updated rotate-keys with f-strings
This commit is contained in:
parent
4e8840864c
commit
0c48e3f24f
22
rotate-keys
22
rotate-keys
@ -83,7 +83,7 @@ def create_new_key(iam, user):
|
|||||||
if 'Error' in err.response:
|
if 'Error' in err.response:
|
||||||
print("Key not created")
|
print("Key not created")
|
||||||
if err.response['Error']['Code'] == 'LimitExceeded':
|
if err.response['Error']['Code'] == 'LimitExceeded':
|
||||||
print("User {} already has the maximum number of keys".format(user))
|
print(f"User {user} already has the maximum number of keys")
|
||||||
|
|
||||||
return new_key
|
return new_key
|
||||||
|
|
||||||
@ -98,12 +98,12 @@ def rotate_key(session, user):
|
|||||||
LOG.debug("Getting user key limit for account...")
|
LOG.debug("Getting user key limit for account...")
|
||||||
key_limit = iam.get_account_summary()['SummaryMap']['AccessKeysPerUserQuota']
|
key_limit = iam.get_account_summary()['SummaryMap']['AccessKeysPerUserQuota']
|
||||||
|
|
||||||
LOG.debug("User key limit: {}".format(key_limit))
|
LOG.debug(f"User key limit: {key_limit}")
|
||||||
|
|
||||||
LOG.debug("Getting user's keys...")
|
LOG.debug("Getting user's keys...")
|
||||||
user_keys = iam.list_access_keys()['AccessKeyMetadata']
|
user_keys = iam.list_access_keys()['AccessKeyMetadata']
|
||||||
|
|
||||||
LOG.debug("Found {} keys for user {}".format(len(user_keys), user))
|
LOG.debug(f"Found {len(user_keys)} keys for user {user}")
|
||||||
|
|
||||||
LOG.debug("Check to see if user has the limit of keys allowed...")
|
LOG.debug("Check to see if user has the limit of keys allowed...")
|
||||||
if len(user_keys) == key_limit:
|
if len(user_keys) == key_limit:
|
||||||
@ -122,7 +122,7 @@ def update_credentials_file(credentials_file, profile_name, key, set_default):
|
|||||||
credentials = configparser.ConfigParser()
|
credentials = configparser.ConfigParser()
|
||||||
credentials.read(credentials_file)
|
credentials.read(credentials_file)
|
||||||
|
|
||||||
LOG.debug("credentials = {}".format(credentials.sections()))
|
LOG.debug(f"credentials = {credentials.sections()}")
|
||||||
|
|
||||||
if not profile_name in credentials.sections():
|
if not profile_name in credentials.sections():
|
||||||
LOG.debug("Profile does not exist in credentials file; creating now...")
|
LOG.debug("Profile does not exist in credentials file; creating now...")
|
||||||
@ -132,8 +132,8 @@ def update_credentials_file(credentials_file, profile_name, key, set_default):
|
|||||||
profile_creds['aws_access_key_id'] = key['AccessKey']['AccessKeyId']
|
profile_creds['aws_access_key_id'] = key['AccessKey']['AccessKeyId']
|
||||||
profile_creds['aws_secret_access_key'] = key['AccessKey']['SecretAccessKey']
|
profile_creds['aws_secret_access_key'] = key['AccessKey']['SecretAccessKey']
|
||||||
|
|
||||||
LOG.debug("Profile: {}, keys: {}, {}".format(profile_name, profile_creds['aws_access_key_id'], profile_creds['aws_secret_access_key']))
|
LOG.debug(f"Profile: {profile_name}, keys: {profile_creds['aws_access_key_id']}, {profile_creds['aws_secret_access_key']}")
|
||||||
LOG.debug("credentials = {}".format([x for x in credentials[profile_name]]))
|
LOG.debug(f"credentials = {[x for x in credentials[profile_name]]}"))
|
||||||
|
|
||||||
# make the keys also be the default keys if the toggle is set
|
# make the keys also be the default keys if the toggle is set
|
||||||
if set_default:
|
if set_default:
|
||||||
@ -145,8 +145,8 @@ def update_credentials_file(credentials_file, profile_name, key, set_default):
|
|||||||
default_creds['aws_access_key_id'] = key['AccessKey']['AccessKeyId']
|
default_creds['aws_access_key_id'] = key['AccessKey']['AccessKeyId']
|
||||||
default_creds['aws_secret_access_key'] = key['AccessKey']['SecretAccessKey']
|
default_creds['aws_secret_access_key'] = key['AccessKey']['SecretAccessKey']
|
||||||
|
|
||||||
LOG.debug("Profile: default, keys: {}, {}".format(default_creds['aws_access_key_id'], default_creds['aws_secret_access_key']))
|
LOG.debug(f"Profile: default, keys: {default_creds['aws_access_key_id'],}, {default_creds['aws_secret_access_key']}")
|
||||||
LOG.debug("credentials = {}".format([x for x in credentials['default']]))
|
LOG.debug(f"credentials = {[x for x in credentials['default']]}")
|
||||||
|
|
||||||
LOG.debug("Writing updated credentials file...")
|
LOG.debug("Writing updated credentials file...")
|
||||||
with open(credentials_file, 'w') as cred_file:
|
with open(credentials_file, 'w') as cred_file:
|
||||||
@ -162,14 +162,14 @@ def main():
|
|||||||
LOG.setLevel(logging.DEBUG)
|
LOG.setLevel(logging.DEBUG)
|
||||||
logging.getLogger('botocore').setLevel(logging.WARNING)
|
logging.getLogger('botocore').setLevel(logging.WARNING)
|
||||||
|
|
||||||
LOG.debug("Getting AWS session and credentials for {}...".format(args.profile_name))
|
LOG.debug(f"Getting AWS session and credentials for {args.profile_name}...")
|
||||||
session = boto3.session.Session(region_name='us-east-1', profile_name=args.profile_name)
|
session = boto3.session.Session(region_name='us-east-1', profile_name=args.profile_name)
|
||||||
credentials = session.get_credentials()
|
credentials = session.get_credentials()
|
||||||
|
|
||||||
credentials_file = os.path.expanduser(args.credentials_file)
|
credentials_file = os.path.expanduser(args.credentials_file)
|
||||||
LOG.debug("credentials_file = {}".format(credentials_file))
|
LOG.debug(f"credentials_file = {credentials_file}")
|
||||||
|
|
||||||
print("Generating new AWS keys for user {}...".format(args.user))
|
print(f"Generating new AWS keys for user {args.user}...")
|
||||||
new_key = rotate_key(session, args.user)
|
new_key = rotate_key(session, args.user)
|
||||||
|
|
||||||
if new_key:
|
if new_key:
|
||||||
|
@ -27,6 +27,8 @@ from cryptography.hazmat.primitives import serialization as crypto_serialization
|
|||||||
from cryptography.hazmat.primitives.asymmetric import rsa
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||||
from cryptography.hazmat.backends import default_backend as crypto_default_backend
|
from cryptography.hazmat.backends import default_backend as crypto_default_backend
|
||||||
|
|
||||||
|
from paramiko import SSHClient, AutoAddPolicy
|
||||||
|
|
||||||
|
|
||||||
# setting up logging for this script
|
# setting up logging for this script
|
||||||
_LEVEL = logging.INFO
|
_LEVEL = logging.INFO
|
||||||
@ -354,7 +356,7 @@ def switch_keys_on_instances(session, new_key, old_key_name, remove_old_key_only
|
|||||||
for y in x['Instances']
|
for y in x['Instances']
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
|
Loading…
Reference in New Issue
Block a user