Class: RightAws::IamInterface
- Inherits:
-
RightAwsBase
- Object
- RightAwsBase
- RightAws::IamInterface
- Includes:
- RightAwsBaseInterface
- Defined in:
- lib/iam/right_iam_interface.rb,
lib/iam/right_iam_users.rb,
lib/iam/right_iam_groups.rb,
lib/iam/right_iam_access_keys.rb,
lib/iam/right_iam_mfa_devices.rb
Overview
RightAWS::Iam – RightScale AWS Identity and Access Management (IAM) interface
The RightAws::Iam class provides a complete interface to Amazon’s Identity and Access Management service.
For explanations of the semantics of each call, please refer to Amazon’s documentation at aws.amazon.com/documentation/iam/
Examples:
Create an EC2 interface handle:
iam = RightAws::IamInterface.new(aws_access_key_id, aws_secret_access_key)
iam.list_access_keys
iam.list_users
iam.list_groups
Defined Under Namespace
Classes: BasicIamListParser, BasicIamParser, CreateAccessKeyParser, CreateGroupParser, GetGroupParser, GetGroupPolicyParser, GetLoginProfileParser, GetServerCertificateParser, GetSigningCertificateParser, GetUserParser, GetUserPolicyParser, ListAccessKeysParser, ListGroupsParser, ListMFADevicesParser, ListServerCertificatesParser, ListSigningCertificatesParser, ListUsersParser
Constant Summary collapse
- API_VERSION =
"2010-05-08"
- DEFAULT_HOST =
"iam.amazonaws.com"
- DEFAULT_PATH =
'/'
- DEFAULT_PROTOCOL =
'https'
- DEFAULT_PORT =
443
- @@bench =
AwsBenchmarkingBlock.new
Constants included from RightAwsBaseInterface
RightAwsBaseInterface::BLOCK_DEVICE_KEY_MAPPING, RightAwsBaseInterface::DEFAULT_SIGNATURE_VERSION
Constants inherited from RightAwsBase
RightAwsBase::AMAZON_PROBLEMS, RightAwsBase::RAISE_ON_TIMEOUT_ON_ACTIONS
Instance Attribute Summary
Attributes included from RightAwsBaseInterface
#aws_access_key_id, #aws_secret_access_key, #cache, #connection, #last_errors, #last_request, #last_request_id, #last_response, #logger, #params, #signature_version
Class Method Summary collapse
Instance Method Summary collapse
-
#add_user_to_group(user_name, group_name) ⇒ Object
Adds the specified User to the specified group.
-
#create_access_key(options = {}) ⇒ Object
Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified User.
-
#create_group(group_name, path = nil) ⇒ Object
Creates a new group.
-
#create_login_profile(user_name, password) ⇒ Object
Creates a login profile for the specified User, giving the User the ability to access AWS services such as the AWS Management Console.
-
#create_user(user_name, options = {}) ⇒ Object
Creates a new User for your AWS Account.
-
#deactivate_mfa_device(user_name, serial_number) ⇒ Object
Deactivates the specified MFA device and removes it from association with the User name for which it was originally enabled.
-
#delete_access_key(access_key_id, options = {}) ⇒ Object
Deletes the access key associated with the specified User.
-
#delete_group(group_name) ⇒ Object
Deletes the specified group.
-
#delete_group_policy(group_name, policy_name) ⇒ Object
Deletes the specified policy that is associated with the specified group.
-
#delete_login_profile(user_name) ⇒ Object
Deletes the login profile for the specified User, which terminates the User’s ability to access AWS services through the IAM login page.
-
#delete_server_certificate(server_certificate_name) ⇒ Object
Deletes the specified server certificate.
-
#delete_signing_certificate(certificate_id, options = {}) ⇒ Object
Deletes the specified signing certificate associated with the specified User.
-
#delete_user(user_name) ⇒ Object
Deletes the specified User.
-
#delete_user_policy(user_name, policy_name) ⇒ Object
Deletes the specified policy associated with the specified User.
-
#enable_mfa_device(user_name, serial_number, auth_code1, auth_code2) ⇒ Object
Enables the specified MFA device and associates it with the specified User name.
-
#generate_request(action, params = {}) ⇒ Object
:nodoc:.
-
#get_group(group_name, options = {}, &block) ⇒ Object
Returns a list of Users that are in the specified group.
-
#get_group_policy(group_name, policy_name) ⇒ Object
Retrieves the specified policy document for the specified group.
-
#get_login_profile(user_name) ⇒ Object
Retrieves the login profile for the specified User.
-
#get_server_certificate(server_certificate_name) ⇒ Object
Retrieves information about the specified server certificate.
-
#get_user(user_name) ⇒ Object
Retrieves information about the specified User, including the User’s path, GUID, and ARN.
-
#get_user_policy(user_name, policy_name) ⇒ Object
Retrieves the specified policy document for the specified User.
-
#incrementally_list_iam_resources(api_function, params = {}, options = {}, &block) ⇒ Object
Options: :parser, :except, :items.
-
#initialize(aws_access_key_id = nil, aws_secret_access_key = nil, params = {}) ⇒ IamInterface
constructor
Create a new handle to an IAM account.
-
#list_access_keys(options = {}, &block) ⇒ Object
Returns information about the Access Key IDs associated with the specified User.
-
#list_group_policies(group_name, options = {}, &block) ⇒ Object
Lists the names of the policies associated with the specified group.
-
#list_groups(options = {}, &block) ⇒ Object
Lists the groups that have the specified path prefix.
-
#list_groups_for_user(user_name, options = {}, &block) ⇒ Object
Lists the names of the policies associated with the specified group.
-
#list_mfa_devices(options = {}, &block) ⇒ Object
Lists the MFA devices associated with the specified User name.
-
#list_server_certificates(options = {}, &block) ⇒ Object
Lists the server certificates that have the specified path prefix.
-
#list_signing_certificates(options = {}, &block) ⇒ Object
Returns information about the signing certificates associated with the specified User.
-
#list_user_policies(user_name, options = {}, &block) ⇒ Object
Lists the names of the policies associated with the specified User.
-
#list_users(options = {}, &block) ⇒ Object
Lists the Users that have the specified path prefix.
-
#put_group_policy(group_name, policy_name, policy_document) ⇒ Object
Adds (or updates) a policy document associated with the specified group.
-
#put_user_policy(user_name, policy_name, policy_document) ⇒ Object
Adds (or updates) a policy document associated with the specified User.
-
#remove_user_from_group(user_name, group_name) ⇒ Object
Removes the specified User from the specified group.
-
#request_info(request, parser) ⇒ Object
Sends request to Amazon and parses the response Raises AwsError if any banana happened.
-
#resync_mfa_device(user_name, serial_number, auth_code1, auth_code2) ⇒ Object
Synchronizes the specified MFA device with AWS servers.
-
#update_group(group_name, options = {}) ⇒ Object
Updates the name and/or the path of the specified group.
-
#update_login_profile(user_name, options = {}) ⇒ Object
Updates the login profile for the specified User.
-
#update_server_certificate(server_certificate_name, options = {}) ⇒ Object
Updates the name and/or the path of the specified server certificate.
-
#update_user(user_name, options = {}) ⇒ Object
Updates the name and/or the path of the specified User.
-
#upload_server_certificate(server_certificate_name, certificate_body, private_key, options = {}) ⇒ Object
Uploads a server certificate entity for the AWS Account.
-
#upload_signing_certificate(certificate_body, options = {}) ⇒ Object
Uploads an X.509 signing certificate and associates it with the specified User.
Methods included from RightAwsBaseInterface
#amazonize_block_device_mappings, #amazonize_list, #cache_hits?, caching, caching=, #caching?, #destroy_connection, #generate_request_impl, #get_connection, #get_connections_storage, #get_server_url, #incrementally_list_items, #init, #on_exception, #request_cache_or_info, #request_info_impl, #signed_service_params, #update_cache, #with_connection_options
Methods inherited from RightAwsBase
amazon_problems, amazon_problems=, raise_on_timeout_on_actions, raise_on_timeout_on_actions=
Constructor Details
#initialize(aws_access_key_id = nil, aws_secret_access_key = nil, params = {}) ⇒ IamInterface
Create a new handle to an IAM account. All handles share the same per process or per thread HTTP connection to Amazon IAM. Each handle is for a specific account. The params have the following options:
-
:endpoint_url
a fully qualified url to Amazon API endpoint (this overwrites: :server, :port, :service, :protocol). -
:server
: IAM service host, default: DEFAULT_HOST -
:port
: IAM service port, default: DEFAULT_PORT -
:protocol
: ‘http’ or ‘https’, default: DEFAULT_PROTOCOL -
:logger
: for log messages, default: RAILS_DEFAULT_LOGGER else STDOUT -
:signature_version
: The signature version : ‘0’,‘1’ or ‘2’(default) -
:cache
: true/false(default): caching works for: describe_load_balancers
71 72 73 74 75 76 77 78 79 80 81 |
# File 'lib/iam/right_iam_interface.rb', line 71 def initialize(aws_access_key_id=nil, aws_secret_access_key=nil, params={}) init({ :name => 'IAM', :default_host => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).host : DEFAULT_HOST, :default_port => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).port : DEFAULT_PORT, :default_service => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).path : DEFAULT_PATH, :default_protocol => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).scheme : DEFAULT_PROTOCOL, :default_api_version => ENV['IAM_API_VERSION'] || API_VERSION }, aws_access_key_id || ENV['AWS_ACCESS_KEY_ID'] , aws_secret_access_key|| ENV['AWS_SECRET_ACCESS_KEY'], params) end |
Class Method Details
.bench_service ⇒ Object
56 57 58 |
# File 'lib/iam/right_iam_interface.rb', line 56 def self.bench_service @@bench.service end |
.bench_xml ⇒ Object
53 54 55 |
# File 'lib/iam/right_iam_interface.rb', line 53 def self.bench_xml @@bench.xml end |
Instance Method Details
#add_user_to_group(user_name, group_name) ⇒ Object
Adds the specified User to the specified group.
iam.add_user_to_group('kd', 'kd_test_1') #=> true
154 155 156 157 158 159 |
# File 'lib/iam/right_iam_users.rb', line 154 def add_user_to_group(user_name, group_name) request_hash = { 'UserName' => user_name, 'GroupName' => group_name } link = generate_request("AddUserToGroup", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#create_access_key(options = {}) ⇒ Object
Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified User.
Options: :user_name
iam.create_access_key(:user_name => 'kd1') #=>
{:access_key_id=>"AK0000000000000000ZQ",
:status=>"Active",
:secret_access_key=>"QXN0000000000000000000000000000000000Ioj",
:create_date=>"2010-10-29T07:16:32.210Z",
:user_name=>"kd1"}
33 34 35 36 37 38 |
# File 'lib/iam/right_iam_access_keys.rb', line 33 def create_access_key(={}) request_hash = {} request_hash['UserName'] = [:user_name] unless [:user_name].right_blank? link = generate_request("CreateAccessKey", request_hash) request_info(link, CreateAccessKeyParser.new(:logger => @logger)) end |
#create_group(group_name, path = nil) ⇒ Object
Creates a new group.
iam.create_group('kd_group') #=>
{:group_id=>"AGP000000000000000UTY",
:arn=>"arn:aws:iam::640000000037:group/kd_test",
:path=>"/",
:group_name=>"kd_test"}
iam.create_group('kd_test_3', '/kd/') #=>
{:group_id=>"AGP000000000000000G6Q",
:arn=>"arn:aws:iam::640000000037:group/kd/kd_test_3",
:path=>"/kd/",
:group_name=>"kd_test_3"}
37 38 39 40 41 42 |
# File 'lib/iam/right_iam_groups.rb', line 37 def create_group(group_name, path=nil) request_hash = { 'GroupName' => group_name } request_hash['Path'] = path unless path.right_blank? link = generate_request("CreateGroup", request_hash) request_info(link, CreateGroupParser.new(:logger => @logger)) end |
#create_login_profile(user_name, password) ⇒ Object
Creates a login profile for the specified User, giving the User the ability to access AWS services such as the AWS Management Console.
iam.create_login_profile('kd','q1w2e3r4t5') #=> { :user_name => 'kd' }
181 182 183 184 185 186 |
# File 'lib/iam/right_iam_users.rb', line 181 def create_login_profile(user_name, password) request_hash = { 'UserName' => user_name, 'Password' => password} link = generate_request("CreateLoginProfile", request_hash) request_info(link, GetLoginProfileParser.new(:logger => @logger)) end |
#create_user(user_name, options = {}) ⇒ Object
Creates a new User for your AWS Account.
Options: :path
iam.create_user('kd') #=>
{:user_name=>"kd",
:user_id=>"AI000000000000000006A",
:arn=>"arn:aws:iam::640000000037:user/kd",
:path=>"/"}
33 34 35 36 37 38 |
# File 'lib/iam/right_iam_users.rb', line 33 def create_user(user_name, ={}) request_hash = { 'UserName' => user_name } request_hash['Path'] = [:path] unless [:path] link = generate_request("CreateUser", request_hash) request_info(link, GetUserParser.new(:logger => @logger)) end |
#deactivate_mfa_device(user_name, serial_number) ⇒ Object
Deactivates the specified MFA device and removes it from association with the User name for which it was originally enabled.
deactivate_mfa_device('kd1', 'dev1234567890') #=> true
48 49 50 51 52 53 |
# File 'lib/iam/right_iam_mfa_devices.rb', line 48 def deactivate_mfa_device(user_name, serial_number) request_hash = { 'UserName' => user_name, 'SerialNumber' => serial_number } link = generate_request("DeactivateMFADevice", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#delete_access_key(access_key_id, options = {}) ⇒ Object
Deletes the access key associated with the specified User.
Options: :user_name
iam.delete_access_key('AK00000000000000006A', :user_name => 'kd1') #=> true
46 47 48 49 50 51 |
# File 'lib/iam/right_iam_access_keys.rb', line 46 def delete_access_key(access_key_id, ={}) request_hash = { 'AccessKeyId' => access_key_id } request_hash['UserName'] = [:user_name] unless [:user_name].right_blank? link = generate_request("DeleteAccessKey", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#delete_group(group_name) ⇒ Object
Deletes the specified group. The group must not contain any Users or have any attached policies.
iam.delete_group('kd_test_3') #=> true
82 83 84 85 86 |
# File 'lib/iam/right_iam_groups.rb', line 82 def delete_group(group_name) request_hash = { 'GroupName' => group_name } link = generate_request("DeleteGroup", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#delete_group_policy(group_name, policy_name) ⇒ Object
Deletes the specified policy that is associated with the specified group
iam.delete_group_policy('kd_test', 'kd_policy_1') #=> true
135 136 137 138 139 140 |
# File 'lib/iam/right_iam_groups.rb', line 135 def delete_group_policy(group_name, policy_name) request_hash = { 'GroupName' => group_name, 'PolicyName' => policy_name } link = generate_request("DeleteGroupPolicy", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#delete_login_profile(user_name) ⇒ Object
Deletes the login profile for the specified User, which terminates the User’s ability to access AWS services through the IAM login page.
iam.delete_login_profile('kd') #=> true
214 215 216 217 218 |
# File 'lib/iam/right_iam_users.rb', line 214 def delete_login_profile(user_name) request_hash = { 'UserName' => user_name } link = generate_request("DeleteLoginProfile", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#delete_server_certificate(server_certificate_name) ⇒ Object
Deletes the specified server certificate
iam.delete_server_certificate('ProdServerCert') #=> true
210 211 212 213 214 |
# File 'lib/iam/right_iam_interface.rb', line 210 def delete_server_certificate(server_certificate_name) request_hash = { 'ServerCertificateName' => server_certificate_name } link = generate_request("DeleteServerCertificate", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#delete_signing_certificate(certificate_id, options = {}) ⇒ Object
Deletes the specified signing certificate associated with the specified User.
Options: :user_name
pp iam.delete_signing_certificate('OB0000000000000000000000000000HY', :user_name => 'kd1')
266 267 268 269 270 271 |
# File 'lib/iam/right_iam_interface.rb', line 266 def delete_signing_certificate(certificate_id, ={}) request_hash = { 'CertificateId' => certificate_id } request_hash['UserName'] = [:user_name] unless [:user_name].right_blank? link = generate_request("DeleteSigningCertificate", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#delete_user(user_name) ⇒ Object
Deletes the specified User. The User must not belong to any groups, have any keys or signing certificates, or have any attached policies.
iam.delete_user('kd') #=> true
70 71 72 73 74 |
# File 'lib/iam/right_iam_users.rb', line 70 def delete_user(user_name) request_hash = { 'UserName' => user_name } link = generate_request("DeleteUser", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#delete_user_policy(user_name, policy_name) ⇒ Object
Deletes the specified policy associated with the specified User.
iam.delete_user_policy('kd','kd_user_policy_1') #=> true
123 124 125 126 127 128 |
# File 'lib/iam/right_iam_users.rb', line 123 def delete_user_policy(user_name, policy_name) request_hash = { 'UserName' => user_name, 'PolicyName' => policy_name } link = generate_request("DeleteUserPolicy", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#enable_mfa_device(user_name, serial_number, auth_code1, auth_code2) ⇒ Object
Enables the specified MFA device and associates it with the specified User name. Once enabled, the MFA device is required for every subsequent login by the User name associated with the device.
iam.enable_mfa_device('kd1', 'x12345', '12345', '67890') #=> true
22 23 24 25 26 27 28 29 |
# File 'lib/iam/right_iam_mfa_devices.rb', line 22 def enable_mfa_device(user_name, serial_number, auth_code1, auth_code2) request_hash = { 'UserName' => user_name, 'SerialNumber' => serial_number, 'AuthenticationCode1' => auth_code1, 'AuthenticationCode2' => auth_code2 } link = generate_request("EnableMFADevice", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#generate_request(action, params = {}) ⇒ Object
:nodoc:
83 84 85 |
# File 'lib/iam/right_iam_interface.rb', line 83 def generate_request(action, params={}) #:nodoc: generate_request_impl(:get, action, params ) end |
#get_group(group_name, options = {}, &block) ⇒ Object
Returns a list of Users that are in the specified group.
Options: :max_items, :marker
iam.get_group('kd_test') #=>
{:arn=>"arn:aws:iam::640000000037:group/kd1/kd_test_1",
:users=>
[{:arn=>"arn:aws:iam::640000000037:user/kd",
:path=>"/",
:user_name=>"kd",
:user_id=>"AID000000000000000WZ2"}],
:group_name=>"kd_test_1",
:group_id=>"AGP000000000000000UTY",
:path=>"/kd1/"}
73 74 75 76 |
# File 'lib/iam/right_iam_groups.rb', line 73 def get_group(group_name, ={}, &block) [:group_name] = group_name incrementally_list_iam_resources('GetGroup', , :items => :users, :except => [:marker, :is_truncated], &block) end |
#get_group_policy(group_name, policy_name) ⇒ Object
Retrieves the specified policy document for the specified group.
iam.get_group_policy('kd_test', 'kd_policy_1') #=>
{:policy_name=>"kd_policy_1",
:policy_document=>"{\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}]}",
:group_name=>"kd_test"}
124 125 126 127 128 129 |
# File 'lib/iam/right_iam_groups.rb', line 124 def get_group_policy(group_name, policy_name) request_hash = { 'GroupName' => group_name, 'PolicyName' => policy_name } link = generate_request("GetGroupPolicy", request_hash) request_info(link, GetGroupPolicyParser.new(:logger => @logger)) end |
#get_login_profile(user_name) ⇒ Object
Retrieves the login profile for the specified User
iam.create_login_profile('kd','q1w2e3r4t5') #=> { :user_name => 'kd' }
203 204 205 206 207 |
# File 'lib/iam/right_iam_users.rb', line 203 def get_login_profile(user_name) request_hash = { 'UserName' => user_name } link = generate_request("GetLoginProfile", request_hash) request_info(link, GetLoginProfileParser.new(:logger => @logger)) end |
#get_server_certificate(server_certificate_name) ⇒ Object
Retrieves information about the specified server certificate.
iam.get_server_certificate('KdCert1')
{:certificate_body=>
"-----BEGIN CERTIFICATE-----\nMIICATC...TiU5TibMpD1g==\n-----END CERTIFICATE-----",
:server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
:server_certificate_name=>"KdCert1",
:upload_date=>"2010-12-09T13:21:07Z",
:path=>"/kdcert/",
:certificate_chain=>"",
:arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}
200 201 202 203 204 |
# File 'lib/iam/right_iam_interface.rb', line 200 def get_server_certificate(server_certificate_name) request_hash = { 'ServerCertificateName' => server_certificate_name} link = generate_request("GetServerCertificate", request_hash) request_info(link, GetServerCertificateParser.new(:logger => @logger)) end |
#get_user(user_name) ⇒ Object
Retrieves information about the specified User, including the User’s path, GUID, and ARN.
iam.get_user('kd') #=>
{:user_name=>"kd",
:user_id=>"AI000000000000000006A",
:arn=>"arn:aws:iam::640000000037:user/kd",
:path=>"/"}
60 61 62 63 64 |
# File 'lib/iam/right_iam_users.rb', line 60 def get_user(user_name) request_hash = { 'UserName' => user_name } link = generate_request("GetUser", request_hash) request_info(link, GetUserParser.new(:logger => @logger)) end |
#get_user_policy(user_name, policy_name) ⇒ Object
Retrieves the specified policy document for the specified User.
iam.get_user_policy('kd','kd_user_policy_1') #=>
{:user_name=>"kd",
:policy_name=>"kd_user_policy_1",
:policy_document=>"{\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}]}"}
110 111 112 113 114 115 116 117 |
# File 'lib/iam/right_iam_users.rb', line 110 def get_user_policy(user_name, policy_name) request_hash = { 'UserName' => user_name, 'PolicyName' => policy_name } link = generate_request("GetUserPolicy", request_hash) result = request_info(link, GetUserPolicyParser.new(:logger => @logger)) result[:policy_document] = URI::decode(result[:policy_document]) result end |
#incrementally_list_iam_resources(api_function, params = {}, options = {}, &block) ⇒ Object
Options: :parser, :except, :items
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
# File 'lib/iam/right_iam_interface.rb', line 95 def incrementally_list_iam_resources(api_function, params={}, ={}, &block) #:nodoc: items = [:items] || :items result = { items => [] } parser = [:parser] || "RightAws::IamInterface::#{api_function}Parser".right_constantize request_hash = {} params.each { |key,value| request_hash[key.to_s.right_camelize] = value unless value.right_blank? } incrementally_list_items(api_function, parser, request_hash) do |response| if result[items].right_blank? result = response else result[items] += response[items] end block ? block.call(response) : true end if [:except] Array([:except]).each{ |key| result.delete(key)} result else result[items] end end |
#list_access_keys(options = {}, &block) ⇒ Object
Returns information about the Access Key IDs associated with the specified User.
Options: :user_name, :max_items, :marker
iam.list_access_keys #=>
[{:create_date=>"2007-01-09T06:16:30Z",
:status=>"Active",
:access_key_id=>"00000000000000000000"}]
18 19 20 |
# File 'lib/iam/right_iam_access_keys.rb', line 18 def list_access_keys(={}, &block) incrementally_list_iam_resources('ListAccessKeys', , &block) end |
#list_group_policies(group_name, options = {}, &block) ⇒ Object
Lists the names of the policies associated with the specified group.
Options: :max_items, :marker
iam.list_group_policies('kd_test') #=> ["kd_policy_1"]
98 99 100 101 |
# File 'lib/iam/right_iam_groups.rb', line 98 def list_group_policies(group_name, ={}, &block) [:group_name] = group_name incrementally_list_iam_resources('ListGroupPolicies', , :parser => BasicIamListParser, &block) end |
#list_groups(options = {}, &block) ⇒ Object
Lists the groups that have the specified path prefix.
Options: :path_prefix, :max_items, :marker
iam.list_groups #=>
[{:group_id=>"AGP000000000000000UTY",
:arn=>"arn:aws:iam::640000000037:group/kd_test",
:path=>"/",
:group_name=>"kd_test"}]
19 20 21 |
# File 'lib/iam/right_iam_groups.rb', line 19 def list_groups(={}, &block) incrementally_list_iam_resources('ListGroups', , &block) end |
#list_groups_for_user(user_name, options = {}, &block) ⇒ Object
Lists the names of the policies associated with the specified group. If there are none, the action returns an empty list.
Options: :max_items, :marker
iam.list_groups_for_user('kd') #=>
[{:group_name=>"kd_test_1",
:group_id=>"AGP000000000000000UTY",
:arn=>"arn:aws:iam::640000000037:group/kd1/kd_test_1",
:path=>"/kd1/"}]
145 146 147 148 |
# File 'lib/iam/right_iam_users.rb', line 145 def list_groups_for_user(user_name, ={}, &block) [:user_name] = user_name incrementally_list_iam_resources('ListGroupsForUser', , :parser => ListGroupsParser, &block) end |
#list_mfa_devices(options = {}, &block) ⇒ Object
Lists the MFA devices associated with the specified User name.
Options: :user_name, :max_items, :marker
13 14 15 |
# File 'lib/iam/right_iam_mfa_devices.rb', line 13 def list_mfa_devices(={}, &block) incrementally_list_iam_resources('ListMFADevices', , &block) end |
#list_server_certificates(options = {}, &block) ⇒ Object
Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.
Options: :path_prefix, :max_items, :marker
iam.list_server_certificates #=>
{:server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
:server_certificate_name=>"KdCert1",
:upload_date=>"2010-12-09T13:21:07.226Z",
:path=>"/kdcert/",
:arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}
132 133 134 |
# File 'lib/iam/right_iam_interface.rb', line 132 def list_server_certificates(={}, &block) incrementally_list_iam_resources('ListServerCertificates', , &block) end |
#list_signing_certificates(options = {}, &block) ⇒ Object
Returns information about the signing certificates associated with the specified User.
Options: :user_name, :max_items, :marker
iam.list_signing_certificates #=>
[{:upload_date => "2007-08-11T06:48:35Z",
:status => "Active",
:certificate_id => "00000000000000000000000000000000",
:certificate_body => "-----BEGIN CERTIFICATE-----\nMIICd...PPHQ=\n-----END CERTIFICATE-----\n"}]
230 231 232 |
# File 'lib/iam/right_iam_interface.rb', line 230 def list_signing_certificates(={}, &block) incrementally_list_iam_resources('ListSigningCertificates', , &block) end |
#list_user_policies(user_name, options = {}, &block) ⇒ Object
Lists the names of the policies associated with the specified User.
Options: :max_items, :marker
iam.list_user_policies('kd') #=> ["kd_user_policy_1"]
86 87 88 89 |
# File 'lib/iam/right_iam_users.rb', line 86 def list_user_policies(user_name, ={}, &block) [:user_name] = user_name incrementally_list_iam_resources('ListUserPolicies', , :parser => BasicIamListParser, &block) end |
#list_users(options = {}, &block) ⇒ Object
Lists the Users that have the specified path prefix.
Options: :path_prefix, :max_items, :marker
iam.list_users #=>
[{:user_name=>"kd",
:user_id=>"AI000000000000000006A",
:arn=>"arn:aws:iam::640000000037:user/kd",
:path=>"/"}]
19 20 21 |
# File 'lib/iam/right_iam_users.rb', line 19 def list_users(={}, &block) incrementally_list_iam_resources('ListUsers', , &block) end |
#put_group_policy(group_name, policy_name, policy_document) ⇒ Object
Adds (or updates) a policy document associated with the specified group.
iam.put_group_policy('kd_test', 'kd_policy_1', %Q({"Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]})) #=> true
107 108 109 110 111 112 113 114 115 |
# File 'lib/iam/right_iam_groups.rb', line 107 def put_group_policy(group_name, policy_name, policy_document) request_hash = { 'GroupName' => group_name, 'PolicyDocument' => policy_document, 'PolicyName' => policy_name } link = generate_request_impl(:post, "PutGroupPolicy", request_hash) result = request_info(link, RightHttp2xxParser.new(:logger => @logger)) result[:policy_document] = URI::decode(result[:policy_document]) result end |
#put_user_policy(user_name, policy_name, policy_document) ⇒ Object
Adds (or updates) a policy document associated with the specified User
iam.put_user_policy('kd', 'kd_user_policy_1', %Q({"Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]})) #=> true
95 96 97 98 99 100 101 |
# File 'lib/iam/right_iam_users.rb', line 95 def put_user_policy(user_name, policy_name, policy_document) request_hash = { 'UserName' => user_name, 'PolicyDocument' => policy_document, 'PolicyName' => policy_name } link = generate_request_impl(:post, "PutUserPolicy", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#remove_user_from_group(user_name, group_name) ⇒ Object
Removes the specified User from the specified group.
iam.remove_user_from_group('kd', 'kd_test_1') #=> true
165 166 167 168 169 170 |
# File 'lib/iam/right_iam_users.rb', line 165 def remove_user_from_group(user_name, group_name) request_hash = { 'UserName' => user_name, 'GroupName' => group_name } link = generate_request("RemoveUserFromGroup", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#request_info(request, parser) ⇒ Object
Sends request to Amazon and parses the response Raises AwsError if any banana happened
89 90 91 |
# File 'lib/iam/right_iam_interface.rb', line 89 def request_info(request, parser) #:nodoc: request_info_impl(:iam_connection, @@bench, request, parser) end |
#resync_mfa_device(user_name, serial_number, auth_code1, auth_code2) ⇒ Object
Synchronizes the specified MFA device with AWS servers.
iam.resync_mfa_device('kd1', 'x12345', '12345', '67890') #=> true
35 36 37 38 39 40 41 42 |
# File 'lib/iam/right_iam_mfa_devices.rb', line 35 def resync_mfa_device(user_name, serial_number, auth_code1, auth_code2) request_hash = { 'UserName' => user_name, 'SerialNumber' => serial_number, 'AuthenticationCode1' => auth_code1, 'AuthenticationCode2' => auth_code2 } link = generate_request("ResyncMFADevice", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#update_group(group_name, options = {}) ⇒ Object
Updates the name and/or the path of the specified group
Options: :new_group_name, :new_path
iam.update_group('kd_test', :new_group_name => 'kd_test_1', :new_path => '/kd1/') #=> true
50 51 52 53 54 55 56 |
# File 'lib/iam/right_iam_groups.rb', line 50 def update_group(group_name, ={}) request_hash = { 'GroupName' => group_name} request_hash['NewGroupName'] = [:new_group_name] unless [:new_group_name].right_blank? request_hash['NewPath'] = [:new_path] unless [:new_path].right_blank? link = generate_request("UpdateGroup", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#update_login_profile(user_name, options = {}) ⇒ Object
Updates the login profile for the specified User. Use this API to change the User’s password.
update_login_profile('kd', '00000000') #=> true
192 193 194 195 196 197 |
# File 'lib/iam/right_iam_users.rb', line 192 def update_login_profile(user_name, ={}) request_hash = { 'UserName' => user_name} request_hash['Password'] = [:password] unless [:passwrod].right_blank? link = generate_request("UpdateLoginProfile", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#update_server_certificate(server_certificate_name, options = {}) ⇒ Object
Updates the name and/or the path of the specified server certificate.
Options: :new_server_certificate_name, :new_path
iam.update_server_certificate('ProdServerCert', :new_server_certificate_name => 'OldServerCert') #=> true
180 181 182 183 184 185 186 |
# File 'lib/iam/right_iam_interface.rb', line 180 def update_server_certificate(server_certificate_name, ={}) request_hash = { 'ServerCertificateName' => server_certificate_name} request_hash['NewServerCertificateName'] = [:new_server_certificate_name] unless [:new_server_certificate_name].right_blank? request_hash['NewPath'] = [:new_path] unless [:new_path].right_blank? link = generate_request("UpdateServerCertificate", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#update_user(user_name, options = {}) ⇒ Object
Updates the name and/or the path of the specified User.
iam.update_user('kd1', :new_user_name => 'kd1', :new_path => '/kd1/') #=> true
44 45 46 47 48 49 50 |
# File 'lib/iam/right_iam_users.rb', line 44 def update_user(user_name, ={}) request_hash = { 'UserName' => user_name} request_hash['NewUserName'] = [:new_user_name] unless [:new_user_name].right_blank? request_hash['NewPath'] = [:new_path] unless [:new_path].right_blank? link = generate_request("UpdateUser", request_hash) request_info(link, RightHttp2xxParser.new(:logger => @logger)) end |
#upload_server_certificate(server_certificate_name, certificate_body, private_key, options = {}) ⇒ Object
Uploads a server certificate entity for the AWS Account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.
Options: :certificate_chain, :path
certificate_body =<<-EOB
-----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIGANc+Ha2wMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wOTAyMDQxNzE5MjdaFw0xMDAy
AEaHzTpmEXAMPLE=
EOB
private_key =<<EOK
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBTTKBgQD33xToSXPJ6hr37L3+KNi3/7DgywlBcvlFPPSHIw3ORuO/22mT
8Cy5fT89WwNvZ3BPKWU6OZ38TQv3eWjNc/3U3+oqVNG2poX5nCPOtO1b96HYX2mR
62TITdw53KWJEXAMPLE=
EOK
iam.upload_server_certificate('KdCert1', certificate_body, private_key, :path=>'/kdcert/') #=>
{:server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
:server_certificate_name=>"KdCert1",
:upload_date=>"2010-12-09T13:21:07.226Z",
:path=>"/kdcert/",
:arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}
164 165 166 167 168 169 170 171 172 |
# File 'lib/iam/right_iam_interface.rb', line 164 def upload_server_certificate(server_certificate_name, certificate_body, private_key, ={}) request_hash = { 'CertificateBody' => certificate_body, 'PrivateKey' => private_key, 'ServerCertificateName' => server_certificate_name } request_hash['CertificateChain'] = [:certificate_chain] unless [:certificate_chain].right_blank? request_hash['Path'] = [:path] unless [:path].right_blank? link = generate_request_impl(:post, "UploadServerCertificate", request_hash) request_info(link, GetServerCertificateParser.new(:logger => @logger)) end |
#upload_signing_certificate(certificate_body, options = {}) ⇒ Object
Uploads an X.509 signing certificate and associates it with the specified User.
Options: :user_name
certificate_body =<<-EOB
-----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIGANc+Ha2wMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wOTAyMDQxNzE5MjdaFw0xMDAy
AEaHzTpmEXAMPLE=
EOB
iam.upload_signing_certificate(certificate_body, :user_name => 'kd1') #=>
{:user_name => "kd1",
:certificate_id => "OBG00000000000000000000000000DHY",
:status => "Active",
:certificate_body => "-----BEGIN CERTIFICATE-----\nMII...5GS\n-----END CERTIFICATE-----\n",
:upload_date => "2010-10-29T10:02:05.929Z"}
253 254 255 256 257 258 |
# File 'lib/iam/right_iam_interface.rb', line 253 def upload_signing_certificate(certificate_body, ={}) request_hash = { 'CertificateBody' => certificate_body } request_hash['UserName'] = [:user_name] unless [:user_name].right_blank? link = generate_request_impl(:post, "UploadSigningCertificate", request_hash) request_info(link, GetSigningCertificateParser.new(:logger => @logger)) end |