aws-sdk 1.0.4 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/aws.rb +10 -9
- data/lib/aws/api_config/IAM-2010-07-15.yml +632 -0
- data/lib/aws/base_client.rb +1 -1
- data/lib/aws/cacheable.rb +34 -46
- data/lib/aws/client_logging.rb +19 -14
- data/lib/aws/collections.rb +230 -0
- data/lib/aws/common.rb +4 -0
- data/lib/aws/configuration.rb +7 -0
- data/lib/aws/ec2.rb +2 -2
- data/lib/aws/ec2/attachment.rb +64 -71
- data/lib/aws/ec2/attachment_collection.rb +11 -9
- data/lib/aws/ec2/availability_zone.rb +40 -31
- data/lib/aws/ec2/availability_zone_collection.rb +2 -3
- data/lib/aws/ec2/elastic_ip.rb +25 -22
- data/lib/aws/ec2/elastic_ip_collection.rb +5 -2
- data/lib/aws/ec2/image.rb +113 -129
- data/lib/aws/ec2/image_collection.rb +5 -6
- data/lib/aws/ec2/instance.rb +290 -233
- data/lib/aws/ec2/instance_collection.rb +72 -67
- data/lib/aws/ec2/key_pair.rb +16 -18
- data/lib/aws/ec2/region.rb +25 -17
- data/lib/aws/ec2/reserved_instances.rb +7 -1
- data/lib/aws/ec2/reserved_instances_collection.rb +3 -3
- data/lib/aws/ec2/reserved_instances_offering.rb +7 -1
- data/lib/aws/ec2/reserved_instances_offering_collection.rb +3 -3
- data/lib/aws/ec2/resource.rb +41 -222
- data/lib/aws/ec2/security_group.rb +22 -18
- data/lib/aws/ec2/security_group_collection.rb +2 -5
- data/lib/aws/ec2/snapshot.rb +44 -35
- data/lib/aws/ec2/snapshot_collection.rb +43 -1
- data/lib/aws/ec2/tag.rb +14 -18
- data/lib/aws/ec2/volume.rb +59 -72
- data/lib/aws/ec2/volume_collection.rb +16 -12
- data/lib/aws/errors.rb +14 -5
- data/lib/aws/http/httparty_handler.rb +2 -2
- data/lib/aws/iam.rb +306 -0
- data/lib/aws/iam/access_key.rb +183 -0
- data/lib/aws/iam/access_key_collection.rb +131 -0
- data/lib/aws/iam/account_alias_collection.rb +81 -0
- data/lib/aws/iam/client.rb +44 -0
- data/lib/aws/iam/client/xml.rb +38 -0
- data/lib/aws/iam/collection.rb +87 -0
- data/lib/aws/iam/errors.rb +29 -0
- data/lib/aws/iam/group.rb +117 -0
- data/lib/aws/iam/group_collection.rb +135 -0
- data/lib/aws/iam/group_policy_collection.rb +49 -0
- data/lib/aws/iam/group_user_collection.rb +94 -0
- data/lib/aws/iam/login_profile.rb +97 -0
- data/lib/aws/iam/mfa_device.rb +52 -0
- data/lib/aws/iam/mfa_device_collection.rb +119 -0
- data/lib/aws/iam/policy.rb +48 -0
- data/lib/aws/iam/policy_collection.rb +191 -0
- data/lib/aws/iam/request.rb +27 -0
- data/lib/aws/iam/resource.rb +74 -0
- data/lib/aws/iam/server_certificate.rb +143 -0
- data/lib/aws/iam/server_certificate_collection.rb +174 -0
- data/lib/aws/iam/signing_certificate.rb +171 -0
- data/lib/aws/iam/signing_certificate_collection.rb +134 -0
- data/lib/aws/iam/user.rb +196 -0
- data/lib/aws/iam/user_collection.rb +136 -0
- data/lib/aws/iam/user_group_collection.rb +101 -0
- data/lib/aws/iam/user_policy.rb +90 -0
- data/lib/aws/iam/user_policy_collection.rb +48 -0
- data/lib/aws/resource.rb +381 -0
- data/lib/aws/resource_cache.rb +1 -2
- data/lib/aws/response.rb +5 -1
- data/lib/aws/response_cache.rb +1 -1
- data/lib/aws/s3/client.rb +3 -1
- data/lib/aws/s3/presigned_post.rb +1 -1
- data/lib/aws/simple_db.rb +1 -1
- metadata +113 -50
@@ -30,7 +30,7 @@ module AWS
|
|
30
30
|
# volume.exists?
|
31
31
|
#
|
32
32
|
# @example Get a map of volume IDs to volume status
|
33
|
-
# ec2.volumes.inject({}) { |m, v| m[
|
33
|
+
# ec2.volumes.inject({}) { |m, v| m[v.id] = v.status; m }
|
34
34
|
# # => { "vol-12345678" => :available, "vol-87654321" => :in_use }
|
35
35
|
class VolumeCollection < Collection
|
36
36
|
|
@@ -41,8 +41,12 @@ module AWS
|
|
41
41
|
def each(&block)
|
42
42
|
resp = filtered_request(:describe_volumes)
|
43
43
|
resp.volume_set.each do |v|
|
44
|
-
|
44
|
+
|
45
|
+
volume = Volume.new_from(:describe_volumes, v,
|
46
|
+
v.volume_id, :config => config)
|
47
|
+
|
45
48
|
yield(volume)
|
49
|
+
|
46
50
|
end
|
47
51
|
nil
|
48
52
|
end
|
@@ -55,32 +59,32 @@ module AWS
|
|
55
59
|
#
|
56
60
|
# @return [Volume] An object representing the new volume.
|
57
61
|
#
|
58
|
-
# @param [Hash]
|
62
|
+
# @param [Hash] options Options for creating the volume.
|
59
63
|
# +:availability_zone+ and one of +:size+, +:snapshot+, or
|
60
64
|
# +:snapshot_id+ is required.
|
61
65
|
#
|
62
|
-
# @option
|
66
|
+
# @option options [Integer] :size The size of the volume, in
|
63
67
|
# GiBs. Valid values: 1 - 1024. If +:snapshot+ or
|
64
68
|
# +:snapshot_id+ is specified, this defaults to the size of
|
65
69
|
# the specified snapshot.
|
66
70
|
#
|
67
|
-
# @option
|
71
|
+
# @option options [Snapshot] :snapshot The snapshot from which to
|
68
72
|
# create the new volume.
|
69
73
|
#
|
70
|
-
# @option
|
74
|
+
# @option options [String] :snapshot_id The ID of the snapshot
|
71
75
|
# from which to create the new volume.
|
72
76
|
#
|
73
|
-
# @option
|
77
|
+
# @option options [String, AvailabilityZone] :availability_zone
|
74
78
|
# The Availability Zone in which to create the new volume.
|
75
79
|
# To get a list of the availability zones you can use, see
|
76
80
|
# {EC2#availability_zones}.
|
77
81
|
# @return [Volume]
|
78
|
-
def create
|
79
|
-
if snapshot =
|
80
|
-
|
82
|
+
def create options = {}
|
83
|
+
if snapshot = options.delete(:snapshot)
|
84
|
+
options[:snapshot_id] = snapshot.id
|
81
85
|
end
|
82
|
-
resp = client.create_volume(
|
83
|
-
Volume.
|
86
|
+
resp = client.create_volume(options)
|
87
|
+
Volume.new_from(:create_volume, resp, resp.volume_id, :config => config)
|
84
88
|
end
|
85
89
|
|
86
90
|
# @private
|
data/lib/aws/errors.rb
CHANGED
@@ -51,7 +51,8 @@ module AWS
|
|
51
51
|
# that wrapped the service error.
|
52
52
|
attr_reader :http_response
|
53
53
|
|
54
|
-
def initialize http_request, http_response, message =
|
54
|
+
def initialize http_request = nil, http_response = nil, message = nil
|
55
|
+
message ||= http_response.body if http_response
|
55
56
|
@http_request = http_request
|
56
57
|
@http_response = http_response
|
57
58
|
super(message)
|
@@ -97,10 +98,18 @@ module AWS
|
|
97
98
|
# @return [Integer] The HTTP status code returned by the AWS service.
|
98
99
|
attr_reader :code
|
99
100
|
|
100
|
-
def initialize(req, resp)
|
101
|
-
|
102
|
-
|
103
|
-
|
101
|
+
def initialize(req = nil, resp = nil)
|
102
|
+
if req.kind_of?(String)
|
103
|
+
# makes it easier to test handling of modeled exceptions
|
104
|
+
super(nil, nil, req)
|
105
|
+
@message = req
|
106
|
+
elsif req and resp
|
107
|
+
super(req, resp, message)
|
108
|
+
include_error_type
|
109
|
+
parse_body(resp.body)
|
110
|
+
else
|
111
|
+
super()
|
112
|
+
end
|
104
113
|
end
|
105
114
|
|
106
115
|
def include_error_type
|
@@ -62,7 +62,7 @@ module AWS
|
|
62
62
|
})
|
63
63
|
|
64
64
|
if request.proxy_uri
|
65
|
-
opts[:http_proxyaddr] = request.proxy_uri.
|
65
|
+
opts[:http_proxyaddr] = request.proxy_uri.host
|
66
66
|
opts[:http_proxyport] = request.proxy_uri.port
|
67
67
|
end
|
68
68
|
|
@@ -90,7 +90,7 @@ module AWS
|
|
90
90
|
|
91
91
|
begin
|
92
92
|
http_response = self.class.send(method, url, opts)
|
93
|
-
rescue Timeout::Error => e
|
93
|
+
rescue Timeout::Error, Errno::ETIMEDOUT => e
|
94
94
|
response.timeout = true
|
95
95
|
else
|
96
96
|
response.body = http_response.body
|
data/lib/aws/iam.rb
ADDED
@@ -0,0 +1,306 @@
|
|
1
|
+
# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"). You
|
4
|
+
# may not use this file except in compliance with the License. A copy of
|
5
|
+
# the License is located at
|
6
|
+
#
|
7
|
+
# http://aws.amazon.com/apache2.0/
|
8
|
+
#
|
9
|
+
# or in the "license" file accompanying this file. This file is
|
10
|
+
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
|
11
|
+
# ANY KIND, either express or implied. See the License for the specific
|
12
|
+
# language governing permissions and limitations under the License.
|
13
|
+
|
14
|
+
require 'aws/common'
|
15
|
+
require 'aws/inflection'
|
16
|
+
require 'aws/service_interface'
|
17
|
+
require 'aws/iam/client'
|
18
|
+
require 'aws/iam/user_collection'
|
19
|
+
require 'aws/iam/group_collection'
|
20
|
+
require 'aws/iam/signing_certificate_collection'
|
21
|
+
require 'aws/iam/server_certificate_collection'
|
22
|
+
require 'aws/iam/account_alias_collection'
|
23
|
+
require 'aws/iam/access_key_collection'
|
24
|
+
|
25
|
+
module AWS
|
26
|
+
|
27
|
+
# This class is the starting point for working with
|
28
|
+
# AWS Identity and Access Management (IAM).
|
29
|
+
#
|
30
|
+
# For more information about IAM:
|
31
|
+
#
|
32
|
+
# * {AWS Identity and Access Management}[http://aws.amazon.com/iam/]
|
33
|
+
# * {AWS Identity and Access Management Documentation}[http://aws.amazon.com/documentation/iam/]
|
34
|
+
#
|
35
|
+
# = Credentials
|
36
|
+
#
|
37
|
+
# You can setup default credentials for all AWS services via
|
38
|
+
# AWS.config:
|
39
|
+
#
|
40
|
+
# AWS.config(
|
41
|
+
# :access_key_id => 'YOUR_ACCESS_KEY_ID',
|
42
|
+
# :secret_access_key => 'YOUR_SECRET_ACCESS_KEY')
|
43
|
+
#
|
44
|
+
# Or you can set them directly on the IAM interface:
|
45
|
+
#
|
46
|
+
# iam = AWS::IAM.new(
|
47
|
+
# :access_key_id => 'YOUR_ACCESS_KEY_ID',
|
48
|
+
# :secret_access_key => 'YOUR_SECRET_ACCESS_KEY')
|
49
|
+
#
|
50
|
+
# = Account Summary
|
51
|
+
#
|
52
|
+
# You can get account level information about entity usage and IAM quotas
|
53
|
+
# directly from an IAM interface object.
|
54
|
+
#
|
55
|
+
# summary = iam.account_summary
|
56
|
+
#
|
57
|
+
# puts "Num users: #{summary[:users]}"
|
58
|
+
# puts "Num user quota: #{summary[:users_quota]}"
|
59
|
+
#
|
60
|
+
# For a complete list of summary attributes see the {#account_summary} method.
|
61
|
+
#
|
62
|
+
# = Account Aliases
|
63
|
+
#
|
64
|
+
# Currently IAM only supports a single account alias for each AWS account.
|
65
|
+
# You can set the account alias on the IAM interface.
|
66
|
+
#
|
67
|
+
# iam.account_alias = 'myaccountalias'
|
68
|
+
# iam.account_alias
|
69
|
+
# #=> 'myaccountalias'
|
70
|
+
#
|
71
|
+
# You can also remove your account alias:
|
72
|
+
#
|
73
|
+
# iam.remove_account_alias
|
74
|
+
# iam.account_alias
|
75
|
+
# #=> nil
|
76
|
+
#
|
77
|
+
# = Access Keys
|
78
|
+
#
|
79
|
+
# You can create up to 2 access for your account and 2 for each user.
|
80
|
+
# This makes it easy to rotate keys if you need to. You can also
|
81
|
+
# deactivate/activate access keys.
|
82
|
+
#
|
83
|
+
# # get your current access key
|
84
|
+
# old_access_key = iam.access_keys.first
|
85
|
+
#
|
86
|
+
# # create a new access key
|
87
|
+
# new_access_key = iam.access_keys.create
|
88
|
+
# new_access_key.credentials
|
89
|
+
# #=> { :access_key_id => 'ID', :secret_access_key => 'SECRET' }
|
90
|
+
#
|
91
|
+
# # go rotate your keys/credentials ...
|
92
|
+
#
|
93
|
+
# # now disable the old access key
|
94
|
+
# old_access_key.deactivate!
|
95
|
+
#
|
96
|
+
# # go make sure everything still works ...
|
97
|
+
#
|
98
|
+
# # all done, lets clean up
|
99
|
+
# old_access_key.delete
|
100
|
+
#
|
101
|
+
# Users can also have access keys:
|
102
|
+
#
|
103
|
+
# u = iam.users['someuser']
|
104
|
+
# access_key = u.access_keys.create
|
105
|
+
# access_key.credentials
|
106
|
+
# #=> { :access_key_id => 'ID', :secret_access_key => 'SECRET' }
|
107
|
+
#
|
108
|
+
# See {AccessKeyCollection} and {AccessKey} for more information about
|
109
|
+
# working with access keys.
|
110
|
+
#
|
111
|
+
# = Users & Gropus
|
112
|
+
#
|
113
|
+
# Each AWS account can have multiple users. Users can be used to easily
|
114
|
+
# manage permissions. Users can also be organized into groups.
|
115
|
+
#
|
116
|
+
# user = iam.users.create('JohnDoe')
|
117
|
+
# group = iam.groups.create('Developers')
|
118
|
+
#
|
119
|
+
# # add a user to a group
|
120
|
+
# user.groups.add(group)
|
121
|
+
#
|
122
|
+
# # remove a user from a group
|
123
|
+
# user.groups.remove(group)
|
124
|
+
#
|
125
|
+
# # add a user to a group
|
126
|
+
# group.users.add(user)
|
127
|
+
#
|
128
|
+
# # remove a user from a group
|
129
|
+
# group.users.remove(user)
|
130
|
+
#
|
131
|
+
# See {User}, {UserCollection}, {Group} and {GroupCollection} for more
|
132
|
+
# information on how to work with users and groups.
|
133
|
+
#
|
134
|
+
# = Other Interfaces
|
135
|
+
#
|
136
|
+
# Other useful IAM interfaces:
|
137
|
+
# * User Login Profiles ({LoginProfile})
|
138
|
+
# * Policies ({Policy})
|
139
|
+
# * Server Certificates ({ServerCertificateCollection}, {ServerCertificate})
|
140
|
+
# * Signing Certificates ({SigningCertificateCollection}, {SigningCertificate})
|
141
|
+
# * Multifactor Authentication Devices ({MFADeviceCollection}, {MFADevice})
|
142
|
+
#
|
143
|
+
class IAM
|
144
|
+
|
145
|
+
include ServiceInterface
|
146
|
+
|
147
|
+
# Returns a collection that represents all AWS users for this account:
|
148
|
+
#
|
149
|
+
# @example Getting a user by name
|
150
|
+
#
|
151
|
+
# user = iam.users['username']
|
152
|
+
#
|
153
|
+
# @example Enumerating users
|
154
|
+
#
|
155
|
+
# iam.users.each do |user|
|
156
|
+
# puts user.name
|
157
|
+
# end
|
158
|
+
#
|
159
|
+
# @return [UserCollection] Returns a collection that represents all of
|
160
|
+
# the IAM users for this AWS account.
|
161
|
+
def users
|
162
|
+
UserCollection.new(:config => config)
|
163
|
+
end
|
164
|
+
|
165
|
+
# Returns a collection that represents all AWS groups for this account:
|
166
|
+
#
|
167
|
+
# @example Getting a group by name
|
168
|
+
#
|
169
|
+
# group = iam.groups['groupname']
|
170
|
+
#
|
171
|
+
# @example Enumerating groups
|
172
|
+
#
|
173
|
+
# iam.groups.each do |group|
|
174
|
+
# puts group.name
|
175
|
+
# end
|
176
|
+
#
|
177
|
+
# @return [GroupCollection] Returns a collection that represents all of
|
178
|
+
# the IAM groups for this AWS account.
|
179
|
+
def groups
|
180
|
+
GroupCollection.new(:config => config)
|
181
|
+
end
|
182
|
+
|
183
|
+
# Returns a collection that represents the access keys for this
|
184
|
+
# AWS account.
|
185
|
+
#
|
186
|
+
# iam = AWS::IAM.new
|
187
|
+
# iam.access_keys.each do |access_key|
|
188
|
+
# puts access_key.id
|
189
|
+
# end
|
190
|
+
#
|
191
|
+
# @return [AccessKeyCollection] Returns a collection that represents all
|
192
|
+
# access keys for this AWS account.
|
193
|
+
def access_keys
|
194
|
+
AccessKeyCollection.new(:config => config)
|
195
|
+
end
|
196
|
+
|
197
|
+
# Returns a collection that represents the signing certificates
|
198
|
+
# for this AWS account.
|
199
|
+
#
|
200
|
+
# iam = AWS::IAM.new
|
201
|
+
# iam.signing_certificates.each do |cert|
|
202
|
+
# # ...
|
203
|
+
# end
|
204
|
+
#
|
205
|
+
# If you need to access the signing certificates of a specific user,
|
206
|
+
# see {User#signing_certificates}.
|
207
|
+
#
|
208
|
+
# @return [SigningCertificateCollection] Returns a collection that
|
209
|
+
# represents signing certificates for this AWS account.
|
210
|
+
def signing_certificates
|
211
|
+
SigningCertificateCollection.new(:config => config)
|
212
|
+
end
|
213
|
+
|
214
|
+
# @note Currently, Amazon Elastic Load Balancing is the only
|
215
|
+
# service to support the use of server certificates with
|
216
|
+
# IAM. Using server certificates with Amazon Elastic Load
|
217
|
+
# Balancing is described in the
|
218
|
+
# {http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/US_SettingUpLoadBalancerHTTPSIntegrated.html
|
219
|
+
# Amazon Elastic Load Balancing} Developer Guide.
|
220
|
+
#
|
221
|
+
# Returns a collection that represents the server certificates
|
222
|
+
# for this AWS account.
|
223
|
+
#
|
224
|
+
# iam = AWS::IAM.new
|
225
|
+
# iam.server_certificates.each do |cert|
|
226
|
+
# # ...
|
227
|
+
# end
|
228
|
+
#
|
229
|
+
# @return [ServerCertificateCollection] Returns a collection that
|
230
|
+
# represents server certificates for this AWS account.
|
231
|
+
def server_certificates
|
232
|
+
ServerCertificateCollection.new(:config => config)
|
233
|
+
end
|
234
|
+
|
235
|
+
# Sets the account alias for this AWS account.
|
236
|
+
# @param [String] account_alias
|
237
|
+
# @return [String] Returns the account alias passed.
|
238
|
+
def account_alias= account_alias
|
239
|
+
account_alias.nil? ?
|
240
|
+
remove_account_alias :
|
241
|
+
account_aliases.create(account_alias)
|
242
|
+
end
|
243
|
+
|
244
|
+
# @return [String,nil] Returns the account alias. If this account has
|
245
|
+
# no alias, then +nil+ is returned.
|
246
|
+
def account_alias
|
247
|
+
account_aliases.first
|
248
|
+
end
|
249
|
+
|
250
|
+
# Deletes the account alias (if one exists).
|
251
|
+
# @return [nil]
|
252
|
+
def remove_account_alias
|
253
|
+
account_aliases.each do |account_alias|
|
254
|
+
account_aliases.delete(account_alias)
|
255
|
+
end
|
256
|
+
nil
|
257
|
+
end
|
258
|
+
|
259
|
+
# @private
|
260
|
+
def account_aliases
|
261
|
+
AccountAliasCollection.new(:config => config)
|
262
|
+
end
|
263
|
+
|
264
|
+
# Retrieves account level information about account entity usage
|
265
|
+
# and IAM quotas. The returned hash contains the following keys:
|
266
|
+
#
|
267
|
+
# [+:users+] Number of users for the AWS account
|
268
|
+
#
|
269
|
+
# [+:users_quota+] Maximum users allowed for the AWS account
|
270
|
+
#
|
271
|
+
# [+:groups+] Number of Groups for the AWS account
|
272
|
+
#
|
273
|
+
# [+:groups_quota+] Maximum Groups allowed for the AWS account
|
274
|
+
#
|
275
|
+
# [+:server_certificates+] Number of Server Certificates for the
|
276
|
+
# AWS account
|
277
|
+
#
|
278
|
+
# [+:server_certificates_quota+] Maximum Server Certificates
|
279
|
+
# allowed for the AWS account
|
280
|
+
#
|
281
|
+
# [+:user_policy_size_quota+] Maximum allowed size for user policy
|
282
|
+
# documents (in kilobytes)
|
283
|
+
#
|
284
|
+
# [+:group_policy_size_quota+] Maximum allowed size for Group
|
285
|
+
# policy documents (in kilobyes)
|
286
|
+
#
|
287
|
+
# [+:groups_per_user_quota+] Maximum number of groups a user can
|
288
|
+
# belong to
|
289
|
+
#
|
290
|
+
# [+:signing_certificates_per_user_quota+] Maximum number of X509
|
291
|
+
# certificates allowed
|
292
|
+
# for a user
|
293
|
+
#
|
294
|
+
# [+:access_keys_per_user_quota+] Maximum number of access keys
|
295
|
+
# that can be created per user
|
296
|
+
#
|
297
|
+
# @return [Hash]
|
298
|
+
def account_summary
|
299
|
+
client.get_account_summary.summary_map.inject({}) do |h, (k,v)|
|
300
|
+
h[Inflection.ruby_name(k).to_sym] = v
|
301
|
+
h
|
302
|
+
end
|
303
|
+
end
|
304
|
+
|
305
|
+
end
|
306
|
+
end
|
@@ -0,0 +1,183 @@
|
|
1
|
+
# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"). You
|
4
|
+
# may not use this file except in compliance with the License. A copy of
|
5
|
+
# the License is located at
|
6
|
+
#
|
7
|
+
# http://aws.amazon.com/apache2.0/
|
8
|
+
#
|
9
|
+
# or in the "license" file accompanying this file. This file is
|
10
|
+
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
|
11
|
+
# ANY KIND, either express or implied. See the License for the specific
|
12
|
+
# language governing permissions and limitations under the License.
|
13
|
+
|
14
|
+
require 'aws/iam/resource'
|
15
|
+
require 'aws/iam/user'
|
16
|
+
|
17
|
+
module AWS
|
18
|
+
class IAM
|
19
|
+
|
20
|
+
# @attr_reader [Symbol] status The status of this access key.
|
21
|
+
# Status may be +:active+ or +:inactive+.
|
22
|
+
#
|
23
|
+
class AccessKey < Resource
|
24
|
+
|
25
|
+
# @param [String] access_key_id The id of this access key.
|
26
|
+
# @param [Hash] options
|
27
|
+
# @option [String] :user The IAM user this access key belongs to.
|
28
|
+
# If +:user+ is omitted then this access key belongs to the
|
29
|
+
# AWS account.
|
30
|
+
def initialize access_key_id, options = {}
|
31
|
+
@id = access_key_id
|
32
|
+
options[:secret_value] = nil unless options.has_key?(:secret_value)
|
33
|
+
@user = options[:user]
|
34
|
+
@user ? super(@user, options) : super(options)
|
35
|
+
end
|
36
|
+
|
37
|
+
# @return [User,nil] Returns the user this access key belongs to.
|
38
|
+
# Returns +nil+ if this access key belongs to the AWS account and not
|
39
|
+
# a specific user.
|
40
|
+
attr_reader :user
|
41
|
+
|
42
|
+
# @return [String] Returns the access key id.
|
43
|
+
attr_reader :id
|
44
|
+
|
45
|
+
alias_method :access_key_id, :id
|
46
|
+
|
47
|
+
attribute :secret_value, :as => :secret_access_key, :static => true
|
48
|
+
|
49
|
+
protected :secret_value
|
50
|
+
|
51
|
+
mutable_attribute :status, :to_sym => true
|
52
|
+
|
53
|
+
protected :status=
|
54
|
+
|
55
|
+
populates_from(:create_access_key) do |resp|
|
56
|
+
resp.access_key if matches_response_object?(resp.access_key)
|
57
|
+
end
|
58
|
+
|
59
|
+
populates_from(:list_access_keys) do |resp|
|
60
|
+
resp.access_key_metadata.find {|k| matches_response_object?(k) }
|
61
|
+
end
|
62
|
+
|
63
|
+
# Returns the secret access key.
|
64
|
+
#
|
65
|
+
# You can only access the secret for newly created access
|
66
|
+
# keys. Calling +secret+ on existing access keys raises an error.
|
67
|
+
#
|
68
|
+
# @example Getting the secret from a newly created access key
|
69
|
+
#
|
70
|
+
# access_key = iam.access_keys.create
|
71
|
+
# access_key.secret
|
72
|
+
# #=> 'SECRET_ACCESS_KEY'
|
73
|
+
#
|
74
|
+
# @example Failing to get the secret from an existing access key.
|
75
|
+
#
|
76
|
+
# access_key = iam.access_keys.first
|
77
|
+
# access_key.secret
|
78
|
+
# #=> raises a runtime error
|
79
|
+
#
|
80
|
+
# @return [String] Returns the secret access key.
|
81
|
+
def secret
|
82
|
+
secret_value or raise 'secret is only available for new access keys'
|
83
|
+
end
|
84
|
+
|
85
|
+
alias_method :secret_access_key, :secret
|
86
|
+
|
87
|
+
# @return [String,nil] Returns the name of the user this access key
|
88
|
+
# belogns to. If the access key belongs to the account, +nil+ is
|
89
|
+
# returned.
|
90
|
+
def user_name
|
91
|
+
@user ? @user.name : nil
|
92
|
+
end
|
93
|
+
|
94
|
+
# @return [Boolean] Returns true if this access key is active.
|
95
|
+
def active?
|
96
|
+
status == :active
|
97
|
+
end
|
98
|
+
|
99
|
+
# @return [Boolean] Returns true if this access key is inactive.
|
100
|
+
def inactive?
|
101
|
+
status == :inactive
|
102
|
+
end
|
103
|
+
|
104
|
+
# Activates this access key.
|
105
|
+
#
|
106
|
+
# @example
|
107
|
+
# access_key.activate!
|
108
|
+
# access_key.status
|
109
|
+
# # => :active
|
110
|
+
#
|
111
|
+
# @return [nil]
|
112
|
+
def activate!
|
113
|
+
self.status = 'Active'
|
114
|
+
nil
|
115
|
+
end
|
116
|
+
|
117
|
+
# Deactivates this access key.
|
118
|
+
#
|
119
|
+
# @example
|
120
|
+
# access_key.deactivate!
|
121
|
+
# access_key.status
|
122
|
+
# # => :inactive
|
123
|
+
#
|
124
|
+
# @return [nil]
|
125
|
+
# @return [nil]
|
126
|
+
def deactivate!
|
127
|
+
self.status = 'Inactive'
|
128
|
+
nil
|
129
|
+
end
|
130
|
+
|
131
|
+
# Deletes the access key.
|
132
|
+
def delete
|
133
|
+
client.delete_access_key(resource_options)
|
134
|
+
nil
|
135
|
+
end
|
136
|
+
|
137
|
+
# Returns a hash that should be saved somewhere safe.
|
138
|
+
#
|
139
|
+
# access_keys = iam.access_keys.create
|
140
|
+
# access_keys.credentials
|
141
|
+
# #=> { :access_key_id => '...', :secret_access_key => '...' }
|
142
|
+
#
|
143
|
+
# You can also use these credentials to make requests:
|
144
|
+
#
|
145
|
+
# s3 = AWS::S3.new(access_keys.credentials)
|
146
|
+
# s3.buckets.create('newbucket')
|
147
|
+
#
|
148
|
+
# @return [Hash] Returns a hash with the access key id and
|
149
|
+
# secret access key.
|
150
|
+
def credentials
|
151
|
+
{ :access_key_id => id, :secret_access_key => secret }
|
152
|
+
end
|
153
|
+
|
154
|
+
# @private
|
155
|
+
protected
|
156
|
+
def resource_identifiers
|
157
|
+
identifiers = []
|
158
|
+
identifiers << [:access_key_id, id]
|
159
|
+
identifiers << [:user_name, user.name] if user
|
160
|
+
identifiers
|
161
|
+
end
|
162
|
+
|
163
|
+
# IAM does not provide a request for "get access keys".
|
164
|
+
# Also note, we do not page the response. This is because
|
165
|
+
# restrictions on how many access keys an account / user may
|
166
|
+
# have is fewer than one page of results.
|
167
|
+
# @private
|
168
|
+
protected
|
169
|
+
def get_resource attribute
|
170
|
+
options = user ? { :user_name => user.name } : {}
|
171
|
+
client.list_access_keys(options)
|
172
|
+
end
|
173
|
+
|
174
|
+
# @private
|
175
|
+
protected
|
176
|
+
def matches_response_object? obj
|
177
|
+
user_name = obj.respond_to?(:user_name) ? obj.user_name : nil
|
178
|
+
obj.access_key_id == self.id and user_name == self.user_name
|
179
|
+
end
|
180
|
+
|
181
|
+
end
|
182
|
+
end
|
183
|
+
end
|