Class: AwsIamUsers

Inherits:
Object
  • Object
show all
Includes:
AwsPluralResourceMixin
Defined in:
lib/resources/aws/aws_iam_users.rb

Overview

author: Alex Bedley author: Steffanie Freeman author: Simon Varlow author: Chris Redekop

Defined Under Namespace

Classes: Backend

Instance Attribute Summary

Attributes included from AwsPluralResourceMixin

#table

Instance Method Summary collapse

Methods included from AwsPluralResourceMixin

included

Methods included from AwsResourceMixin

#catch_aws_errors, #check_resource_param_names, #initialize, #inspec_runner

Instance Method Details

#fetch_from_apiObject

rubocop: disable Metrics/AbcSize



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'lib/resources/aws/aws_iam_users.rb', line 69

def fetch_from_api # rubocop: disable Metrics/AbcSize
  backend = BackendFactory.create(inspec_runner)
  @table = fetch_from_api_paginated(backend)

  # TODO: lazy columns - https://github.com/chef/inspec-aws/issues/100
  @table.each do |user|
    # Some of these throw exceptions to indicate empty results;
    # others return empty arrays
    begin
       = backend.(user_name: user[:user_name])
      user[:has_console_password] = true
    rescue Aws::IAM::Errors::NoSuchEntity
      user[:has_console_password] = false
    end
    user[:has_console_password?] = user[:has_console_password]

    begin
      aws_mfa_devices = backend.list_mfa_devices(user_name: user[:user_name])
      user[:has_mfa_enabled] = !aws_mfa_devices.mfa_devices.empty?
    rescue Aws::IAM::Errors::NoSuchEntity
      user[:has_mfa_enabled] = false
    end
    user[:has_mfa_enabled?] = user[:has_mfa_enabled]

    user[:inline_policy_names_source] = backend.list_user_policies(user_name: user[:user_name]).policy_names
    user[:has_inline_policies] = !user[:inline_policy_names_source].empty?
    user[:has_inline_policies?] = user[:has_inline_policies]

    attached_policies = backend.list_attached_user_policies(user_name: user[:user_name]).attached_policies
    user[:has_attached_policies] = !attached_policies.empty?
    user[:has_attached_policies?] = user[:has_attached_policies]
    user[:attached_policy_names_source] = attached_policies.map { |p| p[:policy_name] }
    user[:attached_policy_arns_source] = attached_policies.map { |p| p[:policy_arn] }

    password_last_used = user[:password_last_used]
    user[:password_ever_used?] = !password_last_used.nil?
    user[:password_never_used?] = password_last_used.nil?
    next unless user[:password_ever_used?]
    user[:password_last_used_days_ago] = ((Time.now - password_last_used) / (24*60*60)).to_i
  end
  @table
end

#fetch_from_api_paginated(backend) ⇒ Object 



57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/resources/aws/aws_iam_users.rb', line 57

def fetch_from_api_paginated(backend)
  table = []
  page_marker = nil
  loop do
    api_result = backend.list_users(marker: page_marker)
    table += api_result.users.map(&:to_h)
    page_marker = api_result.marker
    break unless api_result.is_truncated
  end
  table
end

#to_sObject 



112
113
114
 
# File 'lib/resources/aws/aws_iam_users.rb', line 112

def to_s
  'IAM Users'
end

#validate_params(raw_params) ⇒ Object 



49
50
51
52
53
54
55
 
# File 'lib/resources/aws/aws_iam_users.rb', line 49

def validate_params(raw_params)
  # No params yet
  unless raw_params.empty?
    raise ArgumentError, 'aws_iam_users does not accept resource parameters'
  end
  raw_params
end