1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
|
# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You
# may not use this file except in compliance with the License. A copy of
# the License is located at
#
# http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
module AWS
class IAM
# Represents an IAM User. Each AWS account can have many users. Users
# can be organized (optionally) into groups. Users (and groups) can be
# given policies that affect that they can do.
#
# ## Creating A User
#
# iam = AWS::IAM.new
# user = iam.users.create('johndoe')
#
# ## Renaming a User
#
# You can only edit a user's name and path (both of which will modify
# the user's ARN).
#
# user = iam.users['johndoe']
# user.name = 'newname'
#
# ## User Path
#
# When you create a user you can assign a path. Paths must begin and
# end with a forward slash (/).
#
# user = iam.users.create('newuser', :path => '/developers/ruby/')
#
# Paths are a useful tool for organizing/tagging users. You can later
# enumerate users by their path prefixes:
#
# iam.users.each(:path_prefix => '/developers').each do |developer|
# puts developer.name
# end
#
# ## Login Profile
#
# A login profile is required for an IAM user to use the AWS Management
# console (web interface). See {LoginProfile} for more information.
#
# ## Deleting Users
#
# In order to delete a user you must first remove it from all of its
# groups and delete all of its signing certificates. Once this is done:
#
# @attr [String] user_name
#
# @attr [String] path
#
# @attr_reader [String] id
#
# @attr_reader [DateTime] create_date
#
# @attr_reader [String] arn
#
class User < Resource
prefix_update_attributes
# @param [String] name The IAM user name for this user.
# @param [Hash] options
def initialize name, options = {}
options[:name] = name
super(options)
end
# @attr [String] The IAM user name.
mutable_attribute :name, :static => true, :from => :user_name
# @attr_reader [String] The user's unique ID.
attribute :id, :static => true, :from => :user_id
# @attr_reader [Time] When the user was created.
attribute :create_date, :static => true
# @attr_reader [String] The user's ARN (Amazon Resource Name).
attribute :arn
# @attr [String] The path for this user. Paths are used to
# identify which division or part of an organization the user
# belongs to.
mutable_attribute :path
populates_from(:create_user, :get_user) do |resp|
resp[:user] if resp[:user][:user_name] == name
end
populates_from(:list_users, :get_group) do |resp|
resp[:users].find{|u| u[:user_name] == name }
end
# Deletes this user.
# @return [nil]
def delete
client.delete_user(resource_options)
nil
end
# Deletes the current user, after:
# * deleting its login profile
# * removing it from all groups
# * deleting all of its access keys
# * deleting its mfa devices
# * deleting its signing certificates
def delete!
groups.clear
access_keys.clear
policies.clear
mfa_devices.clear
signing_certificates.clear
login_profile.delete if login_profile.exists?
delete
end
# Returns a collection that represents all policies for this user.
#
# user.policies.each do |policy|
# puts policy.name
# end
#
# @return [PolicyCollection] Returns a collection that represents
# all policies for this user.
def policies
UserPolicyCollection.new(self)
end
# Returns a collection that represents the signing certificates
# belonging to this user.
#
# user.signing_certificates.each do |cert|
# # ...
# end
#
# If you need to access the signing certificates of this AWS account,
# see {IAM#signing_certificates}.
#
# @return [SigningCertificateCollection] Returns a collection that
# represents signing certificates for this user.
def signing_certificates
SigningCertificateCollection.new(:user => self, :config => config)
end
# @return [MFADeviceCollection] Returns a collection that represents
# all MFA devices assigned to this user.
def mfa_devices
MFADeviceCollection.new(self)
end
# A login profile is a user name and password that enables a
# user to log in to the {http://aws.amazon.com/console AWS
# Management Console}. The object returned by this method
# allows you to set or delete the password. For example:
#
# user.login_profile.password = "TheNewPassword"
#
# @return [LoginProfile] Returns the login profile for this user.
def login_profile
LoginProfile.new(self)
end
# Returns a collection that represents the access keys for this user.
#
# user.access_keys.each do |access_key|
# puts access_key.id
# end
#
# @return [AccessKeyCollection] Returns a collection that represents all
# access keys for this user.
def access_keys
AccessKeyCollection.new(:user => self)
end
# Returns a collection that includes all of the groups the user is in.
# @return [UserGroupCollection]
def groups
UserGroupCollection.new(self)
end
# @api private
protected
def resource_identifiers
[[:user_name, name]]
end
end
end
end
|
