Source code for keyup.map

"""
Summary:
    - Mapping Module
    - maps profile names from local awscli to iam usernames in AWS Account

"""

import sys
import inspect
from botocore.exceptions import ClientError
from pyaws.session import boto3_session
from libtools import stdout_message
from libtools import Colors
from keyup.iam_operations import local_profilenames
from keyup import logger


try:
    from keyup.oscodes_unix import exit_codes
    os_type = 'Linux'
    splitchar = '/'                             # character for splitting paths (linux)
    text = Colors.BRIGHT_CYAN
except Exception:
    from keyup.oscodes_win import exit_codes    # non-specific os-safe codes
    os_type = 'Windows'
    splitchar = '\\'                            # character for splitting paths (windows)
    text = Colors.CYAN



[docs]def map_iam_username(username, profilename):
    """
    Summary:
        Triangulates if provided username is a profile name from local
        awscli configuration or an IAM username from AWS

    Returns:
        IAM username (str)

    """
    # search for username in profilenames in case not an iam username
    if username in local_profilenames():
        return map_identity(username)[0] or username

    client = boto3_session(service='iam', profile=profilename)
    r = client.list_users()

    try:
        if username in [x['UserName'] for x in r['Users']]:
            return username
    except KeyError:
        logger.warning(f'Profilename given ({profilename}) not found in local awscli')
        var = Colors.RED + username + Colors.RESET
        msg = f'Provided --username value {var} not a valid awscli profilename or iam username'
        stdout_message(message=msg, prefix='WARN')
        sys.exit(exit_codes['E_MISC']['Code'])




[docs]def map_identity(profile):
    """
    Summary:
        retrieves iam user info for profiles in awscli config
    Args:
        :user (str): string, local profile user from which the current
           boto3 session object created
    Returns:
        :iam_user (str): AWS iam user corresponding to the provided
           profile user in local config
    """
    try:
        sts_client = boto3_session(service='sts', profile=profile)
        r = sts_client.get_caller_identity()
        iam_user = r['Arn'].split('/')[1]
        account = r['Account']
        logger.info(
            '%s: profile %s mapped to iam_user: %s' %
            (inspect.stack()[0][3], profile, iam_user)
            )
    except ClientError as e:
        if e.response['Error']['Code'] == 'InvalidClientTokenId':
            return None, None
        else:
            logger.warning(
                '%s: Inadequate User permissions (Code: %s Message: %s)' %
                (inspect.stack()[0][3], e.response['Error']['Code'],
                 e.response['Error']['Message']))
            raise e
    return iam_user, account