Source code for

    - Mapping Module
    - maps profile names from local awscli to iam usernames in AWS Account


import sys
import inspect
from botocore.exceptions import ClientError
from pyaws.session import boto3_session
from libtools import stdout_message
from libtools import Colors
from keyup.iam_operations import local_profilenames
from keyup import logger

    from keyup.oscodes_unix import exit_codes
    os_type = 'Linux'
    splitchar = '/'                             # character for splitting paths (linux)
    text = Colors.BRIGHT_CYAN
except Exception:
    from keyup.oscodes_win import exit_codes    # non-specific os-safe codes
    os_type = 'Windows'
    splitchar = '\\'                            # character for splitting paths (windows)
    text = Colors.CYAN

[docs]def map_iam_username(username, profilename): """ Summary: Triangulates if provided username is a profile name from local awscli configuration or an IAM username from AWS Returns: IAM username (str) """ # search for username in profilenames in case not an iam username if username in local_profilenames(): return map_identity(username)[0] or username client = boto3_session(service='iam', profile=profilename) r = client.list_users() try: if username in [x['UserName'] for x in r['Users']]: return username except KeyError: logger.warning(f'Profilename given ({profilename}) not found in local awscli') var = Colors.RED + username + Colors.RESET msg = f'Provided --username value {var} not a valid awscli profilename or iam username' stdout_message(message=msg, prefix='WARN') sys.exit(exit_codes['E_MISC']['Code'])
[docs]def map_identity(profile): """ Summary: retrieves iam user info for profiles in awscli config Args: :user (str): string, local profile user from which the current boto3 session object created Returns: :iam_user (str): AWS iam user corresponding to the provided profile user in local config """ try: sts_client = boto3_session(service='sts', profile=profile) r = sts_client.get_caller_identity() iam_user = r['Arn'].split('/')[1] account = r['Account'] '%s: profile %s mapped to iam_user: %s' % (inspect.stack()[0][3], profile, iam_user) ) except ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': return None, None else: logger.warning( '%s: Inadequate User permissions (Code: %s Message: %s)' % (inspect.stack()[0][3], e.response['Error']['Code'], e.response['Error']['Message'])) raise e return iam_user, account