aws-sdk 1.0.4 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/aws.rb +10 -9
- data/lib/aws/api_config/IAM-2010-07-15.yml +632 -0
- data/lib/aws/base_client.rb +1 -1
- data/lib/aws/cacheable.rb +34 -46
- data/lib/aws/client_logging.rb +19 -14
- data/lib/aws/collections.rb +230 -0
- data/lib/aws/common.rb +4 -0
- data/lib/aws/configuration.rb +7 -0
- data/lib/aws/ec2.rb +2 -2
- data/lib/aws/ec2/attachment.rb +64 -71
- data/lib/aws/ec2/attachment_collection.rb +11 -9
- data/lib/aws/ec2/availability_zone.rb +40 -31
- data/lib/aws/ec2/availability_zone_collection.rb +2 -3
- data/lib/aws/ec2/elastic_ip.rb +25 -22
- data/lib/aws/ec2/elastic_ip_collection.rb +5 -2
- data/lib/aws/ec2/image.rb +113 -129
- data/lib/aws/ec2/image_collection.rb +5 -6
- data/lib/aws/ec2/instance.rb +290 -233
- data/lib/aws/ec2/instance_collection.rb +72 -67
- data/lib/aws/ec2/key_pair.rb +16 -18
- data/lib/aws/ec2/region.rb +25 -17
- data/lib/aws/ec2/reserved_instances.rb +7 -1
- data/lib/aws/ec2/reserved_instances_collection.rb +3 -3
- data/lib/aws/ec2/reserved_instances_offering.rb +7 -1
- data/lib/aws/ec2/reserved_instances_offering_collection.rb +3 -3
- data/lib/aws/ec2/resource.rb +41 -222
- data/lib/aws/ec2/security_group.rb +22 -18
- data/lib/aws/ec2/security_group_collection.rb +2 -5
- data/lib/aws/ec2/snapshot.rb +44 -35
- data/lib/aws/ec2/snapshot_collection.rb +43 -1
- data/lib/aws/ec2/tag.rb +14 -18
- data/lib/aws/ec2/volume.rb +59 -72
- data/lib/aws/ec2/volume_collection.rb +16 -12
- data/lib/aws/errors.rb +14 -5
- data/lib/aws/http/httparty_handler.rb +2 -2
- data/lib/aws/iam.rb +306 -0
- data/lib/aws/iam/access_key.rb +183 -0
- data/lib/aws/iam/access_key_collection.rb +131 -0
- data/lib/aws/iam/account_alias_collection.rb +81 -0
- data/lib/aws/iam/client.rb +44 -0
- data/lib/aws/iam/client/xml.rb +38 -0
- data/lib/aws/iam/collection.rb +87 -0
- data/lib/aws/iam/errors.rb +29 -0
- data/lib/aws/iam/group.rb +117 -0
- data/lib/aws/iam/group_collection.rb +135 -0
- data/lib/aws/iam/group_policy_collection.rb +49 -0
- data/lib/aws/iam/group_user_collection.rb +94 -0
- data/lib/aws/iam/login_profile.rb +97 -0
- data/lib/aws/iam/mfa_device.rb +52 -0
- data/lib/aws/iam/mfa_device_collection.rb +119 -0
- data/lib/aws/iam/policy.rb +48 -0
- data/lib/aws/iam/policy_collection.rb +191 -0
- data/lib/aws/iam/request.rb +27 -0
- data/lib/aws/iam/resource.rb +74 -0
- data/lib/aws/iam/server_certificate.rb +143 -0
- data/lib/aws/iam/server_certificate_collection.rb +174 -0
- data/lib/aws/iam/signing_certificate.rb +171 -0
- data/lib/aws/iam/signing_certificate_collection.rb +134 -0
- data/lib/aws/iam/user.rb +196 -0
- data/lib/aws/iam/user_collection.rb +136 -0
- data/lib/aws/iam/user_group_collection.rb +101 -0
- data/lib/aws/iam/user_policy.rb +90 -0
- data/lib/aws/iam/user_policy_collection.rb +48 -0
- data/lib/aws/resource.rb +381 -0
- data/lib/aws/resource_cache.rb +1 -2
- data/lib/aws/response.rb +5 -1
- data/lib/aws/response_cache.rb +1 -1
- data/lib/aws/s3/client.rb +3 -1
- data/lib/aws/s3/presigned_post.rb +1 -1
- data/lib/aws/simple_db.rb +1 -1
- metadata +113 -50
@@ -30,7 +30,7 @@ module AWS
|
|
30
30
|
# volume.exists?
|
31
31
|
#
|
32
32
|
# @example Get a map of volume IDs to volume status
|
33
|
-
# ec2.volumes.inject({}) { |m, v| m[
|
33
|
+
# ec2.volumes.inject({}) { |m, v| m[v.id] = v.status; m }
|
34
34
|
# # => { "vol-12345678" => :available, "vol-87654321" => :in_use }
|
35
35
|
class VolumeCollection < Collection
|
36
36
|
|
@@ -41,8 +41,12 @@ module AWS
|
|
41
41
|
def each(&block)
|
42
42
|
resp = filtered_request(:describe_volumes)
|
43
43
|
resp.volume_set.each do |v|
|
44
|
-
|
44
|
+
|
45
|
+
volume = Volume.new_from(:describe_volumes, v,
|
46
|
+
v.volume_id, :config => config)
|
47
|
+
|
45
48
|
yield(volume)
|
49
|
+
|
46
50
|
end
|
47
51
|
nil
|
48
52
|
end
|
@@ -55,32 +59,32 @@ module AWS
|
|
55
59
|
#
|
56
60
|
# @return [Volume] An object representing the new volume.
|
57
61
|
#
|
58
|
-
# @param [Hash]
|
62
|
+
# @param [Hash] options Options for creating the volume.
|
59
63
|
# +:availability_zone+ and one of +:size+, +:snapshot+, or
|
60
64
|
# +:snapshot_id+ is required.
|
61
65
|
#
|
62
|
-
# @option
|
66
|
+
# @option options [Integer] :size The size of the volume, in
|
63
67
|
# GiBs. Valid values: 1 - 1024. If +:snapshot+ or
|
64
68
|
# +:snapshot_id+ is specified, this defaults to the size of
|
65
69
|
# the specified snapshot.
|
66
70
|
#
|
67
|
-
# @option
|
71
|
+
# @option options [Snapshot] :snapshot The snapshot from which to
|
68
72
|
# create the new volume.
|
69
73
|
#
|
70
|
-
# @option
|
74
|
+
# @option options [String] :snapshot_id The ID of the snapshot
|
71
75
|
# from which to create the new volume.
|
72
76
|
#
|
73
|
-
# @option
|
77
|
+
# @option options [String, AvailabilityZone] :availability_zone
|
74
78
|
# The Availability Zone in which to create the new volume.
|
75
79
|
# To get a list of the availability zones you can use, see
|
76
80
|
# {EC2#availability_zones}.
|
77
81
|
# @return [Volume]
|
78
|
-
def create
|
79
|
-
if snapshot =
|
80
|
-
|
82
|
+
def create options = {}
|
83
|
+
if snapshot = options.delete(:snapshot)
|
84
|
+
options[:snapshot_id] = snapshot.id
|
81
85
|
end
|
82
|
-
resp = client.create_volume(
|
83
|
-
Volume.
|
86
|
+
resp = client.create_volume(options)
|
87
|
+
Volume.new_from(:create_volume, resp, resp.volume_id, :config => config)
|
84
88
|
end
|
85
89
|
|
86
90
|
# @private
|
data/lib/aws/errors.rb
CHANGED
@@ -51,7 +51,8 @@ module AWS
|
|
51
51
|
# that wrapped the service error.
|
52
52
|
attr_reader :http_response
|
53
53
|
|
54
|
-
def initialize http_request, http_response, message =
|
54
|
+
def initialize http_request = nil, http_response = nil, message = nil
|
55
|
+
message ||= http_response.body if http_response
|
55
56
|
@http_request = http_request
|
56
57
|
@http_response = http_response
|
57
58
|
super(message)
|
@@ -97,10 +98,18 @@ module AWS
|
|
97
98
|
# @return [Integer] The HTTP status code returned by the AWS service.
|
98
99
|
attr_reader :code
|
99
100
|
|
100
|
-
def initialize(req, resp)
|
101
|
-
|
102
|
-
|
103
|
-
|
101
|
+
def initialize(req = nil, resp = nil)
|
102
|
+
if req.kind_of?(String)
|
103
|
+
# makes it easier to test handling of modeled exceptions
|
104
|
+
super(nil, nil, req)
|
105
|
+
@message = req
|
106
|
+
elsif req and resp
|
107
|
+
super(req, resp, message)
|
108
|
+
include_error_type
|
109
|
+
parse_body(resp.body)
|
110
|
+
else
|
111
|
+
super()
|
112
|
+
end
|
104
113
|
end
|
105
114
|
|
106
115
|
def include_error_type
|
@@ -62,7 +62,7 @@ module AWS
|
|
62
62
|
})
|
63
63
|
|
64
64
|
if request.proxy_uri
|
65
|
-
opts[:http_proxyaddr] = request.proxy_uri.
|
65
|
+
opts[:http_proxyaddr] = request.proxy_uri.host
|
66
66
|
opts[:http_proxyport] = request.proxy_uri.port
|
67
67
|
end
|
68
68
|
|
@@ -90,7 +90,7 @@ module AWS
|
|
90
90
|
|
91
91
|
begin
|
92
92
|
http_response = self.class.send(method, url, opts)
|
93
|
-
rescue Timeout::Error => e
|
93
|
+
rescue Timeout::Error, Errno::ETIMEDOUT => e
|
94
94
|
response.timeout = true
|
95
95
|
else
|
96
96
|
response.body = http_response.body
|
data/lib/aws/iam.rb
ADDED
@@ -0,0 +1,306 @@
|
|
1
|
+
# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"). You
|
4
|
+
# may not use this file except in compliance with the License. A copy of
|
5
|
+
# the License is located at
|
6
|
+
#
|
7
|
+
# http://aws.amazon.com/apache2.0/
|
8
|
+
#
|
9
|
+
# or in the "license" file accompanying this file. This file is
|
10
|
+
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
|
11
|
+
# ANY KIND, either express or implied. See the License for the specific
|
12
|
+
# language governing permissions and limitations under the License.
|
13
|
+
|
14
|
+
require 'aws/common'
|
15
|
+
require 'aws/inflection'
|
16
|
+
require 'aws/service_interface'
|
17
|
+
require 'aws/iam/client'
|
18
|
+
require 'aws/iam/user_collection'
|
19
|
+
require 'aws/iam/group_collection'
|
20
|
+
require 'aws/iam/signing_certificate_collection'
|
21
|
+
require 'aws/iam/server_certificate_collection'
|
22
|
+
require 'aws/iam/account_alias_collection'
|
23
|
+
require 'aws/iam/access_key_collection'
|
24
|
+
|
25
|
+
module AWS
|
26
|
+
|
27
|
+
# This class is the starting point for working with
|
28
|
+
# AWS Identity and Access Management (IAM).
|
29
|
+
#
|
30
|
+
# For more information about IAM:
|
31
|
+
#
|
32
|
+
# * {AWS Identity and Access Management}[http://aws.amazon.com/iam/]
|
33
|
+
# * {AWS Identity and Access Management Documentation}[http://aws.amazon.com/documentation/iam/]
|
34
|
+
#
|
35
|
+
# = Credentials
|
36
|
+
#
|
37
|
+
# You can setup default credentials for all AWS services via
|
38
|
+
# AWS.config:
|
39
|
+
#
|
40
|
+
# AWS.config(
|
41
|
+
# :access_key_id => 'YOUR_ACCESS_KEY_ID',
|
42
|
+
# :secret_access_key => 'YOUR_SECRET_ACCESS_KEY')
|
43
|
+
#
|
44
|
+
# Or you can set them directly on the IAM interface:
|
45
|
+
#
|
46
|
+
# iam = AWS::IAM.new(
|
47
|
+
# :access_key_id => 'YOUR_ACCESS_KEY_ID',
|
48
|
+
# :secret_access_key => 'YOUR_SECRET_ACCESS_KEY')
|
49
|
+
#
|
50
|
+
# = Account Summary
|
51
|
+
#
|
52
|
+
# You can get account level information about entity usage and IAM quotas
|
53
|
+
# directly from an IAM interface object.
|
54
|
+
#
|
55
|
+
# summary = iam.account_summary
|
56
|
+
#
|
57
|
+
# puts "Num users: #{summary[:users]}"
|
58
|
+
# puts "Num user quota: #{summary[:users_quota]}"
|
59
|
+
#
|
60
|
+
# For a complete list of summary attributes see the {#account_summary} method.
|
61
|
+
#
|
62
|
+
# = Account Aliases
|
63
|
+
#
|
64
|
+
# Currently IAM only supports a single account alias for each AWS account.
|
65
|
+
# You can set the account alias on the IAM interface.
|
66
|
+
#
|
67
|
+
# iam.account_alias = 'myaccountalias'
|
68
|
+
# iam.account_alias
|
69
|
+
# #=> 'myaccountalias'
|
70
|
+
#
|
71
|
+
# You can also remove your account alias:
|
72
|
+
#
|
73
|
+
# iam.remove_account_alias
|
74
|
+
# iam.account_alias
|
75
|
+
# #=> nil
|
76
|
+
#
|
77
|
+
# = Access Keys
|
78
|
+
#
|
79
|
+
# You can create up to 2 access for your account and 2 for each user.
|
80
|
+
# This makes it easy to rotate keys if you need to. You can also
|
81
|
+
# deactivate/activate access keys.
|
82
|
+
#
|
83
|
+
# # get your current access key
|
84
|
+
# old_access_key = iam.access_keys.first
|
85
|
+
#
|
86
|
+
# # create a new access key
|
87
|
+
# new_access_key = iam.access_keys.create
|
88
|
+
# new_access_key.credentials
|
89
|
+
# #=> { :access_key_id => 'ID', :secret_access_key => 'SECRET' }
|
90
|
+
#
|
91
|
+
# # go rotate your keys/credentials ...
|
92
|
+
#
|
93
|
+
# # now disable the old access key
|
94
|
+
# old_access_key.deactivate!
|
95
|
+
#
|
96
|
+
# # go make sure everything still works ...
|
97
|
+
#
|
98
|
+
# # all done, lets clean up
|
99
|
+
# old_access_key.delete
|
100
|
+
#
|
101
|
+
# Users can also have access keys:
|
102
|
+
#
|
103
|
+
# u = iam.users['someuser']
|
104
|
+
# access_key = u.access_keys.create
|
105
|
+
# access_key.credentials
|
106
|
+
# #=> { :access_key_id => 'ID', :secret_access_key => 'SECRET' }
|
107
|
+
#
|
108
|
+
# See {AccessKeyCollection} and {AccessKey} for more information about
|
109
|
+
# working with access keys.
|
110
|
+
#
|
111
|
+
# = Users & Gropus
|
112
|
+
#
|
113
|
+
# Each AWS account can have multiple users. Users can be used to easily
|
114
|
+
# manage permissions. Users can also be organized into groups.
|
115
|
+
#
|
116
|
+
# user = iam.users.create('JohnDoe')
|
117
|
+
# group = iam.groups.create('Developers')
|
118
|
+
#
|
119
|
+
# # add a user to a group
|
120
|
+
# user.groups.add(group)
|
121
|
+
#
|
122
|
+
# # remove a user from a group
|
123
|
+
# user.groups.remove(group)
|
124
|
+
#
|
125
|
+
# # add a user to a group
|
126
|
+
# group.users.add(user)
|
127
|
+
#
|
128
|
+
# # remove a user from a group
|
129
|
+
# group.users.remove(user)
|
130
|
+
#
|
131
|
+
# See {User}, {UserCollection}, {Group} and {GroupCollection} for more
|
132
|
+
# information on how to work with users and groups.
|
133
|
+
#
|
134
|
+
# = Other Interfaces
|
135
|
+
#
|
136
|
+
# Other useful IAM interfaces:
|
137
|
+
# * User Login Profiles ({LoginProfile})
|
138
|
+
# * Policies ({Policy})
|
139
|
+
# * Server Certificates ({ServerCertificateCollection}, {ServerCertificate})
|
140
|
+
# * Signing Certificates ({SigningCertificateCollection}, {SigningCertificate})
|
141
|
+
# * Multifactor Authentication Devices ({MFADeviceCollection}, {MFADevice})
|
142
|
+
#
|
143
|
+
class IAM
|
144
|
+
|
145
|
+
include ServiceInterface
|
146
|
+
|
147
|
+
# Returns a collection that represents all AWS users for this account:
|
148
|
+
#
|
149
|
+
# @example Getting a user by name
|
150
|
+
#
|
151
|
+
# user = iam.users['username']
|
152
|
+
#
|
153
|
+
# @example Enumerating users
|
154
|
+
#
|
155
|
+
# iam.users.each do |user|
|
156
|
+
# puts user.name
|
157
|
+
# end
|
158
|
+
#
|
159
|
+
# @return [UserCollection] Returns a collection that represents all of
|
160
|
+
# the IAM users for this AWS account.
|
161
|
+
def users
|
162
|
+
UserCollection.new(:config => config)
|
163
|
+
end
|
164
|
+
|
165
|
+
# Returns a collection that represents all AWS groups for this account:
|
166
|
+
#
|
167
|
+
# @example Getting a group by name
|
168
|
+
#
|
169
|
+
# group = iam.groups['groupname']
|
170
|
+
#
|
171
|
+
# @example Enumerating groups
|
172
|
+
#
|
173
|
+
# iam.groups.each do |group|
|
174
|
+
# puts group.name
|
175
|
+
# end
|
176
|
+
#
|
177
|
+
# @return [GroupCollection] Returns a collection that represents all of
|
178
|
+
# the IAM groups for this AWS account.
|
179
|
+
def groups
|
180
|
+
GroupCollection.new(:config => config)
|
181
|
+
end
|
182
|
+
|
183
|
+
# Returns a collection that represents the access keys for this
|
184
|
+
# AWS account.
|
185
|
+
#
|
186
|
+
# iam = AWS::IAM.new
|
187
|
+
# iam.access_keys.each do |access_key|
|
188
|
+
# puts access_key.id
|
189
|
+
# end
|
190
|
+
#
|
191
|
+
# @return [AccessKeyCollection] Returns a collection that represents all
|
192
|
+
# access keys for this AWS account.
|
193
|
+
def access_keys
|
194
|
+
AccessKeyCollection.new(:config => config)
|
195
|
+
end
|
196
|
+
|
197
|
+
# Returns a collection that represents the signing certificates
|
198
|
+
# for this AWS account.
|
199
|
+
#
|
200
|
+
# iam = AWS::IAM.new
|
201
|
+
# iam.signing_certificates.each do |cert|
|
202
|
+
# # ...
|
203
|
+
# end
|
204
|
+
#
|
205
|
+
# If you need to access the signing certificates of a specific user,
|
206
|
+
# see {User#signing_certificates}.
|
207
|
+
#
|
208
|
+
# @return [SigningCertificateCollection] Returns a collection that
|
209
|
+
# represents signing certificates for this AWS account.
|
210
|
+
def signing_certificates
|
211
|
+
SigningCertificateCollection.new(:config => config)
|
212
|
+
end
|
213
|
+
|
214
|
+
# @note Currently, Amazon Elastic Load Balancing is the only
|
215
|
+
# service to support the use of server certificates with
|
216
|
+
# IAM. Using server certificates with Amazon Elastic Load
|
217
|
+
# Balancing is described in the
|
218
|
+
# {http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/US_SettingUpLoadBalancerHTTPSIntegrated.html
|
219
|
+
# Amazon Elastic Load Balancing} Developer Guide.
|
220
|
+
#
|
221
|
+
# Returns a collection that represents the server certificates
|
222
|
+
# for this AWS account.
|
223
|
+
#
|
224
|
+
# iam = AWS::IAM.new
|
225
|
+
# iam.server_certificates.each do |cert|
|
226
|
+
# # ...
|
227
|
+
# end
|
228
|
+
#
|
229
|
+
# @return [ServerCertificateCollection] Returns a collection that
|
230
|
+
# represents server certificates for this AWS account.
|
231
|
+
def server_certificates
|
232
|
+
ServerCertificateCollection.new(:config => config)
|
233
|
+
end
|
234
|
+
|
235
|
+
# Sets the account alias for this AWS account.
|
236
|
+
# @param [String] account_alias
|
237
|
+
# @return [String] Returns the account alias passed.
|
238
|
+
def account_alias= account_alias
|
239
|
+
account_alias.nil? ?
|
240
|
+
remove_account_alias :
|
241
|
+
account_aliases.create(account_alias)
|
242
|
+
end
|
243
|
+
|
244
|
+
# @return [String,nil] Returns the account alias. If this account has
|
245
|
+
# no alias, then +nil+ is returned.
|
246
|
+
def account_alias
|
247
|
+
account_aliases.first
|
248
|
+
end
|
249
|
+
|
250
|
+
# Deletes the account alias (if one exists).
|
251
|
+
# @return [nil]
|
252
|
+
def remove_account_alias
|
253
|
+
account_aliases.each do |account_alias|
|
254
|
+
account_aliases.delete(account_alias)
|
255
|
+
end
|
256
|
+
nil
|
257
|
+
end
|
258
|
+
|
259
|
+
# @private
|
260
|
+
def account_aliases
|
261
|
+
AccountAliasCollection.new(:config => config)
|
262
|
+
end
|
263
|
+
|
264
|
+
# Retrieves account level information about account entity usage
|
265
|
+
# and IAM quotas. The returned hash contains the following keys:
|
266
|
+
#
|
267
|
+
# [+:users+] Number of users for the AWS account
|
268
|
+
#
|
269
|
+
# [+:users_quota+] Maximum users allowed for the AWS account
|
270
|
+
#
|
271
|
+
# [+:groups+] Number of Groups for the AWS account
|
272
|
+
#
|
273
|
+
# [+:groups_quota+] Maximum Groups allowed for the AWS account
|
274
|
+
#
|
275
|
+
# [+:server_certificates+] Number of Server Certificates for the
|
276
|
+
# AWS account
|
277
|
+
#
|
278
|
+
# [+:server_certificates_quota+] Maximum Server Certificates
|
279
|
+
# allowed for the AWS account
|
280
|
+
#
|
281
|
+
# [+:user_policy_size_quota+] Maximum allowed size for user policy
|
282
|
+
# documents (in kilobytes)
|
283
|
+
#
|
284
|
+
# [+:group_policy_size_quota+] Maximum allowed size for Group
|
285
|
+
# policy documents (in kilobyes)
|
286
|
+
#
|
287
|
+
# [+:groups_per_user_quota+] Maximum number of groups a user can
|
288
|
+
# belong to
|
289
|
+
#
|
290
|
+
# [+:signing_certificates_per_user_quota+] Maximum number of X509
|
291
|
+
# certificates allowed
|
292
|
+
# for a user
|
293
|
+
#
|
294
|
+
# [+:access_keys_per_user_quota+] Maximum number of access keys
|
295
|
+
# that can be created per user
|
296
|
+
#
|
297
|
+
# @return [Hash]
|
298
|
+
def account_summary
|
299
|
+
client.get_account_summary.summary_map.inject({}) do |h, (k,v)|
|
300
|
+
h[Inflection.ruby_name(k).to_sym] = v
|
301
|
+
h
|
302
|
+
end
|
303
|
+
end
|
304
|
+
|
305
|
+
end
|
306
|
+
end
|
@@ -0,0 +1,183 @@
|
|
1
|
+
# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"). You
|
4
|
+
# may not use this file except in compliance with the License. A copy of
|
5
|
+
# the License is located at
|
6
|
+
#
|
7
|
+
# http://aws.amazon.com/apache2.0/
|
8
|
+
#
|
9
|
+
# or in the "license" file accompanying this file. This file is
|
10
|
+
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
|
11
|
+
# ANY KIND, either express or implied. See the License for the specific
|
12
|
+
# language governing permissions and limitations under the License.
|
13
|
+
|
14
|
+
require 'aws/iam/resource'
|
15
|
+
require 'aws/iam/user'
|
16
|
+
|
17
|
+
module AWS
|
18
|
+
class IAM
|
19
|
+
|
20
|
+
# @attr_reader [Symbol] status The status of this access key.
|
21
|
+
# Status may be +:active+ or +:inactive+.
|
22
|
+
#
|
23
|
+
class AccessKey < Resource
|
24
|
+
|
25
|
+
# @param [String] access_key_id The id of this access key.
|
26
|
+
# @param [Hash] options
|
27
|
+
# @option [String] :user The IAM user this access key belongs to.
|
28
|
+
# If +:user+ is omitted then this access key belongs to the
|
29
|
+
# AWS account.
|
30
|
+
def initialize access_key_id, options = {}
|
31
|
+
@id = access_key_id
|
32
|
+
options[:secret_value] = nil unless options.has_key?(:secret_value)
|
33
|
+
@user = options[:user]
|
34
|
+
@user ? super(@user, options) : super(options)
|
35
|
+
end
|
36
|
+
|
37
|
+
# @return [User,nil] Returns the user this access key belongs to.
|
38
|
+
# Returns +nil+ if this access key belongs to the AWS account and not
|
39
|
+
# a specific user.
|
40
|
+
attr_reader :user
|
41
|
+
|
42
|
+
# @return [String] Returns the access key id.
|
43
|
+
attr_reader :id
|
44
|
+
|
45
|
+
alias_method :access_key_id, :id
|
46
|
+
|
47
|
+
attribute :secret_value, :as => :secret_access_key, :static => true
|
48
|
+
|
49
|
+
protected :secret_value
|
50
|
+
|
51
|
+
mutable_attribute :status, :to_sym => true
|
52
|
+
|
53
|
+
protected :status=
|
54
|
+
|
55
|
+
populates_from(:create_access_key) do |resp|
|
56
|
+
resp.access_key if matches_response_object?(resp.access_key)
|
57
|
+
end
|
58
|
+
|
59
|
+
populates_from(:list_access_keys) do |resp|
|
60
|
+
resp.access_key_metadata.find {|k| matches_response_object?(k) }
|
61
|
+
end
|
62
|
+
|
63
|
+
# Returns the secret access key.
|
64
|
+
#
|
65
|
+
# You can only access the secret for newly created access
|
66
|
+
# keys. Calling +secret+ on existing access keys raises an error.
|
67
|
+
#
|
68
|
+
# @example Getting the secret from a newly created access key
|
69
|
+
#
|
70
|
+
# access_key = iam.access_keys.create
|
71
|
+
# access_key.secret
|
72
|
+
# #=> 'SECRET_ACCESS_KEY'
|
73
|
+
#
|
74
|
+
# @example Failing to get the secret from an existing access key.
|
75
|
+
#
|
76
|
+
# access_key = iam.access_keys.first
|
77
|
+
# access_key.secret
|
78
|
+
# #=> raises a runtime error
|
79
|
+
#
|
80
|
+
# @return [String] Returns the secret access key.
|
81
|
+
def secret
|
82
|
+
secret_value or raise 'secret is only available for new access keys'
|
83
|
+
end
|
84
|
+
|
85
|
+
alias_method :secret_access_key, :secret
|
86
|
+
|
87
|
+
# @return [String,nil] Returns the name of the user this access key
|
88
|
+
# belogns to. If the access key belongs to the account, +nil+ is
|
89
|
+
# returned.
|
90
|
+
def user_name
|
91
|
+
@user ? @user.name : nil
|
92
|
+
end
|
93
|
+
|
94
|
+
# @return [Boolean] Returns true if this access key is active.
|
95
|
+
def active?
|
96
|
+
status == :active
|
97
|
+
end
|
98
|
+
|
99
|
+
# @return [Boolean] Returns true if this access key is inactive.
|
100
|
+
def inactive?
|
101
|
+
status == :inactive
|
102
|
+
end
|
103
|
+
|
104
|
+
# Activates this access key.
|
105
|
+
#
|
106
|
+
# @example
|
107
|
+
# access_key.activate!
|
108
|
+
# access_key.status
|
109
|
+
# # => :active
|
110
|
+
#
|
111
|
+
# @return [nil]
|
112
|
+
def activate!
|
113
|
+
self.status = 'Active'
|
114
|
+
nil
|
115
|
+
end
|
116
|
+
|
117
|
+
# Deactivates this access key.
|
118
|
+
#
|
119
|
+
# @example
|
120
|
+
# access_key.deactivate!
|
121
|
+
# access_key.status
|
122
|
+
# # => :inactive
|
123
|
+
#
|
124
|
+
# @return [nil]
|
125
|
+
# @return [nil]
|
126
|
+
def deactivate!
|
127
|
+
self.status = 'Inactive'
|
128
|
+
nil
|
129
|
+
end
|
130
|
+
|
131
|
+
# Deletes the access key.
|
132
|
+
def delete
|
133
|
+
client.delete_access_key(resource_options)
|
134
|
+
nil
|
135
|
+
end
|
136
|
+
|
137
|
+
# Returns a hash that should be saved somewhere safe.
|
138
|
+
#
|
139
|
+
# access_keys = iam.access_keys.create
|
140
|
+
# access_keys.credentials
|
141
|
+
# #=> { :access_key_id => '...', :secret_access_key => '...' }
|
142
|
+
#
|
143
|
+
# You can also use these credentials to make requests:
|
144
|
+
#
|
145
|
+
# s3 = AWS::S3.new(access_keys.credentials)
|
146
|
+
# s3.buckets.create('newbucket')
|
147
|
+
#
|
148
|
+
# @return [Hash] Returns a hash with the access key id and
|
149
|
+
# secret access key.
|
150
|
+
def credentials
|
151
|
+
{ :access_key_id => id, :secret_access_key => secret }
|
152
|
+
end
|
153
|
+
|
154
|
+
# @private
|
155
|
+
protected
|
156
|
+
def resource_identifiers
|
157
|
+
identifiers = []
|
158
|
+
identifiers << [:access_key_id, id]
|
159
|
+
identifiers << [:user_name, user.name] if user
|
160
|
+
identifiers
|
161
|
+
end
|
162
|
+
|
163
|
+
# IAM does not provide a request for "get access keys".
|
164
|
+
# Also note, we do not page the response. This is because
|
165
|
+
# restrictions on how many access keys an account / user may
|
166
|
+
# have is fewer than one page of results.
|
167
|
+
# @private
|
168
|
+
protected
|
169
|
+
def get_resource attribute
|
170
|
+
options = user ? { :user_name => user.name } : {}
|
171
|
+
client.list_access_keys(options)
|
172
|
+
end
|
173
|
+
|
174
|
+
# @private
|
175
|
+
protected
|
176
|
+
def matches_response_object? obj
|
177
|
+
user_name = obj.respond_to?(:user_name) ? obj.user_name : nil
|
178
|
+
obj.access_key_id == self.id and user_name == self.user_name
|
179
|
+
end
|
180
|
+
|
181
|
+
end
|
182
|
+
end
|
183
|
+
end
|