from __future__ import unicode_literals
from moto.core.responses import BaseResponse
from .models import iam_backend, User
class IamResponse(BaseResponse):
def attach_role_policy(self):
policy_arn = self._get_param("PolicyArn")
role_name = self._get_param("RoleName")
iam_backend.attach_role_policy(policy_arn, role_name)
template = self.response_template(ATTACH_ROLE_POLICY_TEMPLATE)
return template.render()
def detach_role_policy(self):
role_name = self._get_param("RoleName")
policy_arn = self._get_param("PolicyArn")
iam_backend.detach_role_policy(policy_arn, role_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DetachRolePolicyResponse")
def attach_group_policy(self):
policy_arn = self._get_param("PolicyArn")
group_name = self._get_param("GroupName")
iam_backend.attach_group_policy(policy_arn, group_name)
template = self.response_template(ATTACH_GROUP_POLICY_TEMPLATE)
return template.render()
def detach_group_policy(self):
policy_arn = self._get_param("PolicyArn")
group_name = self._get_param("GroupName")
iam_backend.detach_group_policy(policy_arn, group_name)
template = self.response_template(DETACH_GROUP_POLICY_TEMPLATE)
return template.render()
def attach_user_policy(self):
policy_arn = self._get_param("PolicyArn")
user_name = self._get_param("UserName")
iam_backend.attach_user_policy(policy_arn, user_name)
template = self.response_template(ATTACH_USER_POLICY_TEMPLATE)
return template.render()
def detach_user_policy(self):
policy_arn = self._get_param("PolicyArn")
user_name = self._get_param("UserName")
iam_backend.detach_user_policy(policy_arn, user_name)
template = self.response_template(DETACH_USER_POLICY_TEMPLATE)
return template.render()
def create_policy(self):
description = self._get_param("Description")
path = self._get_param("Path")
policy_document = self._get_param("PolicyDocument")
policy_name = self._get_param("PolicyName")
policy = iam_backend.create_policy(
description, path, policy_document, policy_name
)
template = self.response_template(CREATE_POLICY_TEMPLATE)
return template.render(policy=policy)
def get_policy(self):
policy_arn = self._get_param("PolicyArn")
policy = iam_backend.get_policy(policy_arn)
template = self.response_template(GET_POLICY_TEMPLATE)
return template.render(policy=policy)
def list_attached_role_policies(self):
marker = self._get_param("Marker")
max_items = self._get_int_param("MaxItems", 100)
path_prefix = self._get_param("PathPrefix", "/")
role_name = self._get_param("RoleName")
policies, marker = iam_backend.list_attached_role_policies(
role_name, marker=marker, max_items=max_items, path_prefix=path_prefix
)
template = self.response_template(LIST_ATTACHED_ROLE_POLICIES_TEMPLATE)
return template.render(policies=policies, marker=marker)
def list_attached_group_policies(self):
marker = self._get_param("Marker")
max_items = self._get_int_param("MaxItems", 100)
path_prefix = self._get_param("PathPrefix", "/")
group_name = self._get_param("GroupName")
policies, marker = iam_backend.list_attached_group_policies(
group_name, marker=marker, max_items=max_items, path_prefix=path_prefix
)
template = self.response_template(LIST_ATTACHED_GROUP_POLICIES_TEMPLATE)
return template.render(policies=policies, marker=marker)
def list_attached_user_policies(self):
marker = self._get_param("Marker")
max_items = self._get_int_param("MaxItems", 100)
path_prefix = self._get_param("PathPrefix", "/")
user_name = self._get_param("UserName")
policies, marker = iam_backend.list_attached_user_policies(
user_name, marker=marker, max_items=max_items, path_prefix=path_prefix
)
template = self.response_template(LIST_ATTACHED_USER_POLICIES_TEMPLATE)
return template.render(policies=policies, marker=marker)
def list_policies(self):
marker = self._get_param("Marker")
max_items = self._get_int_param("MaxItems", 100)
only_attached = self._get_bool_param("OnlyAttached", False)
path_prefix = self._get_param("PathPrefix", "/")
scope = self._get_param("Scope", "All")
policies, marker = iam_backend.list_policies(
marker, max_items, only_attached, path_prefix, scope
)
template = self.response_template(LIST_POLICIES_TEMPLATE)
return template.render(policies=policies, marker=marker)
def list_entities_for_policy(self):
policy_arn = self._get_param("PolicyArn")
# Options 'User'|'Role'|'Group'|'LocalManagedPolicy'|'AWSManagedPolicy
entity = self._get_param("EntityFilter")
path_prefix = self._get_param("PathPrefix")
# policy_usage_filter = self._get_param('PolicyUsageFilter')
marker = self._get_param("Marker")
max_items = self._get_param("MaxItems")
entity_roles = []
entity_groups = []
entity_users = []
if entity == "User":
users = iam_backend.list_users(path_prefix, marker, max_items)
if users:
for user in users:
for p in user.managed_policies:
if p == policy_arn:
entity_users.append(user.name)
elif entity == "Role":
roles = iam_backend.list_roles(path_prefix, marker, max_items)
if roles:
for role in roles:
for p in role.managed_policies:
if p == policy_arn:
entity_roles.append(role.name)
elif entity == "Group":
groups = iam_backend.list_groups()
if groups:
for group in groups:
for p in group.managed_policies:
if p == policy_arn:
entity_groups.append(group.name)
elif entity == "LocalManagedPolicy" or entity == "AWSManagedPolicy":
users = iam_backend.list_users(path_prefix, marker, max_items)
if users:
for user in users:
for p in user.managed_policies:
if p == policy_arn:
entity_users.append(user.name)
roles = iam_backend.list_roles(path_prefix, marker, max_items)
if roles:
for role in roles:
for p in role.managed_policies:
if p == policy_arn:
entity_roles.append(role.name)
groups = iam_backend.list_groups()
if groups:
for group in groups:
for p in group.managed_policies:
if p == policy_arn:
entity_groups.append(group.name)
template = self.response_template(LIST_ENTITIES_FOR_POLICY_TEMPLATE)
return template.render(
roles=entity_roles, users=entity_users, groups=entity_groups
)
def create_role(self):
role_name = self._get_param("RoleName")
path = self._get_param("Path")
assume_role_policy_document = self._get_param("AssumeRolePolicyDocument")
permissions_boundary = self._get_param("PermissionsBoundary")
description = self._get_param("Description")
tags = self._get_multi_param("Tags.member")
max_session_duration = self._get_param("MaxSessionDuration", 3600)
role = iam_backend.create_role(
role_name,
assume_role_policy_document,
path,
permissions_boundary,
description,
tags,
max_session_duration,
)
template = self.response_template(CREATE_ROLE_TEMPLATE)
return template.render(role=role)
def get_role(self):
role_name = self._get_param("RoleName")
role = iam_backend.get_role(role_name)
template = self.response_template(GET_ROLE_TEMPLATE)
return template.render(role=role)
def delete_role(self):
role_name = self._get_param("RoleName")
iam_backend.delete_role(role_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeleteRoleResponse")
def list_role_policies(self):
role_name = self._get_param("RoleName")
role_policies_names = iam_backend.list_role_policies(role_name)
template = self.response_template(LIST_ROLE_POLICIES)
return template.render(role_policies=role_policies_names)
def put_role_policy(self):
role_name = self._get_param("RoleName")
policy_name = self._get_param("PolicyName")
policy_document = self._get_param("PolicyDocument")
iam_backend.put_role_policy(role_name, policy_name, policy_document)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="PutRolePolicyResponse")
def delete_role_policy(self):
role_name = self._get_param("RoleName")
policy_name = self._get_param("PolicyName")
iam_backend.delete_role_policy(role_name, policy_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeleteRolePolicyResponse")
def get_role_policy(self):
role_name = self._get_param("RoleName")
policy_name = self._get_param("PolicyName")
policy_name, policy_document = iam_backend.get_role_policy(
role_name, policy_name
)
template = self.response_template(GET_ROLE_POLICY_TEMPLATE)
return template.render(
role_name=role_name,
policy_name=policy_name,
policy_document=policy_document,
)
def update_assume_role_policy(self):
role_name = self._get_param("RoleName")
role = iam_backend.get_role(role_name)
role.assume_role_policy_document = self._get_param("PolicyDocument")
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="UpdateAssumeRolePolicyResponse")
def update_role_description(self):
role_name = self._get_param("RoleName")
description = self._get_param("Description")
role = iam_backend.update_role_description(role_name, description)
template = self.response_template(UPDATE_ROLE_DESCRIPTION_TEMPLATE)
return template.render(role=role)
def update_role(self):
role_name = self._get_param("RoleName")
description = self._get_param("Description")
max_session_duration = self._get_param("MaxSessionDuration", 3600)
role = iam_backend.update_role(role_name, description, max_session_duration)
template = self.response_template(UPDATE_ROLE_TEMPLATE)
return template.render(role=role)
def create_policy_version(self):
policy_arn = self._get_param("PolicyArn")
policy_document = self._get_param("PolicyDocument")
set_as_default = self._get_param("SetAsDefault")
policy_version = iam_backend.create_policy_version(
policy_arn, policy_document, set_as_default
)
template = self.response_template(CREATE_POLICY_VERSION_TEMPLATE)
return template.render(policy_version=policy_version)
def get_policy_version(self):
policy_arn = self._get_param("PolicyArn")
version_id = self._get_param("VersionId")
policy_version = iam_backend.get_policy_version(policy_arn, version_id)
template = self.response_template(GET_POLICY_VERSION_TEMPLATE)
return template.render(policy_version=policy_version)
def list_policy_versions(self):
policy_arn = self._get_param("PolicyArn")
policy_versions = iam_backend.list_policy_versions(policy_arn)
template = self.response_template(LIST_POLICY_VERSIONS_TEMPLATE)
return template.render(policy_versions=policy_versions)
def delete_policy_version(self):
policy_arn = self._get_param("PolicyArn")
version_id = self._get_param("VersionId")
iam_backend.delete_policy_version(policy_arn, version_id)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeletePolicyVersion")
def create_instance_profile(self):
profile_name = self._get_param("InstanceProfileName")
path = self._get_param("Path", "/")
profile = iam_backend.create_instance_profile(profile_name, path, role_ids=[])
template = self.response_template(CREATE_INSTANCE_PROFILE_TEMPLATE)
return template.render(profile=profile)
def delete_instance_profile(self):
profile_name = self._get_param("InstanceProfileName")
profile = iam_backend.delete_instance_profile(profile_name)
template = self.response_template(DELETE_INSTANCE_PROFILE_TEMPLATE)
return template.render(profile=profile)
def get_instance_profile(self):
profile_name = self._get_param("InstanceProfileName")
profile = iam_backend.get_instance_profile(profile_name)
template = self.response_template(GET_INSTANCE_PROFILE_TEMPLATE)
return template.render(profile=profile)
def add_role_to_instance_profile(self):
profile_name = self._get_param("InstanceProfileName")
role_name = self._get_param("RoleName")
iam_backend.add_role_to_instance_profile(profile_name, role_name)
template = self.response_template(ADD_ROLE_TO_INSTANCE_PROFILE_TEMPLATE)
return template.render()
def remove_role_from_instance_profile(self):
profile_name = self._get_param("InstanceProfileName")
role_name = self._get_param("RoleName")
iam_backend.remove_role_from_instance_profile(profile_name, role_name)
template = self.response_template(REMOVE_ROLE_FROM_INSTANCE_PROFILE_TEMPLATE)
return template.render()
def list_roles(self):
roles = iam_backend.get_roles()
template = self.response_template(LIST_ROLES_TEMPLATE)
return template.render(roles=roles)
def list_instance_profiles(self):
profiles = iam_backend.get_instance_profiles()
template = self.response_template(LIST_INSTANCE_PROFILES_TEMPLATE)
return template.render(instance_profiles=profiles)
def list_instance_profiles_for_role(self):
role_name = self._get_param("RoleName")
profiles = iam_backend.get_instance_profiles_for_role(role_name=role_name)
template = self.response_template(LIST_INSTANCE_PROFILES_FOR_ROLE_TEMPLATE)
return template.render(instance_profiles=profiles)
def upload_server_certificate(self):
cert_name = self._get_param("ServerCertificateName")
cert_body = self._get_param("CertificateBody")
path = self._get_param("Path")
private_key = self._get_param("PrivateKey")
cert_chain = self._get_param("CertificateName")
cert = iam_backend.upload_server_certificate(
cert_name, cert_body, private_key, cert_chain=cert_chain, path=path
)
template = self.response_template(UPLOAD_CERT_TEMPLATE)
return template.render(certificate=cert)
def list_server_certificates(self, marker=None):
certs = iam_backend.get_all_server_certs(marker=marker)
template = self.response_template(LIST_SERVER_CERTIFICATES_TEMPLATE)
return template.render(server_certificates=certs)
def get_server_certificate(self):
cert_name = self._get_param("ServerCertificateName")
cert = iam_backend.get_server_certificate(cert_name)
template = self.response_template(GET_SERVER_CERTIFICATE_TEMPLATE)
return template.render(certificate=cert)
def delete_server_certificate(self):
cert_name = self._get_param("ServerCertificateName")
iam_backend.delete_server_certificate(cert_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeleteServerCertificate")
def create_group(self):
group_name = self._get_param("GroupName")
path = self._get_param("Path", "/")
group = iam_backend.create_group(group_name, path)
template = self.response_template(CREATE_GROUP_TEMPLATE)
return template.render(group=group)
def get_group(self):
group_name = self._get_param("GroupName")
group = iam_backend.get_group(group_name)
template = self.response_template(GET_GROUP_TEMPLATE)
return template.render(group=group)
def list_groups(self):
groups = iam_backend.list_groups()
template = self.response_template(LIST_GROUPS_TEMPLATE)
return template.render(groups=groups)
def list_groups_for_user(self):
user_name = self._get_param("UserName")
groups = iam_backend.get_groups_for_user(user_name)
template = self.response_template(LIST_GROUPS_FOR_USER_TEMPLATE)
return template.render(groups=groups)
def put_group_policy(self):
group_name = self._get_param("GroupName")
policy_name = self._get_param("PolicyName")
policy_document = self._get_param("PolicyDocument")
iam_backend.put_group_policy(group_name, policy_name, policy_document)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="PutGroupPolicyResponse")
def list_group_policies(self):
group_name = self._get_param("GroupName")
marker = self._get_param("Marker")
max_items = self._get_param("MaxItems")
policies = iam_backend.list_group_policies(
group_name, marker=marker, max_items=max_items
)
template = self.response_template(LIST_GROUP_POLICIES_TEMPLATE)
return template.render(
name="ListGroupPoliciesResponse", policies=policies, marker=marker
)
def get_group_policy(self):
group_name = self._get_param("GroupName")
policy_name = self._get_param("PolicyName")
policy_result = iam_backend.get_group_policy(group_name, policy_name)
template = self.response_template(GET_GROUP_POLICY_TEMPLATE)
return template.render(name="GetGroupPolicyResponse", **policy_result)
def delete_group(self):
group_name = self._get_param("GroupName")
iam_backend.delete_group(group_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeleteGroup")
def create_user(self):
user_name = self._get_param("UserName")
path = self._get_param("Path")
tags = self._get_multi_param("Tags.member")
user = iam_backend.create_user(user_name, path, tags)
template = self.response_template(USER_TEMPLATE)
return template.render(action="Create", user=user)
def get_user(self):
user_name = self._get_param("UserName")
if not user_name:
access_key_id = self.get_current_user()
user = iam_backend.get_user_from_access_key_id(access_key_id)
if user is None:
user = User("default_user")
else:
user = iam_backend.get_user(user_name)
template = self.response_template(USER_TEMPLATE)
return template.render(action="Get", user=user)
def list_users(self):
path_prefix = self._get_param("PathPrefix")
marker = self._get_param("Marker")
max_items = self._get_param("MaxItems")
users = iam_backend.list_users(path_prefix, marker, max_items)
template = self.response_template(LIST_USERS_TEMPLATE)
return template.render(action="List", users=users)
def update_user(self):
user_name = self._get_param("UserName")
new_path = self._get_param("NewPath")
new_user_name = self._get_param("NewUserName")
iam_backend.update_user(user_name, new_path, new_user_name)
if new_user_name:
user = iam_backend.get_user(new_user_name)
else:
user = iam_backend.get_user(user_name)
template = self.response_template(USER_TEMPLATE)
return template.render(action="Update", user=user)
def create_login_profile(self):
user_name = self._get_param("UserName")
password = self._get_param("Password")
user = iam_backend.create_login_profile(user_name, password)
template = self.response_template(CREATE_LOGIN_PROFILE_TEMPLATE)
return template.render(user=user)
def get_login_profile(self):
user_name = self._get_param("UserName")
user = iam_backend.get_login_profile(user_name)
template = self.response_template(GET_LOGIN_PROFILE_TEMPLATE)
return template.render(user=user)
def update_login_profile(self):
user_name = self._get_param("UserName")
password = self._get_param("Password")
password_reset_required = self._get_param("PasswordResetRequired")
user = iam_backend.update_login_profile(
user_name, password, password_reset_required
)
template = self.response_template(UPDATE_LOGIN_PROFILE_TEMPLATE)
return template.render(user=user)
def add_user_to_group(self):
group_name = self._get_param("GroupName")
user_name = self._get_param("UserName")
iam_backend.add_user_to_group(group_name, user_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="AddUserToGroup")
def remove_user_from_group(self):
group_name = self._get_param("GroupName")
user_name = self._get_param("UserName")
iam_backend.remove_user_from_group(group_name, user_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="RemoveUserFromGroup")
def get_user_policy(self):
user_name = self._get_param("UserName")
policy_name = self._get_param("PolicyName")
policy_document = iam_backend.get_user_policy(user_name, policy_name)
template = self.response_template(GET_USER_POLICY_TEMPLATE)
return template.render(
user_name=user_name,
policy_name=policy_name,
policy_document=policy_document.get("policy_document"),
)
def list_user_policies(self):
user_name = self._get_param("UserName")
policies = iam_backend.list_user_policies(user_name)
template = self.response_template(LIST_USER_POLICIES_TEMPLATE)
return template.render(policies=policies)
def list_user_tags(self):
user_name = self._get_param("UserName")
tags = iam_backend.list_user_tags(user_name)
template = self.response_template(LIST_USER_TAGS_TEMPLATE)
return template.render(user_tags=tags or [])
def put_user_policy(self):
user_name = self._get_param("UserName")
policy_name = self._get_param("PolicyName")
policy_document = self._get_param("PolicyDocument")
iam_backend.put_user_policy(user_name, policy_name, policy_document)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="PutUserPolicy")
def delete_user_policy(self):
user_name = self._get_param("UserName")
policy_name = self._get_param("PolicyName")
iam_backend.delete_user_policy(user_name, policy_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeleteUserPolicy")
def create_access_key(self):
user_name = self._get_param("UserName")
if not user_name:
access_key_id = self.get_current_user()
access_key = iam_backend.get_access_key_last_used(access_key_id)
user_name = access_key["user_name"]
key = iam_backend.create_access_key(user_name)
template = self.response_template(CREATE_ACCESS_KEY_TEMPLATE)
return template.render(key=key)
def update_access_key(self):
user_name = self._get_param("UserName")
access_key_id = self._get_param("AccessKeyId")
status = self._get_param("Status")
if not user_name:
access_key = iam_backend.get_access_key_last_used(access_key_id)
user_name = access_key["user_name"]
iam_backend.update_access_key(user_name, access_key_id, status)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="UpdateAccessKey")
def get_access_key_last_used(self):
access_key_id = self._get_param("AccessKeyId")
last_used_response = iam_backend.get_access_key_last_used(access_key_id)
template = self.response_template(GET_ACCESS_KEY_LAST_USED_TEMPLATE)
return template.render(
user_name=last_used_response["user_name"],
last_used=last_used_response["last_used"],
)
def list_access_keys(self):
user_name = self._get_param("UserName")
if not user_name:
access_key_id = self.get_current_user()
access_key = iam_backend.get_access_key_last_used(access_key_id)
user_name = access_key["user_name"]
keys = iam_backend.get_all_access_keys(user_name)
template = self.response_template(LIST_ACCESS_KEYS_TEMPLATE)
return template.render(user_name=user_name, keys=keys)
def delete_access_key(self):
user_name = self._get_param("UserName")
access_key_id = self._get_param("AccessKeyId")
if not user_name:
access_key = iam_backend.get_access_key_last_used(access_key_id)
user_name = access_key["user_name"]
iam_backend.delete_access_key(access_key_id, user_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeleteAccessKey")
def upload_ssh_public_key(self):
user_name = self._get_param("UserName")
ssh_public_key_body = self._get_param("SSHPublicKeyBody")
key = iam_backend.upload_ssh_public_key(user_name, ssh_public_key_body)
template = self.response_template(UPLOAD_SSH_PUBLIC_KEY_TEMPLATE)
return template.render(key=key)
def get_ssh_public_key(self):
user_name = self._get_param("UserName")
ssh_public_key_id = self._get_param("SSHPublicKeyId")
key = iam_backend.get_ssh_public_key(user_name, ssh_public_key_id)
template = self.response_template(GET_SSH_PUBLIC_KEY_TEMPLATE)
return template.render(key=key)
def list_ssh_public_keys(self):
user_name = self._get_param("UserName")
keys = iam_backend.get_all_ssh_public_keys(user_name)
template = self.response_template(LIST_SSH_PUBLIC_KEYS_TEMPLATE)
return template.render(keys=keys)
def update_ssh_public_key(self):
user_name = self._get_param("UserName")
ssh_public_key_id = self._get_param("SSHPublicKeyId")
status = self._get_param("Status")
iam_backend.update_ssh_public_key(user_name, ssh_public_key_id, status)
template = self.response_template(UPDATE_SSH_PUBLIC_KEY_TEMPLATE)
return template.render()
def delete_ssh_public_key(self):
user_name = self._get_param("UserName")
ssh_public_key_id = self._get_param("SSHPublicKeyId")
iam_backend.delete_ssh_public_key(user_name, ssh_public_key_id)
template = self.response_template(DELETE_SSH_PUBLIC_KEY_TEMPLATE)
return template.render()
def deactivate_mfa_device(self):
user_name = self._get_param("UserName")
serial_number = self._get_param("SerialNumber")
iam_backend.deactivate_mfa_device(user_name, serial_number)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeactivateMFADevice")
def enable_mfa_device(self):
user_name = self._get_param("UserName")
serial_number = self._get_param("SerialNumber")
authentication_code_1 = self._get_param("AuthenticationCode1")
authentication_code_2 = self._get_param("AuthenticationCode2")
iam_backend.enable_mfa_device(
user_name, serial_number, authentication_code_1, authentication_code_2
)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="EnableMFADevice")
def list_mfa_devices(self):
user_name = self._get_param("UserName")
devices = iam_backend.list_mfa_devices(user_name)
template = self.response_template(LIST_MFA_DEVICES_TEMPLATE)
return template.render(user_name=user_name, devices=devices)
def create_virtual_mfa_device(self):
path = self._get_param("Path")
virtual_mfa_device_name = self._get_param("VirtualMFADeviceName")
virtual_mfa_device = iam_backend.create_virtual_mfa_device(
virtual_mfa_device_name, path
)
template = self.response_template(CREATE_VIRTUAL_MFA_DEVICE_TEMPLATE)
return template.render(device=virtual_mfa_device)
def delete_virtual_mfa_device(self):
serial_number = self._get_param("SerialNumber")
iam_backend.delete_virtual_mfa_device(serial_number)
template = self.response_template(DELETE_VIRTUAL_MFA_DEVICE_TEMPLATE)
return template.render()
def list_virtual_mfa_devices(self):
assignment_status = self._get_param("AssignmentStatus", "Any")
marker = self._get_param("Marker")
max_items = self._get_param("MaxItems", 100)
devices, marker = iam_backend.list_virtual_mfa_devices(
assignment_status, marker, max_items
)
template = self.response_template(LIST_VIRTUAL_MFA_DEVICES_TEMPLATE)
return template.render(devices=devices, marker=marker)
def delete_user(self):
user_name = self._get_param("UserName")
iam_backend.delete_user(user_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeleteUser")
def delete_policy(self):
policy_arn = self._get_param("PolicyArn")
iam_backend.delete_policy(policy_arn)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeletePolicy")
def delete_login_profile(self):
user_name = self._get_param("UserName")
iam_backend.delete_login_profile(user_name)
template = self.response_template(GENERIC_EMPTY_TEMPLATE)
return template.render(name="DeleteLoginProfile")
def generate_credential_report(self):
if iam_backend.report_generated():
template = self.response_template(CREDENTIAL_REPORT_GENERATED)
else:
template = self.response_template(CREDENTIAL_REPORT_GENERATING)
iam_backend.generate_report()
return template.render()
def get_credential_report(self):
report = iam_backend.get_credential_report()
template = self.response_template(CREDENTIAL_REPORT)
return template.render(report=report)
def list_account_aliases(self):
aliases = iam_backend.list_account_aliases()
template = self.response_template(LIST_ACCOUNT_ALIASES_TEMPLATE)
return template.render(aliases=aliases)
def create_account_alias(self):
alias = self._get_param("AccountAlias")
iam_backend.create_account_alias(alias)
template = self.response_template(CREATE_ACCOUNT_ALIAS_TEMPLATE)
return template.render()
def delete_account_alias(self):
alias = self._get_param("AccountAlias")
iam_backend.delete_account_alias(alias)
template = self.response_template(DELETE_ACCOUNT_ALIAS_TEMPLATE)
return template.render()
def get_account_authorization_details(self):
filter_param = self._get_multi_param("Filter.member")
account_details = iam_backend.get_account_authorization_details(filter_param)
template = self.response_template(GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE)
return template.render(
instance_profiles=account_details["instance_profiles"],
policies=account_details["managed_policies"],
users=account_details["users"],
groups=account_details["groups"],
roles=account_details["roles"],
get_groups_for_user=iam_backend.get_groups_for_user,
)
def create_saml_provider(self):
saml_provider_name = self._get_param("Name")
saml_metadata_document = self._get_param("SAMLMetadataDocument")
saml_provider = iam_backend.create_saml_provider(
saml_provider_name, saml_metadata_document
)
template = self.response_template(CREATE_SAML_PROVIDER_TEMPLATE)
return template.render(saml_provider=saml_provider)
def update_saml_provider(self):
saml_provider_arn = self._get_param("SAMLProviderArn")
saml_metadata_document = self._get_param("SAMLMetadataDocument")
saml_provider = iam_backend.update_saml_provider(
saml_provider_arn, saml_metadata_document
)
template = self.response_template(UPDATE_SAML_PROVIDER_TEMPLATE)
return template.render(saml_provider=saml_provider)
def delete_saml_provider(self):
saml_provider_arn = self._get_param("SAMLProviderArn")
iam_backend.delete_saml_provider(saml_provider_arn)
template = self.response_template(DELETE_SAML_PROVIDER_TEMPLATE)
return template.render()
def list_saml_providers(self):
saml_providers = iam_backend.list_saml_providers()
template = self.response_template(LIST_SAML_PROVIDERS_TEMPLATE)
return template.render(saml_providers=saml_providers)
def get_saml_provider(self):
saml_provider_arn = self._get_param("SAMLProviderArn")
saml_provider = iam_backend.get_saml_provider(saml_provider_arn)
template = self.response_template(GET_SAML_PROVIDER_TEMPLATE)
return template.render(saml_provider=saml_provider)
def upload_signing_certificate(self):
user_name = self._get_param("UserName")
cert_body = self._get_param("CertificateBody")
cert = iam_backend.upload_signing_certificate(user_name, cert_body)
template = self.response_template(UPLOAD_SIGNING_CERTIFICATE_TEMPLATE)
return template.render(cert=cert)
def update_signing_certificate(self):
user_name = self._get_param("UserName")
cert_id = self._get_param("CertificateId")
status = self._get_param("Status")
iam_backend.update_signing_certificate(user_name, cert_id, status)
template = self.response_template(UPDATE_SIGNING_CERTIFICATE_TEMPLATE)
return template.render()
def delete_signing_certificate(self):
user_name = self._get_param("UserName")
cert_id = self._get_param("CertificateId")
iam_backend.delete_signing_certificate(user_name, cert_id)
template = self.response_template(DELETE_SIGNING_CERTIFICATE_TEMPLATE)
return template.render()
def list_signing_certificates(self):
user_name = self._get_param("UserName")
certs = iam_backend.list_signing_certificates(user_name)
template = self.response_template(LIST_SIGNING_CERTIFICATES_TEMPLATE)
return template.render(user_name=user_name, certificates=certs)
def list_role_tags(self):
role_name = self._get_param("RoleName")
marker = self._get_param("Marker")
max_items = self._get_param("MaxItems", 100)
tags, marker = iam_backend.list_role_tags(role_name, marker, max_items)
template = self.response_template(LIST_ROLE_TAG_TEMPLATE)
return template.render(tags=tags, marker=marker)
def tag_role(self):
role_name = self._get_param("RoleName")
tags = self._get_multi_param("Tags.member")
iam_backend.tag_role(role_name, tags)
template = self.response_template(TAG_ROLE_TEMPLATE)
return template.render()
def untag_role(self):
role_name = self._get_param("RoleName")
tag_keys = self._get_multi_param("TagKeys.member")
iam_backend.untag_role(role_name, tag_keys)
template = self.response_template(UNTAG_ROLE_TEMPLATE)
return template.render()
def create_open_id_connect_provider(self):
open_id_provider_url = self._get_param("Url")
thumbprint_list = self._get_multi_param("ThumbprintList.member")
client_id_list = self._get_multi_param("ClientIDList.member")
open_id_provider = iam_backend.create_open_id_connect_provider(
open_id_provider_url, thumbprint_list, client_id_list
)
template = self.response_template(CREATE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE)
return template.render(open_id_provider=open_id_provider)
def delete_open_id_connect_provider(self):
open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
iam_backend.delete_open_id_connect_provider(open_id_provider_arn)
template = self.response_template(DELETE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE)
return template.render()
def get_open_id_connect_provider(self):
open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
open_id_provider = iam_backend.get_open_id_connect_provider(
open_id_provider_arn
)
template = self.response_template(GET_OPEN_ID_CONNECT_PROVIDER_TEMPLATE)
return template.render(open_id_provider=open_id_provider)
def list_open_id_connect_providers(self):
open_id_provider_arns = iam_backend.list_open_id_connect_providers()
template = self.response_template(LIST_OPEN_ID_CONNECT_PROVIDERS_TEMPLATE)
return template.render(open_id_provider_arns=open_id_provider_arns)
def update_account_password_policy(self):
allow_change_password = self._get_bool_param(
"AllowUsersToChangePassword", False
)
hard_expiry = self._get_bool_param("HardExpiry")
max_password_age = self._get_int_param("MaxPasswordAge")
minimum_password_length = self._get_int_param("MinimumPasswordLength", 6)
password_reuse_prevention = self._get_int_param("PasswordReusePrevention")
require_lowercase_characters = self._get_bool_param(
"RequireLowercaseCharacters", False
)
require_numbers = self._get_bool_param("RequireNumbers", False)
require_symbols = self._get_bool_param("RequireSymbols", False)
require_uppercase_characters = self._get_bool_param(
"RequireUppercaseCharacters", False
)
iam_backend.update_account_password_policy(
allow_change_password,
hard_expiry,
max_password_age,
minimum_password_length,
password_reuse_prevention,
require_lowercase_characters,
require_numbers,
require_symbols,
require_uppercase_characters,
)
template = self.response_template(UPDATE_ACCOUNT_PASSWORD_POLICY_TEMPLATE)
return template.render()
def get_account_password_policy(self):
account_password_policy = iam_backend.get_account_password_policy()
template = self.response_template(GET_ACCOUNT_PASSWORD_POLICY_TEMPLATE)
return template.render(password_policy=account_password_policy)
def delete_account_password_policy(self):
iam_backend.delete_account_password_policy()
template = self.response_template(DELETE_ACCOUNT_PASSWORD_POLICY_TEMPLATE)
return template.render()
def get_account_summary(self):
account_summary = iam_backend.get_account_summary()
template = self.response_template(GET_ACCOUNT_SUMMARY_TEMPLATE)
return template.render(summary_map=account_summary.summary_map)
LIST_ENTITIES_FOR_POLICY_TEMPLATE = """
{% for role in roles %}
{{ role }}
{% endfor %}
{% for group in groups %}
{{ group }}
{% endfor %}
false
{% for user in users %}
{{ user }}
{% endfor %}
eb358e22-9d1f-11e4-93eb-190ecEXAMPLE
"""
ATTACH_ROLE_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
DETACH_ROLE_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
ATTACH_USER_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
DETACH_USER_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
ATTACH_GROUP_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
DETACH_GROUP_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREATE_POLICY_TEMPLATE = """
{{ policy.arn }}
{{ policy.attachment_count }}
{{ policy.created_iso_8601 }}
{{ policy.default_version_id }}
{{ policy.path }}
{{ policy.id }}
{{ policy.name }}
{{ policy.updated_iso_8601 }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_POLICY_TEMPLATE = """
{{ policy.name }}
{{ policy.description }}
{{ policy.default_version_id }}
{{ policy.id }}
{{ policy.path }}
{{ policy.arn }}
{{ policy.attachment_count }}
{{ policy.created_iso_8601 }}
{{ policy.updated_iso_8601 }}
684f0917-3d22-11e4-a4a0-cffb9EXAMPLE
"""
LIST_ATTACHED_ROLE_POLICIES_TEMPLATE = """
{% if marker is none %}
false
{% else %}
true
{{ marker }}
{% endif %}
{% for policy in policies %}
{{ policy.name }}
{{ policy.arn }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_ATTACHED_GROUP_POLICIES_TEMPLATE = """
{% if marker is none %}
false
{% else %}
true
{{ marker }}
{% endif %}
{% for policy in policies %}
{{ policy.name }}
{{ policy.arn }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_ATTACHED_USER_POLICIES_TEMPLATE = """
{% if marker is none %}
false
{% else %}
true
{{ marker }}
{% endif %}
{% for policy in policies %}
{{ policy.name }}
{{ policy.arn }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_POLICIES_TEMPLATE = """
{% if marker is none %}
false
{% else %}
true
{{ marker }}
{% endif %}
{% for policy in policies %}
{{ policy.arn }}
{{ policy.attachment_count }}
{{ policy.created_iso_8601 }}
{{ policy.default_version_id }}
{{ policy.path }}
{{ policy.id }}
{{ policy.name }}
{{ policy.updated_iso_8601 }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GENERIC_EMPTY_TEMPLATE = """<{{ name }}Response>
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREATE_INSTANCE_PROFILE_TEMPLATE = """
{{ profile.id }}
{{ profile.name }}
{{ profile.path }}
{{ profile.arn }}
{{ profile.created_iso_8601 }}
974142ee-99f1-11e1-a4c3-27EXAMPLE804
"""
DELETE_INSTANCE_PROFILE_TEMPLATE = """
786dff92-6cfd-4fa4-b1eb-27EXAMPLE804
"""
GET_INSTANCE_PROFILE_TEMPLATE = """
{{ profile.id }}
{% for role in profile.roles %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% endfor %}
{{ profile.name }}
{{ profile.path }}
{{ profile.arn }}
{{ profile.created_iso_8601 }}
37289fda-99f2-11e1-a4c3-27EXAMPLE804
"""
CREATE_ROLE_TEMPLATE = """
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{% if role.description %}
{{role.description}}
{% endif %}
{{ role.created_iso_8601 }}
{{ role.id }}
{{ role.max_session_duration }}
{% if role.permissions_boundary %}
PermissionsBoundaryPolicy
{{ role.permissions_boundary }}
{% endif %}
{% if role.tags %}
{% for tag in role.get_tags() %}
{{ tag['Key'] }}
{{ tag['Value'] }}
{% endfor %}
{% endif %}
4a93ceee-9966-11e1-b624-b1aEXAMPLE7c
"""
GET_ROLE_POLICY_TEMPLATE = """
{{ policy_name }}
{{ role_name }}
{{ policy_document }}
7e7cd8bc-99ef-11e1-a4c3-27EXAMPLE804
"""
UPDATE_ROLE_TEMPLATE = """
df37e965-9967-11e1-a4c3-270EXAMPLE04
"""
UPDATE_ROLE_DESCRIPTION_TEMPLATE = """
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{role.description}}
{{ role.created_iso_8601 }}
{{ role.id }}
{{ role.max_session_duration }}
{% if role.tags %}
{% for tag in role.get_tags() %}
{{ tag['Key'] }}
{{ tag['Value'] }}
{% endfor %}
{% endif %}
df37e965-9967-11e1-a4c3-270EXAMPLE04
"""
GET_ROLE_TEMPLATE = """
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{% if role.description %}
{{role.description}}
{% endif %}
{{ role.created_iso_8601 }}
{{ role.id }}
{{ role.max_session_duration }}
{% if role.tags %}
{% for tag in role.get_tags() %}
{{ tag['Key'] }}
{{ tag['Value'] }}
{% endfor %}
{% endif %}
df37e965-9967-11e1-a4c3-270EXAMPLE04
"""
ADD_ROLE_TO_INSTANCE_PROFILE_TEMPLATE = """
12657608-99f2-11e1-a4c3-27EXAMPLE804
"""
REMOVE_ROLE_FROM_INSTANCE_PROFILE_TEMPLATE = """
12657608-99f2-11e1-a4c3-27EXAMPLE804
"""
LIST_ROLES_TEMPLATE = """
false
{% for role in roles %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% if role.permissions_boundary %}
PermissionsBoundaryPolicy
{{ role.permissions_boundary }}
{% endif %}
{% endfor %}
20f7279f-99ee-11e1-a4c3-27EXAMPLE804
"""
LIST_ROLE_POLICIES = """
{% for policy_name in role_policies %}
{{ policy_name }}
{% endfor %}
false
8c7e1816-99f0-11e1-a4c3-27EXAMPLE804
"""
CREATE_POLICY_VERSION_TEMPLATE = """
{{ policy_version.document }}
{{ policy_version.version_id }}
{{ policy_version.is_default | lower }}
{{ policy_version.created_iso_8601 }}
20f7279f-99ee-11e1-a4c3-27EXAMPLE804
"""
GET_POLICY_VERSION_TEMPLATE = """
{{ policy_version.document }}
{{ policy_version.version_id }}
{{ policy_version.is_default | lower }}
{{ policy_version.created_iso_8601 }}
20f7279f-99ee-11e1-a4c3-27EXAMPLE804
"""
LIST_POLICY_VERSIONS_TEMPLATE = """
false
{% for policy_version in policy_versions %}
{{ policy_version.document }}
{{ policy_version.version_id }}
{{ policy_version.is_default | lower }}
{{ policy_version.created_iso_8601 }}
{% endfor %}
20f7279f-99ee-11e1-a4c3-27EXAMPLE804
"""
LIST_INSTANCE_PROFILES_TEMPLATE = """
false
{% for instance in instance_profiles %}
{{ instance.id }}
{% for role in instance.roles %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% endfor %}
{{ instance.name }}
{{ instance.path }}
{{ instance.arn }}
{{ instance.created_iso_8601 }}
{% endfor %}
fd74fa8d-99f3-11e1-a4c3-27EXAMPLE804
"""
UPLOAD_CERT_TEMPLATE = """
{{ certificate.cert_name }}
{% if certificate.path %}
{{ certificate.path }}
{% endif %}
{{ certificate.arn }}
2010-05-08T01:02:03.004Z
ASCACKCEVSQ6C2EXAMPLE
2012-05-08T01:02:03.004Z
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_SERVER_CERTIFICATES_TEMPLATE = """
false
{% for certificate in server_certificates %}
{{ certificate.cert_name }}
{% if certificate.path %}
{{ certificate.path }}
{% endif %}
{{ certificate.arn }}
2010-05-08T01:02:03.004Z
ASCACKCEVSQ6C2EXAMPLE
2012-05-08T01:02:03.004Z
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_SERVER_CERTIFICATE_TEMPLATE = """
{{ certificate.cert_name }}
{% if certificate.path %}
{{ certificate.path }}
{% endif %}
{{ certificate.arn }}
2010-05-08T01:02:03.004Z
ASCACKCEVSQ6C2EXAMPLE
2012-05-08T01:02:03.004Z
{{ certificate.cert_body }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREATE_GROUP_TEMPLATE = """
{{ group.path }}
{{ group.name }}
{{ group.id }}
{{ group.arn }}
{{ group.created_iso_8601 }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_GROUP_TEMPLATE = """
{{ group.path }}
{{ group.name }}
{{ group.id }}
{{ group.arn }}
{{ group.created_iso_8601 }}
{% for user in group.users %}
{{ user.path }}
{{ user.name }}
{{ user.id }}
{{ user.arn }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_GROUPS_TEMPLATE = """
{% for group in groups %}
{{ group.path }}
{{ group.name }}
{{ group.id }}
{{ group.arn }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_GROUPS_FOR_USER_TEMPLATE = """
{% for group in groups %}
{{ group.path }}
{{ group.name }}
{{ group.id }}
{{ group.arn }}
{{ group.created_iso_8601 }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_GROUP_POLICIES_TEMPLATE = """
{% if marker is none %}
false
{% else %}
true
{{ marker }}
{% endif %}
{% for policy in policies %}
{{ policy }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_GROUP_POLICY_TEMPLATE = """
{{ policy_name }}
{{ group_name }}
{{ policy_document }}
7e7cd8bc-99ef-11e1-a4c3-27EXAMPLE804
"""
USER_TEMPLATE = """<{{ action }}UserResponse>
<{{ action }}UserResult>
{{ user.path }}
{{ user.name }}
{{ user.id }}
{{ user.created_iso_8601 }}
{{ user.arn }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_USERS_TEMPLATE = """<{{ action }}UsersResponse>
<{{ action }}UsersResult>
{% for user in users %}
{{ user.id }}
{{ user.path }}
{{ user.name }}
{{ user.created_iso_8601 }}
{{ user.arn }}
{% endfor %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREATE_LOGIN_PROFILE_TEMPLATE = """
{{ user.name }}
{{ user.created_iso_8601 }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_LOGIN_PROFILE_TEMPLATE = """
{{ user.name }}
{{ user.created_iso_8601 }}
{% if user.password_reset_required %}
true
{% endif %}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
UPDATE_LOGIN_PROFILE_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_USER_POLICY_TEMPLATE = """
{{ user_name }}
{{ policy_name }}
{{ policy_document }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_USER_POLICIES_TEMPLATE = """
{% for policy in policies %}
{{ policy }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_USER_TAGS_TEMPLATE = """
{% for tag in user_tags %}
-
{{ tag.Key }}
{{ tag.Value }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREATE_ACCESS_KEY_TEMPLATE = """
{{ key.user_name }}
{{ key.access_key_id }}
{{ key.status }}
{{ key.secret_access_key }}
{{ key.created_iso_8601 }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_ACCESS_KEYS_TEMPLATE = """
{{ user_name }}
{% for key in keys %}
{{ user_name }}
{{ key.access_key_id }}
{{ key.status }}
{{ key.created_iso_8601 }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_ACCESS_KEY_LAST_USED_TEMPLATE = """
{{ user_name }}
{% if last_used %}
{{ last_used }}
{% endif %}
N/A
N/A
"""
UPLOAD_SSH_PUBLIC_KEY_TEMPLATE = """
{{ key.user_name }}
{{ key.ssh_public_key_body }}
{{ key.ssh_public_key_id }}
{{ key.fingerprint }}
{{ key.status }}
{{ key.uploaded_iso_8601 }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_SSH_PUBLIC_KEY_TEMPLATE = """
{{ key.user_name }}
{{ key.ssh_public_key_body }}
{{ key.ssh_public_key_id }}
{{ key.fingerprint }}
{{ key.status }}
{{ key.uploaded_iso_8601 }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_SSH_PUBLIC_KEYS_TEMPLATE = """
{% for key in keys %}
{{ key.user_name }}
{{ key.ssh_public_key_id }}
{{ key.status }}
{{ key.uploaded_iso_8601 }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
UPDATE_SSH_PUBLIC_KEY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
DELETE_SSH_PUBLIC_KEY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREDENTIAL_REPORT_GENERATING = """
STARTED
No report exists. Starting a new report generation task
fa788a82-aa8a-11e4-a278-1786c418872b"
"""
CREDENTIAL_REPORT_GENERATED = """
COMPLETE
fa788a82-aa8a-11e4-a278-1786c418872b"
"""
CREDENTIAL_REPORT = """
{{ report }}
2015-02-02T20:02:02Z
text/csv
fa788a82-aa8a-11e4-a278-1786c418872b"
"""
LIST_INSTANCE_PROFILES_FOR_ROLE_TEMPLATE = """
false
{% for profile in instance_profiles %}
{{ profile.id }}
{% for role in profile.roles %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% endfor %}
{{ profile.name }}
{{ profile.path }}
{{ profile.arn }}
{{ profile.created_iso_8601 }}
{% endfor %}
6a8c3992-99f4-11e1-a4c3-27EXAMPLE804
"""
LIST_MFA_DEVICES_TEMPLATE = """
{% for device in devices %}
{{ user_name }}
{{ device.serial_number }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
CREATE_VIRTUAL_MFA_DEVICE_TEMPLATE = """
{{ device.serial_number }}
{{ device.base32_string_seed }}
{{ device.qr_code_png }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
DELETE_VIRTUAL_MFA_DEVICE_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_VIRTUAL_MFA_DEVICES_TEMPLATE = """
{% if marker is none %}
false
{% else %}
true
{{ marker }}
{% endif %}
{% for device in devices %}
{{ device.serial_number }}
{% if device.enable_date %}
{{ device.enabled_iso_8601 }}
{% endif %}
{% if device.user %}
{{ device.user.path }}
{{ device.user.name }}
{{ device.user.id }}
{{ device.user.created_iso_8601 }}
{{ device.user.arn }}
{% endif %}
{% endfor %}
b61ce1b1-0401-11e1-b2f8-2dEXAMPLEbfc
"""
LIST_ACCOUNT_ALIASES_TEMPLATE = """
false
{% for alias in aliases %}
{{ alias }}
{% endfor %}
c5a076e9-f1b0-11df-8fbe-45274EXAMPLE
"""
CREATE_ACCOUNT_ALIAS_TEMPLATE = """
36b5db08-f1b0-11df-8fbe-45274EXAMPLE
"""
DELETE_ACCOUNT_ALIAS_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_GROUPS_FOR_USER_TEMPLATE = """
{% for group in groups %}
{{ group.path }}
{{ group.name }}
{{ group.id }}
{{ group.arn }}
{{ group.created_iso_8601 }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """
false
{% for user in users %}
{% for group in get_groups_for_user(user.name) %}
{{ group.name }}
{% endfor %}
{% for policy in user.managed_policies %}
{{ user.managed_policies[policy].name }}
{{ policy }}
{% endfor %}
{{ user.id }}
{{ user.path }}
{{ user.name }}
{{ user.arn }}
{{ user.created_iso_8601 }}
{% if user.policies %}
{% for policy in user.policies %}
{{ policy }}
{{ user.policies[policy] }}
{% endfor %}
{% endif %}
{% endfor %}
{% for group in groups %}
{{ group.id }}
{% for policy_arn in group.managed_policies %}
{{ group.managed_policies[policy_arn].name }}
{{ policy_arn }}
{% endfor %}
{{ group.name }}
{{ group.path }}
{{ group.arn }}
{{ group.created_iso_8601 }}
{% for policy in group.policies %}
{{ policy }}
{{ group.policies[policy] }}
{% endfor %}
{% endfor %}
{% for role in roles %}
{% for inline_policy in role.policies %}
{{ inline_policy }}
{{ role.policies[inline_policy] }}
{% endfor %}
{% for policy_arn in role.managed_policies %}
{{ role.managed_policies[policy_arn].name }}
{{ policy_arn }}
{% endfor %}
{% for tag in role.get_tags() %}
{{ tag['Key'] }}
{{ tag['Value'] }}
{% endfor %}
{% for profile in instance_profiles %}
{{ profile.id }}
{% for role in profile.roles %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{role.description}}
{{ role.created_iso_8601 }}
{{ role.id }}
{% if role.permissions_boundary %}
PermissionsBoundaryPolicy
{{ role.permissions_boundary }}
{% endif %}
{% endfor %}
{{ profile.name }}
{{ profile.path }}
{{ profile.arn }}
{{ profile.created_iso_8601 }}
{% endfor %}
{{ role.path }}
{{ role.arn }}
{{ role.name }}
{{ role.assume_role_policy_document }}
{{ role.created_iso_8601 }}
{{ role.id }}
{% endfor %}
{% for policy in policies %}
{{ policy.name }}
{{ policy.default_version_id }}
{{ policy.id }}
{{ policy.path }}
{% for policy_version in policy.versions %}
{{ policy_version.document }}
{{ policy_version.is_default | lower }}
{{ policy_version.version_id }}
{{ policy_version.created_iso_8601 }}
{% endfor %}
{{ policy.arn }}
1
{{ policy.created_iso_8601 }}
true
{{ policy.updated_iso_8601 }}
{% endfor %}
92e79ae7-7399-11e4-8c85-4b53eEXAMPLE
"""
CREATE_SAML_PROVIDER_TEMPLATE = """
{{ saml_provider.arn }}
29f47818-99f5-11e1-a4c3-27EXAMPLE804
"""
LIST_SAML_PROVIDERS_TEMPLATE = """
{% for saml_provider in saml_providers %}
{{ saml_provider.arn }}
2032-05-09T16:27:11Z
2012-05-09T16:27:03Z
{% endfor %}
fd74fa8d-99f3-11e1-a4c3-27EXAMPLE804
"""
GET_SAML_PROVIDER_TEMPLATE = """
2012-05-09T16:27:11Z
2015-12-31T21:59:59Z
{{ saml_provider.saml_metadata_document }}
29f47818-99f5-11e1-a4c3-27EXAMPLE804
"""
DELETE_SAML_PROVIDER_TEMPLATE = """
c749ee7f-99ef-11e1-a4c3-27EXAMPLE804
"""
UPDATE_SAML_PROVIDER_TEMPLATE = """
{{ saml_provider.arn }}
29f47818-99f5-11e1-a4c3-27EXAMPLE804
"""
UPLOAD_SIGNING_CERTIFICATE_TEMPLATE = """
{{ cert.user_name }}
{{ cert.id }}
{{ cert.body }}
{{ cert.status }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
UPDATE_SIGNING_CERTIFICATE_TEMPLATE = """
EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE
"""
DELETE_SIGNING_CERTIFICATE_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
LIST_SIGNING_CERTIFICATES_TEMPLATE = """
{{ user_name }}
{% for cert in certificates %}
{{ user_name }}
{{ cert.id }}
{{ cert.body }}
{{ cert.status }}
{% endfor %}
false
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
TAG_ROLE_TEMPLATE = """
EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE
"""
LIST_ROLE_TAG_TEMPLATE = """
{{ 'true' if marker else 'false' }}
{% if marker %}
{{ marker }}
{% endif %}
{% for tag in tags %}
{{ tag['Key'] }}
{{ tag['Value'] }}
{% endfor %}
EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE
"""
UNTAG_ROLE_TEMPLATE = """
EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE
"""
CREATE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """
{{ open_id_provider.arn }}
f248366a-4f64-11e4-aefa-bfd6aEXAMPLE
"""
DELETE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """
b5e49e29-4f64-11e4-aefa-bfd6aEXAMPLE
"""
GET_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """
{% for thumbprint in open_id_provider.thumbprint_list %}
{{ thumbprint }}
{% endfor %}
{{ open_id_provider.created_iso_8601 }}
{% for client_id in open_id_provider.client_id_list %}
{{ client_id }}
{% endfor %}
{{ open_id_provider.url }}
2c91531b-4f65-11e4-aefa-bfd6aEXAMPLE
"""
LIST_OPEN_ID_CONNECT_PROVIDERS_TEMPLATE = """
{% for open_id_provider_arn in open_id_provider_arns %}
{{ open_id_provider_arn }}
{% endfor %}
de2c0228-4f63-11e4-aefa-bfd6aEXAMPLE
"""
UPDATE_ACCOUNT_PASSWORD_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_ACCOUNT_PASSWORD_POLICY_TEMPLATE = """
{{ password_policy.allow_users_to_change_password | lower }}
{{ password_policy.expire_passwords | lower }}
{% if password_policy.hard_expiry %}
{{ password_policy.hard_expiry | lower }}
{% endif %}
{% if password_policy.max_password_age %}
{{ password_policy.max_password_age }}
{% endif %}
{{ password_policy.minimum_password_length }}
{% if password_policy.password_reuse_prevention %}
{{ password_policy.password_reuse_prevention }}
{% endif %}
{{ password_policy.require_lowercase_characters | lower }}
{{ password_policy.require_numbers | lower }}
{{ password_policy.require_symbols | lower }}
{{ password_policy.require_uppercase_characters | lower }}
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
DELETE_ACCOUNT_PASSWORD_POLICY_TEMPLATE = """
7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
"""
GET_ACCOUNT_SUMMARY_TEMPLATE = """
{% for key, value in summary_map.items() %}
{{ key }}
{{ value }}
{% endfor %}
85cb9b90-ac28-11e4-a88d-97964EXAMPLE
"""