Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(183)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/gsutil/boto/iam/connection.py

Issue 12042069: Scripts to download files from google storage based on sha1 sums (Closed) Base URL: https://chromium.googlesource.com/chromium/tools/depot_tools.git@master
Patch Set: Removed gsutil/tests and gsutil/docs Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« download_from_google_storage.py ('K') | « third_party/gsutil/boto/iam/__init__.py ('k') | third_party/gsutil/boto/iam/summarymap.py » ('j') | upload_to_google_storage.py » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 # Copyright (c) 2010-2011 Mitch Garnaat http://garnaat.org/
2 # Copyright (c) 2010-2011, Eucalyptus Systems, Inc.
3 #
4 # Permission is hereby granted, free of charge, to any person obtaining a
5 # copy of this software and associated documentation files (the
6 # "Software"), to deal in the Software without restriction, including
7 # without limitation the rights to use, copy, modify, merge, publish, dis-
8 # tribute, sublicense, and/or sell copies of the Software, and to permit
9 # persons to whom the Software is furnished to do so, subject to the fol-
10 # lowing conditions:
11 #
12 # The above copyright notice and this permission notice shall be included
13 # in all copies or substantial portions of the Software.
14 #
15 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
16 # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL-
17 # ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
18 # SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
19 # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 # IN THE SOFTWARE.
22 import boto
23 import boto.jsonresponse
24 from boto.compat import json
25 from boto.resultset import ResultSet
26 from boto.iam.summarymap import SummaryMap
27 from boto.connection import AWSQueryConnection
28
29
30 ASSUME_ROLE_POLICY_DOCUMENT = json.dumps({
31 'Statement': [{'Principal': {'Service': ['ec2.amazonaws.com']},
32 'Effect': 'Allow',
33 'Action': ['sts:AssumeRole']}]})
34
35
36 class IAMConnection(AWSQueryConnection):
37
38 APIVersion = '2010-05-08'
39
40 def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
41 is_secure=True, port=None, proxy=None, proxy_port=None,
42 proxy_user=None, proxy_pass=None, host='iam.amazonaws.com',
43 debug=0, https_connection_factory=None,
44 path='/', security_token=None, validate_certs=True):
45 AWSQueryConnection.__init__(self, aws_access_key_id,
46 aws_secret_access_key,
47 is_secure, port, proxy,
48 proxy_port, proxy_user, proxy_pass,
49 host, debug, https_connection_factory,
50 path, security_token,
51 validate_certs=validate_certs)
52
53 def _required_auth_capability(self):
54 #return ['iam']
55 return ['hmac-v4']
56
57 def get_response(self, action, params, path='/', parent=None,
58 verb='POST', list_marker='Set'):
59 """
60 Utility method to handle calls to IAM and parsing of responses.
61 """
62 if not parent:
63 parent = self
64 response = self.make_request(action, params, path, verb)
65 body = response.read()
66 boto.log.debug(body)
67 if response.status == 200:
68 e = boto.jsonresponse.Element(list_marker=list_marker,
69 pythonize_name=True)
70 h = boto.jsonresponse.XmlHandler(e, parent)
71 h.parse(body)
72 return e
73 else:
74 boto.log.error('%s %s' % (response.status, response.reason))
75 boto.log.error('%s' % body)
76 raise self.ResponseError(response.status, response.reason, body)
77
78 #
79 # Group methods
80 #
81
82 def get_all_groups(self, path_prefix='/', marker=None, max_items=None):
83 """
84 List the groups that have the specified path prefix.
85
86 :type path_prefix: string
87 :param path_prefix: If provided, only groups whose paths match
88 the provided prefix will be returned.
89
90 :type marker: string
91 :param marker: Use this only when paginating results and only
92 in follow-up request after you've received a response
93 where the results are truncated. Set this to the value of
94 the Marker element in the response you just received.
95
96 :type max_items: int
97 :param max_items: Use this only when paginating results to indicate
98 the maximum number of groups you want in the response.
99 """
100 params = {}
101 if path_prefix:
102 params['PathPrefix'] = path_prefix
103 if marker:
104 params['Marker'] = marker
105 if max_items:
106 params['MaxItems'] = max_items
107 return self.get_response('ListGroups', params,
108 list_marker='Groups')
109
110 def get_group(self, group_name, marker=None, max_items=None):
111 """
112 Return a list of users that are in the specified group.
113
114 :type group_name: string
115 :param group_name: The name of the group whose information should
116 be returned.
117 :type marker: string
118 :param marker: Use this only when paginating results and only
119 in follow-up request after you've received a response
120 where the results are truncated. Set this to the value of
121 the Marker element in the response you just received.
122
123 :type max_items: int
124 :param max_items: Use this only when paginating results to indicate
125 the maximum number of groups you want in the response.
126 """
127 params = {'GroupName': group_name}
128 if marker:
129 params['Marker'] = marker
130 if max_items:
131 params['MaxItems'] = max_items
132 return self.get_response('GetGroup', params, list_marker='Users')
133
134 def create_group(self, group_name, path='/'):
135 """
136 Create a group.
137
138 :type group_name: string
139 :param group_name: The name of the new group
140
141 :type path: string
142 :param path: The path to the group (Optional). Defaults to /.
143
144 """
145 params = {'GroupName': group_name,
146 'Path': path}
147 return self.get_response('CreateGroup', params)
148
149 def delete_group(self, group_name):
150 """
151 Delete a group. The group must not contain any Users or
152 have any attached policies
153
154 :type group_name: string
155 :param group_name: The name of the group to delete.
156
157 """
158 params = {'GroupName': group_name}
159 return self.get_response('DeleteGroup', params)
160
161 def update_group(self, group_name, new_group_name=None, new_path=None):
162 """
163 Updates name and/or path of the specified group.
164
165 :type group_name: string
166 :param group_name: The name of the new group
167
168 :type new_group_name: string
169 :param new_group_name: If provided, the name of the group will be
170 changed to this name.
171
172 :type new_path: string
173 :param new_path: If provided, the path of the group will be
174 changed to this path.
175
176 """
177 params = {'GroupName': group_name}
178 if new_group_name:
179 params['NewGroupName'] = new_group_name
180 if new_path:
181 params['NewPath'] = new_path
182 return self.get_response('UpdateGroup', params)
183
184 def add_user_to_group(self, group_name, user_name):
185 """
186 Add a user to a group
187
188 :type group_name: string
189 :param group_name: The name of the group
190
191 :type user_name: string
192 :param user_name: The to be added to the group.
193
194 """
195 params = {'GroupName': group_name,
196 'UserName': user_name}
197 return self.get_response('AddUserToGroup', params)
198
199 def remove_user_from_group(self, group_name, user_name):
200 """
201 Remove a user from a group.
202
203 :type group_name: string
204 :param group_name: The name of the group
205
206 :type user_name: string
207 :param user_name: The user to remove from the group.
208
209 """
210 params = {'GroupName': group_name,
211 'UserName': user_name}
212 return self.get_response('RemoveUserFromGroup', params)
213
214 def put_group_policy(self, group_name, policy_name, policy_json):
215 """
216 Adds or updates the specified policy document for the specified group.
217
218 :type group_name: string
219 :param group_name: The name of the group the policy is associated with.
220
221 :type policy_name: string
222 :param policy_name: The policy document to get.
223
224 :type policy_json: string
225 :param policy_json: The policy document.
226
227 """
228 params = {'GroupName': group_name,
229 'PolicyName': policy_name,
230 'PolicyDocument': policy_json}
231 return self.get_response('PutGroupPolicy', params, verb='POST')
232
233 def get_all_group_policies(self, group_name, marker=None, max_items=None):
234 """
235 List the names of the policies associated with the specified group.
236
237 :type group_name: string
238 :param group_name: The name of the group the policy is associated with.
239
240 :type marker: string
241 :param marker: Use this only when paginating results and only
242 in follow-up request after you've received a response
243 where the results are truncated. Set this to the value of
244 the Marker element in the response you just received.
245
246 :type max_items: int
247 :param max_items: Use this only when paginating results to indicate
248 the maximum number of groups you want in the response.
249 """
250 params = {'GroupName': group_name}
251 if marker:
252 params['Marker'] = marker
253 if max_items:
254 params['MaxItems'] = max_items
255 return self.get_response('ListGroupPolicies', params,
256 list_marker='PolicyNames')
257
258 def get_group_policy(self, group_name, policy_name):
259 """
260 Retrieves the specified policy document for the specified group.
261
262 :type group_name: string
263 :param group_name: The name of the group the policy is associated with.
264
265 :type policy_name: string
266 :param policy_name: The policy document to get.
267
268 """
269 params = {'GroupName': group_name,
270 'PolicyName': policy_name}
271 return self.get_response('GetGroupPolicy', params, verb='POST')
272
273 def delete_group_policy(self, group_name, policy_name):
274 """
275 Deletes the specified policy document for the specified group.
276
277 :type group_name: string
278 :param group_name: The name of the group the policy is associated with.
279
280 :type policy_name: string
281 :param policy_name: The policy document to delete.
282
283 """
284 params = {'GroupName': group_name,
285 'PolicyName': policy_name}
286 return self.get_response('DeleteGroupPolicy', params, verb='POST')
287
288 def get_all_users(self, path_prefix='/', marker=None, max_items=None):
289 """
290 List the users that have the specified path prefix.
291
292 :type path_prefix: string
293 :param path_prefix: If provided, only users whose paths match
294 the provided prefix will be returned.
295
296 :type marker: string
297 :param marker: Use this only when paginating results and only
298 in follow-up request after you've received a response
299 where the results are truncated. Set this to the value of
300 the Marker element in the response you just received.
301
302 :type max_items: int
303 :param max_items: Use this only when paginating results to indicate
304 the maximum number of groups you want in the response.
305 """
306 params = {'PathPrefix': path_prefix}
307 if marker:
308 params['Marker'] = marker
309 if max_items:
310 params['MaxItems'] = max_items
311 return self.get_response('ListUsers', params, list_marker='Users')
312
313 #
314 # User methods
315 #
316
317 def create_user(self, user_name, path='/'):
318 """
319 Create a user.
320
321 :type user_name: string
322 :param user_name: The name of the new user
323
324 :type path: string
325 :param path: The path in which the user will be created.
326 Defaults to /.
327
328 """
329 params = {'UserName': user_name,
330 'Path': path}
331 return self.get_response('CreateUser', params)
332
333 def delete_user(self, user_name):
334 """
335 Delete a user including the user's path, GUID and ARN.
336
337 If the user_name is not specified, the user_name is determined
338 implicitly based on the AWS Access Key ID used to sign the request.
339
340 :type user_name: string
341 :param user_name: The name of the user to delete.
342
343 """
344 params = {'UserName': user_name}
345 return self.get_response('DeleteUser', params)
346
347 def get_user(self, user_name=None):
348 """
349 Retrieve information about the specified user.
350
351 If the user_name is not specified, the user_name is determined
352 implicitly based on the AWS Access Key ID used to sign the request.
353
354 :type user_name: string
355 :param user_name: The name of the user to delete.
356 If not specified, defaults to user making request.
357 """
358 params = {}
359 if user_name:
360 params['UserName'] = user_name
361 return self.get_response('GetUser', params)
362
363 def update_user(self, user_name, new_user_name=None, new_path=None):
364 """
365 Updates name and/or path of the specified user.
366
367 :type user_name: string
368 :param user_name: The name of the user
369
370 :type new_user_name: string
371 :param new_user_name: If provided, the username of the user will be
372 changed to this username.
373
374 :type new_path: string
375 :param new_path: If provided, the path of the user will be
376 changed to this path.
377
378 """
379 params = {'UserName': user_name}
380 if new_user_name:
381 params['NewUserName'] = new_user_name
382 if new_path:
383 params['NewPath'] = new_path
384 return self.get_response('UpdateUser', params)
385
386 def get_all_user_policies(self, user_name, marker=None, max_items=None):
387 """
388 List the names of the policies associated with the specified user.
389
390 :type user_name: string
391 :param user_name: The name of the user the policy is associated with.
392
393 :type marker: string
394 :param marker: Use this only when paginating results and only
395 in follow-up request after you've received a response
396 where the results are truncated. Set this to the value of
397 the Marker element in the response you just received.
398
399 :type max_items: int
400 :param max_items: Use this only when paginating results to indicate
401 the maximum number of groups you want in the response.
402 """
403 params = {'UserName': user_name}
404 if marker:
405 params['Marker'] = marker
406 if max_items:
407 params['MaxItems'] = max_items
408 return self.get_response('ListUserPolicies', params,
409 list_marker='PolicyNames')
410
411 def put_user_policy(self, user_name, policy_name, policy_json):
412 """
413 Adds or updates the specified policy document for the specified user.
414
415 :type user_name: string
416 :param user_name: The name of the user the policy is associated with.
417
418 :type policy_name: string
419 :param policy_name: The policy document to get.
420
421 :type policy_json: string
422 :param policy_json: The policy document.
423
424 """
425 params = {'UserName': user_name,
426 'PolicyName': policy_name,
427 'PolicyDocument': policy_json}
428 return self.get_response('PutUserPolicy', params, verb='POST')
429
430 def get_user_policy(self, user_name, policy_name):
431 """
432 Retrieves the specified policy document for the specified user.
433
434 :type user_name: string
435 :param user_name: The name of the user the policy is associated with.
436
437 :type policy_name: string
438 :param policy_name: The policy document to get.
439
440 """
441 params = {'UserName': user_name,
442 'PolicyName': policy_name}
443 return self.get_response('GetUserPolicy', params, verb='POST')
444
445 def delete_user_policy(self, user_name, policy_name):
446 """
447 Deletes the specified policy document for the specified user.
448
449 :type user_name: string
450 :param user_name: The name of the user the policy is associated with.
451
452 :type policy_name: string
453 :param policy_name: The policy document to delete.
454
455 """
456 params = {'UserName': user_name,
457 'PolicyName': policy_name}
458 return self.get_response('DeleteUserPolicy', params, verb='POST')
459
460 def get_groups_for_user(self, user_name, marker=None, max_items=None):
461 """
462 List the groups that a specified user belongs to.
463
464 :type user_name: string
465 :param user_name: The name of the user to list groups for.
466
467 :type marker: string
468 :param marker: Use this only when paginating results and only
469 in follow-up request after you've received a response
470 where the results are truncated. Set this to the value of
471 the Marker element in the response you just received.
472
473 :type max_items: int
474 :param max_items: Use this only when paginating results to indicate
475 the maximum number of groups you want in the response.
476 """
477 params = {'UserName': user_name}
478 if marker:
479 params['Marker'] = marker
480 if max_items:
481 params['MaxItems'] = max_items
482 return self.get_response('ListGroupsForUser', params,
483 list_marker='Groups')
484
485 #
486 # Access Keys
487 #
488
489 def get_all_access_keys(self, user_name, marker=None, max_items=None):
490 """
491 Get all access keys associated with an account.
492
493 :type user_name: string
494 :param user_name: The username of the user
495
496 :type marker: string
497 :param marker: Use this only when paginating results and only
498 in follow-up request after you've received a response
499 where the results are truncated. Set this to the value of
500 the Marker element in the response you just received.
501
502 :type max_items: int
503 :param max_items: Use this only when paginating results to indicate
504 the maximum number of groups you want in the response.
505 """
506 params = {'UserName': user_name}
507 if marker:
508 params['Marker'] = marker
509 if max_items:
510 params['MaxItems'] = max_items
511 return self.get_response('ListAccessKeys', params,
512 list_marker='AccessKeyMetadata')
513
514 def create_access_key(self, user_name=None):
515 """
516 Create a new AWS Secret Access Key and corresponding AWS Access Key ID
517 for the specified user. The default status for new keys is Active
518
519 If the user_name is not specified, the user_name is determined
520 implicitly based on the AWS Access Key ID used to sign the request.
521
522 :type user_name: string
523 :param user_name: The username of the user
524
525 """
526 params = {'UserName': user_name}
527 return self.get_response('CreateAccessKey', params)
528
529 def update_access_key(self, access_key_id, status, user_name=None):
530 """
531 Changes the status of the specified access key from Active to Inactive
532 or vice versa. This action can be used to disable a user's key as
533 part of a key rotation workflow.
534
535 If the user_name is not specified, the user_name is determined
536 implicitly based on the AWS Access Key ID used to sign the request.
537
538 :type access_key_id: string
539 :param access_key_id: The ID of the access key.
540
541 :type status: string
542 :param status: Either Active or Inactive.
543
544 :type user_name: string
545 :param user_name: The username of user (optional).
546
547 """
548 params = {'AccessKeyId': access_key_id,
549 'Status': status}
550 if user_name:
551 params['UserName'] = user_name
552 return self.get_response('UpdateAccessKey', params)
553
554 def delete_access_key(self, access_key_id, user_name=None):
555 """
556 Delete an access key associated with a user.
557
558 If the user_name is not specified, it is determined implicitly based
559 on the AWS Access Key ID used to sign the request.
560
561 :type access_key_id: string
562 :param access_key_id: The ID of the access key to be deleted.
563
564 :type user_name: string
565 :param user_name: The username of the user
566
567 """
568 params = {'AccessKeyId': access_key_id}
569 if user_name:
570 params['UserName'] = user_name
571 return self.get_response('DeleteAccessKey', params)
572
573 #
574 # Signing Certificates
575 #
576
577 def get_all_signing_certs(self, marker=None, max_items=None,
578 user_name=None):
579 """
580 Get all signing certificates associated with an account.
581
582 If the user_name is not specified, it is determined implicitly based
583 on the AWS Access Key ID used to sign the request.
584
585 :type marker: string
586 :param marker: Use this only when paginating results and only
587 in follow-up request after you've received a response
588 where the results are truncated. Set this to the value of
589 the Marker element in the response you just received.
590
591 :type max_items: int
592 :param max_items: Use this only when paginating results to indicate
593 the maximum number of groups you want in the response.
594
595 :type user_name: string
596 :param user_name: The username of the user
597
598 """
599 params = {}
600 if marker:
601 params['Marker'] = marker
602 if max_items:
603 params['MaxItems'] = max_items
604 if user_name:
605 params['UserName'] = user_name
606 return self.get_response('ListSigningCertificates',
607 params, list_marker='Certificates')
608
609 def update_signing_cert(self, cert_id, status, user_name=None):
610 """
611 Change the status of the specified signing certificate from
612 Active to Inactive or vice versa.
613
614 If the user_name is not specified, it is determined implicitly based
615 on the AWS Access Key ID used to sign the request.
616
617 :type cert_id: string
618 :param cert_id: The ID of the signing certificate
619
620 :type status: string
621 :param status: Either Active or Inactive.
622
623 :type user_name: string
624 :param user_name: The username of the user
625 """
626 params = {'CertificateId': cert_id,
627 'Status': status}
628 if user_name:
629 params['UserName'] = user_name
630 return self.get_response('UpdateSigningCertificate', params)
631
632 def upload_signing_cert(self, cert_body, user_name=None):
633 """
634 Uploads an X.509 signing certificate and associates it with
635 the specified user.
636
637 If the user_name is not specified, it is determined implicitly based
638 on the AWS Access Key ID used to sign the request.
639
640 :type cert_body: string
641 :param cert_body: The body of the signing certificate.
642
643 :type user_name: string
644 :param user_name: The username of the user
645
646 """
647 params = {'CertificateBody': cert_body}
648 if user_name:
649 params['UserName'] = user_name
650 return self.get_response('UploadSigningCertificate', params,
651 verb='POST')
652
653 def delete_signing_cert(self, cert_id, user_name=None):
654 """
655 Delete a signing certificate associated with a user.
656
657 If the user_name is not specified, it is determined implicitly based
658 on the AWS Access Key ID used to sign the request.
659
660 :type user_name: string
661 :param user_name: The username of the user
662
663 :type cert_id: string
664 :param cert_id: The ID of the certificate.
665
666 """
667 params = {'CertificateId': cert_id}
668 if user_name:
669 params['UserName'] = user_name
670 return self.get_response('DeleteSigningCertificate', params)
671
672 #
673 # Server Certificates
674 #
675
676 def list_server_certs(self, path_prefix='/',
677 marker=None, max_items=None):
678 """
679 Lists the server certificates that have the specified path prefix.
680 If none exist, the action returns an empty list.
681
682 :type path_prefix: string
683 :param path_prefix: If provided, only certificates whose paths match
684 the provided prefix will be returned.
685
686 :type marker: string
687 :param marker: Use this only when paginating results and only
688 in follow-up request after you've received a response
689 where the results are truncated. Set this to the value of
690 the Marker element in the response you just received.
691
692 :type max_items: int
693 :param max_items: Use this only when paginating results to indicate
694 the maximum number of groups you want in the response.
695
696 """
697 params = {}
698 if path_prefix:
699 params['PathPrefix'] = path_prefix
700 if marker:
701 params['Marker'] = marker
702 if max_items:
703 params['MaxItems'] = max_items
704 return self.get_response('ListServerCertificates',
705 params,
706 list_marker='ServerCertificateMetadataList')
707
708 # Preserves backwards compatibility.
709 # TODO: Look into deprecating this eventually?
710 get_all_server_certs = list_server_certs
711
712 def update_server_cert(self, cert_name, new_cert_name=None,
713 new_path=None):
714 """
715 Updates the name and/or the path of the specified server certificate.
716
717 :type cert_name: string
718 :param cert_name: The name of the server certificate that you want
719 to update.
720
721 :type new_cert_name: string
722 :param new_cert_name: The new name for the server certificate.
723 Include this only if you are updating the
724 server certificate's name.
725
726 :type new_path: string
727 :param new_path: If provided, the path of the certificate will be
728 changed to this path.
729 """
730 params = {'ServerCertificateName': cert_name}
731 if new_cert_name:
732 params['NewServerCertificateName'] = new_cert_name
733 if new_path:
734 params['NewPath'] = new_path
735 return self.get_response('UpdateServerCertificate', params)
736
737 def upload_server_cert(self, cert_name, cert_body, private_key,
738 cert_chain=None, path=None):
739 """
740 Uploads a server certificate entity for the AWS Account.
741 The server certificate entity includes a public key certificate,
742 a private key, and an optional certificate chain, which should
743 all be PEM-encoded.
744
745 :type cert_name: string
746 :param cert_name: The name for the server certificate. Do not
747 include the path in this value.
748
749 :type cert_body: string
750 :param cert_body: The contents of the public key certificate
751 in PEM-encoded format.
752
753 :type private_key: string
754 :param private_key: The contents of the private key in
755 PEM-encoded format.
756
757 :type cert_chain: string
758 :param cert_chain: The contents of the certificate chain. This
759 is typically a concatenation of the PEM-encoded
760 public key certificates of the chain.
761
762 :type path: string
763 :param path: The path for the server certificate.
764 """
765 params = {'ServerCertificateName': cert_name,
766 'CertificateBody': cert_body,
767 'PrivateKey': private_key}
768 if cert_chain:
769 params['CertificateChain'] = cert_chain
770 if path:
771 params['Path'] = path
772 return self.get_response('UploadServerCertificate', params,
773 verb='POST')
774
775 def get_server_certificate(self, cert_name):
776 """
777 Retrieves information about the specified server certificate.
778
779 :type cert_name: string
780 :param cert_name: The name of the server certificate you want
781 to retrieve information about.
782
783 """
784 params = {'ServerCertificateName': cert_name}
785 return self.get_response('GetServerCertificate', params)
786
787 def delete_server_cert(self, cert_name):
788 """
789 Delete the specified server certificate.
790
791 :type cert_name: string
792 :param cert_name: The name of the server certificate you want
793 to delete.
794
795 """
796 params = {'ServerCertificateName': cert_name}
797 return self.get_response('DeleteServerCertificate', params)
798
799 #
800 # MFA Devices
801 #
802
803 def get_all_mfa_devices(self, user_name, marker=None, max_items=None):
804 """
805 Get all MFA devices associated with an account.
806
807 :type user_name: string
808 :param user_name: The username of the user
809
810 :type marker: string
811 :param marker: Use this only when paginating results and only
812 in follow-up request after you've received a response
813 where the results are truncated. Set this to the value of
814 the Marker element in the response you just received.
815
816 :type max_items: int
817 :param max_items: Use this only when paginating results to indicate
818 the maximum number of groups you want in the response.
819
820 """
821 params = {'UserName': user_name}
822 if marker:
823 params['Marker'] = marker
824 if max_items:
825 params['MaxItems'] = max_items
826 return self.get_response('ListMFADevices',
827 params, list_marker='MFADevices')
828
829 def enable_mfa_device(self, user_name, serial_number,
830 auth_code_1, auth_code_2):
831 """
832 Enables the specified MFA device and associates it with the
833 specified user.
834
835 :type user_name: string
836 :param user_name: The username of the user
837
838 :type serial_number: string
839 :param seriasl_number: The serial number which uniquely identifies
840 the MFA device.
841
842 :type auth_code_1: string
843 :param auth_code_1: An authentication code emitted by the device.
844
845 :type auth_code_2: string
846 :param auth_code_2: A subsequent authentication code emitted
847 by the device.
848
849 """
850 params = {'UserName': user_name,
851 'SerialNumber': serial_number,
852 'AuthenticationCode1': auth_code_1,
853 'AuthenticationCode2': auth_code_2}
854 return self.get_response('EnableMFADevice', params)
855
856 def deactivate_mfa_device(self, user_name, serial_number):
857 """
858 Deactivates the specified MFA device and removes it from
859 association with the user.
860
861 :type user_name: string
862 :param user_name: The username of the user
863
864 :type serial_number: string
865 :param seriasl_number: The serial number which uniquely identifies
866 the MFA device.
867
868 """
869 params = {'UserName': user_name,
870 'SerialNumber': serial_number}
871 return self.get_response('DeactivateMFADevice', params)
872
873 def resync_mfa_device(self, user_name, serial_number,
874 auth_code_1, auth_code_2):
875 """
876 Syncronizes the specified MFA device with the AWS servers.
877
878 :type user_name: string
879 :param user_name: The username of the user
880
881 :type serial_number: string
882 :param seriasl_number: The serial number which uniquely identifies
883 the MFA device.
884
885 :type auth_code_1: string
886 :param auth_code_1: An authentication code emitted by the device.
887
888 :type auth_code_2: string
889 :param auth_code_2: A subsequent authentication code emitted
890 by the device.
891
892 """
893 params = {'UserName': user_name,
894 'SerialNumber': serial_number,
895 'AuthenticationCode1': auth_code_1,
896 'AuthenticationCode2': auth_code_2}
897 return self.get_response('ResyncMFADevice', params)
898
899 #
900 # Login Profiles
901 #
902
903 def get_login_profiles(self, user_name):
904 """
905 Retrieves the login profile for the specified user.
906
907 :type user_name: string
908 :param user_name: The username of the user
909
910 """
911 params = {'UserName': user_name}
912 return self.get_response('GetLoginProfile', params)
913
914 def create_login_profile(self, user_name, password):
915 """
916 Creates a login profile for the specified user, give the user the
917 ability to access AWS services and the AWS Management Console.
918
919 :type user_name: string
920 :param user_name: The name of the user
921
922 :type password: string
923 :param password: The new password for the user
924
925 """
926 params = {'UserName': user_name,
927 'Password': password}
928 return self.get_response('CreateLoginProfile', params)
929
930 def delete_login_profile(self, user_name):
931 """
932 Deletes the login profile associated with the specified user.
933
934 :type user_name: string
935 :param user_name: The name of the user to delete.
936
937 """
938 params = {'UserName': user_name}
939 return self.get_response('DeleteLoginProfile', params)
940
941 def update_login_profile(self, user_name, password):
942 """
943 Resets the password associated with the user's login profile.
944
945 :type user_name: string
946 :param user_name: The name of the user
947
948 :type password: string
949 :param password: The new password for the user
950
951 """
952 params = {'UserName': user_name,
953 'Password': password}
954 return self.get_response('UpdateLoginProfile', params)
955
956 def create_account_alias(self, alias):
957 """
958 Creates a new alias for the AWS account.
959
960 For more information on account id aliases, please see
961 http://goo.gl/ToB7G
962
963 :type alias: string
964 :param alias: The alias to attach to the account.
965 """
966 params = {'AccountAlias': alias}
967 return self.get_response('CreateAccountAlias', params)
968
969 def delete_account_alias(self, alias):
970 """
971 Deletes an alias for the AWS account.
972
973 For more information on account id aliases, please see
974 http://goo.gl/ToB7G
975
976 :type alias: string
977 :param alias: The alias to remove from the account.
978 """
979 params = {'AccountAlias': alias}
980 return self.get_response('DeleteAccountAlias', params)
981
982 def get_account_alias(self):
983 """
984 Get the alias for the current account.
985
986 This is referred to in the docs as list_account_aliases,
987 but it seems you can only have one account alias currently.
988
989 For more information on account id aliases, please see
990 http://goo.gl/ToB7G
991 """
992 return self.get_response('ListAccountAliases', {},
993 list_marker='AccountAliases')
994
995 def get_signin_url(self, service='ec2'):
996 """
997 Get the URL where IAM users can use their login profile to sign in
998 to this account's console.
999
1000 :type service: string
1001 :param service: Default service to go to in the console.
1002 """
1003 alias = self.get_account_alias()
1004 if not alias:
1005 raise Exception('No alias associated with this account. Please use iam.create_account_alias() first.')
1006
1007 return "https://%s.signin.aws.amazon.com/console/%s" % (alias, service)
1008
1009 def get_account_summary(self):
1010 """
1011 Get the alias for the current account.
1012
1013 This is referred to in the docs as list_account_aliases,
1014 but it seems you can only have one account alias currently.
1015
1016 For more information on account id aliases, please see
1017 http://goo.gl/ToB7G
1018 """
1019 return self.get_object('GetAccountSummary', {}, SummaryMap)
1020
1021 #
1022 # IAM Roles
1023 #
1024
1025 def add_role_to_instance_profile(self, instance_profile_name, role_name):
1026 """
1027 Adds the specified role to the specified instance profile.
1028
1029 :type instance_profile_name: string
1030 :param instance_profile_name: Name of the instance profile to update.
1031
1032 :type role_name: string
1033 :param role_name: Name of the role to add.
1034 """
1035 return self.get_response('AddRoleToInstanceProfile',
1036 {'InstanceProfileName': instance_profile_name,
1037 'RoleName': role_name})
1038
1039 def create_instance_profile(self, instance_profile_name, path=None):
1040 """
1041 Creates a new instance profile.
1042
1043 :type instance_profile_name: string
1044 :param instance_profile_name: Name of the instance profile to create.
1045
1046 :type path: string
1047 :param path: The path to the instance profile.
1048 """
1049 params = {'InstanceProfileName': instance_profile_name}
1050 if path is not None:
1051 params['Path'] = path
1052 return self.get_response('CreateInstanceProfile', params)
1053
1054 def create_role(self, role_name, assume_role_policy_document=None, path=None ):
1055 """
1056 Creates a new role for your AWS account.
1057
1058 The policy grants permission to an EC2 instance to assume the role.
1059 The policy is URL-encoded according to RFC 3986. Currently, only EC2
1060 instances can assume roles.
1061
1062 :type role_name: string
1063 :param role_name: Name of the role to create.
1064
1065 :type assume_role_policy_document: string
1066 :param assume_role_policy_document: The policy that grants an entity
1067 permission to assume the role.
1068
1069 :type path: string
1070 :param path: The path to the instance profile.
1071 """
1072 params = {'RoleName': role_name}
1073 if assume_role_policy_document is None:
1074 # This is the only valid assume_role_policy_document currently, so
1075 # this is used as a default value if no assume_role_policy_document
1076 # is provided.
1077 params['AssumeRolePolicyDocument'] = ASSUME_ROLE_POLICY_DOCUMENT
1078 else:
1079 params['AssumeRolePolicyDocument'] = assume_role_policy_document
1080 if path is not None:
1081 params['Path'] = path
1082 return self.get_response('CreateRole', params)
1083
1084 def delete_instance_profile(self, instance_profile_name):
1085 """
1086 Deletes the specified instance profile. The instance profile must not
1087 have an associated role.
1088
1089 :type instance_profile_name: string
1090 :param instance_profile_name: Name of the instance profile to delete.
1091 """
1092 return self.get_response(
1093 'DeleteInstanceProfile',
1094 {'InstanceProfileName': instance_profile_name})
1095
1096 def delete_role(self, role_name):
1097 """
1098 Deletes the specified role. The role must not have any policies
1099 attached.
1100
1101 :type role_name: string
1102 :param role_name: Name of the role to delete.
1103 """
1104 return self.get_response('DeleteRole', {'RoleName': role_name})
1105
1106 def delete_role_policy(self, role_name, policy_name):
1107 """
1108 Deletes the specified policy associated with the specified role.
1109
1110 :type role_name: string
1111 :param role_name: Name of the role associated with the policy.
1112
1113 :type policy_name: string
1114 :param policy_name: Name of the policy to delete.
1115 """
1116 return self.get_response(
1117 'DeleteRolePolicy',
1118 {'RoleName': role_name, 'PolicyName': policy_name})
1119
1120 def get_instance_profile(self, instance_profile_name):
1121 """
1122 Retrieves information about the specified instance profile, including
1123 the instance profile's path, GUID, ARN, and role.
1124
1125 :type instance_profile_name: string
1126 :param instance_profile_name: Name of the instance profile to get
1127 information about.
1128 """
1129 return self.get_response('GetInstanceProfile', {'InstanceProfileName':
1130 instance_profile_name})
1131
1132 def get_role(self, role_name):
1133 """
1134 Retrieves information about the specified role, including the role's
1135 path, GUID, ARN, and the policy granting permission to EC2 to assume
1136 the role.
1137
1138 :type role_name: string
1139 :param role_name: Name of the role associated with the policy.
1140 """
1141 return self.get_response('GetRole', {'RoleName': role_name})
1142
1143 def get_role_policy(self, role_name, policy_name):
1144 """
1145 Retrieves the specified policy document for the specified role.
1146
1147 :type role_name: string
1148 :param role_name: Name of the role associated with the policy.
1149
1150 :type policy_name: string
1151 :param policy_name: Name of the policy to get.
1152 """
1153 return self.get_response('GetRolePolicy',
1154 {'RoleName': role_name,
1155 'PolicyName': policy_name})
1156
1157 def list_instance_profiles(self, path_prefix=None, marker=None,
1158 max_items=None):
1159 """
1160 Lists the instance profiles that have the specified path prefix. If
1161 there are none, the action returns an empty list.
1162
1163 :type path_prefix: string
1164 :param path_prefix: The path prefix for filtering the results. For
1165 example: /application_abc/component_xyz/, which would get all
1166 instance profiles whose path starts with
1167 /application_abc/component_xyz/.
1168
1169 :type marker: string
1170 :param marker: Use this parameter only when paginating results, and
1171 only in a subsequent request after you've received a response
1172 where the results are truncated. Set it to the value of the
1173 Marker element in the response you just received.
1174
1175 :type max_items: int
1176 :param max_items: Use this parameter only when paginating results to
1177 indicate the maximum number of user names you want in the response.
1178 """
1179 params = {}
1180 if path_prefix is not None:
1181 params['PathPrefix'] = path_prefix
1182 if marker is not None:
1183 params['Marker'] = marker
1184 if max_items is not None:
1185 params['MaxItems'] = max_items
1186
1187 return self.get_response('ListInstanceProfiles', params,
1188 list_marker='InstanceProfiles')
1189
1190 def list_instance_profiles_for_role(self, role_name, marker=None,
1191 max_items=None):
1192 """
1193 Lists the instance profiles that have the specified associated role. If
1194 there are none, the action returns an empty list.
1195
1196 :type role_name: string
1197 :param role_name: The name of the role to list instance profiles for.
1198
1199 :type marker: string
1200 :param marker: Use this parameter only when paginating results, and
1201 only in a subsequent request after you've received a response
1202 where the results are truncated. Set it to the value of the
1203 Marker element in the response you just received.
1204
1205 :type max_items: int
1206 :param max_items: Use this parameter only when paginating results to
1207 indicate the maximum number of user names you want in the response.
1208 """
1209 params = {'RoleName': role_name}
1210 if marker is not None:
1211 params['Marker'] = marker
1212 if max_items is not None:
1213 params['MaxItems'] = max_items
1214 return self.get_response('ListInstanceProfilesForRole', params,
1215 list_marker='InstanceProfiles')
1216
1217 def list_role_policies(self, role_name, marker=None, max_items=None):
1218 """
1219 Lists the names of the policies associated with the specified role. If
1220 there are none, the action returns an empty list.
1221
1222 :type role_name: string
1223 :param role_name: The name of the role to list policies for.
1224
1225 :type marker: string
1226 :param marker: Use this parameter only when paginating results, and
1227 only in a subsequent request after you've received a response
1228 where the results are truncated. Set it to the value of the
1229 marker element in the response you just received.
1230
1231 :type max_items: int
1232 :param max_items: Use this parameter only when paginating results to
1233 indicate the maximum number of user names you want in the response.
1234 """
1235 params = {'RoleName': role_name}
1236 if marker is not None:
1237 params['Marker'] = marker
1238 if max_items is not None:
1239 params['MaxItems'] = max_items
1240 return self.get_response('ListRolePolicies', params,
1241 list_marker='PolicyNames')
1242
1243 def list_roles(self, path_prefix=None, marker=None, max_items=None):
1244 """
1245 Lists the roles that have the specified path prefix. If there are none,
1246 the action returns an empty list.
1247
1248 :type path_prefix: string
1249 :param path_prefix: The path prefix for filtering the results.
1250
1251 :type marker: string
1252 :param marker: Use this parameter only when paginating results, and
1253 only in a subsequent request after you've received a response
1254 where the results are truncated. Set it to the value of the
1255 marker element in the response you just received.
1256
1257 :type max_items: int
1258 :param max_items: Use this parameter only when paginating results to
1259 indicate the maximum number of user names you want in the response.
1260 """
1261 params = {}
1262 if path_prefix is not None:
1263 params['PathPrefix'] = path_prefix
1264 if marker is not None:
1265 params['Marker'] = marker
1266 if max_items is not None:
1267 params['MaxItems'] = max_items
1268 return self.get_response('ListRoles', params, list_marker='Roles')
1269
1270 def put_role_policy(self, role_name, policy_name, policy_document):
1271 """
1272 Adds (or updates) a policy document associated with the specified role.
1273
1274 :type role_name: string
1275 :param role_name: Name of the role to associate the policy with.
1276
1277 :type policy_name: string
1278 :param policy_name: Name of the policy document.
1279
1280 :type policy_document: string
1281 :param policy_document: The policy document.
1282 """
1283 return self.get_response('PutRolePolicy',
1284 {'RoleName': role_name,
1285 'PolicyName': policy_name,
1286 'PolicyDocument': policy_document})
1287
1288 def remove_role_from_instance_profile(self, instance_profile_name,
1289 role_name):
1290 """
1291 Removes the specified role from the specified instance profile.
1292
1293 :type instance_profile_name: string
1294 :param instance_profile_name: Name of the instance profile to update.
1295
1296 :type role_name: string
1297 :param role_name: Name of the role to remove.
1298 """
1299 return self.get_response('RemoveRoleFromInstanceProfile',
1300 {'InstanceProfileName': instance_profile_name,
1301 'RoleName': role_name})
1302
1303 def update_assume_role_policy(self, role_name, policy_document):
1304 """
1305 Updates the policy that grants an entity permission to assume a role.
1306 Currently, only an Amazon EC2 instance can assume a role.
1307
1308 :type role_name: string
1309 :param role_name: Name of the role to update.
1310
1311 :type policy_document: string
1312 :param policy_document: The policy that grants an entity permission to
1313 assume the role.
1314 """
1315 return self.get_response('UpdateAssumeRolePolicy',
1316 {'RoleName': role_name,
1317 'PolicyDocument': policy_document})
OLDNEW
« download_from_google_storage.py ('K') | « third_party/gsutil/boto/iam/__init__.py ('k') | third_party/gsutil/boto/iam/summarymap.py » ('j') | upload_to_google_storage.py » ('J')

Powered by Google App Engine
This is Rietveld 408576698