aws-sdk 1.0.4 → 1.1.0

data/lib/aws/iam/access_key_collection.rb

@@ -0,0 +1,131 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/iam/collection'
+require 'aws/iam/access_key'
+
+module AWS
+  class IAM
+
+    # Both AWS accounts and IAM users can have access keys (maximum of 2).
+    # You can create new keys so that you can rotate out your old keys.
+    # You can create, delete, activate and deactivate access keys.
+    #
+    # == Create New Access Keys
+    #
+    #   # for the aws account
+    #   access_keys = iam.access_keys.create
+    #
+    #   # for an iam user
+    #   user_access_keys = iam.users['johndoe'].access_keys.create
+    #  
+    # == Secret
+    #
+    # Make sure after creating an access to retrieve the secret access key
+    # and save it somewhere safe.
+    #
+    #   access_keys = iam.access_keys.create   
+    #   secret = access_keys.secret
+    #
+    # If you try to access the secret on an access key that was not newly
+    # created an error will be raised.  AWS will only give the secret for
+    # a newly created access key:
+    #
+    #   access_keys = iam.access_keys.first
+    #   access_keys.secret
+    #   #=> oops, raises a runtime error
+    #
+    class AccessKeyCollection
+
+      include Collection
+
+      # @param [Hash] options
+      # @option options [User] :user If present, this collection will only
+      #   represent the access keys for the given user.
+      def initialize options = {}
+        @user = options[:user]
+        @user ? super(@user, options) : super(options)
+      end
+
+      # @return [User,nil] Returns the user these accesss keys belong to. 
+      #   If this returns +nil+ then these access keys belong to the 
+      #   AWS account.
+      attr_reader :user
+
+      def create
+
+        options = {}
+        options[:user_name] = user.name if user
+
+        resp = client.create_access_key(options)
+
+        AccessKey.new_from(:create_access_key, resp.access_key,
+          resp.access_key.access_key_id, new_options)
+        
+      end
+
+      # @param [String] access_key_id The ID of the access key.
+      # @return [AccessKey] Returns a reference to the access key with
+      #   the given +access_key_id+.
+      def [] access_key_id
+        AccessKey.new(access_key_id, new_options)
+      end
+
+      # Deletes all of the access keys from this collection.
+      # 
+      #   iam.users['someuser'].access_keys.clear
+      #
+      # @return [nil]
+      def clear
+        each{|access_key| access_key.delete }
+        nil
+      end
+
+      # Yields once for each access key.  You can limit the number of 
+      # access keys yielded using +:limit+.
+      #
+      # @param [Hash] options
+      # @option options [Integer] :limit The maximum number of access keys
+      #   to yield.
+      # @option options [Integer] :batch_size The maximum number of 
+      #   access keys received each service reqeust.
+      # @yieldparam [AccessKey] access_key 
+      # @return [nil]
+      def each options = {}, &block
+        each_options = options.dup
+        each_options[:user_name] = user.name if user
+        super(each_options, &block)
+      end
+
+      # @private
+      protected
+      def each_item response, &block
+        response.access_key_metadata.each do |item|
+
+          access_key = AccessKey.new_from(:list_access_keys, item,
+            item.access_key_id, new_options)
+
+          yield(access_key)
+
+        end
+      end
+
+      # @private
+      protected
+      def new_options
+        user ? { :user => user } : { :config => config }
+      end
+
+    end
+  end
+end

data/lib/aws/iam/account_alias_collection.rb

@@ -0,0 +1,81 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/iam/collection'
+
+module AWS
+  class IAM
+
+    # @private
+    #
+    # Currently IAM exposes the account alias in a collection, as if you
+    # could create/manage multiple aliases for a single account.  However,
+    # creating a 2nd alias replaces the first, it does not add an additional
+    # alias.
+    #
+    # Because the API is modeled as a collection this class could be used
+    # to work with it, but instead we consume this by the IAM class for
+    # the following methods:
+    #
+    #   * create_account_alias
+    #   * account_alias
+    #   * remove_account_alias
+    #
+    # If IAM allows accounts to have multiple aliases, then those previous
+    # 3 methods will be deprecated and this interface will be exposed.
+    class AccountAliasCollection
+
+      include Collection
+
+      # Creates an AWS account alias.
+      #
+      #   iam.account_aliases.create('myaccountalias')
+      #
+      # For information about account alias restrictions and usage, 
+      # see http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?AccountAlias.html.
+      #
+      # @param [String] account_alias
+      # @return [String] Returns the account_alias string that was passed.
+      def create account_alias
+        client.create_account_alias(:account_alias => account_alias)
+        account_alias
+      end
+
+      # Delete an AWS account alias.
+      #
+      #   iam.account_aliases.delete('myaccountalias')
+      #
+      # @param [String] account_alias The account alias to delete.
+      # @return [nil]
+      def delete account_alias
+        client.delete_account_alias(:account_alias => account_alias)
+        nil
+      end
+
+      # @private
+      protected
+      def request_method
+        :list_account_aliases
+      end
+
+      # @private
+      protected
+      def each_item response, &block
+        response.account_aliases.each do |account_alias|
+          yield(account_alias)
+        end
+      end
+
+    end
+  end
+end

data/lib/aws/iam/client.rb

@@ -0,0 +1,44 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/base_client'
+require 'aws/configured_client_methods'
+require 'aws/iam/request'
+require 'aws/iam/client/xml'
+require 'aws/iam/errors'
+
+module AWS
+  class IAM
+
+    # @private
+    class Client < BaseClient
+      
+      include ConfiguredClientMethods
+
+      API_VERSION = '2010-05-08'
+
+      REQUEST_CLASS = IAM::Request
+
+      # @private
+      CACHEABLE_REQUESTS = Set[:list_groups,
+                               :list_group_policies,
+                               :list_groups_for_user,
+                               :list_server_certificates,
+                               :get_group,
+                               :get_group_policy]
+
+      configure_client
+
+    end
+  end
+end

data/lib/aws/iam/client/xml.rb

@@ -0,0 +1,38 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/configured_xml_grammars'
+require 'aws/ignore_result_element'
+require 'aws/xml_grammar'
+
+module AWS
+  class IAM
+    class Client < BaseClient
+
+      # @private
+      module XML
+
+        include ConfiguredXmlGrammars
+
+        extend IgnoreResultElement
+
+        BaseError = XmlGrammar.customize do
+          element("Error") { ignore }
+        end
+
+        define_configured_grammars
+
+      end
+    end
+  end
+end

data/lib/aws/iam/collection.rb

@@ -0,0 +1,87 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/collections'
+require 'aws/inflection'
+
+module AWS
+  class IAM
+    module Collection
+
+      include Collections::PagedWithLimits
+
+      # Common methods for collection classes that can be filtered by
+      # a path prefix.
+      module WithPrefix
+
+        include Collection
+
+        # @return [String] The path prefix by which the collection is
+        #   filtered.
+        attr_reader :prefix
+
+        # @private
+        def initialize(options = {})
+          @prefix = options[:prefix]
+          super
+        end
+
+        def each options = {}, &block
+          options = {
+            :path_prefix => prefix
+          }.merge(options) if prefix
+          options[:path_prefix] = options.delete(:prefix) if
+            options.key?(:prefix)
+          if prefix = options[:path_prefix]
+            options[:path_prefix] = "/#{prefix}".sub(%r{^//}, "/")
+          end
+          super(options, &block)
+        end
+
+        # Returns a collection object including only those groups whose
+        # paths begin with the supplied prefix.
+        #
+        # @param [String] prefix The path prefix for filtering the
+        #   results.
+        #
+        # @return [GroupCollection]
+        def with_prefix(prefix)
+          prefix = "/#{prefix}".sub(%r{^//}, "/")
+          self.class.new(:prefix => prefix,
+                         :config => config)
+        end
+
+      end
+
+      # @private
+      protected
+      def request_method
+        name = Inflection.ruby_name(self.class.name).sub(/_collection$/, '')
+        "list_#{name}s"
+      end
+
+      # @private
+      protected
+      def next_token_key
+        :marker
+      end
+
+      # @private
+      protected
+      def limit_key
+        :max_items
+      end
+
+    end
+
+  end
+end

data/lib/aws/iam/errors.rb

@@ -0,0 +1,29 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/lazy_error_classes'
+require 'aws/iam/client/xml'
+
+module AWS
+  class IAM
+
+    # @private
+    module Errors
+
+      BASE_ERROR_GRAMMAR = Client::XML::BaseError
+
+      include LazyErrorClasses
+
+    end
+  end
+end

data/lib/aws/iam/group.rb

@@ -0,0 +1,117 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/iam/resource'
+require 'aws/iam/errors'
+require 'aws/iam/group_user_collection'
+require 'aws/iam/group_policy_collection'
+
+module AWS
+  class IAM
+
+    # Represents a group of users.  Groups don't directly interact
+    # with AWS; only users do. The main reason to create groups is to
+    # collectively assign permissions to the users so they can do
+    # their jobs. For example, you could have a group called Admins
+    # and give that group the types of permissions admins typically
+    # need.
+    class Group < Resource
+
+      prefix_update_attributes
+
+      # @private
+      def initialize(name, options = {})
+        options[:name] = name
+        super
+      end
+
+      # @attr [String] The group's name.
+      mutable_attribute :name, :static => true, :as => :group_name
+
+      # @attr_reader [String] The group's unique ID.
+      attribute :id, :static => true, :as => :group_id
+
+      # @attr_reader [Time] When the group was created.
+      attribute :create_date, :static => true
+
+      # @attr_reader [String] The group's ARN (Amazon Resource Name).
+      attribute :arn
+
+      # @attr [String] The group's path.  Paths are used to identify
+      #   which division or part of an organization the group belongs
+      #   to.
+      mutable_attribute :path do
+        translates_input do |path|
+          path = "/#{path}" unless path[0] == ?/
+          path = "#{path}/" unless path[-1] == ?/
+          path
+        end
+      end
+
+      populates_from(:get_group, :create_group) do |resp|
+        resp.group if resp.group.group_name == name
+      end
+
+      populates_from(:list_groups, :list_groups_for_user) do |resp|
+        resp.groups.find { |g| g.group_name == name }
+      end
+
+      # (see Resource#exists?)
+      def exists?; super; end
+
+      # Deletes the group.  The group must not contain any users or
+      # have any attached policies.
+      def delete
+        client.delete_group(:group_name => name)
+        nil
+      end
+
+      # Provides access to the users in the group.  For example:
+      #
+      #   # get the names of all the users in the group
+      #   group.users.map(&:name)
+      #
+      #   # remove all users from the group
+      #   group.users.clear
+      #
+      # @return [GroupUserCollection] An object representing all the
+      #   users in the group.
+      def users
+        GroupUserCollection.new(self)
+      end
+
+      # Provides access to the policies associated with the group.
+      # For example:
+      #
+      #   # get the policy named "ReadOnly"
+      #   group.policies["ReadOnly"]
+      #
+      #   # remove all policies associated with the group
+      #   group.policies.clear
+      #
+      # @return [GroupPolicyCollection] An object representing all the
+      #   policies associated with the group.
+      def policies
+        GroupPolicyCollection.new(self)
+      end
+
+      # @private
+      protected
+      def resource_identifiers
+        [[:group_name, name]]
+      end
+
+    end
+
+  end
+end