1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
|
# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You
# may not use this file except in compliance with the License. A copy of
# the License is located at
#
# http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
require 'base64'
module AWS
class IAM
# @attr_reader [String] base_32_string_seed The Base32 seed defined as
# specified in RFC3548. Only accessible on newly created
# devices. This value is Base64-encoded.
#
# @attr_reader [Blob] qr_code_png A QR code PNG image that encodes
# otpauth://totp/$virtualMFADeviceName@$AccountName? secret=$Base32String
# where $virtualMFADeviceName is one of the create call arguments,
# AccountName is the user name if set (accountId otherwise), and
# Base32String is the seed in Base32 format. Only accessible on newly
# created devices. This value is Base64-encoded.
#
# @attr_reader [DateTime] enable_date When this device was enabled.
# Returns nil if this device has not been enabled.
#
class VirtualMfaDevice < Resource
# @api private
def initialize serial_number, options = {}
@serial_number = serial_number
super
end
# @return [String] Returns the virtual MFA device serial number (ARN).
attr_reader :serial_number
alias_method :arn, :serial_number
attribute :base_32_string_seed, :static => true
attribute :qr_code_png, :static => true
attribute :enable_date, :static => true
attribute :user_details, :from => :user
protected :user_details
# @return [User,nil] Returns the user this device was enabled
# for, or nil if this device has not been enabled.
def user
if details = user_details
User.new(details.user_name, :config => config)
end
end
# Enables the MFA device and associates it with the specified user.
# When enabled, the MFA device is required for every subsequent login
# by the user name associated with the device.
# @param [User,String] user The user (or user name string) you want
# to enable this device for.
# @param [String] code1 An authentication code emitted by the device.
# @param [String] code2 A subsequent authentication code emitted by
# the device.
def enable user, code1, code2
user_name = user.is_a?(User) ? user.name : user
client.enable_mfa_device(
:user_name => user_name,
:serial_number => serial_number,
:authentication_code_1 => format_auth_code(code1),
:authentication_code_2 => format_auth_code(code2))
nil
end
# @return [Boolean] Returns true if this device has been enabled
# for a user.
def enabled?
!!enable_date
end
# Deactivates the MFA device and removes it from association with
# the user for which it was originally enabled.
# @return [nil]
def deactivate
client_opts = {}
client_opts[:user_name] = user.name
client_opts[:serial_number] = serial_number
client.deactivate_mfa_device(client_opts)
nil
end
alias_method :disable, :deactivate
# Deletes this virtual MFA device.
# @return [nil]
def delete
client.delete_virtual_mfa_device(resource_options)
nil
end
populates_from :create_virtual_mfa_device do |resp|
if resp.virtual_mfa_device.serial_number == serial_number
resp.virtual_mfa_device
end
end
populates_from :list_virtual_mfa_devices do |resp|
resp.virtual_mfa_devices.find { |d| d.serial_number == serial_number }
end
protected
def format_auth_code(code)
code.is_a?(Integer) ? sprintf("%06d", code) : code
end
protected
def get_resource attr_name
client.list_virtual_mfa_devices
end
protected
def resource_identifiers
[[:serial_number, serial_number]]
end
end
end
end
|