aws-sdk 1.0.4 → 1.1.0

data/lib/aws/iam/group_collection.rb

@@ -0,0 +1,135 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/model'
+require 'aws/iam/group'
+
+module AWS
+  class IAM
+
+    # A collection that provides access to IAM groups
+    # belonging to this account.
+    #
+    #   iam = AWS::IAM.new
+    #   groups = iam.groups
+    #
+    # == Creating a Group
+    #
+    # You can create a group using the {#create} method:
+    #
+    #   group = iam.groups.create("Developers")
+    #
+    # == Getting a Group by Name
+    #
+    # You can get a reference to a server certificate using array notation:
+    #
+    #   group = iam.groups["Developers"]
+    #
+    # == Enumerating Groups
+    #
+    # Group collections can also be used to enumerate groups:
+    #
+    #   groups.each do |group|
+    #     puts group.name
+    #   end
+    #
+    # You can limit the groups returned by passing a +:prefix+ option
+    # to any of the enumerator methods.  When you pass a prefix, only
+    # the certificates whose paths start with the given string will be
+    # returned.
+    class GroupCollection
+
+      include Collection::WithPrefix
+
+      # Creates a group.
+      #
+      # @param [String] name Name of the group to create. Do not
+      #   include the path in this value.
+      #
+      # @param [Hash] options Options for creating the group.
+      #
+      # @option options [String] :path The path to the group.
+      def create(name, options = {})
+        client_opts = { :group_name => name }.merge(options)
+        if path = client_opts[:path]
+          client_opts[:path] = "/#{path}/".
+            sub(%r{^//}, "/").
+            sub(%r{//$}, "/")
+        end
+        resp = client.create_group(client_opts)
+        Group.new(resp.group.group_name, :config => config)
+      end
+
+      # Yields once for each group.
+      #
+      # You can limit the number of groups yielded using +:limit+ and
+      # +:path_prefix+.
+      #
+      # @param [Hash] options
+      #
+      # @option options [String] :path_prefix ('/') A path prefix that
+      #   filters according to the path of the group.
+      #
+      # @option options [Integer] :limit The maximum number of groups
+      #   to yield.
+      #
+      # @option options [Integer] :batch_size The maximum number of
+      #   groups to retrieve in each service request.
+      #
+      # @yieldparam [Group] group
+      # @return [nil]
+      def each options = {}, &block
+        super(options, &block)
+      end
+
+      # Returns an enumerable object for this collection.  This can be
+      # useful if you want to call an enumerable method that does
+      # not accept options (e.g. +collect+, +first+, etc).
+      #
+      #   groups.enumerator(:path_prefix => '/admin').collect(&:name)
+      #
+      # @param (see #each)
+      # @option (see #each)
+      # @return [Enumerator]
+      def enumerator options = {}
+        super(options)
+      end
+
+      # Returns a reference to the group with the given name:
+      #
+      #   group = iam.groups['groupname']
+      #
+      # @param [String] name Name of the group to return a reference for.
+      # @return [Group] Returns a reference to the named group.
+      def [] name
+        Group.new(name, :config => config)
+      end
+
+      # @private
+      protected
+      def each_item response, &block
+        response.groups.each do |item|
+
+          group = Group.new_from(:list_groups, item,
+                                 item.group_name,
+                                 :config => config)
+
+          yield(group)
+
+        end
+      end
+
+    end
+
+  end
+end

data/lib/aws/iam/group_policy_collection.rb

@@ -0,0 +1,49 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/iam/policy_collection'
+
+module AWS
+  class IAM
+
+    # A collection that provides access to the policies associated
+    # with an IAM group.  The interface mimics a hash containing
+    # string keys and values that are instances of {Policy}.  For
+    # example:
+    #
+    #  # add or replace a policy named "ReadOnly"
+    #  policy = AWS::IAM::Policy.new do |p|
+    #    # ...
+    #  end
+    #  group.policies["ReadOnly"] = policy
+    #  group.policies.has_key?("ReadOnly")  # => true
+    #
+    # All of the methods for this class are defined in the
+    # {PolicyCollection} module.
+    class GroupPolicyCollection
+
+      include PolicyCollection
+
+      # @attr_reader [Group] The group.
+      attr_reader :group
+
+      # @private
+      def initialize group, opts = {}
+        @group = group
+        super
+      end
+
+    end
+
+  end
+end

data/lib/aws/iam/group_user_collection.rb

@@ -0,0 +1,94 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/collections'
+require 'aws/iam/user'
+
+module AWS
+  class IAM
+
+    # A collection that provides access to IAM users belonging to a
+    # particular group.
+    #
+    #   group = AWS::IAM.new.groups.first
+    #   users = group.users
+    #   users.each { |u| puts u.name }
+    class GroupUserCollection
+
+      include Collections::Basic
+
+      # @attr_reader [Group] The group.
+      attr_reader :group
+
+      # @private
+      def initialize(group, opts = {})
+        @group = group
+        super
+      end
+
+      # Adds a user to the group.
+      #
+      # @param [User] user The user to add.
+      # @return [nil]
+      def add(user)
+        client.add_user_to_group(:group_name => group.name,
+                                 :user_name => user.name)
+        nil
+      end
+
+      # Remove a user from the group.
+      #
+      # @param [User] user The user to remove.
+      # @return [nil]
+      def remove(user)
+        client.remove_user_from_group(:group_name => group.name,
+                                      :user_name => user.name)
+        nil
+      end
+
+      # Removes all users from this group.
+      # @return [nil]
+      def clear
+        each do |user|
+          remove(user)
+        end
+      end
+
+      # Yields once for each user in the group.
+      #
+      # @param [Hash] options
+      # @yieldparam [User] user
+      # @return [nil]
+      def each(options = {}, &block)
+        super(options.merge(:group_name => group.name), &block)
+      end
+
+      # @private
+      protected
+      def request_method
+        :get_group
+      end
+
+      # @private
+      protected
+      def each_item response
+        response.users.each do |u|
+          user = User.new_from(:get_group, u, u.user_name, :config => config)
+          yield(user)
+        end
+      end
+
+    end
+
+  end
+end

data/lib/aws/iam/login_profile.rb

@@ -0,0 +1,97 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/iam/resource'
+
+module AWS
+  class IAM
+
+    # A login profile is a user name and password that enables a user
+    # to log in to the {http://aws.amazon.com/console AWS Management
+    # Console}. Without a login profile, a user cannot access the
+    # console. (For information about accessing and using the AWS
+    # Management Console, see
+    # {http://docs.amazonwebservices.com/IAM/latest/UserGuide/Using_AWSManagementConsole.html
+    # Using the AWS Management Console}.)
+    #
+    # @example Setting a password for a user's login profile
+    #   user.login_profile.password = "TheNewPassword"
+    #
+    # @example Deleting the login profile for a user
+    #   user.login_profile.delete
+    class LoginProfile < Resource
+
+      # @private
+      def initialize(user, opts = {})
+        @user = user
+        super
+      end
+
+      # @attr_reader [User] The user to which this login profile
+      #   belongs.
+      attr_reader :user
+
+      # @attr_reader [Time] The time at which the login profile was
+      #   created.
+      attribute :create_date
+
+      # Sets a new password for the login profile, creating the
+      # profile if no profile currently exists for the user.
+      #
+      # @param [String] password The new password for the user.
+      def password=(password)
+        options = resource_options(:password => password)
+        client.update_login_profile(options)
+        password
+      rescue Errors::NoSuchEntity => e
+        client.create_login_profile(options)
+        password
+      end
+
+      # Deletes the login profile for the specified user, which
+      # terminates the user's ability to access AWS services through
+      # the IAM login page.
+      #
+      # @note Deleting a user's login profile does not prevent a user
+      #   from accessing IAM through the command line interface or the
+      #   API. To prevent all user access you must also either make
+      #   the access key inactive or delete it. For more information
+      #   about making keys inactive or deleting them, see
+      #   {User#access_keys}.
+      #
+      def delete
+        client.delete_login_profile(resource_options)
+      end
+
+      # @return [Boolean] True if a login profile exists for the user.
+      def exists?
+        client.get_login_profile(resource_options)
+      rescue Errors::NoSuchEntity => e
+        false
+      else
+        true
+      end
+
+      populates_from(:get_login_profile, :create_login_profile) do |resp|
+        resp.login_profile if resp.login_profile.user_name == user.name
+      end
+
+      protected
+      def resource_identifiers
+        [[:user_name, user.name]]
+      end
+
+    end
+
+  end
+end

data/lib/aws/iam/mfa_device.rb

@@ -0,0 +1,52 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/model'
+
+module AWS
+  class IAM
+
+    class MFADevice
+
+      include Model
+
+      # @param [User] user The user the MFA device is associated with.
+      # @param [String] serial_number The MFA device's unique serial number.
+      def initialize user, serial_number, options = {}
+        @user = user
+        @serial_number = serial_number
+        super
+      end
+
+      # @return [User] Returns the MFA device's user.
+      attr_reader :user
+
+      # @return [String] Returns the MFA device's serial number
+      attr_reader :serial_number
+
+      # Deactivates the MFA device and removes it from association with the 
+      # user for which it was originally enabled.
+      # @return [nil]
+      def deactivate
+        client.deactivate_mfa_device({
+          :user_name => user.name, 
+          :serial_number => serial_number,
+        })
+        nil
+      end
+
+      alias_method :delete, :deactivate
+
+    end
+
+  end
+end

data/lib/aws/iam/mfa_device_collection.rb

@@ -0,0 +1,119 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/iam/collection'
+require 'aws/iam/mfa_device'
+
+module AWS
+  class IAM
+
+    # @attr_reader [User] user Returns the user that owns this collection.
+    class MFADeviceCollection
+
+      include Collection
+
+      # @param [User] user The user that owns this device collection.
+      def initialize user, options = {}
+        @user = user
+        super
+      end
+
+      # @return [User] Returns the user that this mfa device collection
+      #   belongs to.
+      attr_reader :user
+
+      # Enables an MFA device for this user.
+      # @param [String] serial_number The serial number that uniquely 
+      #   identifies the MFA device
+      # @param [String] authentication_code_1 An authentication code emitted 
+      #   by the device.
+      # @param [String] authentication_code_2 A subsequent authentication 
+      #   code emitted by the device.
+      # @return [MFADevice] Returns the newly enabled MFA device.
+      def enable serial_number, authentication_code_1, authentication_code_2
+        client.enable_mfa_device({
+          :user_name => user.name,
+          :serial_number => serial_number,
+          :authentication_code_1 => authentication_code_1.to_s,
+          :authentication_code_2 => authentication_code_2.to_s,
+        })
+        self[serial_number]
+      end
+
+      alias_method :create, :enable
+
+      # @param [String] serial_number The serial number of the MFA device you
+      #   want to disable.
+      # @return [nil]
+      def disable serial_number
+        self[serial_number].disable
+        nil
+      end
+
+      # @param [String] serial_number The serial number of an MFA device.
+      # @return [MFADevice] Returns a reference to an MFA device with the
+      #   given serial number.
+      def [] serial_number
+        MFADevice.new(user, serial_number)
+      end
+
+      # Deletes all of the MFA devices in this collection.
+      # @return [nil]
+      def clear
+        each do |device| 
+          device.delete
+        end
+        nil
+      end
+
+      # Yields once for each MFA device.  
+      #
+      # You can limit the number of devices yielded using +:limit+.
+      #
+      # @param [Hash] options
+      # @option options [Integer] :limit The maximum number of devices to yield.
+      # @option options [Integer] :batch_size The maximum number of devices 
+      #   receive each service reqeust.
+      # @yieldparam [User] user 
+      # @return [nil]
+      def each options = {}, &block
+        super(options.merge(:user_name => user.name), &block)
+      end
+
+      # Returns an enumerable object for this collection.  This can be
+      # useful if you want to call an enumerable method that does
+      # not accept options (e.g. +collect+, +first+, etc).
+      #
+      #   mfa_devices.enumerator(:limit => 10).collect(&:serial_number)
+      #
+      # @param (see #each)
+      # @option (see #each)
+      # @return [Enumerator]
+      def enumerator options = {}
+        super(options)
+      end
+
+      # @private
+      protected
+      def each_item response, &block
+        response.mfa_devices.each do |item|
+
+          mfa_device = MFADevice.new(user, item.serial_number)
+
+          yield(mfa_device)
+
+        end
+      end
+
+    end
+  end
+end