Class: RightAws::IamInterface

Inherits:

RightAwsBase

• Object
• RightAwsBase
• RightAws::IamInterface

Includes:

RightAwsBaseInterface

Defined in:

lib/iam/right_iam_interface.rb,
lib/iam/right_iam_users.rb,
lib/iam/right_iam_groups.rb,
lib/iam/right_iam_access_keys.rb,
lib/iam/right_iam_mfa_devices.rb

Overview

RightAWS::Iam – RightScale AWS Identity and Access Management (IAM) interface

The RightAws::Iam class provides a complete interface to Amazon’s Identity and Access Management service.

For explanations of the semantics of each call, please refer to Amazon’s documentation at aws.amazon.com/documentation/iam/

Examples:

Create an EC2 interface handle:

iam = RightAws::IamInterface.new(aws_access_key_id, aws_secret_access_key)
iam.list_access_keys
iam.list_users
iam.list_groups

Defined Under Namespace

Classes: BasicIamListParser, BasicIamParser, CreateAccessKeyParser, CreateGroupParser, GetGroupParser, GetGroupPolicyParser, GetLoginProfileParser, GetServerCertificateParser, GetSigningCertificateParser, GetUserParser, GetUserPolicyParser, ListAccessKeysParser, ListGroupsParser, ListMFADevicesParser, ListServerCertificatesParser, ListSigningCertificatesParser, ListUsersParser

Constant Summary

API_VERSION =

"2010-05-08"

DEFAULT_HOST =

"iam.amazonaws.com"

DEFAULT_PATH =

'/'

DEFAULT_PROTOCOL =

'https'

DEFAULT_PORT =

443

@@bench =

AwsBenchmarkingBlock.new

Constants included from RightAwsBaseInterface

RightAwsBaseInterface::BLOCK_DEVICE_KEY_MAPPING, RightAwsBaseInterface::DEFAULT_SIGNATURE_VERSION

Constants inherited from RightAwsBase

RightAwsBase::AMAZON_PROBLEMS, RightAwsBase::RAISE_ON_TIMEOUT_ON_ACTIONS

Instance Attribute Summary

Attributes included from RightAwsBaseInterface

#aws_access_key_id, #aws_secret_access_key, #cache, #connection, #last_errors, #last_request, #last_request_id, #last_response, #logger, #params, #signature_version

Class Method Summary

• .bench_service ⇒ Object
• .bench_xml ⇒ Object

Instance Method Summary

• #add_user_to_group(user_name, group_name) ⇒ Object

  Adds the specified User to the specified group.

• #create_access_key(options = {}) ⇒ Object

  Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified User.

• #create_group(group_name, path = nil) ⇒ Object

  Creates a new group.

• #create_login_profile(user_name, password) ⇒ Object

  Creates a login profile for the specified User, giving the User the ability to access AWS services such as the AWS Management Console.

• #create_user(user_name, options = {}) ⇒ Object

  Creates a new User for your AWS Account.

• #deactivate_mfa_device(user_name, serial_number) ⇒ Object

  Deactivates the specified MFA device and removes it from association with the User name for which it was originally enabled.

• #delete_access_key(access_key_id, options = {}) ⇒ Object

  Deletes the access key associated with the specified User.

• #delete_group(group_name) ⇒ Object

  Deletes the specified group.

• #delete_group_policy(group_name, policy_name) ⇒ Object

  Deletes the specified policy that is associated with the specified group.

• #delete_login_profile(user_name) ⇒ Object

  Deletes the login profile for the specified User, which terminates the User’s ability to access AWS services through the IAM login page.

• #delete_server_certificate(server_certificate_name) ⇒ Object

  Deletes the specified server certificate.

• #delete_signing_certificate(certificate_id, options = {}) ⇒ Object

  Deletes the specified signing certificate associated with the specified User.

• #delete_user(user_name) ⇒ Object

  Deletes the specified User.

• #delete_user_policy(user_name, policy_name) ⇒ Object

  Deletes the specified policy associated with the specified User.

• #enable_mfa_device(user_name, serial_number, auth_code1, auth_code2) ⇒ Object

  Enables the specified MFA device and associates it with the specified User name.

• #generate_request(action, params = {}) ⇒ Object

  :nodoc:.

• #get_group(group_name, options = {}, &block) ⇒ Object

  Returns a list of Users that are in the specified group.

• #get_group_policy(group_name, policy_name) ⇒ Object

  Retrieves the specified policy document for the specified group.

• #get_login_profile(user_name) ⇒ Object

  Retrieves the login profile for the specified User.

• #get_server_certificate(server_certificate_name) ⇒ Object

  Retrieves information about the specified server certificate.

• #get_user(user_name) ⇒ Object

  Retrieves information about the specified User, including the User’s path, GUID, and ARN.

• #get_user_policy(user_name, policy_name) ⇒ Object

  Retrieves the specified policy document for the specified User.

• #incrementally_list_iam_resources(api_function, params = {}, options = {}, &block) ⇒ Object

  Options: :parser, :except, :items.

• #initialize(aws_access_key_id = nil, aws_secret_access_key = nil, params = {}) ⇒ IamInterface constructor

  Create a new handle to an IAM account.

• #list_access_keys(options = {}, &block) ⇒ Object

  Returns information about the Access Key IDs associated with the specified User.

• #list_group_policies(group_name, options = {}, &block) ⇒ Object

  Lists the names of the policies associated with the specified group.

• #list_groups(options = {}, &block) ⇒ Object

  Lists the groups that have the specified path prefix.

• #list_groups_for_user(user_name, options = {}, &block) ⇒ Object

  Lists the names of the policies associated with the specified group.

• #list_mfa_devices(options = {}, &block) ⇒ Object

  Lists the MFA devices associated with the specified User name.

• #list_server_certificates(options = {}, &block) ⇒ Object

  Lists the server certificates that have the specified path prefix.

• #list_signing_certificates(options = {}, &block) ⇒ Object

  Returns information about the signing certificates associated with the specified User.

• #list_user_policies(user_name, options = {}, &block) ⇒ Object

  Lists the names of the policies associated with the specified User.

• #list_users(options = {}, &block) ⇒ Object

  Lists the Users that have the specified path prefix.

• #put_group_policy(group_name, policy_name, policy_document) ⇒ Object

  Adds (or updates) a policy document associated with the specified group.

• #put_user_policy(user_name, policy_name, policy_document) ⇒ Object

  Adds (or updates) a policy document associated with the specified User.

• #remove_user_from_group(user_name, group_name) ⇒ Object

  Removes the specified User from the specified group.

• #request_info(request, parser) ⇒ Object

  Sends request to Amazon and parses the response Raises AwsError if any banana happened.

• #resync_mfa_device(user_name, serial_number, auth_code1, auth_code2) ⇒ Object

  Synchronizes the specified MFA device with AWS servers.

• #update_group(group_name, options = {}) ⇒ Object

  Updates the name and/or the path of the specified group.

• #update_login_profile(user_name, options = {}) ⇒ Object

  Updates the login profile for the specified User.

• #update_server_certificate(server_certificate_name, options = {}) ⇒ Object

  Updates the name and/or the path of the specified server certificate.

• #update_user(user_name, options = {}) ⇒ Object

  Updates the name and/or the path of the specified User.

• #upload_server_certificate(server_certificate_name, certificate_body, private_key, options = {}) ⇒ Object

  Uploads a server certificate entity for the AWS Account.

• #upload_signing_certificate(certificate_body, options = {}) ⇒ Object

  Uploads an X.509 signing certificate and associates it with the specified User.

Methods included from RightAwsBaseInterface

#amazonize_block_device_mappings, #amazonize_hash_with_key_mapping, #amazonize_list, #amazonize_list_with_key_mapping, #cache_hits?, caching, caching=, #caching?, #destroy_connection, #generate_request_impl, #get_connection, #get_connections_storage, #get_server_url, #incrementally_list_items, #init, #map_api_keys_and_values, #on_exception, #request_cache_or_info, #request_info_impl, #signed_service_params, #update_cache, #with_connection_options

Methods inherited from RightAwsBase

amazon_problems, amazon_problems=, raise_on_timeout_on_actions, raise_on_timeout_on_actions=

Constructor Details

#initialize(aws_access_key_id = nil, aws_secret_access_key = nil, params = {}) ⇒ IamInterface

Create a new handle to an IAM account. All handles share the same per process or per thread HTTP connection to Amazon IAM. Each handle is for a specific account. The params have the following options:

• :endpoint_url a fully qualified url to Amazon API endpoint (this overwrites: :server, :port, :service, :protocol).

• :server: IAM service host, default: DEFAULT_HOST

• :port: IAM service port, default: DEFAULT_PORT

• :protocol: ‘http’ or ‘https’, default: DEFAULT_PROTOCOL

• :logger: for log messages, default: RAILS_DEFAULT_LOGGER else STDOUT

• :signature_version: The signature version : ‘0’,‘1’ or ‘2’(default)

• :cache: true/false(default): caching works for: describe_load_balancers

# File 'lib/iam/right_iam_interface.rb', line 71

def initialize(aws_access_key_id=nil, aws_secret_access_key=nil, params={})
  init({ :name                => 'IAM',
         :default_host        => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).host   : DEFAULT_HOST,
         :default_port        => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).port   : DEFAULT_PORT,
         :default_service     => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).path   : DEFAULT_PATH,
         :default_protocol    => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).scheme : DEFAULT_PROTOCOL,
         :default_api_version => ENV['IAM_API_VERSION'] || API_VERSION },
       aws_access_key_id    || ENV['AWS_ACCESS_KEY_ID'] ,
       aws_secret_access_key|| ENV['AWS_SECRET_ACCESS_KEY'],
       params)
end

Class Method Details

.bench_service ⇒ Object

# File 'lib/iam/right_iam_interface.rb', line 56

def self.bench_service
  @@bench.service
end

.bench_xml ⇒ Object

# File 'lib/iam/right_iam_interface.rb', line 53

def self.bench_xml
  @@bench.xml
end

Instance Method Details

#add_user_to_group(user_name, group_name) ⇒ Object

Adds the specified User to the specified group.

iam.add_user_to_group('kd', 'kd_test_1') #=> true

# File 'lib/iam/right_iam_users.rb', line 154

def add_user_to_group(user_name, group_name)
  request_hash = { 'UserName'  => user_name,
                   'GroupName' => group_name }
  link = generate_request("AddUserToGroup", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#create_access_key(options = {}) ⇒ Object

Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified User.

Options: :user_name

iam.create_access_key(:user_name => 'kd1') #=>
  {:access_key_id=>"AK0000000000000000ZQ",
   :status=>"Active",
   :secret_access_key=>"QXN0000000000000000000000000000000000Ioj",
   :create_date=>"2010-10-29T07:16:32.210Z",
   :user_name=>"kd1"}

# File 'lib/iam/right_iam_access_keys.rb', line 33

def create_access_key(options={})
  request_hash = {}
  request_hash['UserName'] = options[:user_name] unless options[:user_name].right_blank?
  link = generate_request("CreateAccessKey", request_hash)
  request_info(link, CreateAccessKeyParser.new(:logger => @logger))
end

#create_group(group_name, path = nil) ⇒ Object

Creates a new group.

iam.create_group('kd_group') #=>
  {:group_id=>"AGP000000000000000UTY",
   :arn=>"arn:aws:iam::640000000037:group/kd_test",
   :path=>"/",
   :group_name=>"kd_test"}

iam.create_group('kd_test_3', '/kd/') #=>
  {:group_id=>"AGP000000000000000G6Q",
   :arn=>"arn:aws:iam::640000000037:group/kd/kd_test_3",
   :path=>"/kd/",
   :group_name=>"kd_test_3"}

# File 'lib/iam/right_iam_groups.rb', line 37

def create_group(group_name, path=nil)
  request_hash = { 'GroupName' => group_name }
  request_hash['Path'] = path unless path.right_blank?
  link = generate_request("CreateGroup", request_hash)
  request_info(link, CreateGroupParser.new(:logger => @logger))
end

#create_login_profile(user_name, password) ⇒ Object

Creates a login profile for the specified User, giving the User the ability to access AWS services such as the AWS Management Console.

iam.create_login_profile('kd','q1w2e3r4t5') #=> { :user_name => 'kd' }

# File 'lib/iam/right_iam_users.rb', line 181

def create_login_profile(user_name, password)
  request_hash = { 'UserName' => user_name,
                   'Password' => password}
  link = generate_request("CreateLoginProfile", request_hash)
  request_info(link, GetLoginProfileParser.new(:logger => @logger))
end

#create_user(user_name, options = {}) ⇒ Object

Creates a new User for your AWS Account.

Options: :path

iam.create_user('kd') #=>
  {:user_name=>"kd",
   :user_id=>"AI000000000000000006A",
   :arn=>"arn:aws:iam::640000000037:user/kd",
   :path=>"/"}

# File 'lib/iam/right_iam_users.rb', line 33

def create_user(user_name, options={})
  request_hash = { 'UserName' => user_name }
  request_hash['Path'] = options[:path] unless options[:path]
  link = generate_request("CreateUser", request_hash)
  request_info(link, GetUserParser.new(:logger => @logger))
end

#deactivate_mfa_device(user_name, serial_number) ⇒ Object

Deactivates the specified MFA device and removes it from association with the User name for which it was originally enabled.

deactivate_mfa_device('kd1', 'dev1234567890') #=> true

# File 'lib/iam/right_iam_mfa_devices.rb', line 48

def deactivate_mfa_device(user_name, serial_number)
  request_hash = { 'UserName'     => user_name,
                   'SerialNumber' => serial_number }
  link = generate_request("DeactivateMFADevice", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_access_key(access_key_id, options = {}) ⇒ Object

Deletes the access key associated with the specified User.

Options: :user_name

iam.delete_access_key('AK00000000000000006A', :user_name => 'kd1') #=> true

# File 'lib/iam/right_iam_access_keys.rb', line 46

def delete_access_key(access_key_id, options={})
  request_hash = { 'AccessKeyId' => access_key_id }
  request_hash['UserName'] = options[:user_name] unless options[:user_name].right_blank?
  link = generate_request("DeleteAccessKey", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_group(group_name) ⇒ Object

Deletes the specified group. The group must not contain any Users or have any attached policies.

iam.delete_group('kd_test_3') #=> true

# File 'lib/iam/right_iam_groups.rb', line 82

def delete_group(group_name)
  request_hash = { 'GroupName' => group_name }
  link = generate_request("DeleteGroup", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_group_policy(group_name, policy_name) ⇒ Object

Deletes the specified policy that is associated with the specified group

iam.delete_group_policy('kd_test', 'kd_policy_1') #=> true

# File 'lib/iam/right_iam_groups.rb', line 135

def delete_group_policy(group_name, policy_name)
  request_hash = { 'GroupName'  => group_name,
                   'PolicyName' => policy_name }
  link = generate_request("DeleteGroupPolicy", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_login_profile(user_name) ⇒ Object

Deletes the login profile for the specified User, which terminates the User’s ability to access AWS services through the IAM login page.

iam.delete_login_profile('kd') #=> true

# File 'lib/iam/right_iam_users.rb', line 214

def delete_login_profile(user_name)
  request_hash = { 'UserName' => user_name }
  link = generate_request("DeleteLoginProfile", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_server_certificate(server_certificate_name) ⇒ Object

Deletes the specified server certificate

iam.delete_server_certificate('ProdServerCert') #=> true

# File 'lib/iam/right_iam_interface.rb', line 210

def delete_server_certificate(server_certificate_name)
  request_hash = { 'ServerCertificateName' => server_certificate_name }
  link = generate_request("DeleteServerCertificate", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_signing_certificate(certificate_id, options = {}) ⇒ Object

Deletes the specified signing certificate associated with the specified User.

Options: :user_name

pp iam.delete_signing_certificate('OB0000000000000000000000000000HY', :user_name => 'kd1')

# File 'lib/iam/right_iam_interface.rb', line 266

def delete_signing_certificate(certificate_id, options={})
  request_hash = { 'CertificateId' => certificate_id }
  request_hash['UserName'] = options[:user_name] unless options[:user_name].right_blank?
  link = generate_request("DeleteSigningCertificate", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_user(user_name) ⇒ Object

Deletes the specified User. The User must not belong to any groups, have any keys or signing certificates, or have any attached policies.

iam.delete_user('kd') #=> true

# File 'lib/iam/right_iam_users.rb', line 70

def delete_user(user_name)
  request_hash = { 'UserName' => user_name }
  link = generate_request("DeleteUser", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#delete_user_policy(user_name, policy_name) ⇒ Object

Deletes the specified policy associated with the specified User.

iam.delete_user_policy('kd','kd_user_policy_1') #=> true

# File 'lib/iam/right_iam_users.rb', line 123

def delete_user_policy(user_name, policy_name)
  request_hash = { 'UserName'   => user_name,
                   'PolicyName' => policy_name }
  link = generate_request("DeleteUserPolicy", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#enable_mfa_device(user_name, serial_number, auth_code1, auth_code2) ⇒ Object

Enables the specified MFA device and associates it with the specified User name. Once enabled, the MFA device is required for every subsequent login by the User name associated with the device.

iam.enable_mfa_device('kd1', 'x12345', '12345', '67890') #=> true

# File 'lib/iam/right_iam_mfa_devices.rb', line 22

def enable_mfa_device(user_name, serial_number, auth_code1, auth_code2)
  request_hash = { 'UserName'            => user_name,
                   'SerialNumber'        => serial_number,
                   'AuthenticationCode1' => auth_code1,
                   'AuthenticationCode2' => auth_code2 }
  link = generate_request("EnableMFADevice", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#generate_request(action, params = {}) ⇒ Object

:nodoc:

# File 'lib/iam/right_iam_interface.rb', line 83

def generate_request(action, params={}) #:nodoc:
  generate_request_impl(:get, action, params )
end

#get_group(group_name, options = {}, &block) ⇒ Object

Returns a list of Users that are in the specified group.

Options: :max_items, :marker

iam.get_group('kd_test') #=>
  {:arn=>"arn:aws:iam::640000000037:group/kd1/kd_test_1",
    :users=>
      [{:arn=>"arn:aws:iam::640000000037:user/kd",
        :path=>"/",
        :user_name=>"kd",
        :user_id=>"AID000000000000000WZ2"}],
    :group_name=>"kd_test_1",
    :group_id=>"AGP000000000000000UTY",
    :path=>"/kd1/"}

# File 'lib/iam/right_iam_groups.rb', line 73

def get_group(group_name, options={}, &block)
  options[:group_name] = group_name
  incrementally_list_iam_resources('GetGroup', options, :items => :users, :except => [:marker, :is_truncated], &block)
end

#get_group_policy(group_name, policy_name) ⇒ Object

Retrieves the specified policy document for the specified group.

iam.get_group_policy('kd_test', 'kd_policy_1') #=>
  {:policy_name=>"kd_policy_1",
   :policy_document=>"{\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}]}",
   :group_name=>"kd_test"}

# File 'lib/iam/right_iam_groups.rb', line 124

def get_group_policy(group_name, policy_name)
  request_hash = { 'GroupName'  => group_name,
                   'PolicyName' => policy_name }
  link = generate_request("GetGroupPolicy", request_hash)
  request_info(link, GetGroupPolicyParser.new(:logger => @logger))
end

#get_login_profile(user_name) ⇒ Object

Retrieves the login profile for the specified User

iam.create_login_profile('kd','q1w2e3r4t5') #=> { :user_name => 'kd' }

# File 'lib/iam/right_iam_users.rb', line 203

def get_login_profile(user_name)
  request_hash = { 'UserName' => user_name }
  link = generate_request("GetLoginProfile", request_hash)
  request_info(link, GetLoginProfileParser.new(:logger => @logger))
end

#get_server_certificate(server_certificate_name) ⇒ Object

Retrieves information about the specified server certificate.

iam.get_server_certificate('KdCert1')
  {:certificate_body=>
    "-----BEGIN CERTIFICATE-----\nMIICATC...TiU5TibMpD1g==\n-----END CERTIFICATE-----",
   :server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
   :server_certificate_name=>"KdCert1",
   :upload_date=>"2010-12-09T13:21:07Z",
   :path=>"/kdcert/",
   :certificate_chain=>"",
   :arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}

# File 'lib/iam/right_iam_interface.rb', line 200

def get_server_certificate(server_certificate_name)
  request_hash = { 'ServerCertificateName' => server_certificate_name}
  link = generate_request("GetServerCertificate", request_hash)
  request_info(link, GetServerCertificateParser.new(:logger => @logger))
end

#get_user(user_name) ⇒ Object

Retrieves information about the specified User, including the User’s path, GUID, and ARN.

iam.get_user('kd') #=>
  {:user_name=>"kd",
   :user_id=>"AI000000000000000006A",
   :arn=>"arn:aws:iam::640000000037:user/kd",
   :path=>"/"}

# File 'lib/iam/right_iam_users.rb', line 60

def get_user(user_name)
  request_hash = { 'UserName' => user_name }
  link = generate_request("GetUser", request_hash)
  request_info(link, GetUserParser.new(:logger => @logger))
end

#get_user_policy(user_name, policy_name) ⇒ Object

Retrieves the specified policy document for the specified User.

iam.get_user_policy('kd','kd_user_policy_1') #=>
  {:user_name=>"kd",
   :policy_name=>"kd_user_policy_1",
   :policy_document=>"{\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}]}"}

# File 'lib/iam/right_iam_users.rb', line 110

def get_user_policy(user_name, policy_name)
  request_hash = { 'UserName'   => user_name,
                   'PolicyName' => policy_name }
  link = generate_request("GetUserPolicy", request_hash)
  result = request_info(link, GetUserPolicyParser.new(:logger => @logger))
  result[:policy_document] = URI::decode(result[:policy_document])
  result
end

#incrementally_list_iam_resources(api_function, params = {}, options = {}, &block) ⇒ Object

Options: :parser, :except, :items

# File 'lib/iam/right_iam_interface.rb', line 95

def incrementally_list_iam_resources(api_function, params={}, options={},  &block) #:nodoc:
  items        = options[:items] || :items
  result       = { items => [] }
  parser       = options[:parser] || "RightAws::IamInterface::#{api_function}Parser".right_constantize
  request_hash = {}
  params.each { |key,value| request_hash[key.to_s.right_camelize] = value unless value.right_blank? }
  incrementally_list_items(api_function, parser, request_hash) do |response|
    if result[items].right_blank?
      result = response
    else
      result[items] += response[items]
    end
    block ? block.call(response) : true
  end
  if options[:except]
    Array(options[:except]).each{ |key| result.delete(key)}
    result
  else
    result[items]
  end
end

#list_access_keys(options = {}, &block) ⇒ Object

Returns information about the Access Key IDs associated with the specified User.

Options: :user_name, :max_items, :marker

iam.list_access_keys #=>
  [{:create_date=>"2007-01-09T06:16:30Z",
    :status=>"Active",
    :access_key_id=>"00000000000000000000"}]

# File 'lib/iam/right_iam_access_keys.rb', line 18

def list_access_keys(options={}, &block)
  incrementally_list_iam_resources('ListAccessKeys', options, &block)
end

#list_group_policies(group_name, options = {}, &block) ⇒ Object

Lists the names of the policies associated with the specified group.

Options: :max_items, :marker

iam.list_group_policies('kd_test') #=> ["kd_policy_1"]

# File 'lib/iam/right_iam_groups.rb', line 98

def list_group_policies(group_name, options={}, &block)
  options[:group_name] = group_name
  incrementally_list_iam_resources('ListGroupPolicies', options, :parser => BasicIamListParser, &block)
end

#list_groups(options = {}, &block) ⇒ Object

Lists the groups that have the specified path prefix.

Options: :path_prefix, :max_items, :marker

iam.list_groups #=>
  [{:group_id=>"AGP000000000000000UTY",
    :arn=>"arn:aws:iam::640000000037:group/kd_test",
    :path=>"/",
    :group_name=>"kd_test"}]

# File 'lib/iam/right_iam_groups.rb', line 19

def list_groups(options={}, &block)
  incrementally_list_iam_resources('ListGroups', options, &block)
end

#list_groups_for_user(user_name, options = {}, &block) ⇒ Object

Lists the names of the policies associated with the specified group. If there are none, the action returns an empty list.

Options: :max_items, :marker

iam.list_groups_for_user('kd') #=>
  [{:group_name=>"kd_test_1",
    :group_id=>"AGP000000000000000UTY",
    :arn=>"arn:aws:iam::640000000037:group/kd1/kd_test_1",
    :path=>"/kd1/"}]

# File 'lib/iam/right_iam_users.rb', line 145

def list_groups_for_user(user_name, options={}, &block)
  options[:user_name] = user_name
  incrementally_list_iam_resources('ListGroupsForUser', options, :parser => ListGroupsParser, &block)
end

#list_mfa_devices(options = {}, &block) ⇒ Object

Lists the MFA devices associated with the specified User name.

Options: :user_name, :max_items, :marker

# File 'lib/iam/right_iam_mfa_devices.rb', line 13

def list_mfa_devices(options={}, &block)
  incrementally_list_iam_resources('ListMFADevices', options, &block)
end

#list_server_certificates(options = {}, &block) ⇒ Object

Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.

Options: :path_prefix, :max_items, :marker

iam.list_server_certificates #=>
  {:server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
   :server_certificate_name=>"KdCert1",
   :upload_date=>"2010-12-09T13:21:07.226Z",
   :path=>"/kdcert/",
   :arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}

# File 'lib/iam/right_iam_interface.rb', line 132

def list_server_certificates(options={}, &block)
  incrementally_list_iam_resources('ListServerCertificates', options, &block)
end

#list_signing_certificates(options = {}, &block) ⇒ Object

Returns information about the signing certificates associated with the specified User.

Options: :user_name, :max_items, :marker

iam.list_signing_certificates #=>

[{:upload_date      => "2007-08-11T06:48:35Z",
  :status           => "Active",
  :certificate_id   => "00000000000000000000000000000000",
  :certificate_body => "-----BEGIN CERTIFICATE-----\nMIICd...PPHQ=\n-----END CERTIFICATE-----\n"}]

# File 'lib/iam/right_iam_interface.rb', line 230

def list_signing_certificates(options={}, &block)
  incrementally_list_iam_resources('ListSigningCertificates', options, &block)
end

#list_user_policies(user_name, options = {}, &block) ⇒ Object

Lists the names of the policies associated with the specified User.

Options: :max_items, :marker

iam.list_user_policies('kd') #=> ["kd_user_policy_1"]

# File 'lib/iam/right_iam_users.rb', line 86

def list_user_policies(user_name, options={}, &block)
  options[:user_name] = user_name
  incrementally_list_iam_resources('ListUserPolicies', options, :parser => BasicIamListParser, &block)
end

#list_users(options = {}, &block) ⇒ Object

Lists the Users that have the specified path prefix.

Options: :path_prefix, :max_items, :marker

iam.list_users #=>
  [{:user_name=>"kd",
    :user_id=>"AI000000000000000006A",
    :arn=>"arn:aws:iam::640000000037:user/kd",
    :path=>"/"}]

# File 'lib/iam/right_iam_users.rb', line 19

def list_users(options={}, &block)
  incrementally_list_iam_resources('ListUsers', options, &block)
end

#put_group_policy(group_name, policy_name, policy_document) ⇒ Object

Adds (or updates) a policy document associated with the specified group.

iam.put_group_policy('kd_test', 'kd_policy_1', %Q({"Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]})) #=> true

# File 'lib/iam/right_iam_groups.rb', line 107

def put_group_policy(group_name, policy_name, policy_document)
  request_hash = { 'GroupName'      => group_name,
                   'PolicyDocument' => policy_document,
                   'PolicyName'     => policy_name }
  link = generate_request_impl(:post, "PutGroupPolicy", request_hash)
  result = request_info(link, RightHttp2xxParser.new(:logger => @logger))
  result[:policy_document] = URI::decode(result[:policy_document])
  result
end

#put_user_policy(user_name, policy_name, policy_document) ⇒ Object

Adds (or updates) a policy document associated with the specified User

iam.put_user_policy('kd', 'kd_user_policy_1', %Q({"Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]})) #=> true

# File 'lib/iam/right_iam_users.rb', line 95

def put_user_policy(user_name, policy_name, policy_document)
  request_hash = { 'UserName'       => user_name,
                   'PolicyDocument' => policy_document,
                   'PolicyName'     => policy_name }
  link = generate_request_impl(:post, "PutUserPolicy", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#remove_user_from_group(user_name, group_name) ⇒ Object

Removes the specified User from the specified group.

iam.remove_user_from_group('kd', 'kd_test_1') #=> true

# File 'lib/iam/right_iam_users.rb', line 165

def remove_user_from_group(user_name, group_name)
  request_hash = { 'UserName'  => user_name,
                   'GroupName' => group_name }
  link = generate_request("RemoveUserFromGroup", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#request_info(request, parser) ⇒ Object

Sends request to Amazon and parses the response Raises AwsError if any banana happened

# File 'lib/iam/right_iam_interface.rb', line 89

def request_info(request, parser)  #:nodoc:
  request_info_impl(:iam_connection, @@bench, request, parser)
end

#resync_mfa_device(user_name, serial_number, auth_code1, auth_code2) ⇒ Object

Synchronizes the specified MFA device with AWS servers.

iam.resync_mfa_device('kd1', 'x12345', '12345', '67890') #=> true

# File 'lib/iam/right_iam_mfa_devices.rb', line 35

def resync_mfa_device(user_name, serial_number, auth_code1, auth_code2)
  request_hash = { 'UserName'            => user_name,
                   'SerialNumber'        => serial_number,
                   'AuthenticationCode1' => auth_code1,
                   'AuthenticationCode2' => auth_code2 }
  link = generate_request("ResyncMFADevice", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#update_group(group_name, options = {}) ⇒ Object

Updates the name and/or the path of the specified group

Options: :new_group_name, :new_path

iam.update_group('kd_test', :new_group_name => 'kd_test_1', :new_path => '/kd1/') #=> true

# File 'lib/iam/right_iam_groups.rb', line 50

def update_group(group_name, options={})
  request_hash = { 'GroupName' => group_name}
  request_hash['NewGroupName'] = options[:new_group_name] unless options[:new_group_name].right_blank?
  request_hash['NewPath']      = options[:new_path]       unless options[:new_path].right_blank?
  link = generate_request("UpdateGroup", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#update_login_profile(user_name, options = {}) ⇒ Object

Updates the login profile for the specified User. Use this API to change the User’s password.

update_login_profile('kd', '00000000') #=> true

# File 'lib/iam/right_iam_users.rb', line 192

def update_login_profile(user_name, options={})
  request_hash = { 'UserName' => user_name}
  request_hash['Password'] = options[:password] unless options[:passwrod].right_blank?
  link = generate_request("UpdateLoginProfile", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#update_server_certificate(server_certificate_name, options = {}) ⇒ Object

Updates the name and/or the path of the specified server certificate.

Options: :new_server_certificate_name, :new_path

iam.update_server_certificate('ProdServerCert', :new_server_certificate_name => 'OldServerCert') #=> true

# File 'lib/iam/right_iam_interface.rb', line 180

def update_server_certificate(server_certificate_name, options={})
  request_hash = { 'ServerCertificateName' => server_certificate_name}
  request_hash['NewServerCertificateName'] = options[:new_server_certificate_name] unless options[:new_server_certificate_name].right_blank?
  request_hash['NewPath']                  = options[:new_path]                    unless options[:new_path].right_blank?
  link = generate_request("UpdateServerCertificate", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#update_user(user_name, options = {}) ⇒ Object

Updates the name and/or the path of the specified User.

iam.update_user('kd1', :new_user_name => 'kd1', :new_path => '/kd1/') #=> true

# File 'lib/iam/right_iam_users.rb', line 44

def update_user(user_name, options={})
  request_hash = { 'UserName' => user_name}
  request_hash['NewUserName'] = options[:new_user_name] unless options[:new_user_name].right_blank?
  request_hash['NewPath']     = options[:new_path]       unless options[:new_path].right_blank?
  link = generate_request("UpdateUser", request_hash)
  request_info(link, RightHttp2xxParser.new(:logger => @logger))
end

#upload_server_certificate(server_certificate_name, certificate_body, private_key, options = {}) ⇒ Object

Uploads a server certificate entity for the AWS Account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.

Options: :certificate_chain, :path

certificate_body =<<-EOB
-----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIGANc+Ha2wMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wOTAyMDQxNzE5MjdaFw0xMDAy
AEaHzTpmEXAMPLE=
EOB

private_key =<<EOK
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBTTKBgQD33xToSXPJ6hr37L3+KNi3/7DgywlBcvlFPPSHIw3ORuO/22mT
8Cy5fT89WwNvZ3BPKWU6OZ38TQv3eWjNc/3U3+oqVNG2poX5nCPOtO1b96HYX2mR
62TITdw53KWJEXAMPLE=
EOK

iam.upload_server_certificate('KdCert1', certificate_body, private_key, :path=>'/kdcert/') #=>
  {:server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
   :server_certificate_name=>"KdCert1",
   :upload_date=>"2010-12-09T13:21:07.226Z",
   :path=>"/kdcert/",
   :arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}

# File 'lib/iam/right_iam_interface.rb', line 164

def upload_server_certificate(server_certificate_name, certificate_body, private_key, options={})
  request_hash = { 'CertificateBody'       => certificate_body,
                   'PrivateKey'            => private_key,
                   'ServerCertificateName' => server_certificate_name }
  request_hash['CertificateChain'] = options[:certificate_chain] unless options[:certificate_chain].right_blank?
  request_hash['Path']             = options[:path]              unless options[:path].right_blank?
  link = generate_request_impl(:post, "UploadServerCertificate", request_hash)
  request_info(link, GetServerCertificateParser.new(:logger => @logger))
end

#upload_signing_certificate(certificate_body, options = {}) ⇒ Object

Uploads an X.509 signing certificate and associates it with the specified User.

Options: :user_name

certificate_body =<<-EOB
-----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIGANc+Ha2wMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wOTAyMDQxNzE5MjdaFw0xMDAy
AEaHzTpmEXAMPLE=
EOB

iam.upload_signing_certificate(certificate_body, :user_name => 'kd1') #=>
  {:user_name        => "kd1",
   :certificate_id   => "OBG00000000000000000000000000DHY",
   :status           => "Active",
   :certificate_body => "-----BEGIN CERTIFICATE-----\nMII...5GS\n-----END CERTIFICATE-----\n",
   :upload_date      => "2010-10-29T10:02:05.929Z"}

# File 'lib/iam/right_iam_interface.rb', line 253

def upload_signing_certificate(certificate_body, options={})
  request_hash = { 'CertificateBody' => certificate_body }
  request_hash['UserName'] = options[:user_name] unless options[:user_name].right_blank?
  link = generate_request_impl(:post, "UploadSigningCertificate", request_hash)
  request_info(link, GetSigningCertificateParser.new(:logger => @logger))
end