from __future__ import unicode_literals
from moto.core.responses import BaseResponse
from .models import iam_backend, User
class IamResponse(BaseResponse):
def attach_role_policy(self):
policy_arn = self._get_param('PolicyArn')
role_name = self._get_param('RoleName')
iam_backend.attach_role_policy(policy_arn, role_name)
template = self.response_template(ATTACH_ROLE_POLICY_TEMPLATE)
return template.render()
def detach_role_policy(self):
role_name = self._get_param('RoleName')
policy_arn = self._get_param('PolicyArn')
iam_backend.detach_role_policy(policy_arn, role_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DetachRolePolicyResponse")
def attach_group_policy(self):
policy_arn = self._get_param('PolicyArn')
group_name = self._get_param('GroupName')
iam_backend.attach_group_policy(policy_arn, group_name)
template = self.response_template(ATTACH_GROUP_POLICY_TEMPLATE)
return template.render()
def detach_group_policy(self):
policy_arn = self._get_param('PolicyArn')
group_name = self._get_param('GroupName')
iam_backend.detach_group_policy(policy_arn, group_name)
template = self.response_template(DETACH_GROUP_POLICY_TEMPLATE)
return template.render()
def attach_user_policy(self):
policy_arn = self._get_param('PolicyArn')
user_name = self._get_param('UserName')
iam_backend.attach_user_policy(policy_arn, user_name)
template = self.response_template(ATTACH_USER_POLICY_TEMPLATE)
return template.render()
def detach_user_policy(self):
policy_arn = self._get_param('PolicyArn')
user_name = self._get_param('UserName')
iam_backend.detach_user_policy(policy_arn, user_name)
template = self.response_template(DETACH_USER_POLICY_TEMPLATE)
return template.render()
def create_policy(self):
description = self._get_param('Description')
path = self._get_param('Path')
policy_document = self._get_param('PolicyDocument')
policy_name = self._get_param('PolicyName')
policy = iam_backend.create_policy(
description, path, policy_document, policy_name)
template = self.response_template(CREATE_POLICY_TEMPLATE)
return template.render(policy=policy)
def get_policy(self):
policy_arn = self._get_param('PolicyArn')
policy = iam_backend.get_policy(policy_arn)
template = self.response_template(GET_POLICY_TEMPLATE)
return template.render(policy=policy)
def list_attached_role_policies(self):
marker = self._get_param('Marker')
max_items = self._get_int_param('MaxItems', 100)
path_prefix = self._get_param('PathPrefix', '/')
role_name = self._get_param('RoleName')
policies, marker = iam_backend.list_attached_role_policies(
role_name, marker=marker, max_items=max_items, path_prefix=path_prefix)
template = self.response_template(LIST_ATTACHED_ROLE_POLICIES_TEMPLATE)
return template.render(policies=policies, marker=marker)
def list_attached_group_policies(self):
marker = self._get_param('Marker')
max_items = self._get_int_param('MaxItems', 100)
path_prefix = self._get_param('PathPrefix', '/')
group_name = self._get_param('GroupName')
policies, marker = iam_backend.list_attached_group_policies(
group_name, marker=marker, max_items=max_items,
path_prefix=path_prefix)
template = self.response_template(LIST_ATTACHED_GROUP_POLICIES_TEMPLATE)
return template.render(policies=policies, marker=marker)
def list_attached_user_policies(self):
marker = self._get_param('Marker')
max_items = self._get_int_param('MaxItems', 100)
path_prefix = self._get_param('PathPrefix', '/')
user_name = self._get_param('UserName')
policies, marker = iam_backend.list_attached_user_policies(
user_name, marker=marker, max_items=max_items,
path_prefix=path_prefix)
template = self.response_template(LIST_ATTACHED_USER_POLICIES_TEMPLATE)
return template.render(policies=policies, marker=marker)
def list_policies(self):
marker = self._get_param('Marker')
max_items = self._get_int_param('MaxItems', 100)
only_attached = self._get_bool_param('OnlyAttached', False)
path_prefix = self._get_param('PathPrefix', '/')
scope = self._get_param('Scope', 'All')
policies, marker = iam_backend.list_policies(
marker, max_items, only_attached, path_prefix, scope)
template = self.response_template(LIST_POLICIES_TEMPLATE)
return template.render(policies=policies, marker=marker)
def list_entities_for_policy(self):
policy_arn = self._get_param('PolicyArn')
# Options 'User'|'Role'|'Group'|'LocalManagedPolicy'|'AWSManagedPolicy
entity = self._get_param('EntityFilter')
path_prefix = self._get_param('PathPrefix')
# policy_usage_filter = self._get_param('PolicyUsageFilter')
marker = self._get_param('Marker')
max_items = self._get_param('MaxItems')
entity_roles = []
entity_groups = []
entity_users = []
if entity == 'User':
users = iam_backend.list_users(path_prefix, marker, max_items)
if users:
for user in users:
for p in user.managed_policies:
if p == policy_arn:
entity_users.append(user.name)
elif entity == 'Role':
roles = iam_backend.list_roles(path_prefix, marker, max_items)
if roles:
for role in roles:
for p in role.managed_policies:
if p == policy_arn:
entity_roles.append(role.name)
elif entity == 'Group':
groups = iam_backend.list_groups()
if groups:
for group in groups:
for p in group.managed_policies:
if p == policy_arn:
entity_groups.append(group.name)
elif entity == 'LocalManagedPolicy' or entity == 'AWSManagedPolicy':
users = iam_backend.list_users(path_prefix, marker, max_items)
if users:
for user in users:
for p in user.managed_policies:
if p == policy_arn:
entity_users.append(user.name)
roles = iam_backend.list_roles(path_prefix, marker, max_items)
if roles:
for role in roles:
for p in role.managed_policies:
if p == policy_arn:
entity_roles.append(role.name)
groups = iam_backend.list_groups()
if groups:
for group in groups:
for p in group.managed_policies:
if p == policy_arn:
entity_groups.append(group.name)
template = self.response_template(LIST_ENTITIES_FOR_POLICY_TEMPLATE)
return template.render(roles=entity_roles, users=entity_users, groups=entity_groups)
def create_role(self):
role_name = self._get_param('RoleName')
path = self._get_param('Path')
assume_role_policy_document = self._get_param(
'AssumeRolePolicyDocument')
permissions_boundary = self._get_param(
'PermissionsBoundary')
role = iam_backend.create_role(
role_name, assume_role_policy_document, path, permissions_boundary)
template = self.response_template(CREATE_ROLE_TEMPLATE)
return template.render(role=role)
def get_role(self):
role_name = self._get_param('RoleName')
role = iam_backend.get_role(role_name)
template = self.response_template(GET_ROLE_TEMPLATE)
return template.render(role=role)
def delete_role(self):
role_name = self._get_param('RoleName')
iam_backend.delete_role(role_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeleteRoleResponse")
def list_role_policies(self):
role_name = self._get_param('RoleName')
role_policies_names = iam_backend.list_role_policies(role_name)
template = self.response_template(LIST_ROLE_POLICIES)
return template.render(role_policies=role_policies_names)
def put_role_policy(self):
role_name = self._get_param('RoleName')
policy_name = self._get_param('PolicyName')
policy_document = self._get_param('PolicyDocument')
iam_backend.put_role_policy(role_name, policy_name, policy_document)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="PutRolePolicyResponse")
def delete_role_policy(self):
role_name = self._get_param('RoleName')
policy_name = self._get_param('PolicyName')
iam_backend.delete_role_policy(role_name, policy_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeleteRolePolicyResponse")
def get_role_policy(self):
role_name = self._get_param('RoleName')
policy_name = self._get_param('PolicyName')
policy_name, policy_document = iam_backend.get_role_policy(
role_name, policy_name)
template = self.response_template(GET_ROLE_POLICY_TEMPLATE)
return template.render(role_name=role_name,
policy_name=policy_name,
policy_document=policy_document)
def update_assume_role_policy(self):
role_name = self._get_param('RoleName')
role = iam_backend.get_role(role_name)
role.assume_role_policy_document = self._get_param('PolicyDocument')
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="UpdateAssumeRolePolicyResponse")
def update_role_description(self):
role_name = self._get_param('RoleName')
description = self._get_param('Description')
role = iam_backend.update_role_description(role_name, description)
template = self.response_template(UPDATE_ROLE_DESCRIPTION_TEMPLATE)
return template.render(role=role)
def update_role(self):
role_name = self._get_param('RoleName')
description = self._get_param('Description')
role = iam_backend.update_role(role_name, description)
template = self.response_template(UPDATE_ROLE_TEMPLATE)
return template.render(role=role)
def create_policy_version(self):
policy_arn = self._get_param('PolicyArn')
policy_document = self._get_param('PolicyDocument')
set_as_default = self._get_param('SetAsDefault')
policy_version = iam_backend.create_policy_version(policy_arn, policy_document, set_as_default)
template = self.response_template(CREATE_POLICY_VERSION_TEMPLATE)
return template.render(policy_version=policy_version)
def get_policy_version(self):
policy_arn = self._get_param('PolicyArn')
version_id = self._get_param('VersionId')
policy_version = iam_backend.get_policy_version(policy_arn, version_id)
template = self.response_template(GET_POLICY_VERSION_TEMPLATE)
return template.render(policy_version=policy_version)
def list_policy_versions(self):
policy_arn = self._get_param('PolicyArn')
policy_versions = iam_backend.list_policy_versions(policy_arn)
template = self.response_template(LIST_POLICY_VERSIONS_TEMPLATE)
return template.render(policy_versions=policy_versions)
def delete_policy_version(self):
policy_arn = self._get_param('PolicyArn')
version_id = self._get_param('VersionId')
iam_backend.delete_policy_version(policy_arn, version_id)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name='DeletePolicyVersion')
def create_instance_profile(self):
profile_name = self._get_param('InstanceProfileName')
path = self._get_param('Path', '/')
profile = iam_backend.create_instance_profile(
profile_name, path, role_ids=[])
template = self.response_template(CREATE_INSTANCE_PROFILE_TEMPLATE)
return template.render(profile=profile)
def get_instance_profile(self):
profile_name = self._get_param('InstanceProfileName')
profile = iam_backend.get_instance_profile(profile_name)
template = self.response_template(GET_INSTANCE_PROFILE_TEMPLATE)
return template.render(profile=profile)
def add_role_to_instance_profile(self):
profile_name = self._get_param('InstanceProfileName')
role_name = self._get_param('RoleName')
iam_backend.add_role_to_instance_profile(profile_name, role_name)
template = self.response_template(
ADD_ROLE_TO_INSTANCE_PROFILE_TEMPLATE)
return template.render()
def remove_role_from_instance_profile(self):
profile_name = self._get_param('InstanceProfileName')
role_name = self._get_param('RoleName')
iam_backend.remove_role_from_instance_profile(profile_name, role_name)
template = self.response_template(
REMOVE_ROLE_FROM_INSTANCE_PROFILE_TEMPLATE)
return template.render()
def list_roles(self):
roles = iam_backend.get_roles()
template = self.response_template(LIST_ROLES_TEMPLATE)
return template.render(roles=roles)
def list_instance_profiles(self):
profiles = iam_backend.get_instance_profiles()
template = self.response_template(LIST_INSTANCE_PROFILES_TEMPLATE)
return template.render(instance_profiles=profiles)
def list_instance_profiles_for_role(self):
role_name = self._get_param('RoleName')
profiles = iam_backend.get_instance_profiles_for_role(
role_name=role_name)
template = self.response_template(
LIST_INSTANCE_PROFILES_FOR_ROLE_TEMPLATE)
return template.render(instance_profiles=profiles)
def upload_server_certificate(self):
cert_name = self._get_param('ServerCertificateName')
cert_body = self._get_param('CertificateBody')
path = self._get_param('Path')
private_key = self._get_param('PrivateKey')
cert_chain = self._get_param('CertificateName')
cert = iam_backend.upload_server_cert(
cert_name, cert_body, private_key, cert_chain=cert_chain, path=path)
template = self.response_template(UPLOAD_CERT_TEMPLATE)
return template.render(certificate=cert)
def list_server_certificates(self, marker=None):
certs = iam_backend.get_all_server_certs(marker=marker)
template = self.response_template(LIST_SERVER_CERTIFICATES_TEMPLATE)
return template.render(server_certificates=certs)
def get_server_certificate(self):
cert_name = self._get_param('ServerCertificateName')
cert = iam_backend.get_server_certificate(cert_name)
template = self.response_template(GET_SERVER_CERTIFICATE_TEMPLATE)
return template.render(certificate=cert)
def delete_server_certificate(self):
cert_name = self._get_param('ServerCertificateName')
iam_backend.delete_server_certificate(cert_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeleteServerCertificate")
def create_group(self):
group_name = self._get_param('GroupName')
path = self._get_param('Path', '/')
group = iam_backend.create_group(group_name, path)
template = self.response_template(CREATE_GROUP_TEMPLATE)
return template.render(group=group)
def get_group(self):
group_name = self._get_param('GroupName')
group = iam_backend.get_group(group_name)
template = self.response_template(GET_GROUP_TEMPLATE)
return template.render(group=group)
def list_groups(self):
groups = iam_backend.list_groups()
template = self.response_template(LIST_GROUPS_TEMPLATE)
return template.render(groups=groups)
def list_groups_for_user(self):
user_name = self._get_param('UserName')
groups = iam_backend.get_groups_for_user(user_name)
template = self.response_template(LIST_GROUPS_FOR_USER_TEMPLATE)
return template.render(groups=groups)
def put_group_policy(self):
group_name = self._get_param('GroupName')
policy_name = self._get_param('PolicyName')
policy_document = self._get_param('PolicyDocument')
iam_backend.put_group_policy(group_name, policy_name, policy_document)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="PutGroupPolicyResponse")
def list_group_policies(self):
group_name = self._get_param('GroupName')
marker = self._get_param('Marker')
max_items = self._get_param('MaxItems')
policies = iam_backend.list_group_policies(group_name,
marker=marker, max_items=max_items)
template = self.response_template(LIST_GROUP_POLICIES_TEMPLATE)
return template.render(name="ListGroupPoliciesResponse",
policies=policies,
marker=marker)
def get_group_policy(self):
group_name = self._get_param('GroupName')
policy_name = self._get_param('PolicyName')
policy_result = iam_backend.get_group_policy(group_name, policy_name)
template = self.response_template(GET_GROUP_POLICY_TEMPLATE)
return template.render(name="GetGroupPolicyResponse", **policy_result)
def create_user(self):
user_name = self._get_param('UserName')
path = self._get_param('Path')
user = iam_backend.create_user(user_name, path)
template = self.response_template(USER_TEMPLATE)
return template.render(action='Create', user=user)
def get_user(self):
user_name = self._get_param('UserName')
if user_name:
user = iam_backend.get_user(user_name)
else:
user = User(name='default_user')
# If no user is specific, IAM returns the current user
template = self.response_template(USER_TEMPLATE)
return template.render(action='Get', user=user)
def list_users(self):
path_prefix = self._get_param('PathPrefix')
marker = self._get_param('Marker')
max_items = self._get_param('MaxItems')
users = iam_backend.list_users(path_prefix, marker, max_items)
template = self.response_template(LIST_USERS_TEMPLATE)
return template.render(action='List', users=users)
def update_user(self):
user_name = self._get_param('UserName')
new_path = self._get_param('NewPath')
new_user_name = self._get_param('NewUserName')
iam_backend.update_user(user_name, new_path, new_user_name)
if new_user_name:
user = iam_backend.get_user(new_user_name)
else:
user = iam_backend.get_user(user_name)
template = self.response_template(USER_TEMPLATE)
return template.render(action='Update', user=user)
def create_login_profile(self):
user_name = self._get_param('UserName')
password = self._get_param('Password')
password = self._get_param('Password')
user = iam_backend.create_login_profile(user_name, password)
template = self.response_template(CREATE_LOGIN_PROFILE_TEMPLATE)
return template.render(user=user)
def get_login_profile(self):
user_name = self._get_param('UserName')
user = iam_backend.get_login_profile(user_name)
template = self.response_template(GET_LOGIN_PROFILE_TEMPLATE)
return template.render(user=user)
def update_login_profile(self):
user_name = self._get_param('UserName')
password = self._get_param('Password')
password_reset_required = self._get_param('PasswordResetRequired')
user = iam_backend.update_login_profile(user_name, password, password_reset_required)
template = self.response_template(UPDATE_LOGIN_PROFILE_TEMPLATE)
return template.render(user=user)
def add_user_to_group(self):
group_name = self._get_param('GroupName')
user_name = self._get_param('UserName')
iam_backend.add_user_to_group(group_name, user_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name='AddUserToGroup')
def remove_user_from_group(self):
group_name = self._get_param('GroupName')
user_name = self._get_param('UserName')
iam_backend.remove_user_from_group(group_name, user_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name='RemoveUserFromGroup')
def get_user_policy(self):
user_name = self._get_param('UserName')
policy_name = self._get_param('PolicyName')
policy_document = iam_backend.get_user_policy(user_name, policy_name)
template = self.response_template(GET_USER_POLICY_TEMPLATE)
return template.render(
user_name=user_name,
policy_name=policy_name,
policy_document=policy_document.get('policy_document')
)
def list_user_policies(self):
user_name = self._get_param('UserName')
policies = iam_backend.list_user_policies(user_name)
template = self.response_template(LIST_USER_POLICIES_TEMPLATE)
return template.render(policies=policies)
def put_user_policy(self):
user_name = self._get_param('UserName')
policy_name = self._get_param('PolicyName')
policy_document = self._get_param('PolicyDocument')
iam_backend.put_user_policy(user_name, policy_name, policy_document)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name='PutUserPolicy')
def delete_user_policy(self):
user_name = self._get_param('UserName')
policy_name = self._get_param('PolicyName')
iam_backend.delete_user_policy(user_name, policy_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name='DeleteUserPolicy')
def create_access_key(self):
user_name = self._get_param('UserName')
key = iam_backend.create_access_key(user_name)
template = self.response_template(CREATE_ACCESS_KEY_TEMPLATE)
return template.render(key=key)
def update_access_key(self):
user_name = self._get_param('UserName')
access_key_id = self._get_param('AccessKeyId')
status = self._get_param('Status')
iam_backend.update_access_key(user_name, access_key_id, status)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name='UpdateAccessKey')
def get_access_key_last_used(self):
access_key_id = self._get_param('AccessKeyId')
last_used_response = iam_backend.get_access_key_last_used(access_key_id)
template = self.response_template(GET_ACCESS_KEY_LAST_USED_TEMPLATE)
return template.render(user_name=last_used_response["user_name"], last_used=last_used_response["last_used"])
def list_access_keys(self):
user_name = self._get_param('UserName')
keys = iam_backend.get_all_access_keys(user_name)
template = self.response_template(LIST_ACCESS_KEYS_TEMPLATE)
return template.render(user_name=user_name, keys=keys)
def delete_access_key(self):
user_name = self._get_param('UserName')
access_key_id = self._get_param('AccessKeyId')
iam_backend.delete_access_key(access_key_id, user_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name='DeleteAccessKey')
def deactivate_mfa_device(self):
user_name = self._get_param('UserName')
serial_number = self._get_param('SerialNumber')
iam_backend.deactivate_mfa_device(user_name, serial_number)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name='DeactivateMFADevice')
def enable_mfa_device(self):
user_name = self._get_param('UserName')
serial_number = self._get_param('SerialNumber')
authentication_code_1 = self._get_param('AuthenticationCode1')
authentication_code_2 = self._get_param('AuthenticationCode2')
iam_backend.enable_mfa_device(
user_name,
serial_number,
authentication_code_1,
authentication_code_2
)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name='EnableMFADevice')
def list_mfa_devices(self):
user_name = self._get_param('UserName')
devices = iam_backend.list_mfa_devices(user_name)
template = self.response_template(LIST_MFA_DEVICES_TEMPLATE)
return template.render(user_name=user_name, devices=devices)
def delete_user(self):
user_name = self._get_param('UserName')
iam_backend.delete_user(user_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name='DeleteUser')
def delete_login_profile(self):
user_name = self._get_param('UserName')
iam_backend.delete_login_profile(user_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name='DeleteLoginProfile')
def generate_credential_report(self):
if iam_backend.report_generated():
template = self.response_template(CREDENTIAL_REPORT_GENERATED)
else:
template = self.response_template(CREDENTIAL_REPORT_GENERATING)
iam_backend.generate_report()
return template.render()
def get_credential_report(self):
report = iam_backend.get_credential_report()
template = self.response_template(CREDENTIAL_REPORT)
return template.render(report=report)
def list_account_aliases(self):
aliases = iam_backend.list_account_aliases()
template = self.response_template(LIST_ACCOUNT_ALIASES_TEMPLATE)
return template.render(aliases=aliases)
def create_account_alias(self):
alias = self._get_param('AccountAlias')
iam_backend.create_account_alias(alias)
template = self.response_template(CREATE_ACCOUNT_ALIAS_TEMPLATE)
return template.render()
def delete_account_alias(self):
alias = self._get_param('AccountAlias')
iam_backend.delete_account_alias(alias)
template = self.response_template(DELETE_ACCOUNT_ALIAS_TEMPLATE)
return template.render()
def get_account_authorization_details(self):
filter_param = self._get_multi_param('Filter.member')
account_details = iam_backend.get_account_authorization_details(filter_param)
template = self.response_template(GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE)
return template.render(
instance_profiles=account_details['instance_profiles'],
policies=account_details['managed_policies'],
users=account_details['users'],
groups=account_details['groups'],
roles=account_details['roles'],
get_groups_for_user=iam_backend.get_groups_for_user
)
def create_saml_provider(self):
saml_provider_name = self._get_param('Name')
saml_metadata_document = self._get_param('SAMLMetadataDocument')
saml_provider = iam_backend.create_saml_provider(saml_provider_name, saml_metadata_document)
template = self.response_template(CREATE_SAML_PROVIDER_TEMPLATE)
return template.render(saml_provider=saml_provider)
def update_saml_provider(self):
saml_provider_arn = self._get_param('SAMLProviderArn')
saml_metadata_document = self._get_param('SAMLMetadataDocument')
saml_provider = iam_backend.update_saml_provider(saml_provider_arn, saml_metadata_document)
template = self.response_template(UPDATE_SAML_PROVIDER_TEMPLATE)
return template.render(saml_provider=saml_provider)
def delete_saml_provider(self):
saml_provider_arn = self._get_param('SAMLProviderArn')
iam_backend.delete_saml_provider(saml_provider_arn)
template = self.response_template(DELETE_SAML_PROVIDER_TEMPLATE)
return template.render()
def list_saml_providers(self):
saml_providers = iam_backend.list_saml_providers()
template = self.response_template(LIST_SAML_PROVIDERS_TEMPLATE)
return template.render(saml_providers=saml_providers)
def get_saml_provider(self):
saml_provider_arn = self._get_param('SAMLProviderArn')
saml_provider = iam_backend.get_saml_provider(saml_provider_arn)
template = self.response_template(GET_SAML_PROVIDER_TEMPLATE)
return template.render(saml_provider=saml_provider)
def upload_signing_certificate(self):
user_name = self._get_param('UserName')
cert_body = self._get_param('CertificateBody')
cert = iam_backend.upload_signing_certificate(user_name, cert_body)
template = self.response_template(UPLOAD_SIGNING_CERTIFICATE_TEMPLATE)
return template.render(cert=cert)
def update_signing_certificate(self):
user_name = self._get_param('UserName')
cert_id = self._get_param('CertificateId')
status = self._get_param('Status')
iam_backend.update_signing_certificate(user_name, cert_id, status)
template = self.response_template(UPDATE_SIGNING_CERTIFICATE_TEMPLATE)
return template.render()
def delete_signing_certificate(self):
user_name = self._get_param('UserName')
cert_id = self._get_param('CertificateId')
iam_backend.delete_signing_certificate(user_name, cert_id)
template = self.response_template(DELETE_SIGNING_CERTIFICATE_TEMPLATE)
return template.render()
def list_signing_certificates(self):
user_name = self._get_param('UserName')
certs = iam_backend.list_signing_certificates(user_name)
template = self.response_template(LIST_SIGNING_CERTIFICATES_TEMPLATE)
return template.render(user_name=user_name, certificates=certs)
def list_role_tags(self):
role_name = self._get_param('RoleName')
marker = self._get_param('Marker')
max_items = self._get_param('MaxItems', 100)
tags, marker = iam_backend.list_role_tags(role_name, marker, max_items)
template = self.response_template(LIST_ROLE_TAG_TEMPLATE)
return template.render(tags=tags, marker=marker)
def tag_role(self):
role_name = self._get_param('RoleName')
tags = self._get_multi_param('Tags.member')
iam_backend.tag_role(role_name, tags)
template = self.response_template(TAG_ROLE_TEMPLATE)
return template.render()
def untag_role(self):
role_name = self._get_param('RoleName')
tag_keys = self._get_multi_param('TagKeys.member')
iam_backend.untag_role(role_name, tag_keys)
template = self.response_template(UNTAG_ROLE_TEMPLATE)
return template.render()
LIST_ENTITIES_FOR_POLICY_TEMPLATE = """
{% for role in roles %}
{{ role }}
{% endfor %}
{% for group in groups %}
{{ group }}
{% endfor %}
false
{% for user in users %}
{{ user }}
{% endfor %}
eb358e22-9d1f-11e4-93eb-190ecEXAMPLE
"""
ATTACH_ROLE_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
DETACH_ROLE_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
ATTACH_USER_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
DETACH_USER_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
ATTACH_GROUP_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
DETACH_GROUP_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREATE_POLICY_TEMPLATE = """
{{ policy.arn }}
{{ policy.attachment_count }}
{{ policy.created_iso_8601 }}
{{ policy.default_version_id }}
{{ policy.path }}
{{ policy.id }}
{{ policy.name }}
{{ policy.updated_iso_8601 }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_POLICY_TEMPLATE = """
{{ policy.name }}
{{ policy.description }}
{{ policy.default_version_id }}
{{ policy.id }}
{{ policy.path }}
{{ policy.arn }}
{{ policy.attachment_count }}
{{ policy.created_iso_8601 }}
{{ policy.updated_iso_8601 }}
684f0917-3d22-11e4-a4a0-cffb9EXAMPLE
"""
LIST_ATTACHED_ROLE_POLICIES_TEMPLATE = """
{% if marker is none %}
false
{% else %}
true
{{ marker }}
{% endif %}
{% for policy in policies %}
{{ policy.name }}
{{ policy.arn }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_ATTACHED_GROUP_POLICIES_TEMPLATE = """
{% if marker is none %}
false
{% else %}
true
{{ marker }}
{% endif %}
{% for policy in policies %}
{{ policy.name }}
{{ policy.arn }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_ATTACHED_USER_POLICIES_TEMPLATE = """
{% if marker is none %}
false
{% else %}
true
{{ marker }}
{% endif %}
{% for policy in policies %}
{{ policy.name }}
{{ policy.arn }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_POLICIES_TEMPLATE = """
{% if marker is none %}
false
{% else %}
true
{{ marker }}
{% endif %}
{% for policy in policies %}
{{ policy.arn }}
{{ policy.attachment_count }}
{{ policy.created_iso_8601 }}
{{ policy.default_version_id }}
{{ policy.path }}
{{ policy.id }}
{{ policy.name }}
{{ policy.updated_iso_8601 }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GENERIC_EMPTY_TEMPLATE = """<{{ name }}Response>
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREATE_INSTANCE_PROFILE_TEMPLATE = """
{{ profile.id }}
{{ profile.name }}
{{ profile.path }}
{{ profile.arn }}
{{ profile.created_iso_8601 }}
974142ee-99f1-11e1-a4c3-27EXAMPLE804
"""
GET_INSTANCE_PROFILE_TEMPLATE = """
{{ profile.id }}
{% for role in profile.roles %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% endfor %}
{{ profile.name }}
{{ profile.path }}
{{ profile.arn }}
{{ profile.created_iso_8601 }}
37289fda-99f2-11e1-a4c3-27EXAMPLE804
"""
CREATE_ROLE_TEMPLATE = """
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% if role.permissions_boundary %}
PermissionsBoundaryPolicy
{{ role.permissions_boundary }}
{% endif %}
4a93ceee-9966-11e1-b624-b1aEXAMPLE7c
"""
GET_ROLE_POLICY_TEMPLATE = """
{{ policy_name }}
{{ role_name }}
{{ policy_document }}
7e7cd8bc-99ef-11e1-a4c3-27EXAMPLE804
"""
UPDATE_ROLE_TEMPLATE = """
df37e965-9967-11e1-a4c3-270EXAMPLE04
"""
UPDATE_ROLE_DESCRIPTION_TEMPLATE = """
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% if role.tags %}
{% for tag in role.get_tags() %}
{{ tag['Key'] }}
{{ tag['Value'] }}
{% endfor %}
{% endif %}
df37e965-9967-11e1-a4c3-270EXAMPLE04
"""
GET_ROLE_TEMPLATE = """
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% if role.tags %}
{% for tag in role.get_tags() %}
{{ tag['Key'] }}
{{ tag['Value'] }}
{% endfor %}
{% endif %}
df37e965-9967-11e1-a4c3-270EXAMPLE04
"""
ADD_ROLE_TO_INSTANCE_PROFILE_TEMPLATE = """
12657608-99f2-11e1-a4c3-27EXAMPLE804
"""
REMOVE_ROLE_FROM_INSTANCE_PROFILE_TEMPLATE = """
12657608-99f2-11e1-a4c3-27EXAMPLE804
"""
LIST_ROLES_TEMPLATE = """
false
{% for role in roles %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% if role.permissions_boundary %}
PermissionsBoundaryPolicy
{{ role.permissions_boundary }}
{% endif %}
{% endfor %}
20f7279f-99ee-11e1-a4c3-27EXAMPLE804
"""
LIST_ROLE_POLICIES = """
{% for policy_name in role_policies %}
{{ policy_name }}
{% endfor %}
false
8c7e1816-99f0-11e1-a4c3-27EXAMPLE804
"""
CREATE_POLICY_VERSION_TEMPLATE = """
{{ policy_version.document }}
{{ policy_version.version_id }}
{{ policy_version.is_default }}
{{ policy_version.created_iso_8601 }}
20f7279f-99ee-11e1-a4c3-27EXAMPLE804
"""
GET_POLICY_VERSION_TEMPLATE = """
{{ policy_version.document }}
{{ policy_version.version_id }}
{{ policy_version.is_default }}
{{ policy_version.created_iso_8601 }}
20f7279f-99ee-11e1-a4c3-27EXAMPLE804
"""
LIST_POLICY_VERSIONS_TEMPLATE = """
false
{% for policy_version in policy_versions %}
{{ policy_version.document }}
{{ policy_version.version_id }}
{{ policy_version.is_default }}
{{ policy_version.created_iso_8601 }}
{% endfor %}
20f7279f-99ee-11e1-a4c3-27EXAMPLE804
"""
LIST_INSTANCE_PROFILES_TEMPLATE = """
false
{% for instance in instance_profiles %}
{{ instance.id }}
{% for role in instance.roles %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% endfor %}
{{ instance.name }}
{{ instance.path }}
{{ instance.arn }}
{{ instance.created_iso_8601 }}
{% endfor %}
fd74fa8d-99f3-11e1-a4c3-27EXAMPLE804
"""
UPLOAD_CERT_TEMPLATE = """
{{ certificate.cert_name }}
{% if certificate.path %}
{{ certificate.path }}
{% endif %}
{{ certificate.arn }}
2010-05-08T01:02:03.004Z
ASCACKCEVSQ6C2EXAMPLE
2012-05-08T01:02:03.004Z
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_SERVER_CERTIFICATES_TEMPLATE = """
false
{% for certificate in server_certificates %}
{{ certificate.cert_name }}
{% if certificate.path %}
{{ certificate.path }}
{% endif %}
{{ certificate.arn }}
2010-05-08T01:02:03.004Z
ASCACKCEVSQ6C2EXAMPLE
2012-05-08T01:02:03.004Z
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_SERVER_CERTIFICATE_TEMPLATE = """
{{ certificate.cert_name }}
{% if certificate.path %}
{{ certificate.path }}
{% endif %}
{{ certificate.arn }}
2010-05-08T01:02:03.004Z
ASCACKCEVSQ6C2EXAMPLE
2012-05-08T01:02:03.004Z
{{ certificate.cert_body }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREATE_GROUP_TEMPLATE = """
{{ group.path }}
{{ group.name }}
{{ group.id }}
{{ group.arn }}
{{ group.created_iso_8601 }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_GROUP_TEMPLATE = """
{{ group.path }}
{{ group.name }}
{{ group.id }}
{{ group.arn }}
{{ group.created_iso_8601 }}
{% for user in group.users %}
{{ user.path }}
{{ user.name }}
{{ user.id }}
{{ user.arn }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_GROUPS_TEMPLATE = """
{% for group in groups %}
{{ group.path }}
{{ group.name }}
{{ group.id }}
{{ group.arn }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_GROUPS_FOR_USER_TEMPLATE = """
{% for group in groups %}
{{ group.path }}
{{ group.name }}
{{ group.id }}
{{ group.arn }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_GROUP_POLICIES_TEMPLATE = """
{% if marker is none %}
false
{% else %}
true
{{ marker }}
{% endif %}
{% for policy in policies %}
{{ policy }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_GROUP_POLICY_TEMPLATE = """
{{ policy_name }}
{{ group_name }}
{{ policy_document }}
7e7cd8bc-99ef-11e1-a4c3-27EXAMPLE804
"""
USER_TEMPLATE = """<{{ action }}UserResponse>
<{{ action }}UserResult>
{{ user.path }}
{{ user.name }}
{{ user.id }}
{{ user.created_iso_8601 }}
{{ user.arn }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_USERS_TEMPLATE = """<{{ action }}UsersResponse>
<{{ action }}UsersResult>
{% for user in users %}
{{ user.id }}
{{ user.path }}
{{ user.name }}
{{ user.created_iso_8601 }}
{{ user.arn }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREATE_LOGIN_PROFILE_TEMPLATE = """
{{ user.name }}
{{ user.created_iso_8601 }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_LOGIN_PROFILE_TEMPLATE = """
{{ user.name }}
{{ user.created_iso_8601 }}
{% if user.password_reset_required %}
true
{% endif %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
UPDATE_LOGIN_PROFILE_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_USER_POLICY_TEMPLATE = """
{{ user_name }}
{{ policy_name }}
{{ policy_document }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_USER_POLICIES_TEMPLATE = """
{% for policy in policies %}
{{ policy }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREATE_ACCESS_KEY_TEMPLATE = """
{{ key.user_name }}
{{ key.access_key_id }}
{{ key.status }}
{{ key.secret_access_key }}
{{ key.created_iso_8601 }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_ACCESS_KEYS_TEMPLATE = """
{{ user_name }}
{% for key in keys %}
{{ user_name }}
{{ key.access_key_id }}
{{ key.status }}
{{ key.created_iso_8601 }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_ACCESS_KEY_LAST_USED_TEMPLATE = """
{{ user_name }}
{{ last_used }}
"""
CREDENTIAL_REPORT_GENERATING = """
STARTED
No report exists. Starting a new report generation task
fa788a82-aa8a-11e4-a278-1786c418872b"
"""
CREDENTIAL_REPORT_GENERATED = """
COMPLETE
fa788a82-aa8a-11e4-a278-1786c418872b"
"""
CREDENTIAL_REPORT = """
{{ report }}
2015-02-02T20:02:02Z
text/csv
fa788a82-aa8a-11e4-a278-1786c418872b"
"""
LIST_INSTANCE_PROFILES_FOR_ROLE_TEMPLATE = """
false
{% for profile in instance_profiles %}
{{ profile.id }}
{% for role in profile.roles %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% endfor %}
{{ profile.name }}
{{ profile.path }}
{{ profile.arn }}
{{ profile.created_iso_8601 }}
{% endfor %}
6a8c3992-99f4-11e1-a4c3-27EXAMPLE804
"""
LIST_MFA_DEVICES_TEMPLATE = """
{% for device in devices %}
{{ user_name }}
{{ device.serial_number }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_ACCOUNT_ALIASES_TEMPLATE = """
false
{% for alias in aliases %}
{{ alias }}
{% endfor %}
c5a076e9-f1b0-11df-8fbe-45274EXAMPLE
"""
CREATE_ACCOUNT_ALIAS_TEMPLATE = """
36b5db08-f1b0-11df-8fbe-45274EXAMPLE
"""
DELETE_ACCOUNT_ALIAS_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_GROUPS_FOR_USER_TEMPLATE = """
{% for group in groups %}
{{ group.path }}
{{ group.name }}
{{ group.id }}
{{ group.arn }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """
false
{% for user in users %}
{% for group in get_groups_for_user(user.name) %}
{{ group.name }}
{% endfor %}
{% for policy in user.managed_policies %}
{{ user.managed_policies[policy].name }}
{{ policy }}
{% endfor %}
{{ user.id }}
{{ user.path }}
{{ user.name }}
{{ user.arn }}
{{ user.created_iso_8601 }}
{% endfor %}
{% for group in groups %}
{{ group.id }}
{% for policy_arn in group.managed_policies %}
{{ group.managed_policies[policy_arn].name }}
{{ policy_arn }}
{% endfor %}
{{ group.name }}
{{ group.path }}
{{ group.arn }}
{{ group.created_iso_8601 }}
{% for policy in group.policies %}
{{ policy }}
{{ group.get_policy(policy) }}
{% endfor %}
{% endfor %}
{% for role in roles %}
{% for inline_policy in role.policies %}
{{ inline_policy }}
{{ role.policies[inline_policy] }}
{% endfor %}
{% for policy_arn in role.managed_policies %}
{{ role.managed_policies[policy_arn].name }}
{{ policy_arn }}
{% endfor %}
{% for tag in role.get_tags() %}
{{ tag['Key'] }}
{{ tag['Value'] }}
{% endfor %}
{% for profile in instance_profiles %}
{{ profile.id }}
{% for role in profile.roles %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% endfor %}
{{ profile.name }}
{{ profile.path }}
{{ profile.arn }}
{{ profile.created_iso_8601 }}
{% endfor %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% endfor %}
{% for policy in policies %}
{{ policy.name }}
{{ policy.default_version_id }}
{{ policy.id }}
{{ policy.path }}
{% for policy_version in policy.versions %}
{{ policy_version.document }}
{{ policy_version.is_default }}
{{ policy_version.version_id }}
{{ policy_version.created_iso_8601 }}
{% endfor %}
{{ policy.arn }}
1
{{ policy.created_iso_8601 }}
true
{{ policy.updated_iso_8601 }}
{% endfor %}
92e79ae7-7399-11e4-8c85-4b53eEXAMPLE
"""
CREATE_SAML_PROVIDER_TEMPLATE = """
{{ saml_provider.arn }}
29f47818-99f5-11e1-a4c3-27EXAMPLE804
"""
LIST_SAML_PROVIDERS_TEMPLATE = """
{% for saml_provider in saml_providers %}
{{ saml_provider.arn }}
2032-05-09T16:27:11Z
2012-05-09T16:27:03Z
{% endfor %}
fd74fa8d-99f3-11e1-a4c3-27EXAMPLE804
"""
GET_SAML_PROVIDER_TEMPLATE = """
2012-05-09T16:27:11Z
2015-12-31T21:59:59Z
{{ saml_provider.saml_metadata_document }}
29f47818-99f5-11e1-a4c3-27EXAMPLE804
"""
DELETE_SAML_PROVIDER_TEMPLATE = """
c749ee7f-99ef-11e1-a4c3-27EXAMPLE804
"""
UPDATE_SAML_PROVIDER_TEMPLATE = """
{{ saml_provider.arn }}
29f47818-99f5-11e1-a4c3-27EXAMPLE804
"""
UPLOAD_SIGNING_CERTIFICATE_TEMPLATE = """
{{ cert.user_name }}
{{ cert.id }}
{{ cert.body }}
{{ cert.status }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
UPDATE_SIGNING_CERTIFICATE_TEMPLATE = """
EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE
"""
DELETE_SIGNING_CERTIFICATE_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_SIGNING_CERTIFICATES_TEMPLATE = """
{{ user_name }}
{% for cert in certificates %}
{{ user_name }}
{{ cert.id }}
{{ cert.body }}
{{ cert.status }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
TAG_ROLE_TEMPLATE = """
EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE
"""
LIST_ROLE_TAG_TEMPLATE = """
{{ 'true' if marker else 'false' }}
{% if marker %}
{{ marker }}
{% endif %}
{% for tag in tags %}
{{ tag['Key'] }}
{{ tag['Value'] }}
{% endfor %}
EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE
"""
UNTAG_ROLE_TEMPLATE = """
EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE
"""