def delete_ipa_user(iam_conn, user_name):
"""Delete user from FreeIPA if not already deleted.
"""
try:
iamclient.delete_user(iam_conn=iam_conn, user_name=user_name)
except exc.NotFoundError:
pass
def delete(force, user_name):
"""Delete IAM user."""
iam_conn = awscontext.GLOBAL.iam
if force:
user_policies = iamclient.list_user_policies(iam_conn, user_name)
for policy in user_policies:
_LOGGER.info('deleting inline policy: %s', policy)
iamclient.delete_user_policy(iam_conn, user_name, policy)
attached_pols = iamclient.list_attached_user_policies(
iam_conn, user_name)
for policy in attached_pols:
_LOGGER.info('detaching policy: %s', policy['PolicyArn'])
iamclient.detach_user_policy(iam_conn, user_name,
policy['PolicyArn'])
groups = iamclient.list_groups_for_user(iam_conn, user_name)
for group in groups:
_LOGGER.info('removing user from group: %s', group)
iamclient.remove_user_from_group(iam_conn, user_name, group)
try:
iamclient.delete_user(iam_conn=iam_conn, user_name=user_name)
except iam_conn.exceptions.DeleteConflictException:
raise click.UsageError('User [%s] has inline or attached '
'policies, or is a member of one or '
'more group, use --force to force '
'delete.' % user_name)
def delete(force, user_name):
"""Delete IAM user."""
iam_conn = awscontext.GLOBAL.iam
if force:
user_policies = iamclient.list_user_policies(iam_conn,
user_name)
for policy in user_policies:
_LOGGER.info('deleting role policy: %s', policy)
iamclient.delete_user_policy(iam_conn, user_name, policy)
attached_pols = iamclient.list_attached_user_policies(iam_conn,
user_name)
for policy in attached_pols:
_LOGGER.info('detaching managed policy: %s',
policy['PolicyName'])
iamclient.detach_user_policy(iam_conn,
user_name,
policy['PolicyArn'])
try:
iamclient.delete_user(iam_conn=iam_conn, user_name=user_name)
except iam_conn.exceptions.DeleteConflictException:
raise click.UsageError('User [%s] has inline or attached '
'policies, use --force to force '
'delete.' % user_name)
def delete_iam_user(iam_conn, user_name):
"""Delete user from AWS IAM if not already deleted.
"""
try:
iamclient.delete_user(iam_conn=iam_conn, user_name=user_name)
except exc.NotFoundError:
pass
try:
iamclient.delete_role(iam_conn=iam_conn, role_name=user_name)
except exc.NotFoundError:
pass
def delete_user(iam_conn, ipa_client, user_name):
"""Delete user from freeIPA and AWS IAM if not already deleted.
"""
try:
iamclient.delete_user(iam_conn=iam_conn, user_name=user_name)
except exc.NotFoundError:
pass
try:
iamclient.delete_role(iam_conn=iam_conn, role_name=user_name)
except exc.NotFoundError:
pass
try:
ipa_client.delete_user(user_name=user_name)
except ipaclient.NotFoundError:
pass
