Class: BuildCloud::IAMUser
- Inherits:
-
Object
- Object
- BuildCloud::IAMUser
- Includes:
- Component
- Defined in:
- lib/build-cloud/iamuser.rb
Constant Summary collapse
- @@objects =
[]
Instance Method Summary collapse
- #create ⇒ Object
- #delete ⇒ Object
-
#initialize(fog_interfaces, log, options = {}) ⇒ IAMUser
constructor
A new instance of IAMUser.
- #rationalise_policies(policies) ⇒ Object
- #read ⇒ Object (also: #fog_object)
Methods included from Component
Constructor Details
#initialize(fog_interfaces, log, options = {}) ⇒ IAMUser
Returns a new instance of IAMUser.
9 10 11 12 13 14 15 16 17 18 19 |
# File 'lib/build-cloud/iamuser.rb', line 9 def initialize ( fog_interfaces, log, = {} ) @iam = fog_interfaces[:iam] @log = log @options = @log.debug( .inspect ) (:id) end |
Instance Method Details
#create ⇒ Object
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/build-cloud/iamuser.rb', line 21 def create policies = @options.delete(:policies) groups = @options.delete(:groups) unless exists? @log.info( "Creating new IAM user #{@options[:id]}" ) user = @iam.users.new( @options ) user.save @log.debug( user.inspect ) else user = fog_object end @log.debug("User is : #{user.inspect}") #if there are :policies: attach and remove any not listed # if a policy is managed then it requires an arn, and to be created under :iam_managed_policies: # or amazons policy arns # if a policy is a user one, then it needs :name: and :document: rationalise_policies( policies ) # Users are added to groups under :iam_groups: end |
#delete ⇒ Object
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 |
# File 'lib/build-cloud/iamuser.rb', line 167 def delete return unless exists? @log.info( "Deleting IAM users for #{@options[:id]}" ) #detach all policies #Manged Policies fog_object.attached_policies.each do |p| fog_object.detach(p) end fog_object.policies.each do |p| @iam.delete_user_policy(@options[:id], p.id) end #remove from group @iam.list_groups_for_user(@options[:id]).body['GroupsForUser'].each do |g| @iam.remove_user_from_group(g['GroupName'], fog_object.id) end #remove all users fog_object.destroy end |
#rationalise_policies(policies) ⇒ Object
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 |
# File 'lib/build-cloud/iamuser.rb', line 50 def rationalise_policies( policies ) policies = {} if policies.nil? managed_policies_to_add = [] user_policies_to_add = [] current_managed_policies = [] current_user_policies = [] fog_object.attached_policies.each do |p| current_managed_policies << { :arn => p.arn } end fog_object.policies.each do |p| current_user_policies << { :document => p.document, :id => p.id } end # Build add lists policies.each do |p| @log.debug("Policy action on is #{p}") if p[:arn] @log.debug("For user #{fog_object.id} checking managed policy #{p[:arn]}") # Assume adding policy add_policy = true current_managed_policies.each do |cmp| add_policy = false if cmp[:arn] == p[:arn] end if add_policy @log.debug("Adding #{p[:arn]} to list" ) managed_policies_to_add << { :arn => p[:arn] } end elsif p[:id] @log.debug("For user #{fog_object.id} checking policy #{p[:id]}") # Assume adding policy pa = { :document => JSON.parse(p[:document]), :id => p[:id], } user_policies_to_add << pa end end policies.each do |p| # If we find a current policy that matches the desired policy, then # remove that from the list of current policies - we will remove any # remaining policies if p[:arn] current_managed_policies.delete_if do |c| if c[:arn] == p[:arn] @log.debug( "#{p[:arn]} already exists" ) true # so that delete_if removes the list item else false end end elsif p[:id] current_user_policies.delete_if do |c| if c[:id] == p[:id] @log.debug( "#{p[:id]} already exists" ) # Remove from the policies to add if the policy documents match user_policies_to_add.delete_if do |a| if (c[:id] == a[:id]) and (c[:document] == a[:document]) @log.debug("#{p[:id]} is a match" ) true else false end end true # so that delete_if removes the list item else false end end end end # At the end of this loop, anything left in the user_current_policies list # represents a policy that's present on the infra, but should be deleted # (since there's no matching desired policy), so delete those. # Changing a rule maps to "delete old rule, create new one". current_user_policies.each do |p| @log.debug( "Removing policy #{p.inspect}" ) @log.info( "For user #{fog_object.id} removing policy #{p[:id]}" ) @iam.delete_user_policy(fog_object.id, p[:id]) end user_policies_to_add.each do |p| @log.debug( "For user #{fog_object.id} adding/updating policy #{p}" ) @log.info( "For user #{fog_object.id} adding/updating policy #{p[:id]}" ) @iam.put_user_policy( fog_object.id, p[:id], p[:document] ) end # And the same for managed policies, but we just detatch them: current_managed_policies.each do |p| @log.debug( "Detatching policy #{p.inspect}" ) @log.info( "For user #{fog_object.id} detatcing policy #{p[:arn]}" ) fog_object.detach(p[:arn]) end managed_policies_to_add.each do |p| @log.debug( "For user #{fog_object.id} attaching policy #{p}" ) @log.info( "For user #{fog_object.id} attaching policy #{p[:arn]}" ) mp = @iam.managed_policies.select { |r| r.arn == p[:arn] }.first mp.attach(fog_object) end end |
#read ⇒ Object Also known as: fog_object
161 162 163 |
# File 'lib/build-cloud/iamuser.rb', line 161 def read @iam.users.select { |r| r.id == @options[:id] }.first end |