class Awful::IAM
Constants
- COLORS
Public Instance Methods
color(string)
click to toggle source
# File lib/awful/iam.rb, line 15 def color(string) set_color(string, COLORS.fetch(string.to_sym, :yellow)) end
iam()
click to toggle source
# File lib/awful/iam.rb, line 11 def iam @iam ||= Aws::IAM::Client.new end
keys()
click to toggle source
# File lib/awful/iam.rb, line 108 def keys if options[:delete] if yes?("Really delete key #{options[:delete]}?", :yellow) iam.delete_access_key(access_key_id: options[:delete]) end return end ## list keys iam.list_access_keys(user_name: options[:user]).access_key_metadata.output do |keys| if options[:long] print_table keys.map{ |k| [k.user_name, k.access_key_id, k.create_date, color(k.status)] } else puts keys.map(&:access_key_id) end end end
mfa()
click to toggle source
# File lib/awful/iam.rb, line 41 def mfa iam.list_virtual_mfa_devices.virtual_mfa_devices.output do |devices| if options[:long] print_table devices.map { |d| user_name = d.user ? d.user.user_name : '-' [user_name, d.serial_number, d.enable_date] } else puts devices.map(&:serial_number) end end end
old()
click to toggle source
# File lib/awful/iam.rb, line 131 def old iam.list_users.users.map do |u| iam.list_access_keys(user_name: u.user_name).access_key_metadata.map do |k| age = ((Time.now - k.create_date)/(60*60*24)).to_i too_old = age > options[:days] if options[:all] || too_old [k.user_name, k.create_date, set_color("#{age} days", too_old ? :red : :green)] else nil end end end.flatten(1).reject(&:nil?).output do |list| print_table list end end
policy(type, name, policy = nil)
click to toggle source
# File lib/awful/iam.rb, line 79 def policy(type, name, policy = nil) ## first matching role, group or user thing_name = iam.send("list_#{type}s").send("#{type}s").find do |thing| thing.send("#{type}_name").match(name) end.send("#{type}_name") ## policies for this role, group or user policies = iam.send("list_#{type}_policies", "#{type}_name".to_sym => thing_name).policy_names if policy.nil? # just list policies policies.output(&method(:puts)) else # get policy document policy_name = policies.find { |p| p.match(/#{policy}/i) } doc = iam.send("get_#{type}_policy", "#{type}_name".to_sym => thing_name, policy_name: policy_name).policy_document URI.unescape(doc).output do |str| if options[:pretty] puts JSON.pretty_generate(JSON.parse(str)) else puts str end end end end
roles(name = /./)
click to toggle source
# File lib/awful/iam.rb, line 57 def roles(name = /./) iam.list_roles.roles.select do |role| role.role_name.match(name) end.output do |roles| name_method = options[:arns] ? :arn : :role_name if options[:long] print_table roles.map { |r| [ r.send(name_method), r.role_id, r.create_date, options[:arns] ? r.arn : nil ] } else puts roles.map(&name_method) end end end
rotate()
click to toggle source
# File lib/awful/iam.rb, line 149 def rotate key = iam.create_access_key(user_name: options[:user]).access_key puts( "Your new credentials:", "AWS_ACCESS_KEY_ID=#{key.access_key_id}", "AWS_SECRET_ACCESS_KEY=#{key.secret_access_key}", ) rescue Aws::IAM::Errors::LimitExceeded warn 'You have two access keys: please delete one and run this command again.' end
users()
click to toggle source
# File lib/awful/iam.rb, line 23 def users iam.list_users.users.output do |users| if options[:long] print_table users.map { |u| [u.user_name, u.user_id, u.create_date, u.password_last_used] } elsif options[:mfa] mfa = iam.list_virtual_mfa_devices.virtual_mfa_devices.each_with_object({}) do |m,h| next unless m.user h[m.user.user_name] = m.enable_date end print_table users.map { |u| [u.user_name, mfa.fetch(u.user_name, '-')] } else puts users.map(&:user_name) end end end