class Awscli::Iam::User
Public Class Methods
new(connection)
click to toggle source
# File lib/awscli/iam.rb, line 7 def initialize(connection) @conn = connection end
Public Instance Methods
add_user_to_group(username, groupname)
click to toggle source
# File lib/awscli/iam.rb, line 122 def add_user_to_group(username, groupname) @conn.add_user_to_group(groupname, username) puts "Added user: #{username}, to group: #{groupname}" rescue Fog::AWS::IAM::NotFound puts "[Error]: #{$!}" end
assign_password(username, password)
click to toggle source
# File lib/awscli/iam.rb, line 143 def assign_password(username, password) @conn.create_login_profile(username, password) puts "Assigned user #{username} password: #{password}" rescue Fog::AWS::IAM::NotFound, Fog::AWS::IAM::ValidationError puts "[Error]: #{$!}" rescue Fog::AWS::IAM::Error puts "[Error]: #{$!}" if $!.to_s =~ /PasswordPolicyViolation/ #TODO: show password policy, this is not available in fog puts 'Password policy is violated, please revisit your password policies' end end
create(options)
click to toggle source
# File lib/awscli/iam.rb, line 18 def create(options) username = options[:user_name] @conn.create_user(username, options[:path] ||= '/') puts "Created User: #{username}" if options[:password] #Assign a password for the user generate_password username end if options[:group] #add user to the group add_user_to_group username, options[:group] end if options[:access_key] #create a access_key for the user create_user_access_key username end if options[:policy] #upload the policy document document = options[:policy_doc] policy_name = "User-#{username}-Custom" #validate json document doc_path = File.expand_path(document) abort "Invalid file path: #{document}" unless File.exist?(doc_path) json_string = File.read(doc_path) abort "Invalid JSON format found in the document: #{document}" unless valid_json?(json_string) @conn.put_user_policy(username, policy_name, JSON.parse(json_string) #json parsed to hash ) puts "Added policy: #{policy_name} to user: #{username}" puts "Added Policy #{policy_name} from #{document}" else #create set of basic policy to the user created user_arn = @conn.users.get(username).arn @conn.put_user_policy( username, "User#{username}Policy", { 'Statement' => [ { 'Effect' => 'Allow', 'Action' => 'iam:*AccessKey*', 'Resource' => user_arn }, { 'Effect' => 'Allow', 'Action' => ['ec2:Describe*', 's3:Get*', 's3:List*'], 'Resource' => '*' } ] } ) puts 'User policy for accessing/managing keys of their own and read-access is in place' end rescue Fog::AWS::IAM::ValidationError puts "ValidationError: #{$!}" rescue Fog::AWS::IAM::EntityAlreadyExists puts "[Error] User Exists: #{$!}" rescue Fog::AWS::IAM::NotFound, Fog::AWS::IAM::Error puts "[Error]: #{$!}" end
create_user_access_key(username)
click to toggle source
# File lib/awscli/iam.rb, line 80 def create_user_access_key(username) data = @conn.create_access_key('UserName' => username) access_key_id = data.body['AccessKey']['AccessKeyId'] secret_access_key = data.body['AccessKey']['SecretAccessKey'] #keystatus = data.body['AccessKey']['Status'] puts 'Store the following access id and secret key:' puts "AccessKey: #{access_key_id}" puts "SecretAccessKey: #{secret_access_key}" rescue Fog::AWS::IAM::NotFound puts "[Error]: #{$!}" end
delete(options)
click to toggle source
# File lib/awscli/iam.rb, line 181 def delete(options) username = options[:user_name] user = @conn.users.get(username) if user if options[:force] #ask user to confirm deletion if agree('Are you sure you want to delete user and users associated login_profile, access_keys, policies ? ') #check if user has login profile begin @conn.get_login_profile(username) user_profile = true rescue Fog::AWS::IAM::NotFound user_profile = false end remove_password username if user_profile #check if user has access_keys access_keys = user.access_keys.map { |access_key| access_key.id } unless access_keys.empty? #delete access_keys access_keys.each do |access_key| delete_user_access_key username, access_key end end #check if user belongs to a group groups = @conn.list_groups_for_user(username).body['GroupsForUser'].map { |k| k['GroupName'] } unless groups.empty? #delete user_groups groups.each do |group| remove_user_from_group username, group end end #check if user has policies policies = user.policies.map { |policy| policy.id } unless policies.empty? policies.each do |policy| @conn.delete_user_policy username, policy end end end end @conn.delete_user(username) else abort "No such user: #{username}" end rescue Fog::AWS::IAM::NotFound, Fog::AWS::IAM::Error puts "[Error]: #{$!}" else puts "Deleted User: #{username}" end
delete_user_access_key(username, access_key_id)
click to toggle source
# File lib/awscli/iam.rb, line 98 def delete_user_access_key(username, access_key_id) @conn.delete_access_key(access_key_id, 'UserName' => username) puts "Deleted AccessKey for user: #{username}" rescue Fog::AWS::IAM::NotFound puts "[Error]: #{$!}" end
generate_password(username)
click to toggle source
# File lib/awscli/iam.rb, line 156 def generate_password(username) tries ||= 3 password = ((33..126).map { |i| i.chr }).to_a.shuffle[0..14].join @conn.create_login_profile(username, password) rescue Fog::AWS::IAM::NotFound, Fog::AWS::IAM::ValidationError puts "[Error]: #{$!}" rescue Fog::AWS::IAM::Error puts "[Error]: #{$!}" if $!.to_s =~ /PasswordPolicyViolation/ #TODO: show password policy, this is not available in fog #if password policy is violated, then our generated password might be weak, retry 3 times before failing retry if (tries -= 1) > 0 end else puts "Assigned password: '#{password}' for user #{username}" puts 'Store this password, this cannot be retrieved again' end
list(path)
click to toggle source
# File lib/awscli/iam.rb, line 11 def list(path) users = @conn.list_users('PathPrefix' => path).body['Users'] Formatador.display_table(users) rescue Fog::AWS::IAM::ValidationError puts "ValidationError: #{$!}" end
list_groups_for_user(username)
click to toggle source
# File lib/awscli/iam.rb, line 136 def list_groups_for_user(username) groups = @conn.list_groups_for_user(username).body['GroupsForUser'] Formatador.display_table(groups) rescue Fog::AWS::IAM::NotFound puts "[Error]: #{$!}" end
list_user_access_keys(username)
click to toggle source
# File lib/awscli/iam.rb, line 92 def list_user_access_keys(username) @conn.access_keys(:username => username).table rescue Fog::AWS::IAM::NotFound puts "[Error]: #{$!}" end
remove_password(username)
click to toggle source
# File lib/awscli/iam.rb, line 174 def remove_password(username) @conn.delete_login_profile(username) puts "Deleted login profile for user: #{username}" rescue Fog::AWS::IAM::Error, Fog::AWS::IAM::NotFound puts "[Error]: #{$!}" end
remove_user_from_group(username, groupname)
click to toggle source
# File lib/awscli/iam.rb, line 129 def remove_user_from_group(username, groupname) @conn.remove_user_from_group(groupname, username) puts "Removed user: #{username}, from group: #{groupname}" rescue Fog::AWS::IAM::NotFound puts "[Error]: #{$!}" end
update_user(options)
click to toggle source
# File lib/awscli/iam.rb, line 105 def update_user(options) opts = Marshal.load(Marshal.dump(options)) opts.reject! { |k| k == 'user_name' } if new_user_name = opts.delete(:new_user_name) opts.merge!('NewUserName' => new_user_name) end if new_path = opts.delete(:new_path) opts.merge!('NewPath' => new_path) end @conn.update_user(options[:user_name], opts) puts 'Updated user details' rescue Fog::AWS::IAM::EntityAlreadyExists puts '[Error] User already exists, pass in a different username' rescue Fog::AWS::IAM::ValidationError puts "ValidationError: #{$!}" end