Class: AwsIamAccessKeys::Backend::AwsUserIterator
- Inherits:
-
AwsBackendBase
- Object
- AwsBackendBase
- AwsIamAccessKeys::Backend::AwsUserIterator
- Defined in:
- lib/resources/aws/aws_iam_access_keys.rb
Overview
Implementation of AccessKeyProvider which operates by looping over all users, then fetching their access keys. TODO: An alternate, more scalable implementation could be made using the Credential Report.
Instance Attribute Summary
Attributes inherited from AwsBackendBase
Instance Method Summary collapse
-
#add_synthetic_fields(key_info, user_details) ⇒ Object
rubocop:disable Metrics/AbcSize.
- #fetch(criteria) ⇒ Object
Methods inherited from AwsBackendBase
#aws_service_client, #initialize
Constructor Details
This class inherits a constructor from AwsBackendBase
Instance Method Details
#add_synthetic_fields(key_info, user_details) ⇒ Object
rubocop:disable Metrics/AbcSize
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 |
# File 'lib/resources/aws/aws_iam_access_keys.rb', line 129 def add_synthetic_fields(key_info, user_details) # rubocop:disable Metrics/AbcSize key_info[:id] = key_info[:access_key_id] key_info[:active] = key_info[:status] == "Active" key_info[:inactive] = key_info[:status] != "Active" key_info[:created_hours_ago] = ((Time.now - key_info[:create_date]) / (60 * 60)).to_i key_info[:created_days_ago] = (key_info[:created_hours_ago] / 24).to_i key_info[:user_created_date] = user_details[:create_date] key_info[:created_with_user] = (key_info[:create_date] - key_info[:user_created_date]).abs < 1.0 / 24.0 # Last used is a separate API call iam_client = aws_service_client last_used = iam_client.get_access_key_last_used(access_key_id: key_info[:access_key_id]) .access_key_last_used.last_used_date key_info[:ever_used] = !last_used.nil? key_info[:never_used] = last_used.nil? key_info[:last_used_time] = last_used return unless last_used key_info[:last_used_hours_ago] = ((Time.now - last_used) / (60 * 60)).to_i key_info[:last_used_days_ago] = (key_info[:last_used_hours_ago] / 24).to_i end |
#fetch(criteria) ⇒ Object
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 |
# File 'lib/resources/aws/aws_iam_access_keys.rb', line 79 def fetch(criteria) iam_client = aws_service_client user_details = {} if criteria.key?(:username) begin user_details[criteria[:username]] = iam_client.get_user(user_name: criteria[:username]).user rescue Aws::IAM::Errors::NoSuchEntity # rubocop:disable Lint/HandleExceptions # Swallow - a miss on search results should return an empty table end else pagination_opts = {} loop do api_result = iam_client.list_users(pagination_opts) api_result.users.each do |info| user_details[info.user_name] = info end break unless api_result.is_truncated pagination_opts[:marker] = api_result.marker end end access_key_data = [] user_details.each_key do |username| begin user_keys = iam_client.list_access_keys(user_name: username) . user_keys = user_keys.map do || { access_key_id: .access_key_id, username: username, status: .status, create_date: .create_date, # DateTime.parse(metadata.create_date), } end # Copy in from user data # Synthetics user_keys.each do |key_info| add_synthetic_fields(key_info, user_details[username]) end access_key_data.concat(user_keys) rescue Aws::IAM::Errors::NoSuchEntity # rubocop:disable Lint/HandleExceptions # Swallow - a miss on search results should return an empty table end end access_key_data end |