right_aws 2.0.0 → 2.1.0

data/lib/iam/right_iam_interface.rb

@@ -0,0 +1,341 @@
+#
+# Copyright (c) 2007-2010 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+module RightAws
+
+  # = RightAWS::Iam -- RightScale AWS Identity and Access Management (IAM) interface
+  #
+  # The RightAws::Iam class provides a complete interface to Amazon's Identity and
+  # Access Management service.
+  #
+  # For explanations of the semantics of each call, please refer to Amazon's documentation at
+  # http://aws.amazon.com/documentation/iam/
+  #
+  # Examples:
+  #
+  # Create an EC2 interface handle:
+  #
+  #   iam = RightAws::IamInterface.new(aws_access_key_id, aws_secret_access_key)
+  #   iam.list_access_keys
+  #   iam.list_users
+  #   iam.list_groups
+  #
+  class IamInterface < RightAwsBase
+    include RightAwsBaseInterface
+
+    API_VERSION       = "2010-05-08"
+    DEFAULT_HOST      = "iam.amazonaws.com"
+    DEFAULT_PATH      = '/'
+    DEFAULT_PROTOCOL  = 'https'
+    DEFAULT_PORT      = 443
+
+    @@bench = AwsBenchmarkingBlock.new
+    def self.bench_xml
+      @@bench.xml
+    end
+    def self.bench_service
+      @@bench.service
+    end
+
+    # Create a new handle to an IAM account. All handles share the same per process or per thread
+    # HTTP connection to Amazon IAM. Each handle is for a specific account. The params have the
+    # following options:
+    # * <tt>:endpoint_url</tt> a fully qualified url to Amazon API endpoint (this overwrites: :server, :port, :service, :protocol). 
+    # * <tt>:server</tt>: IAM service host, default: DEFAULT_HOST
+    # * <tt>:port</tt>: IAM service port, default: DEFAULT_PORT
+    # * <tt>:protocol</tt>: 'http' or 'https', default: DEFAULT_PROTOCOL
+    # * <tt>:logger</tt>: for log messages, default: RAILS_DEFAULT_LOGGER else STDOUT
+    # * <tt>:signature_version</tt>:  The signature version : '0','1' or '2'(default)
+    # * <tt>:cache</tt>: true/false(default): caching works for: describe_load_balancers
+    #
+    def initialize(aws_access_key_id=nil, aws_secret_access_key=nil, params={})
+      init({ :name                => 'IAM',
+             :default_host        => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).host   : DEFAULT_HOST,
+             :default_port        => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).port   : DEFAULT_PORT,
+             :default_service     => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).path   : DEFAULT_PATH,
+             :default_protocol    => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).scheme : DEFAULT_PROTOCOL,
+             :default_api_version => ENV['IAM_API_VERSION'] || API_VERSION },
+           aws_access_key_id    || ENV['AWS_ACCESS_KEY_ID'] ,
+           aws_secret_access_key|| ENV['AWS_SECRET_ACCESS_KEY'],
+           params)
+    end
+
+    def generate_request(action, params={}) #:nodoc:
+      generate_request_impl(:get, action, params )
+    end
+
+    # Sends request to Amazon and parses the response
+    # Raises AwsError if any banana happened
+    def request_info(request, parser)  #:nodoc:
+      request_info_impl(:iam_connection, @@bench, request, parser)
+    end
+
+    # Options: :parser, :except, :items
+    #
+    def incrementally_list_iam_resources(api_function, params={}, options={},  &block) #:nodoc:
+      items        = options[:items] || :items
+      result       = { items => [] }
+      parser       = options[:parser] || "RightAws::IamInterface::#{api_function}Parser".right_constantize
+      request_hash = {}
+      params.each { |key,value| request_hash[key.to_s.right_camelize] = value unless value.right_blank? }
+      incrementally_list_items(api_function, parser, request_hash) do |response|
+        if result[items].right_blank?
+          result = response
+        else
+          result[items] += response[items]
+        end
+        block ? block.call(response) : true
+      end
+      if options[:except]
+        Array(options[:except]).each{ |key| result.delete(key)}
+        result
+      else
+        result[items]
+      end
+    end
+    
+    #-----------------------------------------------------------------
+    #      Server Certificates
+    #-----------------------------------------------------------------
+
+    # Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.
+    #
+    # Options: :path_prefix, :max_items, :marker
+    #
+    #  iam.list_server_certificates #=>
+    #    {:server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
+    #     :server_certificate_name=>"KdCert1",
+    #     :upload_date=>"2010-12-09T13:21:07.226Z",
+    #     :path=>"/kdcert/",
+    #     :arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}
+    #
+    def list_server_certificates(options={}, &block)
+      incrementally_list_iam_resources('ListServerCertificates', options, &block)
+    end
+
+    # Uploads a server certificate entity for the AWS Account. The server certificate
+    # entity includes a public key certificate, a private key, and an optional certificate
+    # chain, which should all be PEM-encoded.
+    #
+    # Options: :certificate_chain, :path
+    #
+    #  certificate_body =<<-EOB
+    #  -----BEGIN CERTIFICATE-----
+    #  MIICdzCCAeCgAwIBAgIGANc+Ha2wMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
+    #  AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
+    #  GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wOTAyMDQxNzE5MjdaFw0xMDAy
+    #  AEaHzTpmEXAMPLE=
+    #  EOB
+    #
+    #  private_key =<<EOK
+    #  -----BEGIN DSA PRIVATE KEY-----
+    #  MIIBugIBTTKBgQD33xToSXPJ6hr37L3+KNi3/7DgywlBcvlFPPSHIw3ORuO/22mT
+    #  8Cy5fT89WwNvZ3BPKWU6OZ38TQv3eWjNc/3U3+oqVNG2poX5nCPOtO1b96HYX2mR
+    #  62TITdw53KWJEXAMPLE=
+    #  EOK
+    #
+    #  iam.upload_server_certificate('KdCert1', certificate_body, private_key, :path=>'/kdcert/') #=>
+    #    {:server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
+    #     :server_certificate_name=>"KdCert1",
+    #     :upload_date=>"2010-12-09T13:21:07.226Z",
+    #     :path=>"/kdcert/",
+    #     :arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}
+    #
+    def upload_server_certificate(server_certificate_name, certificate_body, private_key, options={})
+      request_hash = { 'CertificateBody'       => certificate_body,
+                       'PrivateKey'            => private_key,
+                       'ServerCertificateName' => server_certificate_name }
+      request_hash['CertificateChain'] = options[:certificate_chain] unless options[:certificate_chain].right_blank?
+      request_hash['Path']             = options[:path]              unless options[:path].right_blank?
+      link = generate_request_impl(:post, "UploadServerCertificate", request_hash)
+      request_info(link, GetServerCertificateParser.new(:logger => @logger))
+    end
+    
+    # Updates the name and/or the path of the specified server certificate.
+    #
+    # Options: :new_server_certificate_name, :new_path
+    #
+    #  iam.update_server_certificate('ProdServerCert', :new_server_certificate_name => 'OldServerCert') #=> true
+    #
+    def update_server_certificate(server_certificate_name, options={})
+      request_hash = { 'ServerCertificateName' => server_certificate_name}
+      request_hash['NewServerCertificateName'] = options[:new_server_certificate_name] unless options[:new_server_certificate_name].right_blank?
+      request_hash['NewPath']                  = options[:new_path]                    unless options[:new_path].right_blank?
+      link = generate_request("UpdateServerCertificate", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    # Retrieves information about the specified server certificate.
+    #
+    #  iam.get_server_certificate('KdCert1')
+    #    {:certificate_body=>
+    #      "-----BEGIN CERTIFICATE-----\nMIICATC...TiU5TibMpD1g==\n-----END CERTIFICATE-----",
+    #     :server_certificate_id=>"ASCDJN5K5HRGS1N2UJWWU",
+    #     :server_certificate_name=>"KdCert1",
+    #     :upload_date=>"2010-12-09T13:21:07Z",
+    #     :path=>"/kdcert/",
+    #     :certificate_chain=>"",
+    #     :arn=>"arn:aws:iam::600000000007:server-certificate/kdcert/KdCert1"}
+    #
+    def get_server_certificate(server_certificate_name)
+      request_hash = { 'ServerCertificateName' => server_certificate_name}
+      link = generate_request("GetServerCertificate", request_hash)
+      request_info(link, GetServerCertificateParser.new(:logger => @logger))
+    end
+
+    # Deletes the specified server certificate
+    #
+    #  iam.delete_server_certificate('ProdServerCert') #=> true
+    #
+    def delete_server_certificate(server_certificate_name)
+      request_hash = { 'ServerCertificateName' => server_certificate_name }
+      link = generate_request("DeleteServerCertificate", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    #-----------------------------------------------------------------
+    #      Signing Certificates
+    #-----------------------------------------------------------------
+
+    # Returns information about the signing certificates associated with the specified User.
+    # 
+    # Options: :user_name, :max_items, :marker
+    #
+    # iam.list_signing_certificates #=>
+    #    [{:upload_date      => "2007-08-11T06:48:35Z",
+    #      :status           => "Active",
+    #      :certificate_id   => "00000000000000000000000000000000",
+    #      :certificate_body => "-----BEGIN CERTIFICATE-----\nMIICd...PPHQ=\n-----END CERTIFICATE-----\n"}]
+    #
+    def list_signing_certificates(options={}, &block)
+      incrementally_list_iam_resources('ListSigningCertificates', options, &block)
+    end
+
+    # Uploads an X.509 signing certificate and associates it with the specified User.
+    #
+    # Options: :user_name
+    #
+    #  certificate_body =<<-EOB
+    #  -----BEGIN CERTIFICATE-----
+    #  MIICdzCCAeCgAwIBAgIGANc+Ha2wMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
+    #  AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
+    #  GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wOTAyMDQxNzE5MjdaFw0xMDAy
+    #  AEaHzTpmEXAMPLE=
+    #  EOB
+    #
+    #  iam.upload_signing_certificate(certificate_body, :user_name => 'kd1') #=>
+    #    {:user_name        => "kd1",
+    #     :certificate_id   => "OBG00000000000000000000000000DHY",
+    #     :status           => "Active",
+    #     :certificate_body => "-----BEGIN CERTIFICATE-----\nMII...5GS\n-----END CERTIFICATE-----\n",
+    #     :upload_date      => "2010-10-29T10:02:05.929Z"}
+    #
+    def upload_signing_certificate(certificate_body, options={})
+      request_hash = { 'CertificateBody' => certificate_body }
+      request_hash['UserName'] = options[:user_name] unless options[:user_name].right_blank?
+      link = generate_request_impl(:post, "UploadSigningCertificate", request_hash)
+      request_info(link, GetSigningCertificateParser.new(:logger => @logger))
+    end
+
+    # Deletes the specified signing certificate associated with the specified User.
+    #
+    # Options: :user_name
+    #
+    #  pp iam.delete_signing_certificate('OB0000000000000000000000000000HY', :user_name => 'kd1')
+    #
+    def delete_signing_certificate(certificate_id, options={})
+      request_hash = { 'CertificateId' => certificate_id }
+      request_hash['UserName'] = options[:user_name] unless options[:user_name].right_blank?
+      link = generate_request("DeleteSigningCertificate", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    #-----------------------------------------------------------------
+    #      PARSERS:
+    #-----------------------------------------------------------------
+
+    class BasicIamParser < RightAWSParser #:nodoc:
+      def tagstart(name, attributes)
+        @result ||= {}
+      end
+      def tagend(name)
+        if Array(@expected_tags).include?(name)
+          @result[name.right_underscore.to_sym] = @text
+        end
+      end
+    end
+
+    class BasicIamListParser < RightAWSParser #:nodoc:
+      def tagstart(name, attributes)
+        @result ||= { :items => [] }
+        @item     = {} if name == (@items_splitter || 'member')
+      end
+      def tagend(name)
+        case name
+        when 'Marker'      then @result[:marker]       = @text
+        when 'IsTruncated' then @result[:is_truncated] = @text == 'true'
+        when (@items_splitter || 'member')
+          @result[:items] << (@item.right_blank? ? @text : @item)
+        else
+          if Array(@expected_tags).include?(name)
+            @item[name.right_underscore.to_sym] = @text
+          end
+        end
+      end
+    end
+
+    #-----------------------------------------------------------------
+    #      Server Certificates
+    #-----------------------------------------------------------------
+
+    class GetServerCertificateParser < BasicIamParser #:nodoc:
+      def reset
+        @expected_tags = %w{ Arn Path ServerCertificateId ServerCertificateName UploadDate CertificateBody CertificateChain }
+      end
+    end
+
+    class ListServerCertificatesParser < BasicIamListParser #:nodoc:
+      def reset
+        @expected_tags = %w{ Arn Path ServerCertificateId ServerCertificateName UploadDate }
+      end
+    end
+
+    #-----------------------------------------------------------------
+    #      Signing Certificates
+    #-----------------------------------------------------------------
+
+    class ListSigningCertificatesParser < BasicIamListParser #:nodoc:
+      def reset
+        @expected_tags = %w{ CertificateBody CertificateId Status UploadDate UserName }
+      end
+    end
+
+    class GetSigningCertificateParser < BasicIamParser #:nodoc:
+      def reset
+        @expected_tags = %w{ CertificateBody CertificateId Status UploadDate UserName }
+      end
+    end
+
+  end
+
+end

data/lib/iam/right_iam_mfa_devices.rb

@@ -0,0 +1,67 @@
+module RightAws
+
+  class IamInterface < RightAwsBase
+
+    #-----------------------------------------------------------------
+    #      MFADevices
+    #-----------------------------------------------------------------
+
+    # Lists the MFA devices associated with the specified User name.
+    #
+    # Options: :user_name, :max_items, :marker
+    #
+    def list_mfa_devices(options={}, &block)
+      incrementally_list_iam_resources('ListMFADevices', options, &block)
+    end
+
+    # Enables the specified MFA device and associates it with the specified User name.
+    # Once enabled, the MFA device is required for every subsequent login by the User name associated with the device.
+    #
+    #  iam.enable_mfa_device('kd1', 'x12345', '12345', '67890') #=> true
+    #
+    def enable_mfa_device(user_name, serial_number, auth_code1, auth_code2)
+      request_hash = { 'UserName'            => user_name,
+                       'SerialNumber'        => serial_number,
+                       'AuthenticationCode1' => auth_code1,
+                       'AuthenticationCode2' => auth_code2 }
+      link = generate_request("EnableMFADevice", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    # Synchronizes the specified MFA device with AWS servers.
+    #
+    #  iam.resync_mfa_device('kd1', 'x12345', '12345', '67890') #=> true
+    #
+    def resync_mfa_device(user_name, serial_number, auth_code1, auth_code2)
+      request_hash = { 'UserName'            => user_name,
+                       'SerialNumber'        => serial_number,
+                       'AuthenticationCode1' => auth_code1,
+                       'AuthenticationCode2' => auth_code2 }
+      link = generate_request("ResyncMFADevice", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    # Deactivates the specified MFA device and removes it from association with the User name for which it was originally enabled.
+    #
+    #  deactivate_mfa_device('kd1', 'dev1234567890') #=> true
+    #
+    def deactivate_mfa_device(user_name, serial_number)
+      request_hash = { 'UserName'     => user_name,
+                       'SerialNumber' => serial_number }
+      link = generate_request("DeactivateMFADevice", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    #-----------------------------------------------------------------
+    #      PARSERS
+    #-----------------------------------------------------------------
+
+    class ListMFADevicesParser < BasicIamListParser #:nodoc:
+      def reset
+        @expected_tags = %w{ SerialNumber UserName }
+      end
+    end
+
+  end
+
+end

data/lib/iam/right_iam_users.rb

@@ -0,0 +1,251 @@
+module RightAws
+
+  class IamInterface < RightAwsBase
+
+    #-----------------------------------------------------------------
+    #      Users
+    #-----------------------------------------------------------------
+
+    # Lists the Users that have the specified path prefix.
+    #
+    # Options: :path_prefix, :max_items, :marker
+    #
+    #  iam.list_users #=>
+    #    [{:user_name=>"kd",
+    #      :user_id=>"AI000000000000000006A",
+    #      :arn=>"arn:aws:iam::640000000037:user/kd",
+    #      :path=>"/"}]
+    #
+    def list_users(options={}, &block)
+      incrementally_list_iam_resources('ListUsers', options, &block)
+    end
+
+    # Creates a new User for your AWS Account.
+    #
+    # Options: :path
+    #
+    #  iam.create_user('kd') #=>
+    #    {:user_name=>"kd",
+    #     :user_id=>"AI000000000000000006A",
+    #     :arn=>"arn:aws:iam::640000000037:user/kd",
+    #     :path=>"/"}
+    #
+    def create_user(user_name, options={})
+      request_hash = { 'UserName' => user_name }
+      request_hash['Path'] = options[:path] unless options[:path]
+      link = generate_request("CreateUser", request_hash)
+      request_info(link, GetUserParser.new(:logger => @logger))
+    end
+
+    # Updates the name and/or the path of the specified User.
+    #
+    #  iam.update_user('kd1', :new_user_name => 'kd1', :new_path => '/kd1/') #=> true
+    #
+    def update_user(user_name, options={})
+      request_hash = { 'UserName' => user_name}
+      request_hash['NewUserName'] = options[:new_user_name] unless options[:new_user_name].right_blank?
+      request_hash['NewPath']     = options[:new_path]       unless options[:new_path].right_blank?
+      link = generate_request("UpdateUser", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    # Retrieves information about the specified User, including the User's path, GUID, and ARN.
+    #
+    #  iam.get_user('kd') #=>
+    #    {:user_name=>"kd",
+    #     :user_id=>"AI000000000000000006A",
+    #     :arn=>"arn:aws:iam::640000000037:user/kd",
+    #     :path=>"/"}
+    #
+    def get_user(user_name)
+      request_hash = { 'UserName' => user_name }
+      link = generate_request("GetUser", request_hash)
+      request_info(link, GetUserParser.new(:logger => @logger))
+    end
+
+    # Deletes the specified User. The User must not belong to any groups, have any keys or signing certificates, or have any attached policies.
+    #
+    #  iam.delete_user('kd') #=> true
+    #
+    def delete_user(user_name)
+      request_hash = { 'UserName' => user_name }
+      link = generate_request("DeleteUser", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    #-----------------------------------------------------------------
+    #      User Policies
+    #-----------------------------------------------------------------
+
+    # Lists the names of the policies associated with the specified User.
+    #
+    # Options: :max_items, :marker
+    #
+    #  iam.list_user_policies('kd') #=> ["kd_user_policy_1"]
+    #
+    def list_user_policies(user_name, options={}, &block)
+      options[:user_name] = user_name
+      incrementally_list_iam_resources('ListUserPolicies', options, :parser => BasicIamListParser, &block)
+    end
+
+    # Adds (or updates) a policy document associated with the specified User
+    #
+    #  iam.put_user_policy('kd', 'kd_user_policy_1', %Q({"Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]})) #=> true
+    #
+    def put_user_policy(user_name, policy_name, policy_document)
+      request_hash = { 'UserName'       => user_name,
+                       'PolicyDocument' => policy_document,
+                       'PolicyName'     => policy_name }
+      link = generate_request_impl(:post, "PutUserPolicy", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    # Retrieves the specified policy document for the specified User.
+    #
+    #  iam.get_user_policy('kd','kd_user_policy_1') #=>
+    #    {:user_name=>"kd",
+    #     :policy_name=>"kd_user_policy_1",
+    #     :policy_document=>"{\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}]}"}
+    #
+    def get_user_policy(user_name, policy_name)
+      request_hash = { 'UserName'   => user_name,
+                       'PolicyName' => policy_name }
+      link = generate_request("GetUserPolicy", request_hash)
+      result = request_info(link, GetUserPolicyParser.new(:logger => @logger))
+      result[:policy_document] = URI::decode(result[:policy_document])
+      result
+    end
+
+    # Deletes the specified policy associated with the specified User.
+    #
+    #  iam.delete_user_policy('kd','kd_user_policy_1') #=> true
+    #
+    def delete_user_policy(user_name, policy_name)
+      request_hash = { 'UserName'   => user_name,
+                       'PolicyName' => policy_name }
+      link = generate_request("DeleteUserPolicy", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    #-----------------------------------------------------------------
+    #      User Groups
+    #-----------------------------------------------------------------
+
+    # Lists the names of the policies associated with the specified group. If there are none,
+    # the action returns an empty list.
+    #
+    # Options: :max_items, :marker
+    #
+    #  iam.list_groups_for_user('kd') #=>
+    #    [{:group_name=>"kd_test_1",
+    #      :group_id=>"AGP000000000000000UTY",
+    #      :arn=>"arn:aws:iam::640000000037:group/kd1/kd_test_1",
+    #      :path=>"/kd1/"}]
+    #
+    def list_groups_for_user(user_name, options={}, &block)
+      options[:user_name] = user_name
+      incrementally_list_iam_resources('ListGroupsForUser', options, :parser => ListGroupsParser, &block)
+    end
+
+    # Adds the specified User to the specified group.
+    #
+    #  iam.add_user_to_group('kd', 'kd_test_1') #=> true
+    #
+    def add_user_to_group(user_name, group_name)
+      request_hash = { 'UserName'  => user_name,
+                       'GroupName' => group_name }
+      link = generate_request("AddUserToGroup", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    # Removes the specified User from the specified group.
+    #
+    #  iam.remove_user_from_group('kd', 'kd_test_1') #=> true
+    #
+    def remove_user_from_group(user_name, group_name)
+      request_hash = { 'UserName'  => user_name,
+                       'GroupName' => group_name }
+      link = generate_request("RemoveUserFromGroup", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    #-----------------------------------------------------------------
+    #      User Login Profiles
+    #-----------------------------------------------------------------
+
+    # Creates a login profile for the specified User, giving the User the ability to access
+    # AWS services such as the AWS Management Console.
+    #
+    #  iam.create_login_profile('kd','q1w2e3r4t5') #=> { :user_name => 'kd' }
+    #
+    def create_login_profile(user_name, password)
+      request_hash = { 'UserName' => user_name,
+                       'Password' => password}
+      link = generate_request("CreateLoginProfile", request_hash)
+      request_info(link, GetLoginProfileParser.new(:logger => @logger))
+    end
+
+    # Updates the login profile for the specified User. Use this API to change the User's password.
+    #
+    #  update_login_profile('kd', '00000000') #=> true
+    #
+    def update_login_profile(user_name, options={})
+      request_hash = { 'UserName' => user_name}
+      request_hash['Password'] = options[:password] unless options[:passwrod].right_blank?
+      link = generate_request("UpdateLoginProfile", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    # Retrieves the login profile for the specified User
+    #
+    #  iam.create_login_profile('kd','q1w2e3r4t5') #=> { :user_name => 'kd' }
+    #
+    def get_login_profile(user_name)
+      request_hash = { 'UserName' => user_name }
+      link = generate_request("GetLoginProfile", request_hash)
+      request_info(link, GetLoginProfileParser.new(:logger => @logger))
+    end
+
+    # Deletes the login profile for the specified User, which terminates the User's ability to access
+    # AWS services through the IAM login page.
+    #
+    #  iam.delete_login_profile('kd') #=> true
+    #
+    def delete_login_profile(user_name)
+      request_hash = { 'UserName' => user_name }
+      link = generate_request("DeleteLoginProfile", request_hash)
+      request_info(link, RightHttp2xxParser.new(:logger => @logger))
+    end
+
+    #-----------------------------------------------------------------
+    #      PARSERS
+    #-----------------------------------------------------------------
+
+    class ListUsersParser < BasicIamListParser #:nodoc:
+      def reset
+        @expected_tags = %w{ Arn Path UserId UserName }
+      end
+    end
+
+    class GetUserParser < BasicIamParser #:nodoc:
+      def reset
+        @expected_tags = %w{ Arn Path UserId UserName }
+      end
+    end
+
+    class GetUserPolicyParser < BasicIamParser #:nodoc:
+      def reset
+        @expected_tags = %w{ PolicyDocument PolicyName UserName }
+      end
+    end
+
+    class GetLoginProfileParser < BasicIamParser #:nodoc:
+      def reset
+        @expected_tags = %w{ UserName }
+      end
+    end
+
+  end
+
+end
+