aws-sdk 1.0.4 → 1.1.0

data/lib/aws/iam/policy.rb

@@ -0,0 +1,48 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/policy'
+
+module AWS
+  class IAM
+
+    # @private
+    class Policy < AWS::Policy
+
+      def to_h
+        hash = super
+        hash.delete('Id')
+        hash['Statement'].each do |statement|
+          statement.delete('Sid')
+          statement.delete('Principal')
+        end
+        hash
+      end
+
+      class Statement < AWS::Policy::Statement
+
+        ACTION_MAPPING = { }
+
+        protected
+        def resource_arn resource
+          case resource
+          when User then resource.arn
+          else super(resource)
+          end
+        end
+
+      end
+
+    end
+  end
+end

data/lib/aws/iam/policy_collection.rb

@@ -0,0 +1,191 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/iam/collection'
+require 'aws/iam/policy'
+require 'aws/iam/errors'
+require 'uri'
+
+module AWS
+  class IAM
+
+    # Shared methods exposing a collection of policy documents
+    # associated with an IAM resource (a {User} or a {Group}).  Policy
+    # collections can be constructed using {Group#policies} and
+    # {User#policies}.
+    module PolicyCollection
+
+      include Collection
+
+      # Retrieves a policy document by name.
+      #
+      # @param [String] name The name of the policy to retrieve.
+      #
+      # @return [Policy] The policy with the given name.  If no such
+      #   policy exists, this method returns +nil+.
+      def [] name
+        resp = get_policy(:policy_name => name)
+        Policy.from_json(URI.unescape(resp.policy_document))
+      rescue Errors::NoSuchEntity => e
+        nil
+      end
+
+      # Adds or replaces a policy document.
+      #
+      # @param [String] name The name of the policy document.
+      #
+      # @param [Policy,String] document The policy document.  This can
+      #   be a JSON string, or any object that responds to +to_json+.
+      #   The {Policy} class provides a convenient way to construct
+      #   policy documents that you can use with AWS IAM.
+      def []= name, document
+        document = document.to_json if document.respond_to?(:to_json) and
+          !document.kind_of?(String)
+        put_policy(:policy_name => name,
+                   :policy_document => document)
+      end
+
+      # Deletes a policy by name.  This method is idempotent; if no
+      # policy exists with the given name, the method does nothing.
+      #
+      # @param [String] name The name of the policy document.
+      def delete(name)
+        delete_policy(:policy_name => name)
+        nil
+      rescue Errors::NoSuchEntity => e
+        nil
+      end
+
+      # Retrieves multiple policy documents by name.  This method
+      # makes one request to AWS IAM per argument.
+      #
+      # @param names Each argument is the name of a policy to retrieve.
+      #
+      # @return [Array<Policy>] An array containing the requested
+      #   policy documents, in the same order as the argument list.
+      #   If a requested policy does not exist, the array member
+      #   corresponding to that argument will be +nil+.
+      def values_at(*names)
+        names.map { |n| self[n] }
+      end
+
+      # @return [Enumerator<String>] An enumerator for retrieving all
+      #   the policy names that are currently associated with the
+      #   resource.
+      def keys
+        enumerator(:names_only => true)
+      end
+      alias_method :names, :keys
+
+      # @return [Enumerator<Policy>] An enumerator for retrieving all
+      #   the policy documents that are currently associated with the
+      #   resource.
+      def values
+        enumerator(:values_only => true)
+      end
+
+      # Removes all policies from the collection.
+      def clear
+        keys.each { |k| delete(k) }
+      end
+
+      # @param [String] name The name of the policy to check.
+      #
+      # @return [Boolean] True if there is a policy with the given name.
+      def has_key? name
+        get_policy(:policy_name => name)
+        true
+      rescue Errors::NoSuchEntity => e
+        false
+      end
+      alias_method :include?, :has_key?
+      alias_method :key?, :has_key?
+      alias_method :member?, :has_key?
+
+      # @yield [name, policy] The name and document for each policy
+      #   that is associated with the resource.  Like +Hash#each+,
+      #   this method is sensitive to the arity of the provided block;
+      #   if the block takes two arguments, they will be the name and
+      #   document.  If it accepts only one argument, it will be an
+      #   array containing the name and document.
+      def each opts = {}, &block
+        opts = opts.dup
+        names_only = opts.delete(:names_only)
+        values_only = opts.delete(:values_only)
+        super(client_opts(opts)) do |pn|
+          case
+          when names_only
+            yield pn
+          when values_only
+            yield self[pn]
+          when block.arity == 2
+            yield pn, self[pn]
+          else
+            yield [pn, self[pn]]
+          end
+        end
+      end
+
+      # @return [Hash] The contents of the collection as a hash.
+      def to_h
+        inject({}) do |hash, (name, policy)|
+          hash[name] = policy
+          hash
+        end
+      end
+
+      protected
+      def get_policy(opts = {})
+        client.send("get_#{resource_name}_policy",
+                    client_opts(opts))
+      end
+
+      protected
+      def put_policy(opts = {})
+        client.send("put_#{resource_name}_policy",
+                    client_opts(opts))
+      end
+
+      protected
+      def request_method
+        :"list_#{resource_name}_policies"
+      end
+
+      protected
+      def delete_policy(opts = {})
+        client.send("delete_#{resource_name}_policy",
+                    client_opts(opts))
+      end
+
+      protected
+      def client_opts(opts = {})
+        Hash[[[:"#{resource_name}_name",
+               send(resource_name).name]]].merge(opts)
+      end
+
+      protected
+      def resource_name
+        raise NotImplementedError unless
+          self.class.name =~ /AWS::IAM::(.*)PolicyCollection$/
+        $1.downcase
+      end
+
+      protected
+      def each_item(response, &block)
+        response.policy_names.each(&block)
+      end
+
+    end
+
+  end
+end

data/lib/aws/iam/request.rb

@@ -0,0 +1,27 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/http/request'
+require 'aws/authorize_v2'
+
+module AWS
+  class IAM
+
+    # @private
+    class Request < AWS::Http::Request
+
+      include AuthorizeV2
+
+    end
+  end
+end

data/lib/aws/iam/resource.rb

@@ -0,0 +1,74 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/resource'
+require 'aws/inflection'
+
+module AWS
+  class IAM
+
+    # @private
+    class Resource < AWS::Resource
+
+      # @return [Boolean] True if the resource exists.
+      def exists?
+        get_resource
+      rescue Errors::NoSuchEntity => e
+        false
+      else
+        true
+      end
+
+      # @private
+      protected
+      def update_resource attr, value
+        options = { :"#{self.class.update_prefix}#{attr.set_as}" => value }
+        client_method = update_resource_client_method
+        client.send(client_method, options.merge(resource_options))
+      end
+
+      # @private
+      protected
+      def get_resource attribute = nil
+        client.send(get_resource_client_method, resource_options)
+      end
+
+      # @private
+      protected
+      def get_resource_client_method
+        "get_#{ruby_name}"
+      end
+
+      # @private
+      protected
+      def update_resource_client_method
+        "update_#{ruby_name}"
+      end
+
+      class << self
+
+        # @private
+        def prefix_update_attributes prefix = 'new_'
+          @update_prefix = prefix 
+        end
+
+        # @private
+        def update_prefix
+          @update_prefix
+        end
+
+      end
+
+    end
+  end
+end

data/lib/aws/iam/server_certificate.rb

@@ -0,0 +1,143 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/iam/resource'
+
+module AWS
+  class IAM
+
+    # Respresents a server certificate.
+    #
+    #   certificate = iam.server_certificates["MyCert"]
+    #
+    # You can use this class to get information about a certificate
+    # and to delete it.
+    class ServerCertificate < Resource
+
+      prefix_update_attributes
+
+      # @private
+      def initialize(name, opts={})
+        opts[:name] = name
+        super(opts)
+      end
+
+      # @attr [String] The name that identifies the server
+      #   certificate.
+      mutable_attribute :name, :static => true, :as => :server_certificate_name
+
+      # @attr_reader [String] The stable and unique string identifying
+      #   the server certificate.
+      attribute :id, :static => true, :as => :server_certificate_id
+
+      # @attr_reader [Time] The date when the server certificate was
+      #   uploaded.
+      attribute :upload_date, :static => true
+
+      # @attr_reader [String] The Amazon Resource Name (ARN)
+      #   specifying the server certificate. For more information
+      #   about ARNs and how to use them in policies, see
+      #   {http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html
+      #   Identifiers for IAM Entities} in <i>Using AWS Identity and
+      #   Access Management</i>.
+      attribute :arn
+
+      # @attr [String] Path to the server certificate.
+      mutable_attribute :path do
+        translates_input do |path|
+          path = "/#{path}" unless path[0] == ?/
+          path = "#{path}/" unless path[-1] == ?/
+          path
+        end
+      end
+
+      # @attr_reader [String] The contents of the public key
+      #   certificate.
+      attribute :certificate_body
+
+      # @attr_reader [String] The contents of the public key
+      #   certificate chain.
+      attribute :certificate_chain
+
+      provider(:get_server_certificate) do |provider|
+        # for metadata attributes
+        provider.find do |resp|
+          cert, meta = response_objects(resp)
+          meta
+        end
+        provider.provides :name, :id, :upload_date, :arn, :path
+      end
+
+      provider(:get_server_certificate) do |provider|
+        # for data attributes
+        provider.find do |resp|
+          cert, meta = response_objects(resp)
+          cert
+        end
+        provider.provides :certificate_body, :certificate_chain
+      end
+
+      populates_from(:upload_server_certificate) do |resp|
+        resp.server_certificate_metadata if
+          resp.server_certificate_metadata.server_certificate_name == name
+      end
+
+      populates_from(:list_server_certificates) do |resp|
+        resp.server_certificate_metadata_list.find do |sc|
+          sc.server_certificate_name == name
+        end
+      end
+
+      # Deletes the specified server certificate.
+      #
+      # @note If you are using a server certificate with Elastic Load
+      #   Balancing, deleting the certificate could have implications
+      #   for your application. If Elastic Load Balancing doesn't
+      #   detect the deletion of bound certificates, it may continue
+      #   to use the certificates. This could cause Elastic Load
+      #   Balancing to stop accepting traffic. We recommend that you
+      #   remove the reference to the certificate from Elastic Load
+      #   Balancing before using this command to delete the
+      #   certificate. For more information, go to
+      #   {http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html
+      #   DeleteLoadBalancerListeners} in the _Elastic Load Balancing
+      #   API Reference_.
+      #
+      # @return [nil]
+      def delete
+        client.delete_server_certificate(resource_options)
+        nil
+      end
+
+      # @private
+      protected
+      def resource_identifiers
+        [[:server_certificate_name, name]]
+      end
+
+      # extract response objects from get_server_certificate
+      private
+      def response_objects(resp)
+        if cert = resp.server_certificate and
+            meta = cert.server_certificate_metadata and
+            meta.server_certificate_name == name
+          [cert, meta]
+        else
+          [nil, nil]
+        end
+      end
+
+    end
+
+  end
+end