Provide more feedback when managing keys

kislyuk · Jan 22, 2019 · ac13371 · ac13371
1 parent 290184f
commit ac13371
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/README.rst b/README.rst
@@ -18,9 +18,9 @@ On instances that accept SSH logins:
 - Ensure processes launched by sshd have the IAM permissions ``iam:GetSSHPublicKey``, ``iam:ListSSHPublicKeys``, 
   ``iam:GetUser``, ``iam:ListGroups``, ``iam:GetGroup``, ``iam:ListGroupsForUser``, ``iam:GetRole``,
   and ``sts:GetCallerIdentity``. The easiest way to do this is by running 
-  ``keymaker configure --instance-iam-role ROLE_NAME``
+  ``keymaker configure --instance-iam-role INSTANCE_ROLE``
   as a privileged IAM user, which will create and attach a
-  Keymaker IAM policy to the role ``ROLE_NAME`` (which you should then assign, via an IAM Instance Profile, to any
+  Keymaker IAM policy to the role ``INSTANCE_ROLE`` (which you should then assign, via an IAM Instance Profile, to any
   instances you launch). You can also manually configure these permissions, or attach the IAMReadOnlyAccess managed
   policy.
 
@@ -83,7 +83,7 @@ role ``id_resolver`` in account 123456789012 is expected to have a trust policy
 perform sts:AssumeRole on ``id_resolver``.
 
 Run the following command in the ID resolver account (that contains the IAM users) to apply this configuration automatically:
-``keymaker configure --instance-iam-role arn:aws:iam::987654321098:role/ROLE_NAME --cross-account-profile AWS_CLI_PROFILE_NAME``.
+``keymaker configure --instance-iam-role arn:aws:iam::987654321098:role/INSTANCE_ROLE --cross-account-profile AWS_CLI_PROFILE_NAME``.
 Here, 987654321098 is the account ID of the federated account where EC2 instances will run, and AWS_CLI_PROFILE_NAME
 is the name of the `AWS CLI role profile <http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html>`_ that you
 have set up to access the federated account.

diff --git a/keymaker/__init__.py b/keymaker/__init__.py
@@ -316,7 +316,9 @@ def upload_key(args):
     else:
         user = iam.CurrentUser().user
     try:
-        user.meta.client.upload_ssh_public_key(UserName=user.name, SSHPublicKeyBody=ssh_public_key)
+        res = user.meta.client.upload_ssh_public_key(UserName=user.name, SSHPublicKeyBody=ssh_public_key)
+        res["SSHPublicKey"]["UploadDate"] = str(res["SSHPublicKey"]["UploadDate"])
+        print(json.dumps(res["SSHPublicKey"], indent=True))
     except ClientError as e:
         if e.response.get("Error", {}).get("Code") == "LimitExceeded":
             logger.error("The current IAM user has filled their public SSH key quota. "
@@ -354,7 +356,8 @@ def delete_key(args):
         user = iam.User(args.user)
     else:
         user = iam.CurrentUser().user
-    print(iam.meta.client.delete_ssh_public_key(UserName=user.name, SSHPublicKeyId=args.ssh_public_key_id))
+    iam.meta.client.delete_ssh_public_key(UserName=user.name, SSHPublicKeyId=args.ssh_public_key_id)
+    print("Successfully deleted SSH public key", args.ssh_public_key_id)
 
 def is_managed(unix_username):
     try: