class SimplyGenius::Atmos::Providers::Aws::UserManager
Public Class Methods
new(provider)
click to toggle source
# File lib/simplygenius/atmos/providers/aws/user_manager.rb, line 15 def initialize(provider) @provider = provider end
Public Instance Methods
create_user(user_name)
click to toggle source
# File lib/simplygenius/atmos/providers/aws/user_manager.rb, line 19 def create_user(user_name) result = {} client = ::Aws::IAM::Client.new resource = ::Aws::IAM::Resource.new user = resource.user(user_name) if user.exists? logger.info "User '#{user_name}' already exists" else logger.info "Creating new user '#{user_name}'" user = resource.create_user(user_name: user_name) client.wait_until(:user_exists, user_name: user_name) logger.debug "User created, user_name=#{user_name}" end result[:user_name] = user_name return result end
enable_access_keys(user_name, force: false)
click to toggle source
# File lib/simplygenius/atmos/providers/aws/user_manager.rb, line 155 def enable_access_keys(user_name, force: false) result = {} resource = ::Aws::IAM::Resource.new user = resource.user(user_name) if user.access_keys.first logger.info "User access keys already exist" if force logger.info "Deleting old access keys" user.access_keys.each do |key| key.delete end else return result end end # TODO: auto add to ~/.aws/credentials and config key_pair = user.create_access_key_pair result[:key] = key_pair.access_key_id result[:secret] = key_pair.secret logger.debug "User keys generated key=#{key_pair.access_key_id}, secret=#{key_pair.secret}" return result end
enable_login(user_name, force: false)
click to toggle source
# File lib/simplygenius/atmos/providers/aws/user_manager.rb, line 71 def enable_login(user_name, force: false) result = {} resource = ::Aws::IAM::Resource.new user = resource.user(user_name) password = "" classes = [/[a-z]/, /[A-Z]/, /[0-9]/, /[!@#$%^&*()_+\-=\[\]{}|']/] while ! classes.all? {|c| password =~ c } password = SecureRandom.base64(15) end exists = false begin user.login_profile.create_date exists = true rescue ::Aws::IAM::Errors::NoSuchEntity exists = false end if exists logger.info "User login already exists" if force user.login_profile.update(password: password, password_reset_required: true) result[:password] = password logger.info "Updated user login with password=#{password}" end else user.create_login_profile(password: password, password_reset_required: true) result[:password] = password logger.info "User login enabled with password=#{password}" end return result end
enable_mfa(user_name, force: false)
click to toggle source
# File lib/simplygenius/atmos/providers/aws/user_manager.rb, line 107 def enable_mfa(user_name, force: false) result = {} client = ::Aws::IAM::Client.new resource = ::Aws::IAM::Resource.new user = resource.user(user_name) if user.mfa_devices.first logger.info "User mfa devices already exist" if force logger.info "Deleting old mfa devices" user.mfa_devices.each do |dev| dev.disassociate client.delete_virtual_mfa_device(serial_number: dev.serial_number) Otp.instance.remove(user_name) end else return result end end resp = client.create_virtual_mfa_device( virtual_mfa_device_name: user_name ) serial = resp.virtual_mfa_device.serial_number seed = resp.virtual_mfa_device.base_32_string_seed Otp.instance.add(user_name, seed) code1 = Otp.instance.generate(user_name) interval = (30 - (Time.now.to_i % 30)) + 1 logger.info "Waiting for #{interval}s to generate second otp key for enablement" sleep interval code2 = Otp.instance.generate(user_name) raise "MFA codes should not be the same" if code1 == code2 resp = client.enable_mfa_device({ user_name: user_name, serial_number: serial, authentication_code_1: code1, authentication_code_2: code2, }) result[:mfa_secret] = seed return result end
set_groups(user_name, groups, force: false)
click to toggle source
# File lib/simplygenius/atmos/providers/aws/user_manager.rb, line 40 def set_groups(user_name, groups, force: false) result = {} resource = ::Aws::IAM::Resource.new user = resource.user(user_name) existing_groups = user.groups.collect(&:name) groups_to_add = groups - existing_groups groups_to_remove = existing_groups - groups result[:groups] = existing_groups groups_to_add.each do |group| logger.debug "Adding group: #{group}" user.add_group(group_name: group) result[:groups] << group end if force groups_to_remove.each do |group| logger.debug "Removing group: #{group}" user.remove_group(group_name: group) result[:groups].delete(group) end end logger.info "User associated with groups=#{result[:groups]}" return result end
set_public_key(user_name, public_key, force: false)
click to toggle source
# File lib/simplygenius/atmos/providers/aws/user_manager.rb, line 182 def set_public_key(user_name, public_key, force: false) result = {} client = ::Aws::IAM::Client.new resource = ::Aws::IAM::Resource.new user = resource.user(user_name) keys = client.list_ssh_public_keys(user_name: user_name).ssh_public_keys if keys.size > 0 logger.info "User ssh public keys already exist" if force logger.info "Deleting old ssh public keys" keys.each do |key| client.delete_ssh_public_key(user_name: user_name, ssh_public_key_id: key.ssh_public_key_id) end else return result end end client.upload_ssh_public_key(user_name: user_name, ssh_public_key_body: public_key) logger.debug "User public key assigned: #{public_key}" return result end