in infrastructure-provisioning/src/general/lib/aws/actions_lib.py [0:0]
def remove_all_iam_resources(instance_type, project_name='', endpoint_name=''):
try:
client = boto3.client('iam')
service_base_name = os.environ['conf_service_base_name']
roles_list = []
if project_name:
start_prefix = '{}-{}-{}-'.format(service_base_name, project_name, endpoint_name)
else:
start_prefix = '{}-'.format(service_base_name)
for item in client.list_roles(MaxItems=250).get("Roles"):
if item.get("RoleName").startswith(start_prefix):
roles_list.append(item.get('RoleName'))
if roles_list:
roles_list.sort(reverse=True)
for iam_role in roles_list:
if '-ssn-role' in iam_role and instance_type == 'ssn' or instance_type == 'all':
try:
client.delete_role_policy(RoleName=iam_role, PolicyName='{0}-ssn-policy'.format(
service_base_name))
except:
print('There is no policy {}-ssn-policy to delete'.format(service_base_name))
attached_role_policies = client.list_attached_role_policies(RoleName=iam_role)
if attached_role_policies:
for policy in attached_role_policies['AttachedPolicies']:
print('{} has been detached from {} role'.format(policy['PolicyName'], iam_role))
client.detach_role_policy(RoleName=iam_role, PolicyArn=policy['PolicyArn'])
role_profiles = client.list_instance_profiles_for_role(RoleName=iam_role).get('InstanceProfiles')
if role_profiles:
for i in role_profiles:
role_profile_name = i.get('InstanceProfileName')
if role_profile_name == '{0}-ssn-profile'.format(service_base_name):
remove_roles_and_profiles(iam_role, role_profile_name)
else:
print("There is no instance profile for {}".format(iam_role))
client.delete_role(RoleName=iam_role)
print("The IAM role {} has been deleted successfully".format(iam_role))
if '-edge-role' in iam_role:
if instance_type == 'edge' and project_name in iam_role:
remove_detach_iam_policies(iam_role, 'delete')
role_profile_name = '{0}-{1}-{2}-edge-profile'.format(service_base_name, project_name,
os.environ['endpoint_name'].lower())
try:
client.get_instance_profile(InstanceProfileName=role_profile_name)
remove_roles_and_profiles(iam_role, role_profile_name)
except:
print("There is no instance profile for {}".format(iam_role))
client.delete_role(RoleName=iam_role)
print("The IAM role {} has been deleted successfully".format(iam_role))
if instance_type == 'all':
remove_detach_iam_policies(iam_role, 'delete')
role_profile_name = client.list_instance_profiles_for_role(
RoleName=iam_role).get('InstanceProfiles')
if role_profile_name:
for i in role_profile_name:
role_profile_name = i.get('InstanceProfileName')
remove_roles_and_profiles(iam_role, role_profile_name)
else:
print("There is no instance profile for {}".format(iam_role))
client.delete_role(RoleName=iam_role)
print("The IAM role {} has been deleted successfully".format(iam_role))
if '-nb-de-role' in iam_role:
if instance_type == 'notebook' and project_name in iam_role:
remove_detach_iam_policies(iam_role)
role_profile_name = '{0}-{1}-{2}-nb-de-profile'.format(service_base_name, project_name,
os.environ['endpoint_name'].lower())
try:
client.get_instance_profile(InstanceProfileName=role_profile_name)
remove_roles_and_profiles(iam_role, role_profile_name)
except:
print("There is no instance profile for {}".format(iam_role))
client.delete_role(RoleName=iam_role)
print("The IAM role {} has been deleted successfully".format(iam_role))
if instance_type == 'all':
remove_detach_iam_policies(iam_role)
role_profile_name = client.list_instance_profiles_for_role(
RoleName=iam_role).get('InstanceProfiles')
if role_profile_name:
for i in role_profile_name:
role_profile_name = i.get('InstanceProfileName')
remove_roles_and_profiles(iam_role, role_profile_name)
else:
print("There is no instance profile for {}".format(iam_role))
client.delete_role(RoleName=iam_role)
print("The IAM role {} has been deleted successfully".format(iam_role))
else:
print("There are no IAM roles to delete. Checking instance profiles...")
profile_list = []
for item in client.list_instance_profiles(MaxItems=250).get("InstanceProfiles"):
if item.get("InstanceProfileName").startswith(start_prefix):
profile_list.append(item.get('InstanceProfileName'))
if profile_list:
for instance_profile in profile_list:
if '-ssn-profile' in instance_profile and instance_type == 'ssn' or instance_type == 'all':
client.delete_instance_profile(InstanceProfileName=instance_profile)
print("The instance profile {} has been deleted successfully".format(instance_profile))
if '-edge-profile' in instance_profile:
if instance_type == 'edge' and project_name in instance_profile:
client.delete_instance_profile(InstanceProfileName=instance_profile)
print("The instance profile {} has been deleted successfully".format(instance_profile))
if instance_type == 'all':
client.delete_instance_profile(InstanceProfileName=instance_profile)
print("The instance profile {} has been deleted successfully".format(instance_profile))
if '-nb-de-profile' in instance_profile:
if instance_type == 'notebook' and project_name in instance_profile:
client.delete_instance_profile(InstanceProfileName=instance_profile)
print("The instance profile {} has been deleted successfully".format(instance_profile))
if instance_type == 'all':
client.delete_instance_profile(InstanceProfileName=instance_profile)
print("The instance profile {} has been deleted successfully".format(instance_profile))
else:
print("There are no instance profiles to delete")
except Exception as err:
logging.info("Unable to remove some of the IAM resources: " + str(err) + "\n Traceback: " + traceback.print_exc(
file=sys.stdout))
append_result(str({"error": "Unable to remove some of the IAM resources",
"error_message": str(err) + "\n Traceback: " + traceback.print_exc(file=sys.stdout)}))
traceback.print_exc(file=sys.stdout)