Class: Aws::IAM::Group

Inherits:

Object

• Object
• Aws::IAM::Group

Extended by:

Deprecations

Defined in:

lib/aws-sdk-iam/group.rb

Defined Under Namespace

Classes: Collection

Read-Only Attributes

• #arn ⇒ String

  The Amazon Resource Name (ARN) specifying the group.

• #create_date ⇒ Time

  The date and time, in [ISO 8601 date-time format], when the group was created.

• #group_id ⇒ String

  The stable and unique string identifying the group.

• #name ⇒ String (also: #group_name)
• #path ⇒ String

  The path to the group.

Actions

• #add_user(options = {}) ⇒ EmptyStructure
• #attach_policy(options = {}) ⇒ EmptyStructure
• #create(options = {}) ⇒ Group
• #create_policy(options = {}) ⇒ GroupPolicy
• #delete(options = {}) ⇒ EmptyStructure
• #detach_policy(options = {}) ⇒ EmptyStructure
• #remove_user(options = {}) ⇒ EmptyStructure
• #update(options = {}) ⇒ Group

Associations

• #attached_policies(options = {}) ⇒ Policy::Collection
• #identifiers ⇒ Object deprecated private Deprecated.
• #policies(options = {}) ⇒ GroupPolicy::Collection
• #policy(name) ⇒ GroupPolicy
• #users(options = {}) ⇒ User::Collection

Instance Method Summary

• #client ⇒ Client
• #data ⇒ Types::Group

  Returns the data for this Group.

• #data_loaded? ⇒ Boolean

  Returns ‘true` if this resource is loaded.

• #initialize(*args) ⇒ Group constructor

  A new instance of Group.

• #load ⇒ self (also: #reload)

  Loads, or reloads #data for the current Group.

• #wait_until(options = {}) {|resource| ... } ⇒ Resource deprecated Deprecated.

  Use [Aws::IAM::Client] #wait_until instead

Constructor Details

#initialize(name, options = {}) ⇒ Group #initialize(options = {}) ⇒ Group

Returns a new instance of Group.

Overloads:

• #initialize(name, options = {}) ⇒ Group

  Parameters:

  • name (String)

  Options Hash (options):

  • :client (Client)
• #initialize(options = {}) ⇒ Group

  Options Hash (options):

  • :name (required, String)
  • :client (Client)

# File 'lib/aws-sdk-iam/group.rb', line 22

def initialize(*args)
  options = Hash === args.last ? args.pop.dup : {}
  @name = extract_name(args, options)
  @data = options.delete(:data)
  @client = options.delete(:client) || Client.new(options)
  @waiter_block_warned = false
end

Instance Method Details

#add_user(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

group.add_user({
  user_name: "existingUserNameType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :user_name (required, String) —

  The name of the user to add.

  This parameter allows (through its [regex pattern]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  [1]: wikipedia.org/wiki/regex

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/group.rb', line 240

def add_user(options = {})
  options = options.merge(group_name: @name)
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.add_user_to_group(options)
  end
  resp.data
end

#arn ⇒ String

The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see [IAM identifiers] in the *IAM User Guide*.

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html

Returns:

• (String)

# File 'lib/aws-sdk-iam/group.rb', line 69

def arn
  data[:arn]
end

#attach_policy(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

group.attach_policy({
  policy_arn: "arnType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :policy_arn (required, String) —

  The Amazon Resource Name (ARN) of the IAM policy you want to attach.

  For more information about ARNs, see [Amazon Resource Names (ARNs)] in the *Amazon Web Services General Reference*.

  [1]: docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/group.rb', line 264

def attach_policy(options = {})
  options = options.merge(group_name: @name)
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.attach_group_policy(options)
  end
  resp.data
end

#attached_policies(options = {}) ⇒ Policy::Collection

Examples:

Request syntax with placeholder values

attached_policies = group.attached_policies({
  path_prefix: "policyPathType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path_prefix (String) —

  The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.

  This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: wikipedia.org/wiki/regex

Returns:

• (Policy::Collection)

# File 'lib/aws-sdk-iam/group.rb', line 490

def attached_policies(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(group_name: @name)
    resp = Aws::Plugins::UserAgent.feature('resource') do
      @client.list_attached_group_policies(options)
    end
    resp.each_page do |page|
      batch = []
      page.data.attached_policies.each do |a|
        batch << Policy.new(
          arn: a.policy_arn,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Policy::Collection.new(batches)
end

#client ⇒ Client

Returns:

• (Client)

# File 'lib/aws-sdk-iam/group.rb', line 87

def client
  @client
end

#create(options = {}) ⇒ Group

Examples:

Request syntax with placeholder values

group = group.create({
  path: "pathType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path (String) —

  The path to the group. For more information about paths, see [IAM identifiers] in the *IAM User Guide*.

  This parameter is optional. If it is not included, it defaults to a slash (/).

  This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]: wikipedia.org/wiki/regex

Returns:

• (Group)

# File 'lib/aws-sdk-iam/group.rb', line 297

def create(options = {})
  options = options.merge(group_name: @name)
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.create_group(options)
  end
  Group.new(
    name: options[:group_name],
    data: resp.data.group,
    client: @client
  )
end

#create_date ⇒ Time

The date and time, in [ISO 8601 date-time format], when the group was created.

[1]: www.iso.org/iso/iso8601

Returns:

• (Time)

# File 'lib/aws-sdk-iam/group.rb', line 80

def create_date
  data[:create_date]
end

#create_policy(options = {}) ⇒ GroupPolicy

Examples:

Request syntax with placeholder values

grouppolicy = group.create_policy({
  policy_name: "policyNameType", # required
  policy_document: "policyDocumentType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :policy_name (required, String) —

  The name of the policy document.

  This parameter allows (through its [regex pattern]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  [1]: wikipedia.org/wiki/regex

• :policy_document (required, String) —

  The policy document.

  You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

  The [regex pattern] used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (‘u0020`) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through ‘u00FF`)

  • The special characters tab (‘u0009`), line feed (`u000A`), and carriage return (`u000D`)

  [1]: wikipedia.org/wiki/regex

Returns:

• (GroupPolicy)

# File 'lib/aws-sdk-iam/group.rb', line 351

def create_policy(options = {})
  options = options.merge(group_name: @name)
  Aws::Plugins::UserAgent.feature('resource') do
    @client.put_group_policy(options)
  end
  GroupPolicy.new(
    group_name: @name,
    name: options[:policy_name],
    client: @client
  )
end

#data ⇒ Types::Group

Returns the data for this Aws::IAM::Group. Calls Client#get_group if #data_loaded? is ‘false`.

Returns:

• (Types::Group) —

  Returns the data for this Aws::IAM::Group. Calls Client#get_group if #data_loaded? is ‘false`.

# File 'lib/aws-sdk-iam/group.rb', line 109

def data
  load unless @data
  @data
end

#data_loaded? ⇒ Boolean

Returns ‘true` if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

Returns:

• (Boolean) —

  Returns ‘true` if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

# File 'lib/aws-sdk-iam/group.rb', line 117

def data_loaded?
  !!@data
end

#delete(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

group.delete()

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/group.rb', line 368

def delete(options = {})
  options = options.merge(group_name: @name)
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.delete_group(options)
  end
  resp.data
end

#detach_policy(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

group.detach_policy({
  policy_arn: "arnType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :policy_arn (required, String) —

  The Amazon Resource Name (ARN) of the IAM policy you want to detach.

  For more information about ARNs, see [Amazon Resource Names (ARNs)] in the *Amazon Web Services General Reference*.

  [1]: docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/group.rb', line 392

def detach_policy(options = {})
  options = options.merge(group_name: @name)
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.detach_group_policy(options)
  end
  resp.data
end

#group_id ⇒ String

The stable and unique string identifying the group. For more information about IDs, see [IAM identifiers] in the *IAM User Guide*.

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html

Returns:

• (String)

# File 'lib/aws-sdk-iam/group.rb', line 57

def group_id
  data[:group_id]
end

#identifiers ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Deprecated.

# File 'lib/aws-sdk-iam/group.rb', line 574

def identifiers
  { name: @name }
end

#load ⇒ self Also known as: reload

Loads, or reloads #data for the current Aws::IAM::Group. Returns ‘self` making it possible to chain methods.

group.reload.data

Returns:

• (self)

# File 'lib/aws-sdk-iam/group.rb', line 97

def load
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.get_group(group_name: @name)
  end
  @data = resp.group
  self
end

#name ⇒ String Also known as: group_name

Returns:

• (String)

# File 'lib/aws-sdk-iam/group.rb', line 33

def name
  @name
end

#path ⇒ String

The path to the group. For more information about paths, see [IAM identifiers] in the *IAM User Guide*.

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html

Returns:

• (String)

# File 'lib/aws-sdk-iam/group.rb', line 45

def path
  data[:path]
end

#policies(options = {}) ⇒ GroupPolicy::Collection

Examples:

Request syntax with placeholder values

group.policies()

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Returns:

• (GroupPolicy::Collection)

# File 'lib/aws-sdk-iam/group.rb', line 515

def policies(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(group_name: @name)
    resp = Aws::Plugins::UserAgent.feature('resource') do
      @client.list_group_policies(options)
    end
    resp.each_page do |page|
      batch = []
      page.data.policy_names.each do |p|
        batch << GroupPolicy.new(
          group_name: @name,
          name: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  GroupPolicy::Collection.new(batches)
end

#policy(name) ⇒ GroupPolicy

Parameters:

• name (String)

Returns:

• (GroupPolicy)

# File 'lib/aws-sdk-iam/group.rb', line 538

def policy(name)
  GroupPolicy.new(
    group_name: @name,
    name: name,
    client: @client
  )
end

#remove_user(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

group.remove_user({
  user_name: "existingUserNameType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :user_name (required, String) —

  The name of the user to remove.

  This parameter allows (through its [regex pattern]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  [1]: wikipedia.org/wiki/regex

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/group.rb', line 418

def remove_user(options = {})
  options = options.merge(group_name: @name)
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.remove_user_from_group(options)
  end
  resp.data
end

#update(options = {}) ⇒ Group

Examples:

Request syntax with placeholder values

group = group.update({
  new_path: "pathType",
  new_group_name: "groupNameType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :new_path (String) —

  New path for the IAM group. Only include this if changing the group’s path.

  This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: wikipedia.org/wiki/regex

• :new_group_name (String) —

  New name for the IAM group. Only include this if changing the group’s name.

  IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both “MyResource” and “myresource”.

Returns:

• (Group)

# File 'lib/aws-sdk-iam/group.rb', line 455

def update(options = {})
  options = options.merge(group_name: @name)
  Aws::Plugins::UserAgent.feature('resource') do
    @client.update_group(options)
  end
  Group.new(
    name: options[:new_group_name],
    client: @client
  )
end

#users(options = {}) ⇒ User::Collection

Examples:

Request syntax with placeholder values

group.users()

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Returns:

• (User::Collection)

# File 'lib/aws-sdk-iam/group.rb', line 551

def users(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(group_name: @name)
    resp = Aws::Plugins::UserAgent.feature('resource') do
      @client.get_group(options)
    end
    resp.each_page do |page|
      batch = []
      page.data.users.each do |u|
        batch << User.new(
          name: u.user_name,
          data: u,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  User::Collection.new(batches)
end

#wait_until(options = {}) {|resource| ... } ⇒ Resource

Deprecated.

Use [Aws::IAM::Client] #wait_until instead

Note:

The waiting operation is performed on a copy. The original resource remains unchanged.

Waiter polls an API operation until a resource enters a desired state.

## Basic Usage

Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.

# polls in a loop until condition is true
resource.wait_until(options) {|resource| condition}

## Example

instance.wait_until(max_attempts:10, delay:5) do |instance|
  instance.state.name == 'running'
end

## Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to #wait_until:

# poll for ~25 seconds
resource.wait_until(max_attempts:5,delay:5) {|resource|...}

## Callbacks

You can be notified before each polling attempt and before each delay. If you throw ‘:success` or `:failure` from these callbacks, it will terminate the waiter.

started_at = Time.now
# poll for 1 hour, instead of a number of attempts
proc = Proc.new do |attempts, response|
  throw :failure if Time.now - started_at > 3600
end

  # disable max attempts
instance.wait_until(before_wait:proc, max_attempts:nil) {...}

## Handling Errors

When a waiter is successful, it returns the Resource. When a waiter fails, it raises an error.

begin
  resource.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

attempts attempt in seconds invoked before each attempt invoked before each wait

Parameters:

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :max_attempts (Integer) — default: 10 —

  Maximum number of

• :delay (Integer) — default: 10 —

  Delay between each

• :before_attempt (Proc) — default: nil —

  Callback

• :before_wait (Proc) — default: nil —

  Callback

Yield Parameters:

• resource (Resource) —

  to be used in the waiting condition.

Returns:

• (Resource) —

  if the waiter was successful

Raises:

• (Aws::Waiters::Errors::FailureStateError) —

  Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

  yet successful.

• (Aws::Waiters::Errors::UnexpectedError) —

  Raised when an error is encountered while polling for a resource that is not expected.

• (NotImplementedError) —

  Raised when the resource does not

# File 'lib/aws-sdk-iam/group.rb', line 201

def wait_until(options = {}, &block)
  self_copy = self.dup
  attempts = 0
  options[:max_attempts] = 10 unless options.key?(:max_attempts)
  options[:delay] ||= 10
  options[:poller] = Proc.new do
    attempts += 1
    if block.call(self_copy)
      [:success, self_copy]
    else
      self_copy.reload unless attempts == options[:max_attempts]
      :retry
    end
  end
  Aws::Plugins::UserAgent.feature('resource') do
    Aws::Waiters::Waiter.new(options).wait({})
  end
end