Mercurial > repos > shellac > guppy_basecaller
diff env/lib/python3.7/site-packages/boto/iam/connection.py @ 5:9b1c78e6ba9c draft default tip
"planemo upload commit 6c0a8142489327ece472c84e558c47da711a9142"
| author | shellac |
|---|---|
| date | Mon, 01 Jun 2020 08:59:25 -0400 |
| parents | 79f47841a781 |
| children |
line wrap: on
line diff
--- a/env/lib/python3.7/site-packages/boto/iam/connection.py Thu May 14 16:47:39 2020 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1932 +0,0 @@ -# Copyright (c) 2010-2011 Mitch Garnaat http://garnaat.org/ -# Copyright (c) 2010-2011, Eucalyptus Systems, Inc. -# -# Permission is hereby granted, free of charge, to any person obtaining a -# copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, dis- -# tribute, sublicense, and/or sell copies of the Software, and to permit -# persons to whom the Software is furnished to do so, subject to the fol- -# lowing conditions: -# -# The above copyright notice and this permission notice shall be included -# in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- -# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT -# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, -# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. -import boto -import boto.jsonresponse -from boto.compat import json, six -from boto.resultset import ResultSet -from boto.iam.summarymap import SummaryMap -from boto.connection import AWSQueryConnection - -DEFAULT_POLICY_DOCUMENTS = { - 'default': { - 'Statement': [ - { - 'Principal': { - 'Service': ['ec2.amazonaws.com'] - }, - 'Effect': 'Allow', - 'Action': ['sts:AssumeRole'] - } - ] - }, - 'amazonaws.com.cn': { - 'Statement': [ - { - 'Principal': { - 'Service': ['ec2.amazonaws.com.cn'] - }, - 'Effect': 'Allow', - 'Action': ['sts:AssumeRole'] - } - ] - }, -} -# For backward-compatibility, we'll preserve this here. -ASSUME_ROLE_POLICY_DOCUMENT = json.dumps(DEFAULT_POLICY_DOCUMENTS['default']) - - -class IAMConnection(AWSQueryConnection): - - APIVersion = '2010-05-08' - - def __init__(self, aws_access_key_id=None, aws_secret_access_key=None, - is_secure=True, port=None, proxy=None, proxy_port=None, - proxy_user=None, proxy_pass=None, host='iam.amazonaws.com', - debug=0, https_connection_factory=None, path='/', - security_token=None, validate_certs=True, profile_name=None): - super(IAMConnection, self).__init__(aws_access_key_id, - aws_secret_access_key, - is_secure, port, proxy, - proxy_port, proxy_user, proxy_pass, - host, debug, https_connection_factory, - path, security_token, - validate_certs=validate_certs, - profile_name=profile_name) - - def _required_auth_capability(self): - return ['hmac-v4'] - - def get_response(self, action, params, path='/', parent=None, - verb='POST', list_marker='Set'): - """ - Utility method to handle calls to IAM and parsing of responses. - """ - if not parent: - parent = self - response = self.make_request(action, params, path, verb) - body = response.read() - boto.log.debug(body) - if response.status == 200: - if body: - e = boto.jsonresponse.Element(list_marker=list_marker, - pythonize_name=True) - h = boto.jsonresponse.XmlHandler(e, parent) - h.parse(body) - return e - else: - # Support empty responses, e.g. deleting a SAML provider - # according to the official documentation. - return {} - else: - boto.log.error('%s %s' % (response.status, response.reason)) - boto.log.error('%s' % body) - raise self.ResponseError(response.status, response.reason, body) - - # - # Group methods - # - - def get_all_groups(self, path_prefix='/', marker=None, max_items=None): - """ - List the groups that have the specified path prefix. - - :type path_prefix: string - :param path_prefix: If provided, only groups whose paths match - the provided prefix will be returned. - - :type marker: string - :param marker: Use this only when paginating results and only - in follow-up request after you've received a response - where the results are truncated. Set this to the value of - the Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this only when paginating results to indicate - the maximum number of groups you want in the response. - """ - params = {} - if path_prefix: - params['PathPrefix'] = path_prefix - if marker: - params['Marker'] = marker - if max_items: - params['MaxItems'] = max_items - return self.get_response('ListGroups', params, - list_marker='Groups') - - def get_group(self, group_name, marker=None, max_items=None): - """ - Return a list of users that are in the specified group. - - :type group_name: string - :param group_name: The name of the group whose information should - be returned. - :type marker: string - :param marker: Use this only when paginating results and only - in follow-up request after you've received a response - where the results are truncated. Set this to the value of - the Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this only when paginating results to indicate - the maximum number of groups you want in the response. - """ - params = {'GroupName': group_name} - if marker: - params['Marker'] = marker - if max_items: - params['MaxItems'] = max_items - return self.get_response('GetGroup', params, list_marker='Users') - - def create_group(self, group_name, path='/'): - """ - Create a group. - - :type group_name: string - :param group_name: The name of the new group - - :type path: string - :param path: The path to the group (Optional). Defaults to /. - - """ - params = {'GroupName': group_name, - 'Path': path} - return self.get_response('CreateGroup', params) - - def delete_group(self, group_name): - """ - Delete a group. The group must not contain any Users or - have any attached policies - - :type group_name: string - :param group_name: The name of the group to delete. - - """ - params = {'GroupName': group_name} - return self.get_response('DeleteGroup', params) - - def update_group(self, group_name, new_group_name=None, new_path=None): - """ - Updates name and/or path of the specified group. - - :type group_name: string - :param group_name: The name of the new group - - :type new_group_name: string - :param new_group_name: If provided, the name of the group will be - changed to this name. - - :type new_path: string - :param new_path: If provided, the path of the group will be - changed to this path. - - """ - params = {'GroupName': group_name} - if new_group_name: - params['NewGroupName'] = new_group_name - if new_path: - params['NewPath'] = new_path - return self.get_response('UpdateGroup', params) - - def add_user_to_group(self, group_name, user_name): - """ - Add a user to a group - - :type group_name: string - :param group_name: The name of the group - - :type user_name: string - :param user_name: The to be added to the group. - - """ - params = {'GroupName': group_name, - 'UserName': user_name} - return self.get_response('AddUserToGroup', params) - - def remove_user_from_group(self, group_name, user_name): - """ - Remove a user from a group. - - :type group_name: string - :param group_name: The name of the group - - :type user_name: string - :param user_name: The user to remove from the group. - - """ - params = {'GroupName': group_name, - 'UserName': user_name} - return self.get_response('RemoveUserFromGroup', params) - - def put_group_policy(self, group_name, policy_name, policy_json): - """ - Adds or updates the specified policy document for the specified group. - - :type group_name: string - :param group_name: The name of the group the policy is associated with. - - :type policy_name: string - :param policy_name: The policy document to get. - - :type policy_json: string - :param policy_json: The policy document. - - """ - params = {'GroupName': group_name, - 'PolicyName': policy_name, - 'PolicyDocument': policy_json} - return self.get_response('PutGroupPolicy', params, verb='POST') - - def get_all_group_policies(self, group_name, marker=None, max_items=None): - """ - List the names of the policies associated with the specified group. - - :type group_name: string - :param group_name: The name of the group the policy is associated with. - - :type marker: string - :param marker: Use this only when paginating results and only - in follow-up request after you've received a response - where the results are truncated. Set this to the value of - the Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this only when paginating results to indicate - the maximum number of groups you want in the response. - """ - params = {'GroupName': group_name} - if marker: - params['Marker'] = marker - if max_items: - params['MaxItems'] = max_items - return self.get_response('ListGroupPolicies', params, - list_marker='PolicyNames') - - def get_group_policy(self, group_name, policy_name): - """ - Retrieves the specified policy document for the specified group. - - :type group_name: string - :param group_name: The name of the group the policy is associated with. - - :type policy_name: string - :param policy_name: The policy document to get. - - """ - params = {'GroupName': group_name, - 'PolicyName': policy_name} - return self.get_response('GetGroupPolicy', params, verb='POST') - - def delete_group_policy(self, group_name, policy_name): - """ - Deletes the specified policy document for the specified group. - - :type group_name: string - :param group_name: The name of the group the policy is associated with. - - :type policy_name: string - :param policy_name: The policy document to delete. - - """ - params = {'GroupName': group_name, - 'PolicyName': policy_name} - return self.get_response('DeleteGroupPolicy', params, verb='POST') - - def get_all_users(self, path_prefix='/', marker=None, max_items=None): - """ - List the users that have the specified path prefix. - - :type path_prefix: string - :param path_prefix: If provided, only users whose paths match - the provided prefix will be returned. - - :type marker: string - :param marker: Use this only when paginating results and only - in follow-up request after you've received a response - where the results are truncated. Set this to the value of - the Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this only when paginating results to indicate - the maximum number of groups you want in the response. - """ - params = {'PathPrefix': path_prefix} - if marker: - params['Marker'] = marker - if max_items: - params['MaxItems'] = max_items - return self.get_response('ListUsers', params, list_marker='Users') - - # - # User methods - # - - def create_user(self, user_name, path='/'): - """ - Create a user. - - :type user_name: string - :param user_name: The name of the new user - - :type path: string - :param path: The path in which the user will be created. - Defaults to /. - - """ - params = {'UserName': user_name, - 'Path': path} - return self.get_response('CreateUser', params) - - def delete_user(self, user_name): - """ - Delete a user including the user's path, GUID and ARN. - - If the user_name is not specified, the user_name is determined - implicitly based on the AWS Access Key ID used to sign the request. - - :type user_name: string - :param user_name: The name of the user to delete. - - """ - params = {'UserName': user_name} - return self.get_response('DeleteUser', params) - - def get_user(self, user_name=None): - """ - Retrieve information about the specified user. - - If the user_name is not specified, the user_name is determined - implicitly based on the AWS Access Key ID used to sign the request. - - :type user_name: string - :param user_name: The name of the user to retrieve. - If not specified, defaults to user making request. - """ - params = {} - if user_name: - params['UserName'] = user_name - return self.get_response('GetUser', params) - - def update_user(self, user_name, new_user_name=None, new_path=None): - """ - Updates name and/or path of the specified user. - - :type user_name: string - :param user_name: The name of the user - - :type new_user_name: string - :param new_user_name: If provided, the username of the user will be - changed to this username. - - :type new_path: string - :param new_path: If provided, the path of the user will be - changed to this path. - - """ - params = {'UserName': user_name} - if new_user_name: - params['NewUserName'] = new_user_name - if new_path: - params['NewPath'] = new_path - return self.get_response('UpdateUser', params) - - def get_all_user_policies(self, user_name, marker=None, max_items=None): - """ - List the names of the policies associated with the specified user. - - :type user_name: string - :param user_name: The name of the user the policy is associated with. - - :type marker: string - :param marker: Use this only when paginating results and only - in follow-up request after you've received a response - where the results are truncated. Set this to the value of - the Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this only when paginating results to indicate - the maximum number of groups you want in the response. - """ - params = {'UserName': user_name} - if marker: - params['Marker'] = marker - if max_items: - params['MaxItems'] = max_items - return self.get_response('ListUserPolicies', params, - list_marker='PolicyNames') - - def put_user_policy(self, user_name, policy_name, policy_json): - """ - Adds or updates the specified policy document for the specified user. - - :type user_name: string - :param user_name: The name of the user the policy is associated with. - - :type policy_name: string - :param policy_name: The policy document to get. - - :type policy_json: string - :param policy_json: The policy document. - - """ - params = {'UserName': user_name, - 'PolicyName': policy_name, - 'PolicyDocument': policy_json} - return self.get_response('PutUserPolicy', params, verb='POST') - - def get_user_policy(self, user_name, policy_name): - """ - Retrieves the specified policy document for the specified user. - - :type user_name: string - :param user_name: The name of the user the policy is associated with. - - :type policy_name: string - :param policy_name: The policy document to get. - - """ - params = {'UserName': user_name, - 'PolicyName': policy_name} - return self.get_response('GetUserPolicy', params, verb='POST') - - def delete_user_policy(self, user_name, policy_name): - """ - Deletes the specified policy document for the specified user. - - :type user_name: string - :param user_name: The name of the user the policy is associated with. - - :type policy_name: string - :param policy_name: The policy document to delete. - - """ - params = {'UserName': user_name, - 'PolicyName': policy_name} - return self.get_response('DeleteUserPolicy', params, verb='POST') - - def get_groups_for_user(self, user_name, marker=None, max_items=None): - """ - List the groups that a specified user belongs to. - - :type user_name: string - :param user_name: The name of the user to list groups for. - - :type marker: string - :param marker: Use this only when paginating results and only - in follow-up request after you've received a response - where the results are truncated. Set this to the value of - the Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this only when paginating results to indicate - the maximum number of groups you want in the response. - """ - params = {'UserName': user_name} - if marker: - params['Marker'] = marker - if max_items: - params['MaxItems'] = max_items - return self.get_response('ListGroupsForUser', params, - list_marker='Groups') - - # - # Access Keys - # - - def get_all_access_keys(self, user_name, marker=None, max_items=None): - """ - Get all access keys associated with an account. - - :type user_name: string - :param user_name: The username of the user - - :type marker: string - :param marker: Use this only when paginating results and only - in follow-up request after you've received a response - where the results are truncated. Set this to the value of - the Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this only when paginating results to indicate - the maximum number of groups you want in the response. - """ - params = {'UserName': user_name} - if marker: - params['Marker'] = marker - if max_items: - params['MaxItems'] = max_items - return self.get_response('ListAccessKeys', params, - list_marker='AccessKeyMetadata') - - def create_access_key(self, user_name=None): - """ - Create a new AWS Secret Access Key and corresponding AWS Access Key ID - for the specified user. The default status for new keys is Active - - If the user_name is not specified, the user_name is determined - implicitly based on the AWS Access Key ID used to sign the request. - - :type user_name: string - :param user_name: The username of the user - - """ - params = {'UserName': user_name} - return self.get_response('CreateAccessKey', params) - - def update_access_key(self, access_key_id, status, user_name=None): - """ - Changes the status of the specified access key from Active to Inactive - or vice versa. This action can be used to disable a user's key as - part of a key rotation workflow. - - If the user_name is not specified, the user_name is determined - implicitly based on the AWS Access Key ID used to sign the request. - - :type access_key_id: string - :param access_key_id: The ID of the access key. - - :type status: string - :param status: Either Active or Inactive. - - :type user_name: string - :param user_name: The username of user (optional). - - """ - params = {'AccessKeyId': access_key_id, - 'Status': status} - if user_name: - params['UserName'] = user_name - return self.get_response('UpdateAccessKey', params) - - def delete_access_key(self, access_key_id, user_name=None): - """ - Delete an access key associated with a user. - - If the user_name is not specified, it is determined implicitly based - on the AWS Access Key ID used to sign the request. - - :type access_key_id: string - :param access_key_id: The ID of the access key to be deleted. - - :type user_name: string - :param user_name: The username of the user - - """ - params = {'AccessKeyId': access_key_id} - if user_name: - params['UserName'] = user_name - return self.get_response('DeleteAccessKey', params) - - # - # Signing Certificates - # - - def get_all_signing_certs(self, marker=None, max_items=None, - user_name=None): - """ - Get all signing certificates associated with an account. - - If the user_name is not specified, it is determined implicitly based - on the AWS Access Key ID used to sign the request. - - :type marker: string - :param marker: Use this only when paginating results and only - in follow-up request after you've received a response - where the results are truncated. Set this to the value of - the Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this only when paginating results to indicate - the maximum number of groups you want in the response. - - :type user_name: string - :param user_name: The username of the user - - """ - params = {} - if marker: - params['Marker'] = marker - if max_items: - params['MaxItems'] = max_items - if user_name: - params['UserName'] = user_name - return self.get_response('ListSigningCertificates', - params, list_marker='Certificates') - - def update_signing_cert(self, cert_id, status, user_name=None): - """ - Change the status of the specified signing certificate from - Active to Inactive or vice versa. - - If the user_name is not specified, it is determined implicitly based - on the AWS Access Key ID used to sign the request. - - :type cert_id: string - :param cert_id: The ID of the signing certificate - - :type status: string - :param status: Either Active or Inactive. - - :type user_name: string - :param user_name: The username of the user - """ - params = {'CertificateId': cert_id, - 'Status': status} - if user_name: - params['UserName'] = user_name - return self.get_response('UpdateSigningCertificate', params) - - def upload_signing_cert(self, cert_body, user_name=None): - """ - Uploads an X.509 signing certificate and associates it with - the specified user. - - If the user_name is not specified, it is determined implicitly based - on the AWS Access Key ID used to sign the request. - - :type cert_body: string - :param cert_body: The body of the signing certificate. - - :type user_name: string - :param user_name: The username of the user - - """ - params = {'CertificateBody': cert_body} - if user_name: - params['UserName'] = user_name - return self.get_response('UploadSigningCertificate', params, - verb='POST') - - def delete_signing_cert(self, cert_id, user_name=None): - """ - Delete a signing certificate associated with a user. - - If the user_name is not specified, it is determined implicitly based - on the AWS Access Key ID used to sign the request. - - :type user_name: string - :param user_name: The username of the user - - :type cert_id: string - :param cert_id: The ID of the certificate. - - """ - params = {'CertificateId': cert_id} - if user_name: - params['UserName'] = user_name - return self.get_response('DeleteSigningCertificate', params) - - # - # Server Certificates - # - - def list_server_certs(self, path_prefix='/', - marker=None, max_items=None): - """ - Lists the server certificates that have the specified path prefix. - If none exist, the action returns an empty list. - - :type path_prefix: string - :param path_prefix: If provided, only certificates whose paths match - the provided prefix will be returned. - - :type marker: string - :param marker: Use this only when paginating results and only - in follow-up request after you've received a response - where the results are truncated. Set this to the value of - the Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this only when paginating results to indicate - the maximum number of groups you want in the response. - - """ - params = {} - if path_prefix: - params['PathPrefix'] = path_prefix - if marker: - params['Marker'] = marker - if max_items: - params['MaxItems'] = max_items - return self.get_response('ListServerCertificates', - params, - list_marker='ServerCertificateMetadataList') - - # Preserves backwards compatibility. - # TODO: Look into deprecating this eventually? - get_all_server_certs = list_server_certs - - def update_server_cert(self, cert_name, new_cert_name=None, - new_path=None): - """ - Updates the name and/or the path of the specified server certificate. - - :type cert_name: string - :param cert_name: The name of the server certificate that you want - to update. - - :type new_cert_name: string - :param new_cert_name: The new name for the server certificate. - Include this only if you are updating the - server certificate's name. - - :type new_path: string - :param new_path: If provided, the path of the certificate will be - changed to this path. - """ - params = {'ServerCertificateName': cert_name} - if new_cert_name: - params['NewServerCertificateName'] = new_cert_name - if new_path: - params['NewPath'] = new_path - return self.get_response('UpdateServerCertificate', params) - - def upload_server_cert(self, cert_name, cert_body, private_key, - cert_chain=None, path=None): - """ - Uploads a server certificate entity for the AWS Account. - The server certificate entity includes a public key certificate, - a private key, and an optional certificate chain, which should - all be PEM-encoded. - - :type cert_name: string - :param cert_name: The name for the server certificate. Do not - include the path in this value. - - :type cert_body: string - :param cert_body: The contents of the public key certificate - in PEM-encoded format. - - :type private_key: string - :param private_key: The contents of the private key in - PEM-encoded format. - - :type cert_chain: string - :param cert_chain: The contents of the certificate chain. This - is typically a concatenation of the PEM-encoded - public key certificates of the chain. - - :type path: string - :param path: The path for the server certificate. - """ - params = {'ServerCertificateName': cert_name, - 'CertificateBody': cert_body, - 'PrivateKey': private_key} - if cert_chain: - params['CertificateChain'] = cert_chain - if path: - params['Path'] = path - return self.get_response('UploadServerCertificate', params, - verb='POST') - - def get_server_certificate(self, cert_name): - """ - Retrieves information about the specified server certificate. - - :type cert_name: string - :param cert_name: The name of the server certificate you want - to retrieve information about. - - """ - params = {'ServerCertificateName': cert_name} - return self.get_response('GetServerCertificate', params) - - def delete_server_cert(self, cert_name): - """ - Delete the specified server certificate. - - :type cert_name: string - :param cert_name: The name of the server certificate you want - to delete. - - """ - params = {'ServerCertificateName': cert_name} - return self.get_response('DeleteServerCertificate', params) - - # - # MFA Devices - # - - def get_all_mfa_devices(self, user_name, marker=None, max_items=None): - """ - Get all MFA devices associated with an account. - - :type user_name: string - :param user_name: The username of the user - - :type marker: string - :param marker: Use this only when paginating results and only - in follow-up request after you've received a response - where the results are truncated. Set this to the value of - the Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this only when paginating results to indicate - the maximum number of groups you want in the response. - - """ - params = {'UserName': user_name} - if marker: - params['Marker'] = marker - if max_items: - params['MaxItems'] = max_items - return self.get_response('ListMFADevices', - params, list_marker='MFADevices') - - def enable_mfa_device(self, user_name, serial_number, - auth_code_1, auth_code_2): - """ - Enables the specified MFA device and associates it with the - specified user. - - :type user_name: string - :param user_name: The username of the user - - :type serial_number: string - :param serial_number: The serial number which uniquely identifies - the MFA device. - - :type auth_code_1: string - :param auth_code_1: An authentication code emitted by the device. - - :type auth_code_2: string - :param auth_code_2: A subsequent authentication code emitted - by the device. - - """ - params = {'UserName': user_name, - 'SerialNumber': serial_number, - 'AuthenticationCode1': auth_code_1, - 'AuthenticationCode2': auth_code_2} - return self.get_response('EnableMFADevice', params) - - def deactivate_mfa_device(self, user_name, serial_number): - """ - Deactivates the specified MFA device and removes it from - association with the user. - - :type user_name: string - :param user_name: The username of the user - - :type serial_number: string - :param serial_number: The serial number which uniquely identifies - the MFA device. - - """ - params = {'UserName': user_name, - 'SerialNumber': serial_number} - return self.get_response('DeactivateMFADevice', params) - - def resync_mfa_device(self, user_name, serial_number, - auth_code_1, auth_code_2): - """ - Syncronizes the specified MFA device with the AWS servers. - - :type user_name: string - :param user_name: The username of the user - - :type serial_number: string - :param serial_number: The serial number which uniquely identifies - the MFA device. - - :type auth_code_1: string - :param auth_code_1: An authentication code emitted by the device. - - :type auth_code_2: string - :param auth_code_2: A subsequent authentication code emitted - by the device. - - """ - params = {'UserName': user_name, - 'SerialNumber': serial_number, - 'AuthenticationCode1': auth_code_1, - 'AuthenticationCode2': auth_code_2} - return self.get_response('ResyncMFADevice', params) - - # - # Login Profiles - # - - def get_login_profiles(self, user_name): - """ - Retrieves the login profile for the specified user. - - :type user_name: string - :param user_name: The username of the user - - """ - params = {'UserName': user_name} - return self.get_response('GetLoginProfile', params) - - def create_login_profile(self, user_name, password): - """ - Creates a login profile for the specified user, give the user the - ability to access AWS services and the AWS Management Console. - - :type user_name: string - :param user_name: The name of the user - - :type password: string - :param password: The new password for the user - - """ - params = {'UserName': user_name, - 'Password': password} - return self.get_response('CreateLoginProfile', params) - - def delete_login_profile(self, user_name): - """ - Deletes the login profile associated with the specified user. - - :type user_name: string - :param user_name: The name of the user to delete. - - """ - params = {'UserName': user_name} - return self.get_response('DeleteLoginProfile', params) - - def update_login_profile(self, user_name, password): - """ - Resets the password associated with the user's login profile. - - :type user_name: string - :param user_name: The name of the user - - :type password: string - :param password: The new password for the user - - """ - params = {'UserName': user_name, - 'Password': password} - return self.get_response('UpdateLoginProfile', params) - - def create_account_alias(self, alias): - """ - Creates a new alias for the AWS account. - - For more information on account id aliases, please see - http://goo.gl/ToB7G - - :type alias: string - :param alias: The alias to attach to the account. - """ - params = {'AccountAlias': alias} - return self.get_response('CreateAccountAlias', params) - - def delete_account_alias(self, alias): - """ - Deletes an alias for the AWS account. - - For more information on account id aliases, please see - http://goo.gl/ToB7G - - :type alias: string - :param alias: The alias to remove from the account. - """ - params = {'AccountAlias': alias} - return self.get_response('DeleteAccountAlias', params) - - def get_account_alias(self): - """ - Get the alias for the current account. - - This is referred to in the docs as list_account_aliases, - but it seems you can only have one account alias currently. - - For more information on account id aliases, please see - http://goo.gl/ToB7G - """ - return self.get_response('ListAccountAliases', {}, - list_marker='AccountAliases') - - def get_signin_url(self, service='ec2'): - """ - Get the URL where IAM users can use their login profile to sign in - to this account's console. - - :type service: string - :param service: Default service to go to in the console. - """ - alias = self.get_account_alias() - - if not alias: - raise Exception('No alias associated with this account. Please use iam.create_account_alias() first.') - - resp = alias.get('list_account_aliases_response', {}) - result = resp.get('list_account_aliases_result', {}) - aliases = result.get('account_aliases', []) - - if not len(aliases): - raise Exception('No alias associated with this account. Please use iam.create_account_alias() first.') - - # We'll just use the first one we find. - alias = aliases[0] - - if self.host == 'iam.us-gov.amazonaws.com': - return "https://%s.signin.amazonaws-us-gov.com/console/%s" % ( - alias, - service - ) - elif self.host.endswith('amazonaws.com.cn'): - return "https://%s.signin.amazonaws.cn/console/%s" % ( - alias, - service - ) - else: - return "https://%s.signin.aws.amazon.com/console/%s" % ( - alias, - service - ) - - def get_account_summary(self): - """ - Get the alias for the current account. - - This is referred to in the docs as list_account_aliases, - but it seems you can only have one account alias currently. - - For more information on account id aliases, please see - http://goo.gl/ToB7G - """ - return self.get_object('GetAccountSummary', {}, SummaryMap) - - # - # IAM Roles - # - - def add_role_to_instance_profile(self, instance_profile_name, role_name): - """ - Adds the specified role to the specified instance profile. - - :type instance_profile_name: string - :param instance_profile_name: Name of the instance profile to update. - - :type role_name: string - :param role_name: Name of the role to add. - """ - return self.get_response('AddRoleToInstanceProfile', - {'InstanceProfileName': instance_profile_name, - 'RoleName': role_name}) - - def create_instance_profile(self, instance_profile_name, path=None): - """ - Creates a new instance profile. - - :type instance_profile_name: string - :param instance_profile_name: Name of the instance profile to create. - - :type path: string - :param path: The path to the instance profile. - """ - params = {'InstanceProfileName': instance_profile_name} - if path is not None: - params['Path'] = path - return self.get_response('CreateInstanceProfile', params) - - def _build_policy(self, assume_role_policy_document=None): - if assume_role_policy_document is not None: - if isinstance(assume_role_policy_document, six.string_types): - # Historically, they had to pass a string. If it's a string, - # assume the user has already handled it. - return assume_role_policy_document - else: - - for tld, policy in DEFAULT_POLICY_DOCUMENTS.items(): - if tld is 'default': - # Skip the default. We'll fall back to it if we don't find - # anything. - continue - - if self.host and self.host.endswith(tld): - assume_role_policy_document = policy - break - - if not assume_role_policy_document: - assume_role_policy_document = DEFAULT_POLICY_DOCUMENTS['default'] - - # Dump the policy (either user-supplied ``dict`` or one of the defaults) - return json.dumps(assume_role_policy_document) - - def create_role(self, role_name, assume_role_policy_document=None, path=None): - """ - Creates a new role for your AWS account. - - The policy grants permission to an EC2 instance to assume the role. - The policy is URL-encoded according to RFC 3986. Currently, only EC2 - instances can assume roles. - - :type role_name: string - :param role_name: Name of the role to create. - - :type assume_role_policy_document: ``string`` or ``dict`` - :param assume_role_policy_document: The policy that grants an entity - permission to assume the role. - - :type path: string - :param path: The path to the role. - """ - params = { - 'RoleName': role_name, - 'AssumeRolePolicyDocument': self._build_policy( - assume_role_policy_document - ), - } - if path is not None: - params['Path'] = path - return self.get_response('CreateRole', params) - - def delete_instance_profile(self, instance_profile_name): - """ - Deletes the specified instance profile. The instance profile must not - have an associated role. - - :type instance_profile_name: string - :param instance_profile_name: Name of the instance profile to delete. - """ - return self.get_response( - 'DeleteInstanceProfile', - {'InstanceProfileName': instance_profile_name}) - - def delete_role(self, role_name): - """ - Deletes the specified role. The role must not have any policies - attached. - - :type role_name: string - :param role_name: Name of the role to delete. - """ - return self.get_response('DeleteRole', {'RoleName': role_name}) - - def delete_role_policy(self, role_name, policy_name): - """ - Deletes the specified policy associated with the specified role. - - :type role_name: string - :param role_name: Name of the role associated with the policy. - - :type policy_name: string - :param policy_name: Name of the policy to delete. - """ - return self.get_response( - 'DeleteRolePolicy', - {'RoleName': role_name, 'PolicyName': policy_name}) - - def get_instance_profile(self, instance_profile_name): - """ - Retrieves information about the specified instance profile, including - the instance profile's path, GUID, ARN, and role. - - :type instance_profile_name: string - :param instance_profile_name: Name of the instance profile to get - information about. - """ - return self.get_response('GetInstanceProfile', - {'InstanceProfileName': instance_profile_name}) - - def get_role(self, role_name): - """ - Retrieves information about the specified role, including the role's - path, GUID, ARN, and the policy granting permission to EC2 to assume - the role. - - :type role_name: string - :param role_name: Name of the role associated with the policy. - """ - return self.get_response('GetRole', {'RoleName': role_name}) - - def get_role_policy(self, role_name, policy_name): - """ - Retrieves the specified policy document for the specified role. - - :type role_name: string - :param role_name: Name of the role associated with the policy. - - :type policy_name: string - :param policy_name: Name of the policy to get. - """ - return self.get_response('GetRolePolicy', - {'RoleName': role_name, - 'PolicyName': policy_name}) - - def list_instance_profiles(self, path_prefix=None, marker=None, - max_items=None): - """ - Lists the instance profiles that have the specified path prefix. If - there are none, the action returns an empty list. - - :type path_prefix: string - :param path_prefix: The path prefix for filtering the results. For - example: /application_abc/component_xyz/, which would get all - instance profiles whose path starts with - /application_abc/component_xyz/. - - :type marker: string - :param marker: Use this parameter only when paginating results, and - only in a subsequent request after you've received a response - where the results are truncated. Set it to the value of the - Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this parameter only when paginating results to - indicate the maximum number of user names you want in the response. - """ - params = {} - if path_prefix is not None: - params['PathPrefix'] = path_prefix - if marker is not None: - params['Marker'] = marker - if max_items is not None: - params['MaxItems'] = max_items - - return self.get_response('ListInstanceProfiles', params, - list_marker='InstanceProfiles') - - def list_instance_profiles_for_role(self, role_name, marker=None, - max_items=None): - """ - Lists the instance profiles that have the specified associated role. If - there are none, the action returns an empty list. - - :type role_name: string - :param role_name: The name of the role to list instance profiles for. - - :type marker: string - :param marker: Use this parameter only when paginating results, and - only in a subsequent request after you've received a response - where the results are truncated. Set it to the value of the - Marker element in the response you just received. - - :type max_items: int - :param max_items: Use this parameter only when paginating results to - indicate the maximum number of user names you want in the response. - """ - params = {'RoleName': role_name} - if marker is not None: - params['Marker'] = marker - if max_items is not None: - params['MaxItems'] = max_items - return self.get_response('ListInstanceProfilesForRole', params, - list_marker='InstanceProfiles') - - def list_role_policies(self, role_name, marker=None, max_items=None): - """ - Lists the names of the policies associated with the specified role. If - there are none, the action returns an empty list. - - :type role_name: string - :param role_name: The name of the role to list policies for. - - :type marker: string - :param marker: Use this parameter only when paginating results, and - only in a subsequent request after you've received a response - where the results are truncated. Set it to the value of the - marker element in the response you just received. - - :type max_items: int - :param max_items: Use this parameter only when paginating results to - indicate the maximum number of user names you want in the response. - """ - params = {'RoleName': role_name} - if marker is not None: - params['Marker'] = marker - if max_items is not None: - params['MaxItems'] = max_items - return self.get_response('ListRolePolicies', params, - list_marker='PolicyNames') - - def list_roles(self, path_prefix=None, marker=None, max_items=None): - """ - Lists the roles that have the specified path prefix. If there are none, - the action returns an empty list. - - :type path_prefix: string - :param path_prefix: The path prefix for filtering the results. - - :type marker: string - :param marker: Use this parameter only when paginating results, and - only in a subsequent request after you've received a response - where the results are truncated. Set it to the value of the - marker element in the response you just received. - - :type max_items: int - :param max_items: Use this parameter only when paginating results to - indicate the maximum number of user names you want in the response. - """ - params = {} - if path_prefix is not None: - params['PathPrefix'] = path_prefix - if marker is not None: - params['Marker'] = marker - if max_items is not None: - params['MaxItems'] = max_items - return self.get_response('ListRoles', params, list_marker='Roles') - - def put_role_policy(self, role_name, policy_name, policy_document): - """ - Adds (or updates) a policy document associated with the specified role. - - :type role_name: string - :param role_name: Name of the role to associate the policy with. - - :type policy_name: string - :param policy_name: Name of the policy document. - - :type policy_document: string - :param policy_document: The policy document. - """ - return self.get_response('PutRolePolicy', - {'RoleName': role_name, - 'PolicyName': policy_name, - 'PolicyDocument': policy_document}) - - def remove_role_from_instance_profile(self, instance_profile_name, - role_name): - """ - Removes the specified role from the specified instance profile. - - :type instance_profile_name: string - :param instance_profile_name: Name of the instance profile to update. - - :type role_name: string - :param role_name: Name of the role to remove. - """ - return self.get_response('RemoveRoleFromInstanceProfile', - {'InstanceProfileName': instance_profile_name, - 'RoleName': role_name}) - - def update_assume_role_policy(self, role_name, policy_document): - """ - Updates the policy that grants an entity permission to assume a role. - Currently, only an Amazon EC2 instance can assume a role. - - :type role_name: string - :param role_name: Name of the role to update. - - :type policy_document: string - :param policy_document: The policy that grants an entity permission to - assume the role. - """ - return self.get_response('UpdateAssumeRolePolicy', - {'RoleName': role_name, - 'PolicyDocument': policy_document}) - - def create_saml_provider(self, saml_metadata_document, name): - """ - Creates an IAM entity to describe an identity provider (IdP) - that supports SAML 2.0. - - The SAML provider that you create with this operation can be - used as a principal in a role's trust policy to establish a - trust relationship between AWS and a SAML identity provider. - You can create an IAM role that supports Web-based single - sign-on (SSO) to the AWS Management Console or one that - supports API access to AWS. - - When you create the SAML provider, you upload an a SAML - metadata document that you get from your IdP and that includes - the issuer's name, expiration information, and keys that can - be used to validate the SAML authentication response - (assertions) that are received from the IdP. You must generate - the metadata document using the identity management software - that is used as your organization's IdP. - This operation requires `Signature Version 4`_. - For more information, see `Giving Console Access Using SAML`_ - and `Creating Temporary Security Credentials for SAML - Federation`_ in the Using Temporary Credentials guide. - - :type saml_metadata_document: string - :param saml_metadata_document: An XML document generated by an identity - provider (IdP) that supports SAML 2.0. The document includes the - issuer's name, expiration information, and keys that can be used to - validate the SAML authentication response (assertions) that are - received from the IdP. You must generate the metadata document - using the identity management software that is used as your - organization's IdP. - For more information, see `Creating Temporary Security Credentials for - SAML Federation`_ in the Using Temporary Security Credentials - guide. - - :type name: string - :param name: The name of the provider to create. - - """ - params = { - 'SAMLMetadataDocument': saml_metadata_document, - 'Name': name, - } - return self.get_response('CreateSAMLProvider', params) - - def list_saml_providers(self): - """ - Lists the SAML providers in the account. - This operation requires `Signature Version 4`_. - """ - return self.get_response('ListSAMLProviders', {}, list_marker='SAMLProviderList') - - def get_saml_provider(self, saml_provider_arn): - """ - Returns the SAML provider metadocument that was uploaded when - the provider was created or updated. - This operation requires `Signature Version 4`_. - - :type saml_provider_arn: string - :param saml_provider_arn: The Amazon Resource Name (ARN) of the SAML - provider to get information about. - - """ - params = {'SAMLProviderArn': saml_provider_arn} - return self.get_response('GetSAMLProvider', params) - - def update_saml_provider(self, saml_provider_arn, saml_metadata_document): - """ - Updates the metadata document for an existing SAML provider. - This operation requires `Signature Version 4`_. - - :type saml_provider_arn: string - :param saml_provider_arn: The Amazon Resource Name (ARN) of the SAML - provider to update. - - :type saml_metadata_document: string - :param saml_metadata_document: An XML document generated by an identity - provider (IdP) that supports SAML 2.0. The document includes the - issuer's name, expiration information, and keys that can be used to - validate the SAML authentication response (assertions) that are - received from the IdP. You must generate the metadata document - using the identity management software that is used as your - organization's IdP. - - """ - params = { - 'SAMLMetadataDocument': saml_metadata_document, - 'SAMLProviderArn': saml_provider_arn, - } - return self.get_response('UpdateSAMLProvider', params) - - def delete_saml_provider(self, saml_provider_arn): - """ - Deletes a SAML provider. - - Deleting the provider does not update any roles that reference - the SAML provider as a principal in their trust policies. Any - attempt to assume a role that references a SAML provider that - has been deleted will fail. - This operation requires `Signature Version 4`_. - - :type saml_provider_arn: string - :param saml_provider_arn: The Amazon Resource Name (ARN) of the SAML - provider to delete. - - """ - params = {'SAMLProviderArn': saml_provider_arn} - return self.get_response('DeleteSAMLProvider', params) - - # - # IAM Reports - # - - def generate_credential_report(self): - """ - Generates a credential report for an account - - A new credential report can only be generated every 4 hours. If one - hasn't been generated in the last 4 hours then get_credential_report - will error when called - """ - params = {} - return self.get_response('GenerateCredentialReport', params) - - def get_credential_report(self): - """ - Retrieves a credential report for an account - - A report must have been generated in the last 4 hours to succeed. - The report is returned as a base64 encoded blob within the response. - """ - params = {} - return self.get_response('GetCredentialReport', params) - - def create_virtual_mfa_device(self, path, device_name): - """ - Creates a new virtual MFA device for the AWS account. - - After creating the virtual MFA, use enable-mfa-device to - attach the MFA device to an IAM user. - - :type path: string - :param path: The path for the virtual MFA device. - - :type device_name: string - :param device_name: The name of the virtual MFA device. - Used with path to uniquely identify a virtual MFA device. - - """ - params = { - 'Path': path, - 'VirtualMFADeviceName': device_name - } - return self.get_response('CreateVirtualMFADevice', params) - - # - # IAM password policy - # - - def get_account_password_policy(self): - """ - Returns the password policy for the AWS account. - """ - params = {} - return self.get_response('GetAccountPasswordPolicy', params) - - def delete_account_password_policy(self): - """ - Delete the password policy currently set for the AWS account. - """ - params = {} - return self.get_response('DeleteAccountPasswordPolicy', params) - - def update_account_password_policy(self, allow_users_to_change_password=None, - hard_expiry=None, max_password_age=None , - minimum_password_length=None , - password_reuse_prevention=None, - require_lowercase_characters=None, - require_numbers=None, require_symbols=None , - require_uppercase_characters=None): - """ - Update the password policy for the AWS account. - - Notes: unset parameters will be reset to Amazon default settings! - Most of the password policy settings are enforced the next time your users - change their passwords. When you set minimum length and character type - requirements, they are enforced the next time your users change their - passwords - users are not forced to change their existing passwords, even - if the pre-existing passwords do not adhere to the updated password - policy. When you set a password expiration period, the expiration period - is enforced immediately. - - :type allow_users_to_change_password: bool - :param allow_users_to_change_password: Allows all IAM users in your account - to use the AWS Management Console to change their own passwords. - - :type hard_expiry: bool - :param hard_expiry: Prevents IAM users from setting a new password after - their password has expired. - - :type max_password_age: int - :param max_password_age: The number of days that an IAM user password is valid. - - :type minimum_password_length: int - :param minimum_password_length: The minimum number of characters allowed in - an IAM user password. - - :type password_reuse_prevention: int - :param password_reuse_prevention: Specifies the number of previous passwords - that IAM users are prevented from reusing. - - :type require_lowercase_characters: bool - :param require_lowercase_characters: Specifies whether IAM user passwords - must contain at least one lowercase character from the ISO basic Latin - alphabet (``a`` to ``z``). - - :type require_numbers: bool - :param require_numbers: Specifies whether IAM user passwords must contain at - least one numeric character (``0`` to ``9``). - - :type require_symbols: bool - :param require_symbols: Specifies whether IAM user passwords must contain at - least one of the following non-alphanumeric characters: - ``! @ # $ % ^ & * ( ) _ + - = [ ] { } | '`` - - :type require_uppercase_characters: bool - :param require_uppercase_characters: Specifies whether IAM user passwords - must contain at least one uppercase character from the ISO basic Latin - alphabet (``A`` to ``Z``). - """ - params = {} - if allow_users_to_change_password is not None and type(allow_users_to_change_password) is bool: - params['AllowUsersToChangePassword'] = str(allow_users_to_change_password).lower() - if hard_expiry is not None and type(allow_users_to_change_password) is bool: - params['HardExpiry'] = str(hard_expiry).lower() - if max_password_age is not None: - params['MaxPasswordAge'] = max_password_age - if minimum_password_length is not None: - params['MinimumPasswordLength'] = minimum_password_length - if password_reuse_prevention is not None: - params['PasswordReusePrevention'] = password_reuse_prevention - if require_lowercase_characters is not None and type(allow_users_to_change_password) is bool: - params['RequireLowercaseCharacters'] = str(require_lowercase_characters).lower() - if require_numbers is not None and type(allow_users_to_change_password) is bool: - params['RequireNumbers'] = str(require_numbers).lower() - if require_symbols is not None and type(allow_users_to_change_password) is bool: - params['RequireSymbols'] = str(require_symbols).lower() - if require_uppercase_characters is not None and type(allow_users_to_change_password) is bool: - params['RequireUppercaseCharacters'] = str(require_uppercase_characters).lower() - return self.get_response('UpdateAccountPasswordPolicy', params) - - def create_policy(self, policy_name, policy_document, path='/', - description=None): - """ - Create a policy. - - :type policy_name: string - :param policy_name: The name of the new policy - - :type policy_document string - :param policy_document: The document of the new policy - - :type path: string - :param path: The path in which the policy will be created. - Defaults to /. - - :type description: string - :param path: A description of the new policy. - - """ - params = {'PolicyName': policy_name, - 'PolicyDocument': policy_document, - 'Path': path} - if description is not None: - params['Description'] = str(description) - - return self.get_response('CreatePolicy', params) - - def create_policy_version( - self, - policy_arn, - policy_document, - set_as_default=None): - """ - Create a policy version. - - :type policy_arn: string - :param policy_arn: The ARN of the policy - - :type policy_document string - :param policy_document: The document of the new policy version - - :type set_as_default: bool - :param set_as_default: Sets the policy version as default - Defaults to None. - - """ - params = {'PolicyArn': policy_arn, - 'PolicyDocument': policy_document} - if type(set_as_default) == bool: - params['SetAsDefault'] = str(set_as_default).lower() - return self.get_response('CreatePolicyVersion', params) - - def delete_policy(self, policy_arn): - """ - Delete a policy. - - :type policy_arn: string - :param policy_arn: The ARN of the policy to delete - - """ - params = {'PolicyArn': policy_arn} - return self.get_response('DeletePolicy', params) - - def delete_policy_version(self, policy_arn, version_id): - """ - Delete a policy version. - - :type policy_arn: string - :param policy_arn: The ARN of the policy to delete a version from - - :type version_id: string - :param version_id: The id of the version to delete - - """ - params = {'PolicyArn': policy_arn, - 'VersionId': version_id} - return self.get_response('DeletePolicyVersion', params) - - def get_policy(self, policy_arn): - """ - Get policy information. - - :type policy_arn: string - :param policy_arn: The ARN of the policy to get information for - - """ - params = {'PolicyArn': policy_arn} - return self.get_response('GetPolicy', params) - - def get_policy_version(self, policy_arn, version_id): - """ - Get policy information. - - :type policy_arn: string - :param policy_arn: The ARN of the policy to get information for a - specific version - - :type version_id: string - :param version_id: The id of the version to get information for - - """ - params = {'PolicyArn': policy_arn, - 'VersionId': version_id} - return self.get_response('GetPolicyVersion', params) - - def list_policies(self, marker=None, max_items=None, only_attached=None, - path_prefix=None, scope=None): - """ - List policies of account. - - :type marker: string - :param marker: A marker used for pagination (received from previous - accesses) - - :type max_items: int - :param max_items: Send only max_items; allows paginations - - :type only_attached: bool - :param only_attached: Send only policies attached to other resources - - :type path_prefix: string - :param path_prefix: Send only items prefixed by this path - - :type scope: string - :param scope: AWS|Local. Choose between AWS policies or your own - """ - params = {} - if path_prefix is not None: - params['PathPrefix'] = path_prefix - if marker is not None: - params['Marker'] = marker - if max_items is not None: - params['MaxItems'] = max_items - if type(only_attached) == bool: - params['OnlyAttached'] = str(only_attached).lower() - if scope is not None: - params['Scope'] = scope - return self.get_response( - 'ListPolicies', - params, - list_marker='Policies') - - def list_policy_versions(self, policy_arn, marker=None, max_items=None): - """ - List policy versions. - - :type policy_arn: string - :param policy_arn: The ARN of the policy to get versions of - - :type marker: string - :param marker: A marker used for pagination (received from previous - accesses) - - :type max_items: int - :param max_items: Send only max_items; allows paginations - - """ - params = {'PolicyArn': policy_arn} - if marker is not None: - params['Marker'] = marker - if max_items is not None: - params['MaxItems'] = max_items - return self.get_response( - 'ListPolicyVersions', - params, - list_marker='Versions') - - def set_default_policy_version(self, policy_arn, version_id): - """ - Set default policy version. - - :type policy_arn: string - :param policy_arn: The ARN of the policy to set the default version - for - - :type version_id: string - :param version_id: The id of the version to set as default - """ - params = {'PolicyArn': policy_arn, - 'VersionId': version_id} - return self.get_response('SetDefaultPolicyVersion', params) - - def list_entities_for_policy(self, policy_arn, path_prefix=None, - marker=None, max_items=None, - entity_filter=None): - """ - :type policy_arn: string - :param policy_arn: The ARN of the policy to get entities for - - :type marker: string - :param marker: A marker used for pagination (received from previous - accesses) - - :type max_items: int - :param max_items: Send only max_items; allows paginations - - :type path_prefix: string - :param path_prefix: Send only items prefixed by this path - - :type entity_filter: string - :param entity_filter: Which entity type of User | Role | Group | - LocalManagedPolicy | AWSManagedPolicy to return - - """ - params = {'PolicyArn': policy_arn} - if marker is not None: - params['Marker'] = marker - if max_items is not None: - params['MaxItems'] = max_items - if path_prefix is not None: - params['PathPrefix'] = path_prefix - if entity_filter is not None: - params['EntityFilter'] = entity_filter - return self.get_response('ListEntitiesForPolicy', params, - list_marker=('PolicyGroups', - 'PolicyUsers', - 'PolicyRoles')) - - def attach_group_policy(self, policy_arn, group_name): - """ - :type policy_arn: string - :param policy_arn: The ARN of the policy to attach - - :type group_name: string - :param group_name: Group to attach the policy to - - """ - params = {'PolicyArn': policy_arn, 'GroupName': group_name} - return self.get_response('AttachGroupPolicy', params) - - def attach_role_policy(self, policy_arn, role_name): - """ - :type policy_arn: string - :param policy_arn: The ARN of the policy to attach - - :type role_name: string - :param role_name: Role to attach the policy to - - """ - params = {'PolicyArn': policy_arn, 'RoleName': role_name} - return self.get_response('AttachRolePolicy', params) - - def attach_user_policy(self, policy_arn, user_name): - """ - :type policy_arn: string - :param policy_arn: The ARN of the policy to attach - - :type user_name: string - :param user_name: User to attach the policy to - - """ - params = {'PolicyArn': policy_arn, 'UserName': user_name} - return self.get_response('AttachUserPolicy', params) - - def detach_group_policy(self, policy_arn, group_name): - """ - :type policy_arn: string - :param policy_arn: The ARN of the policy to detach - - :type group_name: string - :param group_name: Group to detach the policy from - - """ - params = {'PolicyArn': policy_arn, 'GroupName': group_name} - return self.get_response('DetachGroupPolicy', params) - - def detach_role_policy(self, policy_arn, role_name): - """ - :type policy_arn: string - :param policy_arn: The ARN of the policy to detach - - :type role_name: string - :param role_name: Role to detach the policy from - - """ - params = {'PolicyArn': policy_arn, 'RoleName': role_name} - return self.get_response('DetachRolePolicy', params) - - def detach_user_policy(self, policy_arn, user_name): - """ - :type policy_arn: string - :param policy_arn: The ARN of the policy to detach - - :type user_name: string - :param user_name: User to detach the policy from - - """ - params = {'PolicyArn': policy_arn, 'UserName': user_name} - return self.get_response('DetachUserPolicy', params)