EbookFoundation
/
regluit
mirror of https://github.com/EbookFoundation/regluit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

much of the IAM functionality in place

pull/1/head
Raymond Yee 2013-06-07 14:55:10 -07:00
parent 23aa8f449e
commit b398a21cc8
1 changed files with 111 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
build_ec2_instances_for_django.ipynb
View File

@ -484,38 +484,6 @@
"metadata": {},
"outputs": []
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"#Launch new_test\n",
"\n",
"inst = aws.instance('new_test')"
],
"language": "python",
"metadata": {},
"outputs": []
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"inst.start()"
],
"language": "python",
"metadata": {},
"outputs": []
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"inst.update()"
],
"language": "python",
"metadata": {},
"outputs": []
},
{
"cell_type": "heading",
"level": 1,
@ -889,45 +857,65 @@
"cell_type": "code",
"collapsed": false,
"input": [
"iam = aws.boto.connect_iam()"
],
"language": "python",
"metadata": {},
"outputs": []
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"iam.get_all_groups()"
],
"language": "python",
"metadata": {},
"outputs": []
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"[u.user_name for u in iam.get_all_users()[u'list_users_response'][u'list_users_result']['users']]"
],
"language": "python",
"metadata": {},
"outputs": []
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"# ok, we can go into greate depth.\n",
"iam = aws.boto.connect_iam()\n",
"\n",
"# get group names\n",
"\n",
"def all_iam_group_names():\n",
" return [g.group_name for g in iam_groups['list_groups_response']['list_groups_result']['groups']]\n",
"\n",
"# get user names\n",
"\n",
"def all_iam_user_names():\n",
" return [u.user_name for u in iam.get_all_users()[u'list_users_response'][u'list_users_result']['users']]\n",
"\n",
"# mapping between groups and users\n",
"# list users and their corresponding groups.\n",
"\n",
"def iam_group_names_for_user(user_name):\n",
" return [g.group_name for g in iam.get_groups_for_user(user_name)['list_groups_for_user_response'][u'list_groups_for_user_result']['groups']]\n",
"\n",
"# for given groups, list corresponding users\n",
"\n",
"def iam_user_names_for_group(group_name):\n",
" return [u.user_name for u in iam.get_group(group_name=group_name)[u'get_group_response'][u'get_group_result']['users']]\n",
"\n",
"# find keys associated with user\n",
"\n",
"def access_keys_for_user_name(user_name):\n",
" keys = iam.get_all_access_keys(user_name=user_name)['list_access_keys_response'][u'list_access_keys_result']['access_key_metadata']\n",
" return keys\n",
"\n",
"# can we use IAM to create new IAM user and get the key / secret?\n",
"\n",
"IAM_USER_NAME = 'ry-dev-2'\n",
"def create_iam_user(user_name, generate_key=True):\n",
" iam_user = iam.create_user(user_name=user_name)\n",
" if generate_key:\n",
" key_output = iam.create_access_key(user_name=user_name)\n",
" access_key = key_output['create_access_key_response']['create_access_key_result']['access_key']\n",
" (key, secret) = (access_key['access_key_id'], access_key['secret_access_key'])\n",
" return (iam_user, key, secret)\n",
" else:\n",
" return (iam_user, key, None, None)\n",
"\n",
"iam_user = iam.create_user(user_name=IAM_USER_NAME)\n",
"key_output = iam.create_access_key(user_name=IAM_USER_NAME)\n",
"access_key = key_output['create_access_key_response']['create_access_key_result']['access_key']\n",
"(key, secret) = (access_key['access_key_id'], access_key['secret_access_key'])"
"def delete_iam_user(user_name):\n",
" # first delete keys\n",
" keys = iam.get_all_access_keys(user_name=IAM_USER_NAME)['list_access_keys_response'][u'list_access_keys_result']['access_key_metadata']\n",
"\n",
" for key in keys:\n",
" result = iam.delete_access_key(access_key_id = key['access_key_id'], user_name=user_name)\n",
" \n",
" # then delete the user\n",
" return iam.delete_user(user_name=user_name)\n",
" \n",
"\n",
"# get general IAM stats\n",
"\n",
"(iam.get_account_summary(), all_iam_group_names(), all_iam_user_names(),\n",
" iam_group_names_for_user('eric'), iam_user_names_for_group('gluejar'),\n",
" access_keys_for_user_name('ry-dev')\n",
" )\n",
"\n"
],
"language": "python",
"metadata": {},
@ -937,7 +925,10 @@
"cell_type": "code",
"collapsed": false,
"input": [
"iam_user"
"# test -> grab all groups and list of corresponding users\n",
"\n",
"for g in all_iam_group_names():\n",
" print g, user_names_for_iam_group(g)"
],
"language": "python",
"metadata": {},
@ -947,7 +938,10 @@
"cell_type": "code",
"collapsed": false,
"input": [
"iam.create_access_key(user_name='ry-dev-2')"
"# list all keys by looping through users\n",
"\n",
"for u in all_iam_user_names():\n",
" print u, [(k.access_key_id, k.status) for k in access_keys_for_user_name(u)]"
],
"language": "python",
"metadata": {},
@ -957,7 +951,14 @@
"cell_type": "code",
"collapsed": false,
"input": [
"key_output = _"
"# how to deactivate a key -- let's try it out on ry-dev-3 key\n",
"\n",
"\n",
"keys = access_keys_for_user_name('ry-dev-3')\n",
"for key in keys:\n",
" print key.access_key_id, key.status\n",
" result = iam.update_access_key(access_key_id=key.access_key_id, user_name='ry-dev-3', status='Inactive')\n",
" print result\n"
],
"language": "python",
"metadata": {},
@ -967,8 +968,23 @@
"cell_type": "code",
"collapsed": false,
"input": [
"access_key = key_output['create_access_key_response']['create_access_key_result']['access_key']\n",
"(access_key['access_key_id'], access_key['secret_access_key'])"
"# look at permission structures of groups and users\n",
"\n",
"from urllib import urlencode\n",
"import urlparse\n",
"\n",
"def iam_policy_names_for_group(group_name):\n",
" return iam.get_all_group_policies(group_name=group_name)['list_group_policies_response'][u'list_group_policies_result']['policy_names']\n",
"\n",
"def policy_document(policy_name, user_name=None, group_name=None):\n",
" if group_name is not None:\n",
" document = iam.get_group_policy(group_name=group_name, policy_name=policy_name)[u'get_group_policy_response'][u'get_group_policy_result'][u'policy_document']\n",
" return urlparse.parse_qs(\"policy={0}\".format(document))['policy'][0]\n",
"\n",
"policy_names = iam_policy_names_for_group('gluejar')\n",
"\n",
"for p in policy_names:\n",
" print policy_document(group_name='gluejar', policy_name=p)"
],
"language": "python",
"metadata": {},
@ -978,7 +994,28 @@
"cell_type": "code",
"collapsed": false,
"input": [
"# we've created a key/secret but we still needed to create permissions to attach to user \n"
"IAM_USER_NAME = 'ry-dev-2'"
],
"language": "python",
"metadata": {},
"outputs": []
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"iam_user, key, secret = create_iam_user('ry-dev-3', True)"
],
"language": "python",
"metadata": {},
"outputs": []
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"# we've created a key/secret but we still needed to create permissions to attach to user \n",
"# the following is the permissions of a power user"
],
"language": "python",
"metadata": {},