Merge pull request #122 from mcpeak/check-for-rate-exceed-on-put-role

Rate limited IAM calls

repokid/__init__.py

@@ -19,7 +19,7 @@
 
 import import_string
 
-__version__ = '0.8.0'
+__version__ = '0.8.1'
 
 
 def init_config():

repokid/cli/repokid_cli.py

@@ -45,8 +45,8 @@
 import time
 
 import botocore
-from cloudaux import CloudAux
-from cloudaux.aws.iam import get_account_authorization_details, get_role_inline_policies
+from cloudaux.aws.iam import (delete_role_policy, get_account_authorization_details, get_role_inline_policies,
+                              put_role_policy)
 from cloudaux.aws.sts import sts_conn
 from docopt import docopt
 import import_string
@@ -751,12 +751,11 @@ def repo_role(account_number, role_name, dynamo_table, config, hooks, commit=Fal
 
     conn = config['connection_iam']
     conn['account_number'] = account_number
-    ca = CloudAux(**conn)
 
     for name in deleted_policy_names:
         LOGGER.info('Deleting policy with name {} from {} in account {}'.format(name, role.role_name, account_number))
         try:
-            ca.call('iam.client.delete_role_policy', RoleName=role.role_name, PolicyName=name)
+            delete_role_policy(RoleName=role.role_name, PolicyName=name, **conn)
         except botocore.exceptions.ClientError as e:
             error = 'Error deleting policy: {} from role: {} in account {}.  Exception: {}'.format(
                 name,
@@ -774,8 +773,9 @@ def repo_role(account_number, role_name, dynamo_table, config, hooks, commit=Fal
 
         for policy_name, policy in repoed_policies.items():
             try:
-                ca.call('iam.client.put_role_policy', RoleName=role.role_name, PolicyName=policy_name,
-                        PolicyDocument=json.dumps(policy, indent=2, sort_keys=True))
+                put_role_policy(RoleName=role.role_name, PolicyName=policy_name,
+                                PolicyDocument=json.dumps(policy, indent=2, sort_keys=True),
+                                **conn)
 
             except botocore.exceptions.ClientError as e:
                 error = 'Exception calling PutRolePolicy on {role}/{policy} in account {account}\n{e}\n'.format(
@@ -837,10 +837,8 @@ def rollback_role(account_number, role_name, dynamo_table, config, hooks, select
         print tabulate(rows, headers=headers)
         return
 
-    from cloudaux import CloudAux
     conn = config['connection_iam']
     conn['account_number'] = account_number
-    ca = CloudAux(**conn)
 
     current_policies = get_role_inline_policies(role.as_dict(), **conn)
 
@@ -875,8 +873,9 @@ def rollback_role(account_number, role_name, dynamo_table, config, hooks, select
                 role.role_name,
                 account_number))
 
-            ca.call('iam.client.put_role_policy', RoleName=role.role_name, PolicyName=policy_name,
-                    PolicyDocument=json.dumps(policy, indent=2, sort_keys=True))
+            put_role_policy(RoleName=role.role_name, PolicyName=policy_name,
+                            PolicyDocument=json.dumps(policy, indent=2, sort_keys=True),
+                            **conn)
 
         except botocore.exceptions.ClientError as e:
             message = "Unable to push policy {}.  Error: {} (role: {} account {})".format(
@@ -897,7 +896,7 @@ def rollback_role(account_number, role_name, dynamo_table, config, hooks, select
     if policies_to_remove:
         for policy_name in policies_to_remove:
             try:
-                ca.call('iam.client.delete_role_policy', RoleName=role.role_name, PolicyName=policy_name)
+                delete_role_policy(RoleName=role.role_name, PolicyName=policy_name, **conn)
 
             except botocore.excpetions.ClientError as e:
                 message = "Unable to delete policy {}.  Error: {} (role: {} account {})".format(

requirements.txt

@@ -4,35 +4,43 @@
 #
 #    pip-compile --output-file requirements.txt requirements.in
 #
-boto3==1.8.4
+bleach==2.1.4             # via readme-renderer
+boto3==1.9.13
 boto==2.49.0              # via cloudaux
-botocore==1.11.4          # via boto3, cloudaux, s3transfer
+botocore==1.12.13         # via boto3, cloudaux, s3transfer
 certifi==2018.8.24        # via requests
+cffi==1.11.5              # via cmarkgfm
 chardet==3.0.4            # via requests
-click==6.7                # via pip-tools
-cloudaux==1.5.1
+click==7.0                # via pip-tools
+cloudaux==1.5.4
+cmarkgfm==0.4.2           # via readme-renderer
 defusedxml==0.5.0         # via cloudaux
 docopt==0.6.2
-docutils==0.14            # via botocore
-first==2.0.1              # via pip-tools
+docutils==0.14            # via botocore, readme-renderer
 flagpole==1.0.1           # via cloudaux
+future==0.16.0            # via readme-renderer
 futures==3.2.0            # via s3transfer
+html5lib==1.0.1           # via bleach
 idna==2.7                 # via requests
 import-string==0.1.0
 inflection==0.3.1         # via cloudaux
 jmespath==0.9.3           # via boto3, botocore
-joblib==0.12.3            # via cloudaux
-marshmallow==2.15.4
-pip-tools==2.0.2
+joblib==0.12.5            # via cloudaux
+marshmallow==2.15.6
+pip-tools==3.0.0
 pkginfo==1.4.2            # via twine
 policyuniverse==1.1.0.1
+pycparser==2.19           # via cffi
+pygments==2.2.0           # via readme-renderer
 python-dateutil==2.7.3    # via botocore
+readme-renderer==22.0     # via twine
 requests-toolbelt==0.8.0  # via twine
 requests==2.19.1
 s3transfer==0.1.13        # via boto3
-six==1.11.0               # via cloudaux, import-string, pip-tools, python-dateutil
+six==1.11.0               # via bleach, cloudaux, html5lib, import-string, pip-tools, python-dateutil, readme-renderer
 tabulate==0.8.2
 tabview==1.4.3
-tqdm==4.25.0
-twine==1.11.0
+tqdm==4.26.0
+twine==1.12.1
 urllib3==1.23             # via botocore, requests
+webencodings==0.5.1       # via html5lib