Class: Awful::IAM

Inherits:
Cli show all
Defined in:
lib/awful/iam.rb

Constant Summary collapse

COLORS = 
{
  Active:   :green,
  Inactive: :red,
}

Instance Method Summary collapse

Methods inherited from Cli

#initialize

Constructor Details

This class inherits a constructor from Awful::Cli

Instance Method Details

#keysObject 



108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'lib/awful/iam.rb', line 108

def keys
  if options[:delete]
    if yes?("Really delete key #{options[:delete]}?", :yellow)
      iam.delete_access_key(access_key_id: options[:delete])
    end
    return
  end

  ## list keys
  iam.list_access_keys(user_name: options[:user]).access_key_metadata.output do |keys|
    if options[:long]
      print_table keys.map{ |k|
        [k.user_name, k.access_key_id, k.create_date, color(k.status)]
      }
    else
      puts keys.map(&:access_key_id)
    end
  end
end

#mfaObject 



41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/awful/iam.rb', line 41

def mfa
  iam.list_virtual_mfa_devices.virtual_mfa_devices.output do |devices|
    if options[:long]
      print_table devices.map { |d|
        user_name = d.user ? d.user.user_name : '-'
        [user_name, d.serial_number, d.enable_date]
      }
    else
      puts devices.map(&:serial_number)
    end
  end
end

#oldObject 



131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'lib/awful/iam.rb', line 131

def old
  iam.list_users.users.map do |u|
    iam.list_access_keys(user_name: u.user_name).access_key_metadata.map do |k|
      age = ((Time.now - k.create_date)/(60*60*24)).to_i
      too_old = age > options[:days]
      if options[:all] || too_old
        [k.user_name, k.create_date, set_color("#{age} days", too_old ? :red : :green)]
      else
        nil
      end
    end
  end.flatten(1).reject(&:nil?).output do |list|
    print_table list
  end
end

#policy(type, name, policy = nil) ⇒ Object 



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/awful/iam.rb', line 79

def policy(type, name, policy = nil)

  ## first matching role, group or user
  thing_name = iam.send("list_#{type}s").send("#{type}s").find do |thing|
    thing.send("#{type}_name").match(name)
  end.send("#{type}_name")

  ## policies for this role, group or user
  policies = iam.send("list_#{type}_policies", "#{type}_name".to_sym => thing_name).policy_names

  if policy.nil?            # just list policies
    policies.output(&method(:puts))
  else                      #  get policy document
    policy_name = policies.find { |p| p.match(/#{policy}/i) }
    doc = iam.send("get_#{type}_policy", "#{type}_name".to_sym => thing_name, policy_name: policy_name).policy_document
    URI.unescape(doc).output do |str|
      if options[:pretty]
        puts JSON.pretty_generate(JSON.parse(str))
      else
        puts str
      end
    end
  end
end

#roles(name = /./) ⇒ Object 



57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'lib/awful/iam.rb', line 57

def roles(name = /./)
  iam.list_roles.roles.select do |role|
    role.role_name.match(name)
  end.output do |roles|
    name_method = options[:arns] ? :arn : :role_name
    if options[:long]
      print_table roles.map { |r|
        [
          r.send(name_method),
          r.role_id,
          r.create_date,
          options[:arns] ? r.arn : nil
        ]
      }
    else
      puts roles.map(&name_method)
    end
  end
end

#rotateObject 



149
150
151
152
153
154
155
156
157
158
 
# File 'lib/awful/iam.rb', line 149

def rotate
  key = iam.create_access_key(user_name: options[:user]).access_key
  puts(
    "Your new credentials:",
    "AWS_ACCESS_KEY_ID=#{key.access_key_id}",
    "AWS_SECRET_ACCESS_KEY=#{key.secret_access_key}",
  )
rescue Aws::IAM::Errors::LimitExceeded
  warn 'You have two access keys: please delete one and run this command again.'
end

#usersObject 



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/awful/iam.rb', line 23

def users
  iam.list_users.users.output do |users|
    if options[:long]
      print_table users.map { |u| [u.user_name, u.user_id, u.create_date, u.password_last_used] }
    elsif options[:mfa]
      mfa = iam.list_virtual_mfa_devices.virtual_mfa_devices.each_with_object({}) do |m,h|
        next unless m.user
        h[m.user.user_name] = m.enable_date
      end
      print_table users.map { |u| [u.user_name, mfa.fetch(u.user_name, '-')] }
    else
      puts users.map(&:user_name)
    end
  end
end