updated rotate-keys with f-strings

This commit is contained in:
Mark McIntyre 2021-08-06 17:02:17 -04:00
parent 4e8840864c
commit 0c48e3f24f
2 changed files with 14 additions and 12 deletions

View File

@ -83,7 +83,7 @@ def create_new_key(iam, user):
if 'Error' in err.response: if 'Error' in err.response:
print("Key not created") print("Key not created")
if err.response['Error']['Code'] == 'LimitExceeded': if err.response['Error']['Code'] == 'LimitExceeded':
print("User {} already has the maximum number of keys".format(user)) print(f"User {user} already has the maximum number of keys")
return new_key return new_key
@ -98,12 +98,12 @@ def rotate_key(session, user):
LOG.debug("Getting user key limit for account...") LOG.debug("Getting user key limit for account...")
key_limit = iam.get_account_summary()['SummaryMap']['AccessKeysPerUserQuota'] key_limit = iam.get_account_summary()['SummaryMap']['AccessKeysPerUserQuota']
LOG.debug("User key limit: {}".format(key_limit)) LOG.debug(f"User key limit: {key_limit}")
LOG.debug("Getting user's keys...") LOG.debug("Getting user's keys...")
user_keys = iam.list_access_keys()['AccessKeyMetadata'] user_keys = iam.list_access_keys()['AccessKeyMetadata']
LOG.debug("Found {} keys for user {}".format(len(user_keys), user)) LOG.debug(f"Found {len(user_keys)} keys for user {user}")
LOG.debug("Check to see if user has the limit of keys allowed...") LOG.debug("Check to see if user has the limit of keys allowed...")
if len(user_keys) == key_limit: if len(user_keys) == key_limit:
@ -122,7 +122,7 @@ def update_credentials_file(credentials_file, profile_name, key, set_default):
credentials = configparser.ConfigParser() credentials = configparser.ConfigParser()
credentials.read(credentials_file) credentials.read(credentials_file)
LOG.debug("credentials = {}".format(credentials.sections())) LOG.debug(f"credentials = {credentials.sections()}")
if not profile_name in credentials.sections(): if not profile_name in credentials.sections():
LOG.debug("Profile does not exist in credentials file; creating now...") LOG.debug("Profile does not exist in credentials file; creating now...")
@ -132,8 +132,8 @@ def update_credentials_file(credentials_file, profile_name, key, set_default):
profile_creds['aws_access_key_id'] = key['AccessKey']['AccessKeyId'] profile_creds['aws_access_key_id'] = key['AccessKey']['AccessKeyId']
profile_creds['aws_secret_access_key'] = key['AccessKey']['SecretAccessKey'] profile_creds['aws_secret_access_key'] = key['AccessKey']['SecretAccessKey']
LOG.debug("Profile: {}, keys: {}, {}".format(profile_name, profile_creds['aws_access_key_id'], profile_creds['aws_secret_access_key'])) LOG.debug(f"Profile: {profile_name}, keys: {profile_creds['aws_access_key_id']}, {profile_creds['aws_secret_access_key']}")
LOG.debug("credentials = {}".format([x for x in credentials[profile_name]])) LOG.debug(f"credentials = {[x for x in credentials[profile_name]]}"))
# make the keys also be the default keys if the toggle is set # make the keys also be the default keys if the toggle is set
if set_default: if set_default:
@ -145,8 +145,8 @@ def update_credentials_file(credentials_file, profile_name, key, set_default):
default_creds['aws_access_key_id'] = key['AccessKey']['AccessKeyId'] default_creds['aws_access_key_id'] = key['AccessKey']['AccessKeyId']
default_creds['aws_secret_access_key'] = key['AccessKey']['SecretAccessKey'] default_creds['aws_secret_access_key'] = key['AccessKey']['SecretAccessKey']
LOG.debug("Profile: default, keys: {}, {}".format(default_creds['aws_access_key_id'], default_creds['aws_secret_access_key'])) LOG.debug(f"Profile: default, keys: {default_creds['aws_access_key_id'],}, {default_creds['aws_secret_access_key']}")
LOG.debug("credentials = {}".format([x for x in credentials['default']])) LOG.debug(f"credentials = {[x for x in credentials['default']]}")
LOG.debug("Writing updated credentials file...") LOG.debug("Writing updated credentials file...")
with open(credentials_file, 'w') as cred_file: with open(credentials_file, 'w') as cred_file:
@ -162,14 +162,14 @@ def main():
LOG.setLevel(logging.DEBUG) LOG.setLevel(logging.DEBUG)
logging.getLogger('botocore').setLevel(logging.WARNING) logging.getLogger('botocore').setLevel(logging.WARNING)
LOG.debug("Getting AWS session and credentials for {}...".format(args.profile_name)) LOG.debug(f"Getting AWS session and credentials for {args.profile_name}...")
session = boto3.session.Session(region_name='us-east-1', profile_name=args.profile_name) session = boto3.session.Session(region_name='us-east-1', profile_name=args.profile_name)
credentials = session.get_credentials() credentials = session.get_credentials()
credentials_file = os.path.expanduser(args.credentials_file) credentials_file = os.path.expanduser(args.credentials_file)
LOG.debug("credentials_file = {}".format(credentials_file)) LOG.debug(f"credentials_file = {credentials_file}")
print("Generating new AWS keys for user {}...".format(args.user)) print(f"Generating new AWS keys for user {args.user}...")
new_key = rotate_key(session, args.user) new_key = rotate_key(session, args.user)
if new_key: if new_key:

View File

@ -27,6 +27,8 @@ from cryptography.hazmat.primitives import serialization as crypto_serialization
from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.backends import default_backend as crypto_default_backend from cryptography.hazmat.backends import default_backend as crypto_default_backend
from paramiko import SSHClient, AutoAddPolicy
# setting up logging for this script # setting up logging for this script
_LEVEL = logging.INFO _LEVEL = logging.INFO
@ -354,7 +356,7 @@ def switch_keys_on_instances(session, new_key, old_key_name, remove_old_key_only
for y in x['Instances'] for y in x['Instances']
] ]
def main(): def main():