Class: AwsIamUsers
- Inherits:
-
Object
- Object
- AwsIamUsers
- Includes:
- AwsPluralResourceMixin
- Defined in:
- lib/resources/aws/aws_iam_users.rb
Overview
author: Alex Bedley author: Steffanie Freeman author: Simon Varlow author: Chris Redekop
Defined Under Namespace
Classes: Backend
Instance Attribute Summary
Attributes included from AwsPluralResourceMixin
Instance Method Summary collapse
-
#fetch_from_api ⇒ Object
rubocop: disable Metrics/AbcSize.
- #fetch_from_api_paginated(backend) ⇒ Object
- #to_s ⇒ Object
- #validate_params(raw_params) ⇒ Object
Methods included from AwsPluralResourceMixin
Methods included from AwsResourceMixin
#catch_aws_errors, #check_resource_param_names, #initialize, #inspec_runner
Instance Method Details
#fetch_from_api ⇒ Object
rubocop: disable Metrics/AbcSize
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'lib/resources/aws/aws_iam_users.rb', line 69 def fetch_from_api # rubocop: disable Metrics/AbcSize backend = BackendFactory.create(inspec_runner) @table = fetch_from_api_paginated(backend) # TODO: lazy columns - https://github.com/chef/inspec-aws/issues/100 @table.each do |user| # Some of these throw exceptions to indicate empty results; # others return empty arrays begin _login_profile = backend.get_login_profile(user_name: user[:user_name]) user[:has_console_password] = true rescue Aws::IAM::Errors::NoSuchEntity user[:has_console_password] = false end user[:has_console_password?] = user[:has_console_password] begin aws_mfa_devices = backend.list_mfa_devices(user_name: user[:user_name]) user[:has_mfa_enabled] = !aws_mfa_devices.mfa_devices.empty? rescue Aws::IAM::Errors::NoSuchEntity user[:has_mfa_enabled] = false end user[:has_mfa_enabled?] = user[:has_mfa_enabled] user[:inline_policy_names_source] = backend.list_user_policies(user_name: user[:user_name]).policy_names user[:has_inline_policies] = !user[:inline_policy_names_source].empty? user[:has_inline_policies?] = user[:has_inline_policies] attached_policies = backend.list_attached_user_policies(user_name: user[:user_name]).attached_policies user[:has_attached_policies] = !attached_policies.empty? user[:has_attached_policies?] = user[:has_attached_policies] user[:attached_policy_names_source] = attached_policies.map { |p| p[:policy_name] } user[:attached_policy_arns_source] = attached_policies.map { |p| p[:policy_arn] } password_last_used = user[:password_last_used] user[:password_ever_used?] = !password_last_used.nil? user[:password_never_used?] = password_last_used.nil? next unless user[:password_ever_used?] user[:password_last_used_days_ago] = ((Time.now - password_last_used) / (24*60*60)).to_i end @table end |
#fetch_from_api_paginated(backend) ⇒ Object
57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/resources/aws/aws_iam_users.rb', line 57 def fetch_from_api_paginated(backend) table = [] page_marker = nil loop do api_result = backend.list_users(marker: page_marker) table += api_result.users.map(&:to_h) page_marker = api_result.marker break unless api_result.is_truncated end table end |
#to_s ⇒ Object
112 113 114 |
# File 'lib/resources/aws/aws_iam_users.rb', line 112 def to_s 'IAM Users' end |
#validate_params(raw_params) ⇒ Object
49 50 51 52 53 54 55 |
# File 'lib/resources/aws/aws_iam_users.rb', line 49 def validate_params(raw_params) # No params yet unless raw_params.empty? raise ArgumentError, 'aws_iam_users does not accept resource parameters' end raw_params end |