1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00
fog--fog/lib/fog/aws/iam.rb

230 lines
7.4 KiB
Ruby
Raw Normal View History

2012-05-15 14:54:20 -04:00
require 'fog/aws'
2010-10-28 20:50:46 -04:00
module Fog
module AWS
class IAM < Fog::Service
class EntityAlreadyExists < Fog::AWS::IAM::Error; end
class KeyPairMismatch < Fog::AWS::IAM::Error; end
class LimitExceeded < Fog::AWS::IAM::Error; end
class MalformedCertificate < Fog::AWS::IAM::Error; end
class ValidationError < Fog::AWS::IAM::Error; end
requires :aws_access_key_id, :aws_secret_access_key
2012-07-27 08:07:23 -04:00
recognizes :host, :path, :port, :scheme, :persistent, :instrumentor, :instrumentor_name
2010-10-28 20:50:46 -04:00
request_path 'fog/aws/requests/iam'
request :add_user_to_group
request :add_role_to_instance_profile
request :create_access_key
request :create_account_alias
2010-10-28 20:50:46 -04:00
request :create_group
request :create_instance_profile
request :create_login_profile
request :create_role
request :create_user
request :delete_access_key
request :delete_account_alias
2010-10-28 20:50:46 -04:00
request :delete_group
request :delete_group_policy
request :delete_instance_profile
request :delete_login_profile
request :delete_role
request :delete_role_policy
request :delete_server_certificate
2011-01-27 21:11:15 -05:00
request :delete_signing_certificate
request :delete_user
2010-11-17 15:04:49 -05:00
request :delete_user_policy
request :get_group
request :get_group_policy
request :get_instance_profile
request :get_role_policy
request :get_login_profile
request :get_server_certificate
request :get_role
request :get_user
request :get_user_policy
request :list_access_keys
request :list_account_aliases
request :list_group_policies
2010-10-28 20:50:46 -04:00
request :list_groups
request :list_groups_for_user
request :list_instance_profiles
request :list_instance_profiles_for_role
request :list_roles
request :list_role_policies
request :list_server_certificates
2011-01-27 21:11:15 -05:00
request :list_signing_certificates
2010-11-17 15:04:49 -05:00
request :list_user_policies
request :list_users
request :put_group_policy
request :put_role_policy
2010-11-17 15:04:49 -05:00
request :put_user_policy
request :remove_role_from_instance_profile
request :remove_user_from_group
request :update_access_key
request :update_group
request :update_login_profile
request :update_server_certificate
request :update_signing_certificate
request :update_user
request :upload_server_certificate
2011-01-27 21:11:15 -05:00
request :upload_signing_certificate
2012-07-27 08:07:23 -04:00
model_path 'fog/aws/models/iam'
model :user
collection :users
model :policy
2012-07-27 08:07:23 -04:00
collection :policies
2012-06-04 09:24:02 -04:00
model :access_key
collection :access_keys
model :role
collection :roles
2012-07-27 08:07:23 -04:00
2010-10-28 20:50:46 -04:00
class Mock
def self.data
@data ||= Hash.new do |hash, key|
hash[key] = {
:owner_id => Fog::AWS::Mock.owner_id,
2012-02-06 17:55:26 -05:00
:server_certificates => {},
:users => Hash.new do |uhash, ukey|
uhash[ukey] = {
:user_id => Fog::AWS::Mock.key_id,
2012-11-29 13:14:57 -05:00
:path => '/',
2012-02-06 17:55:26 -05:00
:arn => "arn:aws:iam::#{Fog::AWS::Mock.owner_id}:user/#{ukey}",
:access_keys => [],
:created_at => Time.now,
2012-02-06 17:55:26 -05:00
:policies => {}
}
2012-02-06 20:51:35 -05:00
end,
:groups => Hash.new do |ghash, gkey|
ghash[gkey] = {
:group_id => Fog::AWS::Mock.key_id,
:arn => "arn:aws:iam::#{Fog::AWS::Mock.owner_id}:group/#{gkey}",
:members => []
}
2012-02-06 17:55:26 -05:00
end
}
end
end
def self.reset
@data = nil
end
def self.server_certificate_id
Fog::Mock.random_hex(16)
end
2010-10-28 20:50:46 -04:00
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
end
def data
self.class.data[@aws_access_key_id]
2010-10-28 20:50:46 -04:00
end
def reset_data
self.class.data.delete(@aws_access_key_id)
end
2010-10-28 20:50:46 -04:00
end
class Real
# Initialize connection to IAM
#
# ==== Notes
# options parameter must include values for :aws_access_key_id and
# :aws_secret_access_key in order to create a connection
#
# ==== Examples
# iam = IAM.new(
# :aws_access_key_id => your_aws_access_key_id,
# :aws_secret_access_key => your_aws_secret_access_key
# )
#
# ==== Parameters
# * options<~Hash> - config arguments for connection. Defaults to {}.
#
# ==== Returns
# * IAM object with connection to AWS.
def initialize(options={})
2011-02-16 20:25:50 -05:00
require 'fog/core/parser'
2010-10-28 20:50:46 -04:00
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@connection_options = options[:connection_options] || {}
2012-07-27 08:07:23 -04:00
@instrumentor = options[:instrumentor]
@instrumentor_name = options[:instrumentor_name] || 'fog.aws.iam'
2010-10-28 20:50:46 -04:00
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
@host = options[:host] || 'iam.amazonaws.com'
@path = options[:path] || '/'
@persistent = options[:persistent] || false
@port = options[:port] || 443
@scheme = options[:scheme] || 'https'
@connection = Fog::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)
2010-10-28 20:50:46 -04:00
end
def reload
@connection.reset
end
private
def request(params)
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)
body = Fog::AWS.signed_params(
2010-10-28 20:50:46 -04:00
params,
{
:aws_access_key_id => @aws_access_key_id,
:hmac => @hmac,
:host => @host,
:path => @path,
:port => @port,
2010-10-28 20:50:46 -04:00
:version => '2010-05-08'
}
)
2012-07-27 08:07:23 -04:00
if @instrumentor
@instrumentor.instrument("#{@instrumentor_name}.request", params) do
_request(body, idempotent, parser)
end
else
_request(body, idempotent, parser)
end
end
def _request(body, idempotent, parser)
@connection.request({
:body => body,
:expects => 200,
:idempotent => idempotent,
:headers => { 'Content-Type' => 'application/x-www-form-urlencoded' },
:host => @host,
:method => 'POST',
:parser => parser
})
rescue Excon::Errors::HTTPStatusError => error
2013-03-22 05:45:05 -04:00
if match = error.message.match(/(?:.*<Code>(.*)<\/Code>)(?:.*<Message>(.*)<\/Message>)/m)
2012-07-27 08:07:23 -04:00
case match[1]
when 'CertificateNotFound', 'NoSuchEntity'
raise Fog::AWS::IAM::NotFound.slurp(error, match[2])
when 'EntityAlreadyExists', 'KeyPairMismatch', 'LimitExceeded', 'MalformedCertificate', 'ValidationError'
raise Fog::AWS::IAM.const_get(match[1]).slurp(error, match[2])
else
2012-07-27 08:07:23 -04:00
raise Fog::AWS::IAM::Error.slurp(error, "#{match[1]} => #{match[2]}") if match[1]
raise
end
2012-07-27 08:07:23 -04:00
else
raise
end
2010-10-28 20:50:46 -04:00
end
end
end
end
end