# Copyright 2009-2015 Eucalyptus Systems, Inc. # # Redistribution and use of this software in source and binary forms, # with or without modification, are permitted provided that the following # conditions are met: # # Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # # Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. import argparse from requestbuilder import Arg from euca2ools.commands.iam import IAMRequest, AS_ACCOUNT, arg_user from euca2ools.commands.iam.deleteaccesskey import DeleteAccessKey from euca2ools.commands.iam.deleteloginprofile import DeleteLoginProfile from euca2ools.commands.iam.deletesigningcertificate import \ DeleteSigningCertificate from euca2ools.commands.iam.deleteuserpolicy import DeleteUserPolicy from euca2ools.commands.iam.getloginprofile import GetLoginProfile from euca2ools.commands.iam.listaccesskeys import ListAccessKeys from euca2ools.commands.iam.listgroupsforuser import ListGroupsForUser from euca2ools.commands.iam.listsigningcertificates import \ ListSigningCertificates from euca2ools.commands.iam.listuserpolicies import ListUserPolicies from euca2ools.commands.iam.removeuserfromgroup import RemoveUserFromGroup from euca2ools.exceptions import AWSError class DeleteUser(IAMRequest): DESCRIPTION = 'Delete a user' ARGS = [arg_user(help='name of the user to delete (required)'), Arg('-r', '--recursive', action='store_true', route_to=None, help='''remove all IAM resources associated with the user first'''), Arg('-R', '--recursive-euca', dest='IsRecursive', action='store_const', const='true', help=argparse.SUPPRESS), Arg('-p', '--pretend', action='store_true', route_to=None, help='''list the resources that would be deleted instead of actually deleting them. Implies -r.'''), AS_ACCOUNT] def main(self): if self.args['recursive'] or self.args['pretend']: # Figure out what we'd have to delete req = ListAccessKeys.from_other( self, UserName=self.args['UserName'], DelegateAccount=self.params['DelegateAccount']) keys = req.main().get('AccessKeyMetadata', []) req = ListUserPolicies.from_other( self, UserName=self.args['UserName'], DelegateAccount=self.params['DelegateAccount']) policies = req.main().get('PolicyNames', []) req = ListSigningCertificates.from_other( self, UserName=self.args['UserName'], DelegateAccount=self.params['DelegateAccount']) certs = req.main().get('Certificates', []) req = ListGroupsForUser.from_other( self, UserName=self.args['UserName'], DelegateAccount=self.params['DelegateAccount']) groups = req.main().get('Groups', []) req = GetLoginProfile.from_other( self, UserName=self.args['UserName'], DelegateAccount=self.params['DelegateAccount']) try: # This will raise an exception if no login profile is found. req.main() has_login_profile = True except AWSError as err: if err.code == 'NoSuchEntity': # It doesn't exist has_login_profile = False else: # Something else went wrong; not our problem raise else: # Just in case keys = [] policies = [] certs = [] groups = [] has_login_profile = False if self.args['pretend']: return {'keys': keys, 'policies': policies, 'certificates': certs, 'groups': groups, 'has_login_profile': has_login_profile} else: if self.args['recursive']: for key in keys: req = DeleteAccessKey.from_other( self, UserName=self.args['UserName'], AccessKeyId=key['AccessKeyId'], DelegateAccount=self.params['DelegateAccount']) req.main() for policy in policies: req = DeleteUserPolicy.from_other( self, UserName=self.args['UserName'], PolicyName=policy, DelegateAccount=self.params['DelegateAccount']) req.main() for cert in certs: req = DeleteSigningCertificate.from_other( self, UserName=self.args['UserName'], CertificateId=cert['CertificateId'], DelegateAccount=self.params['DelegateAccount']) req.main() for group in groups: req = RemoveUserFromGroup.from_other( self, user_names=[self.args['UserName']], GroupName=group['GroupName'], DelegateAccount=self.params['DelegateAccount']) req.main() if has_login_profile: req = DeleteLoginProfile.from_other( self, UserName=self.args['UserName'], DelegateAccount=self.params['DelegateAccount']) req.main() return self.send() def print_result(self, result): if self.args['pretend']: print 'accesskeys' for key in result['keys']: print '\t' + key['AccessKeyId'] print 'policies' for policy in result['policies']: print '\t' + policy print 'certificates' for cert in result['certificates']: print '\t' + cert['CertificateId'] print 'groups' for group in result['groups']: print '\t' + group['Arn']