| Index: third_party/boto/boto/iam/connection.py
|
| ===================================================================
|
| --- third_party/boto/boto/iam/connection.py (revision 33376)
|
| +++ third_party/boto/boto/iam/connection.py (working copy)
|
| @@ -26,13 +26,34 @@
|
| from boto.iam.summarymap import SummaryMap
|
| from boto.connection import AWSQueryConnection
|
|
|
| +DEFAULT_POLICY_DOCUMENTS = {
|
| + 'default': {
|
| + 'Statement': [
|
| + {
|
| + 'Principal': {
|
| + 'Service': ['ec2.amazonaws.com']
|
| + },
|
| + 'Effect': 'Allow',
|
| + 'Action': ['sts:AssumeRole']
|
| + }
|
| + ]
|
| + },
|
| + 'amazonaws.com.cn': {
|
| + 'Statement': [
|
| + {
|
| + 'Principal': {
|
| + 'Service': ['ec2.amazonaws.com.cn']
|
| + },
|
| + 'Effect': 'Allow',
|
| + 'Action': ['sts:AssumeRole']
|
| + }
|
| + ]
|
| + },
|
| +}
|
| +# For backward-compatibility, we'll preserve this here.
|
| +ASSUME_ROLE_POLICY_DOCUMENT = json.dumps(DEFAULT_POLICY_DOCUMENTS['default'])
|
|
|
| -ASSUME_ROLE_POLICY_DOCUMENT = json.dumps({
|
| - 'Statement': [{'Principal': {'Service': ['ec2.amazonaws.com']},
|
| - 'Effect': 'Allow',
|
| - 'Action': ['sts:AssumeRole']}]})
|
|
|
| -
|
| class IAMConnection(AWSQueryConnection):
|
|
|
| APIVersion = '2010-05-08'
|
| @@ -40,15 +61,16 @@
|
| def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
|
| is_secure=True, port=None, proxy=None, proxy_port=None,
|
| proxy_user=None, proxy_pass=None, host='iam.amazonaws.com',
|
| - debug=0, https_connection_factory=None,
|
| - path='/', security_token=None, validate_certs=True):
|
| + debug=0, https_connection_factory=None, path='/',
|
| + security_token=None, validate_certs=True, profile_name=None):
|
| super(IAMConnection, self).__init__(aws_access_key_id,
|
| aws_secret_access_key,
|
| is_secure, port, proxy,
|
| proxy_port, proxy_user, proxy_pass,
|
| host, debug, https_connection_factory,
|
| path, security_token,
|
| - validate_certs=validate_certs)
|
| + validate_certs=validate_certs,
|
| + profile_name=profile_name)
|
|
|
| def _required_auth_capability(self):
|
| return ['hmac-v4']
|
| @@ -1005,13 +1027,35 @@
|
| :param service: Default service to go to in the console.
|
| """
|
| alias = self.get_account_alias()
|
| +
|
| if not alias:
|
| raise Exception('No alias associated with this account. Please use iam.create_account_alias() first.')
|
|
|
| + resp = alias.get('list_account_aliases_response', {})
|
| + result = resp.get('list_account_aliases_result', {})
|
| + aliases = result.get('account_aliases', [])
|
| +
|
| + if not len(aliases):
|
| + raise Exception('No alias associated with this account. Please use iam.create_account_alias() first.')
|
| +
|
| + # We'll just use the first one we find.
|
| + alias = aliases[0]
|
| +
|
| if self.host == 'iam.us-gov.amazonaws.com':
|
| - return "https://%s.signin.amazonaws-us-gov.com/console/%s" % (alias, service)
|
| + return "https://%s.signin.amazonaws-us-gov.com/console/%s" % (
|
| + alias,
|
| + service
|
| + )
|
| + elif self.host.endswith('amazonaws.com.cn'):
|
| + return "https://%s.signin.amazonaws.cn/console/%s" % (
|
| + alias,
|
| + service
|
| + )
|
| else:
|
| - return "https://%s.signin.aws.amazon.com/console/%s" % (alias, service)
|
| + return "https://%s.signin.aws.amazon.com/console/%s" % (
|
| + alias,
|
| + service
|
| + )
|
|
|
| def get_account_summary(self):
|
| """
|
| @@ -1058,6 +1102,30 @@
|
| params['Path'] = path
|
| return self.get_response('CreateInstanceProfile', params)
|
|
|
| + def _build_policy(self, assume_role_policy_document=None):
|
| + if assume_role_policy_document is not None:
|
| + if isinstance(assume_role_policy_document, basestring):
|
| + # Historically, they had to pass a string. If it's a string,
|
| + # assume the user has already handled it.
|
| + return assume_role_policy_document
|
| + else:
|
| +
|
| + for tld, policy in DEFAULT_POLICY_DOCUMENTS.items():
|
| + if tld is 'default':
|
| + # Skip the default. We'll fall back to it if we don't find
|
| + # anything.
|
| + continue
|
| +
|
| + if self.host and self.host.endswith(tld):
|
| + assume_role_policy_document = policy
|
| + break
|
| +
|
| + if not assume_role_policy_document:
|
| + assume_role_policy_document = DEFAULT_POLICY_DOCUMENTS['default']
|
| +
|
| + # Dump the policy (either user-supplied ``dict`` or one of the defaults)
|
| + return json.dumps(assume_role_policy_document)
|
| +
|
| def create_role(self, role_name, assume_role_policy_document=None, path=None):
|
| """
|
| Creates a new role for your AWS account.
|
| @@ -1069,21 +1137,19 @@
|
| :type role_name: string
|
| :param role_name: Name of the role to create.
|
|
|
| - :type assume_role_policy_document: string
|
| + :type assume_role_policy_document: ``string`` or ``dict``
|
| :param assume_role_policy_document: The policy that grants an entity
|
| permission to assume the role.
|
|
|
| :type path: string
|
| - :param path: The path to the instance profile.
|
| + :param path: The path to the role.
|
| """
|
| - params = {'RoleName': role_name}
|
| - if assume_role_policy_document is None:
|
| - # This is the only valid assume_role_policy_document currently, so
|
| - # this is used as a default value if no assume_role_policy_document
|
| - # is provided.
|
| - params['AssumeRolePolicyDocument'] = ASSUME_ROLE_POLICY_DOCUMENT
|
| - else:
|
| - params['AssumeRolePolicyDocument'] = assume_role_policy_document
|
| + params = {
|
| + 'RoleName': role_name,
|
| + 'AssumeRolePolicyDocument': self._build_policy(
|
| + assume_role_policy_document
|
| + ),
|
| + }
|
| if path is not None:
|
| params['Path'] = path
|
| return self.get_response('CreateRole', params)
|
|
|
Chromium Code Reviews
Issue 698893003:
Update checked in version of gsutil to version 4.6 (Closed)
Base URL: http://dart.googlecode.com/svn/third_party/gsutil/