1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You
# may not use this file except in compliance with the License. A copy of
# the License is located at
#
# http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
module AWS
class IAM
# @attr_reader [Symbol] status The status of this access key.
# Status may be `:active` or `:inactive`.
#
# @attr_reader [Time] create_date
#
class AccessKey < Resource
# @param [String] access_key_id The id of this access key.
# @param [Hash] options
# @option [String] :user The IAM user this access key belongs to.
# If `:user` is omitted then this access key belongs to the
# AWS account.
def initialize access_key_id, options = {}
@id = access_key_id
options[:secret_value] = nil unless options.has_key?(:secret_value)
@user = options[:user]
@user ? super(@user, options) : super(options)
end
# @return [User,nil] Returns the user this access key belongs to.
# Returns `nil` if this access key belongs to the AWS account and not
# a specific user.
attr_reader :user
# @return [String] Returns the access key id.
attr_reader :id
alias_method :access_key_id, :id
# @attr_reader [Time] When the access key was created.
attribute :create_date, :static => true
attribute :secret_value, :from => :secret_access_key, :static => true
protected :secret_value
mutable_attribute :status, :to_sym => true
protected :status=
populates_from(:create_access_key) do |resp|
resp.access_key if matches_response_object?(resp.access_key)
end
populates_from(:list_access_keys) do |resp|
resp.access_key_metadata.find {|k| matches_response_object?(k) }
end
# Returns the secret access key.
#
# You can only access the secret for newly created access
# keys. Calling `secret` on existing access keys raises an error.
#
# @example Getting the secret from a newly created access key
#
# access_key = iam.access_keys.create
# access_key.secret
# #=> 'SECRET_ACCESS_KEY'
#
# @example Failing to get the secret from an existing access key.
#
# access_key = iam.access_keys.first
# access_key.secret
# #=> raises a runtime error
#
# @return [String] Returns the secret access key.
def secret
secret_value or raise 'secret is only available for new access keys'
end
alias_method :secret_access_key, :secret
# @return [String,nil] Returns the name of the user this access key
# belogns to. If the access key belongs to the account, `nil` is
# returned.
def user_name
@user ? @user.name : nil
end
# @return [Boolean] Returns true if this access key is active.
def active?
status == :active
end
# @return [Boolean] Returns true if this access key is inactive.
def inactive?
status == :inactive
end
# Activates this access key.
#
# @example
# access_key.activate!
# access_key.status
# # => :active
#
# @return [nil]
def activate!
self.status = 'Active'
nil
end
# Deactivates this access key.
#
# @example
# access_key.deactivate!
# access_key.status
# # => :inactive
#
# @return [nil]
# @return [nil]
def deactivate!
self.status = 'Inactive'
nil
end
# Deletes the access key.
def delete
client.delete_access_key(resource_options)
nil
end
# Returns a hash that should be saved somewhere safe.
#
# access_keys = iam.access_keys.create
# access_keys.credentials
# #=> { :access_key_id => '...', :secret_access_key => '...' }
#
# You can also use these credentials to make requests:
#
# s3 = AWS::S3.new(access_keys.credentials)
# s3.buckets.create('newbucket')
#
# @return [Hash] Returns a hash with the access key id and
# secret access key.
def credentials
{ :access_key_id => id, :secret_access_key => secret }
end
# @api private
protected
def resource_identifiers
identifiers = []
identifiers << [:access_key_id, id]
identifiers << [:user_name, user.name] if user
identifiers
end
# IAM does not provide a request for "get access keys".
# Also note, we do not page the response. This is because
# restrictions on how many access keys an account / user may
# have is fewer than one page of results.
# @api private
protected
def get_resource attribute
options = user ? { :user_name => user.name } : {}
client.list_access_keys(options)
end
# @api private
protected
def matches_response_object? obj
user_name = obj.respond_to?(:user_name) ? obj.user_name : nil
obj.access_key_id == self.id and user_name == self.user_name
end
end
end
end
|
