fog--fog/lib/fog/aws/iam.rb

require File.expand_path(File.join(File.dirname(__FILE__), '..', 'aws'))

module Fog
  module AWS
    class IAM < Fog::Service

      class EntityAlreadyExists < Fog::AWS::IAM::Error; end
      class KeyPairMismatch < Fog::AWS::IAM::Error; end
      class LimitExceeded < Fog::AWS::IAM::Error; end
      class MalformedCertificate < Fog::AWS::IAM::Error; end
      class ValidationError < Fog::AWS::IAM::Error; end

      requires :aws_access_key_id, :aws_secret_access_key
      recognizes :host, :path, :port, :scheme, :persistent

      request_path 'fog/aws/requests/iam'
      request :add_user_to_group
      request :create_access_key
      request :create_account_alias
      request :create_group
      request :create_login_profile
      request :create_user
      request :delete_access_key
      request :delete_account_alias
      request :delete_group
      request :delete_group_policy
      request :delete_login_profile
      request :delete_server_certificate
      request :delete_signing_certificate
      request :delete_user
      request :delete_user_policy
      request :get_group
      request :get_group_policy
      request :get_login_profile
      request :get_server_certificate
      request :get_user
      request :get_user_policy
      request :list_access_keys
      request :list_account_aliases
      request :list_group_policies
      request :list_groups
      request :list_groups_for_user
      request :list_server_certificates
      request :list_signing_certificates
      request :list_user_policies
      request :list_users
      request :put_group_policy
      request :put_user_policy
      request :remove_user_from_group
      request :update_access_key
      request :update_group
      request :update_login_profile
      request :update_server_certificate
      request :update_signing_certificate
      request :update_user
      request :upload_server_certificate
      request :upload_signing_certificate

      class Mock
        def self.data
          @data ||= Hash.new do |hash, key|
            hash[key] = {
              :owner_id => Fog::AWS::Mock.owner_id,
              :server_certificates => {}
            }
          end
        end

        def self.reset
          @data = nil
        end

        def self.server_certificate_id
          Fog::Mock.random_hex(16)
        end

        def initialize(options={})
          @aws_access_key_id = options[:aws_access_key_id]
        end

        def data
          self.class.data[@aws_access_key_id]
        end

        def reset_data
          self.class.data.delete(@aws_access_key_id)
        end
      end

      class Real

        # Initialize connection to IAM
        #
        # ==== Notes
        # options parameter must include values for :aws_access_key_id and
        # :aws_secret_access_key in order to create a connection
        #
        # ==== Examples
        #   iam = IAM.new(
        #    :aws_access_key_id => your_aws_access_key_id,
        #    :aws_secret_access_key => your_aws_secret_access_key
        #   )
        #
        # ==== Parameters
        # * options<~Hash> - config arguments for connection.  Defaults to {}.
        #
        # ==== Returns
        # * IAM object with connection to AWS.
        def initialize(options={})
          require 'fog/core/parser'
          require 'multi_json'

          @aws_access_key_id      = options[:aws_access_key_id]
          @aws_secret_access_key  = options[:aws_secret_access_key]
          @connection_options     = options[:connection_options] || {}
          @hmac       = Fog::HMAC.new('sha256', @aws_secret_access_key)
          @host       = options[:host]        || 'iam.amazonaws.com'
          @path       = options[:path]        || '/'
          @persistent = options[:persistent]  || false
          @port       = options[:port]        || 443
          @scheme     = options[:scheme]      || 'https'
          @connection = Fog::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)
        end

        def reload
          @connection.reset
        end

        private

        def request(params)
          idempotent  = params.delete(:idempotent)
          parser      = params.delete(:parser)

          body = Fog::AWS.signed_params(
            params,
            {
              :aws_access_key_id  => @aws_access_key_id,
              :hmac               => @hmac,
              :host               => @host,
              :path               => @path,
              :port               => @port,
              :version            => '2010-05-08'
            }
          )

          begin
            response = @connection.request({
              :body       => body,
              :expects    => 200,
              :idempotent => idempotent,
              :headers    => { 'Content-Type' => 'application/x-www-form-urlencoded' },
              :host       => @host,
              :method     => 'POST',
              :parser     => parser
            })

            response
          rescue Excon::Errors::HTTPStatusError => error
            if match = error.message.match(/<Code>(.*)<\/Code>(?:.*<Message>(.*)<\/Message>)?/m)
              case match[1]
              when 'CertificateNotFound', 'NoSuchEntity'
                raise Fog::AWS::IAM::NotFound.slurp(error, match[2])
              when 'EntityAlreadyExists', 'KeyPairMismatch', 'LimitExceeded', 'MalformedCertificate', 'ValidationError'
                raise Fog::AWS::IAM.const_get(match[1]).slurp(error, match[2])
              else
                raise Fog::AWS::IAM::Error.slurp(error, "#{match[1]} => #{match[2]}") if match[1]
                raise
              end
            else
              raise
            end
          end


        end

      end
    end
  end
end
[core] work toward separate requires Should facilitate the following: require 'fog/aws' require 'fog/compute' require 'fog/aws/compute' I think once you `require 'rubygems'` those should work. further cleanup should reduce common requires (ie nokogiri) 2011-08-31 16:52:53 -04:00			`require File.expand_path(File.join(File.dirname(__FILE__), '..', 'aws'))`

[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`module Fog`
			`module AWS`
			`class IAM < Fog::Service`

[aws\|iam] add error handling for common failures resulting from upload_server_certificate 2011-07-18 18:01:44 -04:00			`class EntityAlreadyExists < Fog::AWS::IAM::Error; end`
			`class KeyPairMismatch < Fog::AWS::IAM::Error; end`
			`class LimitExceeded < Fog::AWS::IAM::Error; end`
			`class MalformedCertificate < Fog::AWS::IAM::Error; end`
[aws\|iam] raise correct ValidationError when an empty cert or key is used 2011-07-20 19:04:31 -04:00			`class ValidationError < Fog::AWS::IAM::Error; end`
[aws\|iam] add error handling for common failures resulting from upload_server_certificate 2011-07-18 18:01:44 -04:00
[core] fix/cleanup requires/recognizes for service closes #113 2010-12-16 18:31:24 -05:00			`requires :aws_access_key_id, :aws_secret_access_key`
			`recognizes :host, :path, :port, :scheme, :persistent`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00
			`request_path 'fog/aws/requests/iam'`
[aws\|iam] fleshing out more parts towarda complete workflow 2010-11-09 20:47:35 -05:00			`request :add_user_to_group`
[aws\|iam] adding access key create/delete 2010-11-16 19:31:38 -05:00			`request :create_access_key`
[AWS IAM] Added Alias related functionality to IAM. Also added get_group_policy. 2011-07-12 11:58:37 -04:00			`request :create_account_alias`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`request :create_group`
[aws\|iam] add support for manipulating login profiles 2011-03-13 14:23:43 -04:00			`request :create_login_profile`
[aws\|iam] add missing update_server_certificate request 2011-08-17 10:38:05 -04:00			`request :create_user`
[aws\|iam] adding access key create/delete 2010-11-16 19:31:38 -05:00			`request :delete_access_key`
[AWS IAM] Added Alias related functionality to IAM. Also added get_group_policy. 2011-07-12 11:58:37 -04:00			`request :delete_account_alias`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`request :delete_group`
[aws\|iam] fleshing out more parts towarda complete workflow 2010-11-09 20:47:35 -05:00			`request :delete_group_policy`
[aws\|iam] add support for manipulating login profiles 2011-03-13 14:23:43 -04:00			`request :delete_login_profile`
[aws\|iam] Add uploading/deleting server certificates 2011-02-28 18:04:29 -05:00			`request :delete_server_certificate`
Added IAM signing certificate support 2011-01-27 21:11:15 -05:00			`request :delete_signing_certificate`
[aws\|iam] fleshing out more parts towarda complete workflow 2010-11-09 20:47:35 -05:00			`request :delete_user`
[aws\|iam] user policy requests/tests 2010-11-17 15:04:49 -05:00			`request :delete_user_policy`
Added url reference for update_user parser. Added get_group to IAM. Note: The excon response is not properly adding the Arn to the Users because both the group and user have an element named 'arn'. I'm not sure how to handle this. 2011-02-23 11:50:38 -05:00			`request :get_group`
[AWS IAM] Added Alias related functionality to IAM. Also added get_group_policy. 2011-07-12 11:58:37 -04:00			`request :get_group_policy`
[aws\|iam] add missing update_server_certificate request 2011-08-17 10:38:05 -04:00			`request :get_login_profile`
[aws\|iam] add get_server_certificate request 2011-07-18 20:04:40 -04:00			`request :get_server_certificate`
[aws\|iam] add missing update_server_certificate request 2011-08-17 10:38:05 -04:00			`request :get_user`
			`request :get_user_policy`
[aws\|iam] fleshing out iam requests/tests 2010-11-17 13:29:58 -05:00			`request :list_access_keys`
[AWS IAM] Added Alias related functionality to IAM. Also added get_group_policy. 2011-07-12 11:58:37 -04:00			`request :list_account_aliases`
[aws\|iam] add missing update_server_certificate request 2011-08-17 10:38:05 -04:00			`request :list_group_policies`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`request :list_groups`
Added ListGroupsForUser support to Fog::AWS::IAM 2011-01-28 20:43:56 -05:00			`request :list_groups_for_user`
[aws\|iam] Add list_server_certificates request 2011-05-07 14:59:30 -04:00			`request :list_server_certificates`
Added IAM signing certificate support 2011-01-27 21:11:15 -05:00			`request :list_signing_certificates`
[aws\|iam] user policy requests/tests 2010-11-17 15:04:49 -05:00			`request :list_user_policies`
[aws\|iam] fleshing out iam requests/tests 2010-11-17 13:29:58 -05:00			`request :list_users`
[aws\|iam] fleshing out more parts towarda complete workflow 2010-11-09 20:47:35 -05:00			`request :put_group_policy`
[aws\|iam] user policy requests/tests 2010-11-17 15:04:49 -05:00			`request :put_user_policy`
[aws\|iam] fleshing out more parts towarda complete workflow 2010-11-09 20:47:35 -05:00			`request :remove_user_from_group`
[aws\|iam] add update_access_key request/tests 2010-11-17 16:08:48 -05:00			`request :update_access_key`
[aws\|iam] added update group requests and parsers 2011-02-24 11:00:35 -05:00			`request :update_group`
[aws\|iam] add support for manipulating login profiles 2011-03-13 14:23:43 -04:00			`request :update_login_profile`
[aws\|iam] add missing update_server_certificate request 2011-08-17 10:38:05 -04:00			`request :update_server_certificate`
[aws\|iam] added update signing certificate support 2011-02-24 11:00:35 -05:00			`request :update_signing_certificate`
[aws\|iam] add missing update_server_certificate request 2011-08-17 10:38:05 -04:00			`request :update_user`
[aws\|iam] Add uploading/deleting server certificates 2011-02-28 18:04:29 -05:00			`request :upload_server_certificate`
Added IAM signing certificate support 2011-01-27 21:11:15 -05:00			`request :upload_signing_certificate`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00
			`class Mock`
Remove pending on iam/server_certificate_tests. Start the mocking. 2011-07-06 17:23:41 -04:00			`def self.data`
			`@data \|\|= Hash.new do \|hash, key\|`
			`hash[key] = {`
			`:owner_id => Fog::AWS::Mock.owner_id,`
			`:server_certificates => {}`
			`}`
			`end`
			`end`

			`def self.reset`
			`@data = nil`
			`end`

			`def self.server_certificate_id`
			`Fog::Mock.random_hex(16)`
			`end`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00
			`def initialize(options={})`
Remove pending on iam/server_certificate_tests. Start the mocking. 2011-07-06 17:23:41 -04:00			`@aws_access_key_id = options[:aws_access_key_id]`
			`end`

			`def data`
			`self.class.data[@aws_access_key_id]`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`end`

Remove pending on iam/server_certificate_tests. Start the mocking. 2011-07-06 17:23:41 -04:00			`def reset_data`
			`self.class.data.delete(@aws_access_key_id)`
			`end`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`end`

			`class Real`

			`# Initialize connection to IAM`
			`#`
			`# ==== Notes`
			`# options parameter must include values for :aws_access_key_id and`
			`# :aws_secret_access_key in order to create a connection`
			`#`
			`# ==== Examples`
			`# iam = IAM.new(`
			`# :aws_access_key_id => your_aws_access_key_id,`
			`# :aws_secret_access_key => your_aws_secret_access_key`
			`# )`
			`#`
			`# ==== Parameters`
			`# * options<~Hash> - config arguments for connection. Defaults to {}.`
			`#`
			`# ==== Returns`
			`# * IAM object with connection to AWS.`
			`def initialize(options={})`
defer requiring nokogiri 2011-02-16 20:25:50 -05:00			`require 'fog/core/parser'`
Use multi_json gem 2011-07-15 22:34:16 -04:00			`require 'multi_json'`
defer requiring nokogiri 2011-02-16 20:25:50 -05:00
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`@aws_access_key_id = options[:aws_access_key_id]`
			`@aws_secret_access_key = options[:aws_secret_access_key]`
[core] pass connection_options through service init closes #411 2011-09-12 11:01:48 -04:00			`@connection_options = options[:connection_options] \|\| {}`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)`
[core] pass connection_options through service init closes #411 2011-09-12 11:01:48 -04:00			`@host = options[:host] \|\| 'iam.amazonaws.com'`
			`@path = options[:path] \|\| '/'`
			`@persistent = options[:persistent] \|\| false`
			`@port = options[:port] \|\| 443`
			`@scheme = options[:scheme] \|\| 'https'`
			`@connection = Fog::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`end`

			`def reload`
			`@connection.reset`
			`end`

			`private`

			`def request(params)`
			`idempotent = params.delete(:idempotent)`
			`parser = params.delete(:parser)`

[compute\|aws] fix helpers to use Fog::AWS 2011-06-20 16:49:37 -04:00			`body = Fog::AWS.signed_params(`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`params,`
			`{`
			`:aws_access_key_id => @aws_access_key_id,`
			`:hmac => @hmac,`
			`:host => @host,`
			`:path => @path,`
[aws] include port in host to sign bumps excon to version that includes port in host by default closes #122 2010-12-23 16:54:02 -05:00			`:port => @port,`
[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`:version => '2010-05-08'`
			`}`
			`)`

[aws\|iam] add error handling for common failures resulting from upload_server_certificate 2011-07-18 18:01:44 -04:00			`begin`
			`response = @connection.request({`
			`:body => body,`
			`:expects => 200,`
			`:idempotent => idempotent,`
			`:headers => { 'Content-Type' => 'application/x-www-form-urlencoded' },`
			`:host => @host,`
			`:method => 'POST',`
			`:parser => parser`
			`})`

			`response`
			`rescue Excon::Errors::HTTPStatusError => error`
			`if match = error.message.match(/<Code>(.)<\/Code>(?:.<Message>(.*)<\/Message>)?/m)`
			`case match[1]`
[aws\|iam] add get_server_certificate request 2011-07-18 20:04:40 -04:00			`when 'CertificateNotFound', 'NoSuchEntity'`
[aws\|iam] add error handling for common failures resulting from upload_server_certificate 2011-07-18 18:01:44 -04:00			`raise Fog::AWS::IAM::NotFound.slurp(error, match[2])`
[aws\|iam] Simplify error handling code for errors with custom classes 2011-07-20 19:08:51 -04:00			`when 'EntityAlreadyExists', 'KeyPairMismatch', 'LimitExceeded', 'MalformedCertificate', 'ValidationError'`
			`raise Fog::AWS::IAM.const_get(match[1]).slurp(error, match[2])`
[aws\|iam] add error handling for common failures resulting from upload_server_certificate 2011-07-18 18:01:44 -04:00			`else`
			`raise Fog::AWS::IAM::Error.slurp(error, "#{match[1]} => #{match[2]}") if match[1]`
			`raise`
			`end`
			`else`
			`raise`
			`end`
			`end`


[aws\|iam] first pass at basics 2010-10-28 20:50:46 -04:00			`end`

			`end`
			`end`
			`end`
			`end`