Class: RightAws::IamInterface

Inherits:
RightAwsBase show all
Includes:
RightAwsBaseInterface
Defined in:
lib/iam/right_iam_interface.rb,
lib/iam/right_iam_users.rb,
lib/iam/right_iam_groups.rb,
lib/iam/right_iam_access_keys.rb,
lib/iam/right_iam_mfa_devices.rb

Overview

RightAWS::Iam – RightScale AWS Identity and Access Management (IAM) interface

The RightAws::Iam class provides a complete interface to Amazon’s Identity and Access Management service.

For explanations of the semantics of each call, please refer to Amazon’s documentation at aws.amazon.com/documentation/iam/

Examples:

Create an EC2 interface handle:

iam = RightAws::IamInterface.new(aws_access_key_id, aws_secret_access_key)
iam.list_access_keys
iam.list_users
iam.list_groups

Defined Under Namespace

Classes: BasicIamListParser, BasicIamParser, CreateAccessKeyParser, CreateGroupParser, GetGroupParser, GetGroupPolicyParser, GetLoginProfileParser, GetServerCertificateParser, GetSigningCertificateParser, GetUserParser, GetUserPolicyParser, ListAccessKeysParser, ListGroupsParser, ListMFADevicesParser, ListServerCertificatesParser, ListSigningCertificatesParser, ListUsersParser

Constant Summary collapse

API_VERSION =
"2010-05-08"
DEFAULT_HOST =
"iam.amazonaws.com"
DEFAULT_PATH =
'/'
DEFAULT_PROTOCOL =
'https'
DEFAULT_PORT =
443
@@bench =
AwsBenchmarkingBlock.new

Constants included from RightAwsBaseInterface

RightAwsBaseInterface::BLOCK_DEVICE_KEY_MAPPING, RightAwsBaseInterface::DEFAULT_SIGNATURE_VERSION

Constants inherited from RightAwsBase

RightAwsBase::AMAZON_PROBLEMS, RightAwsBase::RAISE_ON_TIMEOUT_ON_ACTIONS

Instance Attribute Summary

Attributes included from RightAwsBaseInterface

#aws_access_key_id, #aws_secret_access_key, #cache, #connection, #last_errors, #last_request, #last_request_id, #last_response, #logger, #params, #signature_version

Class Method Summary collapse

Instance Method Summary collapse

Methods included from RightAwsBaseInterface

#amazonize_block_device_mappings, #amazonize_list, #cache_hits?, caching, caching=, #caching?, #destroy_connection, #generate_request_impl, #get_connection, #get_connections_storage, #get_server_url, #incrementally_list_items, #init, #on_exception, #request_cache_or_info, #request_info_impl, #signed_service_params, #update_cache, #with_connection_options

Methods inherited from RightAwsBase

amazon_problems, amazon_problems=, raise_on_timeout_on_actions, raise_on_timeout_on_actions=

Constructor Details

#initialize(aws_access_key_id = nil, aws_secret_access_key = nil, params = {}) ⇒ IamInterface

Create a new handle to an IAM account. All handles share the same per process or per thread HTTP connection to Amazon IAM. Each handle is for a specific account. The params have the following options:

  • :endpoint_url a fully qualified url to Amazon API endpoint (this overwrites: :server, :port, :service, :protocol).

  • :server: IAM service host, default: DEFAULT_HOST

  • :port: IAM service port, default: DEFAULT_PORT

  • :protocol: ‘http’ or ‘https’, default: DEFAULT_PROTOCOL

  • :logger: for log messages, default: RAILS_DEFAULT_LOGGER else STDOUT

  • :signature_version: The signature version : ‘0’,‘1’ or ‘2’(default)

  • :cache: true/false(default): caching works for: describe_load_balancers



71
72
73
74
75
76
77
78
79
80
81
# File 'lib/iam/right_iam_interface.rb', line 71

def initialize(aws_access_key_id=nil, aws_secret_access_key=nil, params={})
  init({ :name                => 'IAM',
         :default_host        => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).host   : DEFAULT_HOST,
         :default_port        => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).port   : DEFAULT_PORT,
         :default_service     => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).path   : DEFAULT_PATH,
         :default_protocol    => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).scheme : DEFAULT_PROTOCOL,
         :default_api_version => ENV['IAM_API_VERSION'] || API_VERSION },
       aws_access_key_id    || ENV['AWS_ACCESS_KEY_ID'] ,
       aws_secret_access_key|| ENV['AWS_SECRET_ACCESS_KEY'],
       params)
end

Class Method Details

.bench_serviceObject



56
57
58
# File 'lib/iam/right_iam_interface.rb', line 56

def self.bench_service
  @@bench.service
end

.bench_xmlObject



53
54
55
# File 'lib/iam/right_iam_interface.rb', line 53

def self.bench_xml
  @@bench.xml
end

Instance Method Details

#add_user_to_group(user_name, group_name) ⇒ Object

Adds the specified User to the specified group.

iam.add_user_to_group('kd', 'kd_test_1') #=> true


154
155
156
157
158
159
# File 'lib/iam/right_iam_users.rb', line 154

def add_user_to_group(user_name, group_name)
  request_hash = { 'UserName'  => user_name,
                   'GroupName' => group_name }
  link = generate_request("AddUserToGroup", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#create_access_key(options = {}) ⇒ Object

Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified User.

Options: :user_name

iam.create_access_key(:user_name => 'kd1') #=>
  {:access_key_id=>"AK0000000000000000ZQ",
   :status=>"Active",
   :secret_access_key=>"QXN0000000000000000000000000000000000Ioj",
   :create_date=>"2010-10-29T07:16:32.210Z",
   :user_name=>"kd1"}


33
34
35
36
37
38
# File 'lib/iam/right_iam_access_keys.rb', line 33

def create_access_key(options={})
  request_hash = {}
  request_hash['UserName'] = options[:user_name] unless options[:user_name].right_blank?
  link = generate_request("CreateAccessKey", request_hash)
  request_info(link, CreateAccessKeyParser.new(:logger => @logger))
end

#create_group(group_name, path = nil) ⇒ Object

Creates a new group.

iam.create_group('kd_group') #=>
  {:group_id=>"AGP000000000000000UTY",
   :arn=>"arn:aws:iam::640000000037:group/kd_test",
   :path=>"/",
   :group_name=>"kd_test"}

iam.create_group('kd_test_3', '/kd/') #=>
  {:group_id=>"AGP000000000000000G6Q",
   :arn=>"arn:aws:iam::640000000037:group/kd/kd_test_3",
   :path=>"/kd/",
   :group_name=>"kd_test_3"}


37
38
39
40
41
42
# File 'lib/iam/right_iam_groups.rb', line 37

def create_group(group_name, path=nil)
  request_hash = { 'GroupName' => group_name }
  request_hash['Path'] = path unless path.right_blank?
  link = generate_request("CreateGroup", request_hash)
  request_info(link, CreateGroupParser.new(:logger => @logger))
end

#create_login_profile(user_name, password) ⇒ Object

Creates a login profile for the specified User, giving the User the ability to access AWS services such as the AWS Management Console.

iam.('kd','q1w2e3r4t5') #=> { :user_name => 'kd' }


181
182
183
184
185
186
# File 'lib/iam/right_iam_users.rb', line 181

def (user_name, password)
  request_hash = { 'UserName' => user_name,
                   'Password' => password}
  link = generate_request("CreateLoginProfile", request_hash)
  request_info(link, GetLoginProfileParser.new(:logger => @logger))
end

#create_user(user_name, options = {}) ⇒ Object

Creates a new User for your AWS Account.

Options: :path

iam.create_user('kd') #=>
  {:user_name=>"kd",
   :user_id=>"AI000000000000000006A",
   :arn=>"arn:aws:iam::640000000037:user/kd",
   :path=>"/"}


33
34
35
36
37
38
# File 'lib/iam/right_iam_users.rb', line 33

def create_user(user_name, options={})
  request_hash = { 'UserName' => user_name }
  request_hash['Path'] = options[:path] unless options[:path]
  link = generate_request("CreateUser", request_hash)
  request_info(link, GetUserParser.new(:logger => @logger))
end

#deactivate_mfa_device(user_name, serial_number) ⇒ Object

Deactivates the specified MFA device and removes it from association with the User name for which it was originally enabled.

deactivate_mfa_device('kd1', 'dev1234567890') #=> true


48
49
50
51
52
53
# File 'lib/iam/right_iam_mfa_devices.rb', line 48

def deactivate_mfa_device(user_name, serial_number)
  request_hash = { 'UserName'     => user_name,
                   'SerialNumber' => serial_number }
  link = generate_request("DeactivateMFADevice", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_access_key(access_key_id, options = {}) ⇒ Object

Deletes the access key associated with the specified User.

Options: :user_name

iam.delete_access_key('AK00000000000000006A', :user_name => 'kd1') #=> true


46
47
48
49
50
51
# File 'lib/iam/right_iam_access_keys.rb', line 46

def delete_access_key(access_key_id, options={})
  request_hash = { 'AccessKeyId' => access_key_id }
  request_hash['UserName'] = options[:user_name] unless options[:user_name].right_blank?
  link = generate_request("DeleteAccessKey", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_group(group_name) ⇒ Object

Deletes the specified group. The group must not contain any Users or have any attached policies.

iam.delete_group('kd_test_3') #=> true


82
83
84
85
86
# File 'lib/iam/right_iam_groups.rb', line 82

def delete_group(group_name)
  request_hash = { 'GroupName' => group_name }
  link = generate_request("DeleteGroup", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_group_policy(group_name, policy_name) ⇒ Object

Deletes the specified policy that is associated with the specified group

iam.delete_group_policy('kd_test', 'kd_policy_1') #=> true


135
136
137
138
139
140
# File 'lib/iam/right_iam_groups.rb', line 135

def delete_group_policy(group_name, policy_name)
  request_hash = { 'GroupName'  => group_name,
                   'PolicyName' => policy_name }
  link = generate_request("DeleteGroupPolicy", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_login_profile(user_name) ⇒ Object

Deletes the login profile for the specified User, which terminates the User’s ability to access AWS services through the IAM login page.

iam.('kd') #=> true


214
215
216
217
218
# File 'lib/iam/right_iam_users.rb', line 214

def (user_name)
  request_hash = { 'UserName' => user_name }
  link = generate_request("DeleteLoginProfile", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_server_certificate(server_certificate_name) ⇒ Object

Deletes the specified server certificate

iam.delete_server_certificate('ProdServerCert') #=> true


210
211
212
213
214
# File 'lib/iam/right_iam_interface.rb', line 210

def delete_server_certificate(server_certificate_name)
  request_hash = { 'ServerCertificateName' => server_certificate_name }
  link = generate_request("DeleteServerCertificate", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_signing_certificate(certificate_id, options = {}) ⇒ Object

Deletes the specified signing certificate associated with the specified User.

Options: :user_name

pp iam.delete_signing_certificate('OB0000000000000000000000000000HY', :user_name => 'kd1')


266
267
268
269
270
271
# File 'lib/iam/right_iam_interface.rb', line 266

def delete_signing_certificate(certificate_id, options={})
  request_hash = { 'CertificateId' => certificate_id }
  request_hash['UserName'] = options[:user_name] unless options[:user_name].right_blank?
  link = generate_request("DeleteSigningCertificate", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_user(user_name) ⇒ Object

Deletes the specified User. The User must not belong to any groups, have any keys or signing certificates, or have any attached policies.

iam.delete_user('kd') #=> true


70
71
72
73
74
# File 'lib/iam/right_iam_users.rb', line 70

def delete_user(user_name)
  request_hash = { 'UserName' => user_name }
  link = generate_request("DeleteUser", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_user_policy(user_name, policy_name) ⇒ Object

Deletes the specified policy associated with the specified User.

iam.delete_user_policy('kd','kd_user_policy_1') #=> true


123
124
125
126
127
128
# File 'lib/iam/right_iam_users.rb', line 123

def delete_user_policy(user_name, policy_name)
  request_hash = { 'UserName'   => user_name,
                   'PolicyName' => policy_name }
  link = generate_request("DeleteUserPolicy", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#enable_mfa_device(user_name, serial_number, auth_code1, auth_code2) ⇒ Object

Enables the specified MFA device and associates it with the specified User name. Once enabled, the MFA device is required for every subsequent login by the User name associated with the device.

iam.enable_mfa_device('kd1', 'x12345', '12345', '67890') #=> true


22
23
24
25
26
27
28
29
# File 'lib/iam/right_iam_mfa_devices.rb', line 22

def enable_mfa_device(user_name, serial_number, auth_code1, auth_code2)
  request_hash = { 'UserName'            => user_name,
                   'SerialNumber'        => serial_number,
                   'AuthenticationCode1' => auth_code1,
                   'AuthenticationCode2' => auth_code2 }
  link = generate_request("EnableMFADevice", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#generate_request(action, params = {}) ⇒ Object

:nodoc:



83
84
85
# File 'lib/iam/right_iam_interface.rb', line 83

def generate_request(action, params={}) #:nodoc:
  generate_request_impl(:get, action, params )
end

#get_group(group_name, options = {}, &block) ⇒ Object

Returns a list of Users that are in the specified group.

Options: :max_items, :marker

iam.get_group('kd_test') #=>
  {:arn=>"arn:aws:iam::640000000037:group/kd1/kd_test_1",
    :users=>
      [{:arn=>"arn:aws:iam::640000000037:user/kd",
        :path=>"/",
        :user_name=>"kd",
        :user_id=>"AID000000000000000WZ2"}],
    :group_name=>"kd_test_1",
    :group_id=>"AGP000000000000000UTY",
    :path=>"/kd1/"}


73
74
75
76
# File 'lib/iam/right_iam_groups.rb', line 73

def get_group(group_name, options={}, &block)
  options[:group_name] = group_name
  incrementally_list_iam_resources('GetGroup', options, :items => :users, :except => [:marker, :is_truncated], &block)
end

#get_group_policy(group_name, policy_name) ⇒ Object

Retrieves the specified policy document for the specified group.

iam.get_group_policy('kd_test', 'kd_policy_1') #=>
  {:policy_name=>"kd_policy_1",
   :policy_document=>"{\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}]}",
   :group_name=>"kd_test"}


124
125
126
127
128
129
# File 'lib/iam/right_iam_groups.rb', line 124

def get_group_policy(group_name, policy_name)
  request_hash = { 'GroupName'  => group_name,
                   'PolicyName' => policy_name }
  link = generate_request("GetGroupPolicy", request_hash)
  request_info(link, GetGroupPolicyParser.new(:logger => @logger))
end

#get_login_profile(user_name) ⇒ Object

Retrieves the login profile for the specified User

iam.('kd','q1w2e3r4t5') #=> { :user_name => 'kd' }


203
204
205
206
207
# File 'lib/iam/right_iam_users.rb', line 203

def (user_name)
  request_hash = { 'UserName' => user_name }
  link = generate_request("GetLoginProfile", request_hash)
  request_info(link, GetLoginProfileParser.new(:logger => @logger))
end

#get_server_certificate(server_certificate_name) ⇒ Object

Retrieves information about the specified server certificate.

iam.get_server_certificate('KdCert1')
  {:certificate_body=>
    "-----BEGIN CERTIFICATE-----\nMIICATC...TiU5TibMpD1g==\n-----END CERTIFICATE-----",
   :server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
   :server_certificate_name=>"KdCert1",
   :upload_date=>"2010-12-09T13:21:07Z",
   :path=>"/kdcert/",
   :certificate_chain=>"",
   :arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}


200
201
202
203
204
# File 'lib/iam/right_iam_interface.rb', line 200

def get_server_certificate(server_certificate_name)
  request_hash = { 'ServerCertificateName' => server_certificate_name}
  link = generate_request("GetServerCertificate", request_hash)
  request_info(link, GetServerCertificateParser.new(:logger => @logger))
end

#get_user(user_name) ⇒ Object

Retrieves information about the specified User, including the User’s path, GUID, and ARN.

iam.get_user('kd') #=>
  {:user_name=>"kd",
   :user_id=>"AI000000000000000006A",
   :arn=>"arn:aws:iam::640000000037:user/kd",
   :path=>"/"}


60
61
62
63
64
# File 'lib/iam/right_iam_users.rb', line 60

def get_user(user_name)
  request_hash = { 'UserName' => user_name }
  link = generate_request("GetUser", request_hash)
  request_info(link, GetUserParser.new(:logger => @logger))
end

#get_user_policy(user_name, policy_name) ⇒ Object

Retrieves the specified policy document for the specified User.

iam.get_user_policy('kd','kd_user_policy_1') #=>
  {:user_name=>"kd",
   :policy_name=>"kd_user_policy_1",
   :policy_document=>"{\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}]}"}


110
111
112
113
114
115
116
117
# File 'lib/iam/right_iam_users.rb', line 110

def get_user_policy(user_name, policy_name)
  request_hash = { 'UserName'   => user_name,
                   'PolicyName' => policy_name }
  link = generate_request("GetUserPolicy", request_hash)
  result = request_info(link, GetUserPolicyParser.new(:logger => @logger))
  result[:policy_document] = URI::decode(result[:policy_document])
  result
end

#incrementally_list_iam_resources(api_function, params = {}, options = {}, &block) ⇒ Object

Options: :parser, :except, :items



95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# File 'lib/iam/right_iam_interface.rb', line 95

def incrementally_list_iam_resources(api_function, params={}, options={},  &block) #:nodoc:
  items        = options[:items] || :items
  result       = { items => [] }
  parser       = options[:parser] || "RightAws::IamInterface::#{api_function}Parser".right_constantize
  request_hash = {}
  params.each { |key,value| request_hash[key.to_s.right_camelize] = value unless value.right_blank? }
  incrementally_list_items(api_function, parser, request_hash) do |response|
    if result[items].right_blank?
      result = response
    else
      result[items] += response[items]
    end
    block ? block.call(response) : true
  end
  if options[:except]
    Array(options[:except]).each{ |key| result.delete(key)}
    result
  else
    result[items]
  end
end

#list_access_keys(options = {}, &block) ⇒ Object

Returns information about the Access Key IDs associated with the specified User.

Options: :user_name, :max_items, :marker

iam.list_access_keys #=>
  [{:create_date=>"2007-01-09T06:16:30Z",
    :status=>"Active",
    :access_key_id=>"00000000000000000000"}]


18
19
20
# File 'lib/iam/right_iam_access_keys.rb', line 18

def list_access_keys(options={}, &block)
  incrementally_list_iam_resources('ListAccessKeys', options, &block)
end

#list_group_policies(group_name, options = {}, &block) ⇒ Object

Lists the names of the policies associated with the specified group.

Options: :max_items, :marker

iam.list_group_policies('kd_test') #=> ["kd_policy_1"]


98
99
100
101
# File 'lib/iam/right_iam_groups.rb', line 98

def list_group_policies(group_name, options={}, &block)
  options[:group_name] = group_name
  incrementally_list_iam_resources('ListGroupPolicies', options, :parser => BasicIamListParser, &block)
end

#list_groups(options = {}, &block) ⇒ Object

Lists the groups that have the specified path prefix.

Options: :path_prefix, :max_items, :marker

iam.list_groups #=>
  [{:group_id=>"AGP000000000000000UTY",
    :arn=>"arn:aws:iam::640000000037:group/kd_test",
    :path=>"/",
    :group_name=>"kd_test"}]


19
20
21
# File 'lib/iam/right_iam_groups.rb', line 19

def list_groups(options={}, &block)
  incrementally_list_iam_resources('ListGroups', options, &block)
end

#list_groups_for_user(user_name, options = {}, &block) ⇒ Object

Lists the names of the policies associated with the specified group. If there are none, the action returns an empty list.

Options: :max_items, :marker

iam.list_groups_for_user('kd') #=>
  [{:group_name=>"kd_test_1",
    :group_id=>"AGP000000000000000UTY",
    :arn=>"arn:aws:iam::640000000037:group/kd1/kd_test_1",
    :path=>"/kd1/"}]


145
146
147
148
# File 'lib/iam/right_iam_users.rb', line 145

def list_groups_for_user(user_name, options={}, &block)
  options[:user_name] = user_name
  incrementally_list_iam_resources('ListGroupsForUser', options, :parser => ListGroupsParser, &block)
end

#list_mfa_devices(options = {}, &block) ⇒ Object

Lists the MFA devices associated with the specified User name.

Options: :user_name, :max_items, :marker



13
14
15
# File 'lib/iam/right_iam_mfa_devices.rb', line 13

def list_mfa_devices(options={}, &block)
  incrementally_list_iam_resources('ListMFADevices', options, &block)
end

#list_server_certificates(options = {}, &block) ⇒ Object

Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.

Options: :path_prefix, :max_items, :marker

iam.list_server_certificates #=>
  {:server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
   :server_certificate_name=>"KdCert1",
   :upload_date=>"2010-12-09T13:21:07.226Z",
   :path=>"/kdcert/",
   :arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}


132
133
134
# File 'lib/iam/right_iam_interface.rb', line 132

def list_server_certificates(options={}, &block)
  incrementally_list_iam_resources('ListServerCertificates', options, &block)
end

#list_signing_certificates(options = {}, &block) ⇒ Object

Returns information about the signing certificates associated with the specified User.

Options: :user_name, :max_items, :marker

iam.list_signing_certificates #=>

[{:upload_date      => "2007-08-11T06:48:35Z",
  :status           => "Active",
  :certificate_id   => "00000000000000000000000000000000",
  :certificate_body => "-----BEGIN CERTIFICATE-----\nMIICd...PPHQ=\n-----END CERTIFICATE-----\n"}]


230
231
232
# File 'lib/iam/right_iam_interface.rb', line 230

def list_signing_certificates(options={}, &block)
  incrementally_list_iam_resources('ListSigningCertificates', options, &block)
end

#list_user_policies(user_name, options = {}, &block) ⇒ Object

Lists the names of the policies associated with the specified User.

Options: :max_items, :marker

iam.list_user_policies('kd') #=> ["kd_user_policy_1"]


86
87
88
89
# File 'lib/iam/right_iam_users.rb', line 86

def list_user_policies(user_name, options={}, &block)
  options[:user_name] = user_name
  incrementally_list_iam_resources('ListUserPolicies', options, :parser => BasicIamListParser, &block)
end

#list_users(options = {}, &block) ⇒ Object

Lists the Users that have the specified path prefix.

Options: :path_prefix, :max_items, :marker

iam.list_users #=>
  [{:user_name=>"kd",
    :user_id=>"AI000000000000000006A",
    :arn=>"arn:aws:iam::640000000037:user/kd",
    :path=>"/"}]


19
20
21
# File 'lib/iam/right_iam_users.rb', line 19

def list_users(options={}, &block)
  incrementally_list_iam_resources('ListUsers', options, &block)
end

#put_group_policy(group_name, policy_name, policy_document) ⇒ Object

Adds (or updates) a policy document associated with the specified group.

iam.put_group_policy('kd_test', 'kd_policy_1', %Q({"Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]})) #=> true


107
108
109
110
111
112
113
114
115
# File 'lib/iam/right_iam_groups.rb', line 107

def put_group_policy(group_name, policy_name, policy_document)
  request_hash = { 'GroupName'      => group_name,
                   'PolicyDocument' => policy_document,
                   'PolicyName'     => policy_name }
  link = generate_request_impl(:post, "PutGroupPolicy", request_hash)
  result = request_info(link, RightHttp2xxParser.new(:logger => @logger))
  result[:policy_document] = URI::decode(result[:policy_document])
  result
end

#put_user_policy(user_name, policy_name, policy_document) ⇒ Object

Adds (or updates) a policy document associated with the specified User

iam.put_user_policy('kd', 'kd_user_policy_1', %Q({"Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]})) #=> true


95
96
97
98
99
100
101
# File 'lib/iam/right_iam_users.rb', line 95

def put_user_policy(user_name, policy_name, policy_document)
  request_hash = { 'UserName'       => user_name,
                   'PolicyDocument' => policy_document,
                   'PolicyName'     => policy_name }
  link = generate_request_impl(:post, "PutUserPolicy", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#remove_user_from_group(user_name, group_name) ⇒ Object

Removes the specified User from the specified group.

iam.remove_user_from_group('kd', 'kd_test_1') #=> true


165
166
167
168
169
170
# File 'lib/iam/right_iam_users.rb', line 165

def remove_user_from_group(user_name, group_name)
  request_hash = { 'UserName'  => user_name,
                   'GroupName' => group_name }
  link = generate_request("RemoveUserFromGroup", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#request_info(request, parser) ⇒ Object

Sends request to Amazon and parses the response Raises AwsError if any banana happened



89
90
91
# File 'lib/iam/right_iam_interface.rb', line 89

def request_info(request, parser)  #:nodoc:
  request_info_impl(:iam_connection, @@bench, request, parser)
end

#resync_mfa_device(user_name, serial_number, auth_code1, auth_code2) ⇒ Object

Synchronizes the specified MFA device with AWS servers.

iam.resync_mfa_device('kd1', 'x12345', '12345', '67890') #=> true


35
36
37
38
39
40
41
42
# File 'lib/iam/right_iam_mfa_devices.rb', line 35

def resync_mfa_device(user_name, serial_number, auth_code1, auth_code2)
  request_hash = { 'UserName'            => user_name,
                   'SerialNumber'        => serial_number,
                   'AuthenticationCode1' => auth_code1,
                   'AuthenticationCode2' => auth_code2 }
  link = generate_request("ResyncMFADevice", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#update_group(group_name, options = {}) ⇒ Object

Updates the name and/or the path of the specified group

Options: :new_group_name, :new_path

iam.update_group('kd_test', :new_group_name => 'kd_test_1', :new_path => '/kd1/') #=> true


50
51
52
53
54
55
56
# File 'lib/iam/right_iam_groups.rb', line 50

def update_group(group_name, options={})
  request_hash = { 'GroupName' => group_name}
  request_hash['NewGroupName'] = options[:new_group_name] unless options[:new_group_name].right_blank?
  request_hash['NewPath']      = options[:new_path]       unless options[:new_path].right_blank?
  link = generate_request("UpdateGroup", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#update_login_profile(user_name, options = {}) ⇒ Object

Updates the login profile for the specified User. Use this API to change the User’s password.

('kd', '00000000') #=> true


192
193
194
195
196
197
# File 'lib/iam/right_iam_users.rb', line 192

def (user_name, options={})
  request_hash = { 'UserName' => user_name}
  request_hash['Password'] = options[:password] unless options[:passwrod].right_blank?
  link = generate_request("UpdateLoginProfile", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#update_server_certificate(server_certificate_name, options = {}) ⇒ Object

Updates the name and/or the path of the specified server certificate.

Options: :new_server_certificate_name, :new_path

iam.update_server_certificate('ProdServerCert', :new_server_certificate_name => 'OldServerCert') #=> true


180
181
182
183
184
185
186
# File 'lib/iam/right_iam_interface.rb', line 180

def update_server_certificate(server_certificate_name, options={})
  request_hash = { 'ServerCertificateName' => server_certificate_name}
  request_hash['NewServerCertificateName'] = options[:new_server_certificate_name] unless options[:new_server_certificate_name].right_blank?
  request_hash['NewPath']                  = options[:new_path]                    unless options[:new_path].right_blank?
  link = generate_request("UpdateServerCertificate", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#update_user(user_name, options = {}) ⇒ Object

Updates the name and/or the path of the specified User.

iam.update_user('kd1', :new_user_name => 'kd1', :new_path => '/kd1/') #=> true


44
45
46
47
48
49
50
# File 'lib/iam/right_iam_users.rb', line 44

def update_user(user_name, options={})
  request_hash = { 'UserName' => user_name}
  request_hash['NewUserName'] = options[:new_user_name] unless options[:new_user_name].right_blank?
  request_hash['NewPath']     = options[:new_path]       unless options[:new_path].right_blank?
  link = generate_request("UpdateUser", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#upload_server_certificate(server_certificate_name, certificate_body, private_key, options = {}) ⇒ Object

Uploads a server certificate entity for the AWS Account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.

Options: :certificate_chain, :path

certificate_body =<<-EOB
-----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIGANc+Ha2wMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wOTAyMDQxNzE5MjdaFw0xMDAy
AEaHzTpmEXAMPLE=
EOB

private_key =<<EOK
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBTTKBgQD33xToSXPJ6hr37L3+KNi3/7DgywlBcvlFPPSHIw3ORuO/22mT
8Cy5fT89WwNvZ3BPKWU6OZ38TQv3eWjNc/3U3+oqVNG2poX5nCPOtO1b96HYX2mR
62TITdw53KWJEXAMPLE=
EOK

iam.upload_server_certificate('KdCert1', certificate_body, private_key, :path=>'/kdcert/') #=>
  {:server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
   :server_certificate_name=>"KdCert1",
   :upload_date=>"2010-12-09T13:21:07.226Z",
   :path=>"/kdcert/",
   :arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}


164
165
166
167
168
169
170
171
172
# File 'lib/iam/right_iam_interface.rb', line 164

def upload_server_certificate(server_certificate_name, certificate_body, private_key, options={})
  request_hash = { 'CertificateBody'       => certificate_body,
                   'PrivateKey'            => private_key,
                   'ServerCertificateName' => server_certificate_name }
  request_hash['CertificateChain'] = options[:certificate_chain] unless options[:certificate_chain].right_blank?
  request_hash['Path']             = options[:path]              unless options[:path].right_blank?
  link = generate_request_impl(:post, "UploadServerCertificate", request_hash)
  request_info(link, GetServerCertificateParser.new(:logger => @logger))
end

#upload_signing_certificate(certificate_body, options = {}) ⇒ Object

Uploads an X.509 signing certificate and associates it with the specified User.

Options: :user_name

certificate_body =<<-EOB
-----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIGANc+Ha2wMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wOTAyMDQxNzE5MjdaFw0xMDAy
AEaHzTpmEXAMPLE=
EOB

iam.upload_signing_certificate(certificate_body, :user_name => 'kd1') #=>
  {:user_name        => "kd1",
   :certificate_id   => "OBG00000000000000000000000000DHY",
   :status           => "Active",
   :certificate_body => "-----BEGIN CERTIFICATE-----\nMII...5GS\n-----END CERTIFICATE-----\n",
   :upload_date      => "2010-10-29T10:02:05.929Z"}


253
254
255
256
257
258
# File 'lib/iam/right_iam_interface.rb', line 253

def upload_signing_certificate(certificate_body, options={})
  request_hash = { 'CertificateBody' => certificate_body }
  request_hash['UserName'] = options[:user_name] unless options[:user_name].right_blank?
  link = generate_request_impl(:post, "UploadSigningCertificate", request_hash)
  request_info(link, GetSigningCertificateParser.new(:logger => @logger))
end