1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You
# may not use this file except in compliance with the License. A copy of
# the License is located at
#
# http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
module AWS
class IAM
# Both AWS accounts and IAM users can have access keys (maximum of 2).
# You can create new keys so that you can rotate out your old keys.
# You can create, delete, activate and deactivate access keys.
#
# ## Create New Access Keys
#
# # for the aws account
# access_keys = iam.access_keys.create
#
# # for an iam user
# user_access_keys = iam.users['johndoe'].access_keys.create
#
# ## Secret
#
# Make sure after creating an access to retrieve the secret access key
# and save it somewhere safe.
#
# access_keys = iam.access_keys.create
# secret = access_keys.secret
#
# If you try to access the secret on an access key that was not newly
# created an error will be raised. AWS will only give the secret for
# a newly created access key:
#
# access_keys = iam.access_keys.first
# access_keys.secret
# #=> oops, raises a runtime error
#
class AccessKeyCollection
include Collection
# @param [Hash] options
# @option options [User] :user If present, this collection will only
# represent the access keys for the given user.
def initialize options = {}
@user = options[:user]
@user ? super(@user, options) : super(options)
end
# @return [User,nil] Returns the user these accesss keys belong to.
# If this returns `nil` then these access keys belong to the
# AWS account.
attr_reader :user
def create
options = {}
options[:user_name] = user.name if user
resp = client.create_access_key(options)
AccessKey.new_from(:create_access_key, resp.access_key,
resp.access_key.access_key_id, new_options)
end
# @param [String] access_key_id The ID of the access key.
# @return [AccessKey] Returns a reference to the access key with
# the given `access_key_id`.
def [] access_key_id
AccessKey.new(access_key_id, new_options)
end
# Deletes all of the access keys from this collection.
#
# iam.users['someuser'].access_keys.clear
#
# @return [nil]
def clear
each{|access_key| access_key.delete }
nil
end
# Yields once for each access key. You can limit the number of
# access keys yielded using `:limit`.
#
# @param [Hash] options
# @option options [Integer] :limit The maximum number of access keys
# to yield.
# @option options [Integer] :batch_size The maximum number of
# access keys received each service reqeust.
# @yieldparam [AccessKey] access_key
# @return [nil]
def each options = {}, &block
each_options = options.dup
each_options[:user_name] = user.name if user
super(each_options, &block)
end
# @api private
protected
def each_item response, &block
response.access_key_metadata.each do |item|
access_key = AccessKey.new_from(:list_access_keys, item,
item.access_key_id, new_options)
yield(access_key)
end
end
# @api private
protected
def new_options
user ? { :user => user } : { :config => config }
end
end
end
end
|
