def delete_user(module, iam, name):
    try:
        current_keys = [ck['access_key_id'] for ck in
            iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata]
        for key in current_keys:
            iam.delete_access_key(key, name)
        del_meta = iam.delete_user(name).delete_user_response
    except boto.exception.BotoServerError, err:
        error_msg = boto_exception(err)
        if ('must detach all policies first') in error_msg:
            for policy in iam.get_all_user_policies(name).list_user_policies_result.policy_names:
                iam.delete_user_policy(name, policy)
            try:
                del_meta = iam.delete_user(name)
            except boto.exception.BotoServerError, err:
                error_msg = boto_exception(err)
                if ('must detach all policies first') in error_msg:
                      module.fail_json(changed=changed, msg="All inline polices have been removed. Though it appears"
                                                            "that %s has Managed Polices. This is not "
                                                            "currently supported by boto. Please detach the polices "
                                                            "through the console and try again." % name)
                else:
                    module.fail_json(changed=changed, msg=str(err))
            else:
                changed = True
                return del_meta, name, changed
示例#2
0
def delete_user(module, iam, name):
    try:
        current_keys = [
            ck['access_key_id'] for ck in iam.get_all_access_keys(
                name).list_access_keys_result.access_key_metadata
        ]
        for key in current_keys:
            iam.delete_access_key(key, name)
        del_meta = iam.delete_user(name).delete_user_response
    except boto.exception.BotoServerError, err:
        error_msg = boto_exception(err)
        if ('must detach all policies first') in error_msg:
            for policy in iam.get_all_user_policies(
                    name).list_user_policies_result.policy_names:
                iam.delete_user_policy(name, policy)
            try:
                del_meta = iam.delete_user(name)
            except boto.exception.BotoServerError, err:
                error_msg = boto_exception(err)
                if ('must detach all policies first') in error_msg:
                    module.fail_json(
                        changed=changed,
                        msg=
                        "All inline polices have been removed. Though it appears"
                        "that %s has Managed Polices. This is not "
                        "currently supported by boto. Please detach the polices "
                        "through the console and try again." % name)
                else:
                    module.fail_json(changed=changed, msg=str(err))
            else:
                changed = True
                return del_meta, name, changed
示例#3
0
def delete_access_key(access_key_id,username , age):
    print "Delete Access Key " + access_key_id + " for Username " + username + " age " + str(age)
    iam = boto3.client('iam')
    iam.delete_access_key(
        AccessKeyId=access_key_id,
        UserName=username
    )
示例#4
0
def main():
    """The main function."""
    parser = argparse.ArgumentParser(description="Rotate Access Keys.")
    parser.add_argument(
        "-a",
        "--access_key_id",
        help="The access key to rotate and use for authentication."
    )
    parser.add_argument(
        "-s",
        "--secret_access_key",
        help="The secret key to rotate and use for authentication."
    )

    args = parser.parse_args()

    if not args.access_key_id:
        args.access_key_id = raw_input("Enter Access Key: ")
    if not args.secret_access_key:
        args.secret_access_key = raw_input("Enter Secret Key: ")

    iam = boto.iam.connection.IAMConnection(
        aws_access_key_id=args.access_key_id,
        aws_secret_access_key=args.secret_access_key
    )
    get_user_response = iam.get_user()['get_user_response']
    get_user_result = get_user_response['get_user_result']
    user = get_user_result['user']
    user_name = user['user_name']

    try:
        response = iam.create_access_key(user_name)
    except boto.exception.BotoServerError as exception:
        print "Cannot create new keys: %s" % exception
        raise

    ak_response = response['create_access_key_response']
    access_key = ak_response['create_access_key_result']['access_key']
    print """Access Key:\t%s\nSecret Key:\t%s""" % (
        access_key['access_key_id'],
        access_key['secret_access_key']
    )

    ans = raw_input(
        "Ready to delete Access Key %s? (yes/no) " % args.access_key_id
    )

    if ans == "yes":
        try:
            iam.delete_access_key(args.access_key_id, user_name)
        except boto.exception.BotoServerError as exception:
            print "Cannot remove old key: %s" % exception
            raise
    else:
        print "Warning: your old Access Key was kept.",
        print "  Be sure to clean up the mess."
示例#5
0
def main():
    """The main function."""
    parser = argparse.ArgumentParser(description="Rotate Access Keys.")
    parser.add_argument(
        "-a",
        "--access_key_id",
        help="The access key to rotate and use for authentication.")
    parser.add_argument(
        "-s",
        "--secret_access_key",
        help="The secret key to rotate and use for authentication.")

    args = parser.parse_args()

    if not args.access_key_id:
        args.access_key_id = raw_input("Enter Access Key: ")
    if not args.secret_access_key:
        args.secret_access_key = raw_input("Enter Secret Key: ")

    iam = boto.iam.connection.IAMConnection(
        aws_access_key_id=args.access_key_id,
        aws_secret_access_key=args.secret_access_key)
    get_user_response = iam.get_user()['get_user_response']
    get_user_result = get_user_response['get_user_result']
    user = get_user_result['user']
    user_name = user['user_name']

    try:
        response = iam.create_access_key(user_name)
    except boto.exception.BotoServerError as exception:
        print "Cannot create new keys: %s" % exception
        raise

    ak_response = response['create_access_key_response']
    access_key = ak_response['create_access_key_result']['access_key']
    print """Access Key:\t%s\nSecret Key:\t%s""" % (
        access_key['access_key_id'], access_key['secret_access_key'])

    ans = raw_input("Ready to delete Access Key %s? (yes/no) " %
                    args.access_key_id)

    if ans == "yes":
        try:
            iam.delete_access_key(args.access_key_id, user_name)
        except boto.exception.BotoServerError as exception:
            print "Cannot remove old key: %s" % exception
            raise
    else:
        print "Warning: your old Access Key was kept.",
        print "  Be sure to clean up the mess."
示例#6
0
def delete_dependencies_first(module, iam, name):
    changed = False
    # try to delete any keys
    try:
        current_keys = [ck['access_key_id'] for ck in
                        iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata]
        for key in current_keys:
            iam.delete_access_key(key, name)
        changed = True
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg="Failed to delete keys: %s" % err, exception=traceback.format_exc())

    # try to delete login profiles
    try:
        login_profile = iam.get_login_profiles(name).get_login_profile_response
        iam.delete_login_profile(name)
        changed = True
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'Login Profile for User ' + name + ' cannot be found.' not in error_msg:
            module.fail_json(changed=changed, msg="Failed to delete login profile: %s" % err, exception=traceback.format_exc())

    # try to detach policies
    try:
        for policy in iam.get_all_user_policies(name).list_user_policies_result.policy_names:
            iam.delete_user_policy(name, policy)
        changed = True
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'must detach all policies first' in error_msg:
            module.fail_json(changed=changed, msg="All inline polices have been removed. Though it appears"
                                                  "that %s has Managed Polices. This is not "
                                                  "currently supported by boto. Please detach the polices "
                                                  "through the console and try again." % name)
        module.fail_json(changed=changed, msg="Failed to delete policies: %s" % err, exception=traceback.format_exc())

    # try to deactivate associated MFA devices
    try:
        mfa_devices = iam.get_all_mfa_devices(name).get('list_mfa_devices_response', {}).get('list_mfa_devices_result', {}).get('mfa_devices', [])
        for device in mfa_devices:
            iam.deactivate_mfa_device(name, device['serial_number'])
        changed = True
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg="Failed to deactivate associated MFA devices: %s" % err, exception=traceback.format_exc())

    return changed
示例#7
0
文件: iam.py 项目: ernstp/ansible
def delete_dependencies_first(module, iam, name):
    changed = False
    # try to delete any keys
    try:
        current_keys = [ck['access_key_id'] for ck in
            iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata]
        for key in current_keys:
            iam.delete_access_key(key, name)
        changed = True
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg="Failed to delete keys: %s" % err, exception=traceback.format_exc())

    # try to delete login profiles
    try:
        login_profile = iam.get_login_profiles(name).get_login_profile_response
        iam.delete_login_profile(name)
        changed = True
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'Cannot find Login Profile' not in error_msg:
            module.fail_json(changed=changed, msg="Failed to delete login profile: %s" % err, exception=traceback.format_exc())

    # try to detach policies
    try:
        for policy in iam.get_all_user_policies(name).list_user_policies_result.policy_names:
            iam.delete_user_policy(name, policy)
        changed = True
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'must detach all policies first' in error_msg:
            module.fail_json(changed=changed, msg="All inline polices have been removed. Though it appears"
                                                  "that %s has Managed Polices. This is not "
                                                  "currently supported by boto. Please detach the polices "
                                                  "through the console and try again." % name)
        module.fail_json(changed=changed, msg="Failed to delete policies: %s" % err, exception=traceback.format_exc())

    # try to deactivate associated MFA devices
    try:
        mfa_devices = iam.get_all_mfa_devices(name).get('list_mfa_devices_response', {}).get('list_mfa_devices_result', {}).get('mfa_devices', [])
        for device in mfa_devices:
            iam.deactivate_mfa_device(name, device['serial_number'])
        changed = True
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg="Failed to deactivate associated MFA devices: %s" % err, exception=traceback.format_exc())

    return changed
示例#8
0
def delete_user(module, iam, name):
    del_meta = ''
    try:
        current_keys = [
            ck['access_key_id'] for ck in iam.get_all_access_keys(
                name).list_access_keys_result.access_key_metadata
        ]
        for key in current_keys:
            iam.delete_access_key(key, name)
        try:
            login_profile = iam.get_login_profiles(
                name).get_login_profile_response
        except boto.exception.BotoServerError, err:
            error_msg = boto_exception(err)
            if ('Cannot find Login Profile') in error_msg:
                del_meta = iam.delete_user(name).delete_user_response
        else:
示例#9
0
if not args.secret_access_key:
    args.secret_access_key = raw_input("Enter Secret Key: ")

iam = boto.iam.connection.IAMConnection(
    aws_access_key_id=args.access_key_id,
    aws_secret_access_key=args.secret_access_key)

try:
    response = iam.create_access_key(args.user)
except boto.exception.BotoServerError as e:
    print "Cannot create new keys: %s" % e
    raise

access_key = response['create_access_key_response'][
    'create_access_key_result']['access_key']
print """Access Key: %s
Secret Key. %s""" % (access_key['access_key_id'],
                     access_key['secret_access_key'])

ans = raw_input("Ready to delete Access Key %s? (yes/no) " %
                args.access_key_id)

if ans == "yes":
    try:
        iam.delete_access_key(args.access_key_id, args.user)
    except boto.exception.BotoServerError as e:
        print "Cannot remove old key: %s" % e
        raise
else:
    print "Warning: your old Access Key was kept.  Be sure to clean up the mess."
示例#10
0
    if keys and key_state:
        for access_key in keys:
            if access_key in current_keys:
                for current_key, current_key_state in zip(current_keys, status):
                    if key_state != current_key_state.lower():
                        try:
                            iam.update_access_key(
                                access_key, key_state.capitalize(), user_name=name)
                        except boto.exception.BotoServerError, err:
                            module.fail_json(changed=False, msg=str(err))
                        else:
                            changed = True

                if key_state == 'remove':
                    try:
                        iam.delete_access_key(access_key, user_name=name)
                    except boto.exception.BotoServerError, err:
                        module.fail_json(changed=False, msg=str(err))
                    else:
                        changed = True

    try:
        final_keys, final_key_status = \
            [ck['access_key_id'] for ck in
             iam.get_all_access_keys(name).
             list_access_keys_result.
             access_key_metadata],\
            [ck['status'] for ck in
                iam.get_all_access_keys(name).
                list_access_keys_result.
                access_key_metadata]
示例#11
0
def update_user(module, iam, name, new_name, new_path, key_state, key_count,
                keys, pwd, updated):
    changed = False
    name_change = False
    if updated and new_name:
        name = new_name
    try:
        current_keys = [
            ck['access_key_id'] for ck in iam.get_all_access_keys(
                name).list_access_keys_result.access_key_metadata
        ]
        status = [
            ck['status'] for ck in iam.get_all_access_keys(
                name).list_access_keys_result.access_key_metadata
        ]
        key_qty = len(current_keys)
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'cannot be found' in error_msg and updated:
            current_keys = [
                ck['access_key_id'] for ck in iam.get_all_access_keys(
                    new_name).list_access_keys_result.access_key_metadata
            ]
            status = [
                ck['status'] for ck in iam.get_all_access_keys(
                    new_name).list_access_keys_result.access_key_metadata
            ]
            name = new_name
        else:
            module.fail_json(changed=False, msg=str(err))

    updated_key_list = {}

    if new_name or new_path:
        c_path = iam.get_user(name).get_user_result.user['path']
        if (name != new_name) or (c_path != new_path):
            changed = True
            try:
                if not updated:
                    user = iam.update_user(
                        name, new_user_name=new_name, new_path=new_path
                    ).update_user_response.response_metadata
                else:
                    user = iam.update_user(
                        name, new_path=new_path
                    ).update_user_response.response_metadata
                user['updates'] = dict(old_username=name,
                                       new_username=new_name,
                                       old_path=c_path,
                                       new_path=new_path)
            except boto.exception.BotoServerError as err:
                error_msg = boto_exception(err)
                module.fail_json(changed=False, msg=str(err))
            else:
                if not updated:
                    name_change = True

    if pwd:
        try:
            iam.update_login_profile(name, pwd)
            changed = True
        except boto.exception.BotoServerError:
            try:
                iam.create_login_profile(name, pwd)
                changed = True
            except boto.exception.BotoServerError as err:
                error_msg = boto_exception(str(err))
                if 'Password does not conform to the account password policy' in error_msg:
                    module.fail_json(changed=False,
                                     msg="Password doesn't conform to policy")
                else:
                    module.fail_json(msg=error_msg)

    try:
        current_keys = [
            ck['access_key_id'] for ck in iam.get_all_access_keys(
                name).list_access_keys_result.access_key_metadata
        ]
        status = [
            ck['status'] for ck in iam.get_all_access_keys(
                name).list_access_keys_result.access_key_metadata
        ]
        key_qty = len(current_keys)
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'cannot be found' in error_msg and updated:
            current_keys = [
                ck['access_key_id'] for ck in iam.get_all_access_keys(
                    new_name).list_access_keys_result.access_key_metadata
            ]
            status = [
                ck['status'] for ck in iam.get_all_access_keys(
                    new_name).list_access_keys_result.access_key_metadata
            ]
            name = new_name
        else:
            module.fail_json(changed=False, msg=str(err))

    new_keys = []
    if key_state == 'create':
        try:
            while key_count > key_qty:
                new_keys.append(
                    iam.create_access_key(
                        user_name=name).create_access_key_response.
                    create_access_key_result.access_key)
                key_qty += 1
                changed = True

        except boto.exception.BotoServerError as err:
            module.fail_json(changed=False, msg=str(err))

    if keys and key_state:
        for access_key in keys:
            if key_state in ('active', 'inactive'):
                if access_key in current_keys:
                    for current_key, current_key_state in zip(
                            current_keys, status):
                        if key_state != current_key_state.lower():
                            try:
                                iam.update_access_key(access_key,
                                                      key_state.capitalize(),
                                                      user_name=name)
                                changed = True
                            except boto.exception.BotoServerError as err:
                                module.fail_json(changed=False, msg=str(err))
                else:
                    module.fail_json(msg="Supplied keys not found for %s. "
                                     "Current keys: %s. "
                                     "Supplied key(s): %s" %
                                     (name, current_keys, keys))

            if key_state == 'remove':
                if access_key in current_keys:
                    try:
                        iam.delete_access_key(access_key, user_name=name)
                    except boto.exception.BotoServerError as err:
                        module.fail_json(changed=False, msg=str(err))
                    else:
                        changed = True

    try:
        final_keys, final_key_status = \
            [ck['access_key_id'] for ck in
             iam.get_all_access_keys(name).
             list_access_keys_result.
             access_key_metadata],\
            [ck['status'] for ck in
                iam.get_all_access_keys(name).
                list_access_keys_result.
                access_key_metadata]
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg=str(err))

    for fk, fks in zip(final_keys, final_key_status):
        updated_key_list.update({fk: fks})

    return name_change, updated_key_list, changed, new_keys
示例#12
0
文件: iam.py 项目: likewg/DevOps
def update_user(module, iam, name, new_name, new_path, key_state, key_count, keys, pwd, updated):
    changed = False
    name_change = False
    if updated and new_name:
        name = new_name
    try:
        current_keys, status = \
            [ck['access_key_id'] for ck in
             iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata],\
            [ck['status'] for ck in
                iam.get_all_access_keys(name).list_access_keys_result.access_key_metadata]
        key_qty = len(current_keys)
    except boto.exception.BotoServerError as err:
        error_msg = boto_exception(err)
        if 'cannot be found' in error_msg and updated:
            current_keys, status = \
            [ck['access_key_id'] for ck in
             iam.get_all_access_keys(new_name).list_access_keys_result.access_key_metadata],\
            [ck['status'] for ck in
                iam.get_all_access_keys(new_name).list_access_keys_result.access_key_metadata]
            name = new_name
        else:
            module.fail_json(changed=False, msg=str(err))

    updated_key_list = {}

    if new_name or new_path:
        c_path = iam.get_user(name).get_user_result.user['path']
        if (name != new_name) or (c_path != new_path):
            changed = True
            try:
                if not updated:
                    user = iam.update_user(
                        name, new_user_name=new_name, new_path=new_path).update_user_response.response_metadata
                else:
                    user = iam.update_user(
                        name, new_path=new_path).update_user_response.response_metadata
                user['updates'] = dict(
                    old_username=name, new_username=new_name, old_path=c_path, new_path=new_path)
            except boto.exception.BotoServerError as err:
                error_msg = boto_exception(err)
                module.fail_json(changed=False, msg=str(err))
            else:
                if not updated:
                    name_change = True

    if pwd:
        try:
            iam.update_login_profile(name, pwd)
            changed = True
        except boto.exception.BotoServerError:
            try:
                iam.create_login_profile(name, pwd)
                changed = True
            except boto.exception.BotoServerError as err:
                error_msg = boto_exception(str(err))
                if 'Password does not conform to the account password policy' in error_msg:
                    module.fail_json(changed=False, msg="Password doesn't conform to policy")
                else:
                    module.fail_json(msg=error_msg)

    if key_state == 'create':
        try:
            while key_count > key_qty:
                new_key = iam.create_access_key(
                    user_name=name).create_access_key_response.create_access_key_result.access_key
                key_qty += 1
                changed = True

        except boto.exception.BotoServerError as err:
            module.fail_json(changed=False, msg=str(err))

    if keys and key_state:
        for access_key in keys:
            if access_key in current_keys:
                for current_key, current_key_state in zip(current_keys, status):
                    if key_state != current_key_state.lower():
                        try:
                            iam.update_access_key(
                                access_key, key_state.capitalize(), user_name=name)
                        except boto.exception.BotoServerError as err:
                            module.fail_json(changed=False, msg=str(err))
                        else:
                            changed = True

                if key_state == 'remove':
                    try:
                        iam.delete_access_key(access_key, user_name=name)
                    except boto.exception.BotoServerError as err:
                        module.fail_json(changed=False, msg=str(err))
                    else:
                        changed = True

    try:
        final_keys, final_key_status = \
            [ck['access_key_id'] for ck in
             iam.get_all_access_keys(name).
             list_access_keys_result.
             access_key_metadata],\
            [ck['status'] for ck in
                iam.get_all_access_keys(name).
                list_access_keys_result.
                access_key_metadata]
    except boto.exception.BotoServerError as err:
        module.fail_json(changed=changed, msg=str(err))

    for fk, fks in zip(final_keys, final_key_status):
        updated_key_list.update({fk: fks})

    return name_change, updated_key_list, changed
示例#13
0
文件: iam.py 项目: RajeevNambiar/temp
    if keys and key_state:
        for access_key in keys:
            if access_key in current_keys:
                for current_key, current_key_state in zip(current_keys, status):
                    if key_state != current_key_state.lower():
                        try:
                            iam.update_access_key(
                                access_key, key_state.capitalize(), user_name=name)
                        except boto.exception.BotoServerError, err:
                            module.fail_json(changed=False, msg=str(err))
                        else:
                            changed = True

                if key_state == 'remove':
                    try:
                        iam.delete_access_key(access_key, user_name=name)
                    except boto.exception.BotoServerError, err:
                        module.fail_json(changed=False, msg=str(err))
                    else:
                        changed = True

    try:
        final_keys, final_key_status = \
            [ck['access_key_id'] for ck in
             iam.get_all_access_keys(name).
             list_access_keys_result.
             access_key_metadata],\
            [ck['status'] for ck in
                iam.get_all_access_keys(name).
                list_access_keys_result.
                access_key_metadata]
示例#14
0
    args.secret_access_key = raw_input("Enter Secret Key: ")

iam = boto.iam.connection.IAMConnection(
        aws_access_key_id=args.access_key_id,
        aws_secret_access_key=args.secret_access_key
        )

try:
    response = iam.create_access_key(args.user)
except boto.exception.BotoServerError as e:
    print "Cannot create new keys: %s" % e
    raise

access_key = response['create_access_key_response']['create_access_key_result']['access_key']
print """Access Key: %s
Secret Key. %s""" % (
        access_key['access_key_id'],
        access_key['secret_access_key']
        )

ans = raw_input("Ready to delete Access Key %s? (yes/no) " % args.access_key_id)

if ans == "yes":
    try:
        iam.delete_access_key(args.access_key_id, args.user)
    except boto.exception.BotoServerError as e:
        print "Cannot remove old key: %s" % e
        raise
else:
    print "Warning: your old Access Key was kept.  Be sure to clean up the mess."