' does not appear to be valid JSON" .format(self.args['PolicyName'])) policy_content = json.dumps(policy_json, indent=4) print policy_content
class DeleteGroup(IAMRequest): DESCRIPTION = 'Delete a group' ARGS = [ arg_group(help='name of the group to delete (required)'), Arg('-r', '--recursive', action='store_true', route_to=None, help='''remove all user memberships and policies associated with the group first'''), Arg('-R', '--recursive-euca', dest='IsRecursive', action='store_const', const='true', help=argparse.SUPPRESS), Arg('-p', '--pretend', action='store_true', route_to=None, help='''list the user memberships and policies that would be deleted instead of actually deleting them. Implies -r.'''), AS_ACCOUNT ] def main(self): if self.args['recursive'] or self.args['pretend']: # Figure out what we'd have to delete req = GetGroup.from_other( self, GroupName=self.args['GroupName'], DelegateAccount=self.params['DelegateAccount']) members = req.main().get('Users', []) req = ListGroupPolicies.from_other( self, GroupName=self.args['GroupName'], DelegateAccount=self.params['DelegateAccount']) policies = req.main().get('PolicyNames', []) else: # Just in case members = [] policies = [] if self.args['pretend']: return { 'members': [member['Arn'] for member in members], 'policies': policies } else: if self.args['recursive']: member_names = [member['UserName'] for member in members] req = RemoveUserFromGroup.from_other( self, GroupName=self.args['GroupName'], user_names=member_names, DelegateAccount=self.params['DelegateAccount']) req.main() for policy in policies: req = DeleteGroupPolicy.from_other( self, GroupName=self.args['GroupName'], PolicyName=policy, DelegateAccount=self.params['DelegateAccount']) req.main() return self.send() def print_result(self, result): if self.args['pretend']: print 'users' for arn in result['members']: print '\t' + arn print 'policies' for policy in result['policies']: print '\t' + policy