aws_student_accounts 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws_student_accounts/app.rb +58 -42
- data/lib/aws_student_accounts/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 214ce914dd480e0fa8ebaacae1405bee21317ad0
|
4
|
+
data.tar.gz: 422c6422eb49a6a18f4f8550c2f6050056a29382
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1f6ccac770d7207599dc5a8465bb5eb2e1fef760a3b59299fb8f28aafb3fd53849a24d76a7a7fddc1a6fb46dd0ae56623113c665e1a94a7cf9c543ffc08cc4c7
|
7
|
+
data.tar.gz: f60b541126fa6df354329df090f4cb5bb82ee71619a3e728709617be0413e2eaa92cc02af2bcdb766dcfff4801fce62b2f60078badbdddcee16a3069acf61b6a
|
@@ -41,43 +41,44 @@ class AwsStudentAccounts::App < Thor
|
|
41
41
|
|
42
42
|
desc "create-students", "Create a student IAM account for all AWS accounts"
|
43
43
|
common_options
|
44
|
-
method_option :signin_urls, desc: "File mapping usernames to account signin URLs",
|
45
|
-
type: :string, aliases: "-s", required: true
|
46
44
|
def create_students(path_to_student_folders="students")
|
47
45
|
load_and_verify_options
|
48
46
|
@io_semaphore = Mutex.new
|
49
47
|
|
50
|
-
signin_urls = YAML.load_file(options[:signin_urls])
|
51
|
-
|
52
48
|
@users_credentials = ThreadSafe::Hash.new
|
53
49
|
@users_passwords = ThreadSafe::Hash.new
|
54
50
|
|
55
51
|
FileUtils.mkdir_p(path_to_student_folders)
|
56
52
|
FileUtils.chdir(path_to_student_folders) do
|
57
53
|
Parallel.each(fog_credentials, in_threads: fog_credentials.size) do |username, credentials|
|
58
|
-
create_student_user(username, credentials
|
54
|
+
create_student_user(username, credentials)
|
59
55
|
end
|
60
56
|
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
57
|
+
# don't rewrite the shared file if only re-creating credentials for one person
|
58
|
+
# FIXME: update these files rather than rewriting?
|
59
|
+
# TODO: make backups of shared files before rewriting
|
60
|
+
unless options[:only]
|
61
|
+
File.open("students-fog-api.yml", "w") do |f|
|
62
|
+
f << @users_credentials.to_yaml
|
63
|
+
end
|
64
|
+
say "Stored all user API credentials: #{File.expand_path('students-fog-api.yml')}"
|
65
65
|
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
## #{user_login[:username]}
|
66
|
+
File.open("students-console-passwords.md", "w") do |f|
|
67
|
+
f << "# Student AWS logins\n\n"
|
68
|
+
fog_credentials.each do |username, credentials|
|
69
|
+
if user_login = @users_passwords[username]
|
70
|
+
f << <<-EOS
|
71
|
+
## #{user_login[:username]}
|
72
72
|
|
73
|
-
* Sign-in URL: #{user_login[:url]}
|
74
|
-
* Username: #{user_login[:username]}
|
75
|
-
* Password: #{user_login[:password]}
|
73
|
+
* Sign-in URL: #{user_login[:url]}
|
74
|
+
* Username: #{user_login[:username]}
|
75
|
+
* Password: #{user_login[:password]}
|
76
76
|
|
77
|
-
|
77
|
+
EOS
|
78
|
+
end
|
78
79
|
end
|
80
|
+
say "Stored all user passwords: #{File.expand_path('students-console-passwords.md')}"
|
79
81
|
end
|
80
|
-
say "Stored all user passwords: #{File.expand_path('students-console-passwords.md')}"
|
81
82
|
end
|
82
83
|
end
|
83
84
|
end
|
@@ -187,14 +188,7 @@ class AwsStudentAccounts::App < Thor
|
|
187
188
|
say *args
|
188
189
|
end
|
189
190
|
|
190
|
-
def create_student_user(account, admin_credentials
|
191
|
-
unless account_signin_url = signin_urls[account]
|
192
|
-
@io_semaphore.synchronize do
|
193
|
-
user_say account, "Admin account #{account} missing from #{options[:signin_urls]}, skipping", :red
|
194
|
-
end
|
195
|
-
return
|
196
|
-
end
|
197
|
-
|
191
|
+
def create_student_user(account, admin_credentials)
|
198
192
|
begin
|
199
193
|
iam = Fog::AWS::IAM.new(admin_credentials)
|
200
194
|
|
@@ -245,18 +239,35 @@ class AwsStudentAccounts::App < Thor
|
|
245
239
|
aws_access_key_id: access_key_id,
|
246
240
|
aws_secret_access_key: secret_access_key
|
247
241
|
}
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
242
|
+
retries = 5
|
243
|
+
signin_url = nil
|
244
|
+
while retries > 0
|
245
|
+
begin
|
246
|
+
user_compute = Fog::Compute::AWS.new(user_credentials)
|
247
|
+
server_count = user_compute.servers.size
|
248
|
+
@io_semaphore.synchronize do
|
249
|
+
user_say username, "Verify credentials: "
|
250
|
+
say "OK ", :green
|
251
|
+
say "(#{server_count} vms)"
|
252
|
+
end
|
253
|
+
|
254
|
+
signin_url = account_signin_url(user_compute)
|
255
|
+
break
|
256
|
+
rescue => e
|
257
|
+
retries = retries - 1
|
258
|
+
if retries <= 0
|
259
|
+
@io_semaphore.synchronize do
|
260
|
+
user_say username, "Verify credentials: "
|
261
|
+
say e.message, :red
|
262
|
+
end
|
263
|
+
else
|
264
|
+
@io_semaphore.synchronize do
|
265
|
+
user_say username, "Verify credentials: "
|
266
|
+
say "failed ", :yellow
|
267
|
+
say "retrying..."
|
268
|
+
end
|
269
|
+
sleep 1
|
270
|
+
end
|
260
271
|
end
|
261
272
|
end
|
262
273
|
|
@@ -264,12 +275,12 @@ class AwsStudentAccounts::App < Thor
|
|
264
275
|
user_login = {
|
265
276
|
password: password,
|
266
277
|
username: username.to_s,
|
267
|
-
url:
|
278
|
+
url: signin_url
|
268
279
|
}
|
269
280
|
@users_passwords[username] = user_login
|
270
281
|
|
271
282
|
write_fog_file(username, user_credentials)
|
272
|
-
write_password_file(
|
283
|
+
write_password_file(signin_url, user_login)
|
273
284
|
rescue => e
|
274
285
|
@io_semaphore.synchronize do
|
275
286
|
say "#{e.class}: #{e.message}", :red
|
@@ -336,7 +347,12 @@ class AwsStudentAccounts::App < Thor
|
|
336
347
|
@io_semaphore.synchronize do
|
337
348
|
user_say username, "Created console-passwords.md", :green
|
338
349
|
end
|
350
|
+
end
|
339
351
|
|
352
|
+
def account_signin_url(aws_compute)
|
353
|
+
any_sg = aws_compute.security_groups.first
|
354
|
+
account_num = any_sg.owner_id
|
355
|
+
"https://#{account_num}.signin.aws.amazon.com/console"
|
340
356
|
end
|
341
357
|
|
342
358
|
def destroy_everything(account, aws_region, compute)
|