Class: Fog::AWS::IAM::Mock

Inherits:
Object
  • Object
show all
Defined in:
lib/fog/aws/iam.rb,
lib/fog/aws/requests/iam/get_user.rb,
lib/fog/aws/requests/iam/get_group.rb,
lib/fog/aws/requests/iam/list_users.rb,
lib/fog/aws/requests/iam/create_user.rb,
lib/fog/aws/requests/iam/delete_user.rb,
lib/fog/aws/requests/iam/list_groups.rb,
lib/fog/aws/requests/iam/create_group.rb,
lib/fog/aws/requests/iam/delete_group.rb,
lib/fog/aws/requests/iam/get_user_policy.rb,
lib/fog/aws/requests/iam/put_user_policy.rb,
lib/fog/aws/requests/iam/list_access_keys.rb,
lib/fog/aws/requests/iam/add_user_to_group.rb,
lib/fog/aws/requests/iam/create_access_key.rb,
lib/fog/aws/requests/iam/delete_access_key.rb,
lib/fog/aws/requests/iam/delete_user_policy.rb,
lib/fog/aws/requests/iam/list_user_policies.rb,
lib/fog/aws/requests/iam/list_groups_for_user.rb,
lib/fog/aws/requests/iam/get_server_certificate.rb,
lib/fog/aws/requests/iam/remove_user_from_group.rb,
lib/fog/aws/requests/iam/list_server_certificates.rb,
lib/fog/aws/requests/iam/delete_server_certificate.rb,
lib/fog/aws/requests/iam/update_server_certificate.rb,
lib/fog/aws/requests/iam/upload_server_certificate.rb

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Mock

Returns a new instance of Mock.



117
118
119
# File 'lib/fog/aws/iam.rb', line 117

def initialize(options={})
  @aws_access_key_id = options[:aws_access_key_id]
end

Class Method Details

.dataObject



84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# File 'lib/fog/aws/iam.rb', line 84

def self.data
  @data ||= Hash.new do |hash, key|
    hash[key] = {
      :owner_id => Fog::AWS::Mock.owner_id,
      :server_certificates => {},
      :users => Hash.new do |uhash, ukey|
        uhash[ukey] = {
          :user_id     => Fog::AWS::Mock.key_id,
          :path        => '/',
          :arn         => "arn:aws:iam::#{Fog::AWS::Mock.owner_id}:user/#{ukey}",
          :access_keys => [],
          :policies    => {}
        }
      end,
      :groups => Hash.new do |ghash, gkey|
        ghash[gkey] = {
          :group_id   => Fog::AWS::Mock.key_id,
          :arn        => "arn:aws:iam::#{Fog::AWS::Mock.owner_id}:group/#{gkey}",
          :members    => []
        }
      end
    }
  end
end

.resetObject



109
110
111
# File 'lib/fog/aws/iam.rb', line 109

def self.reset
  @data = nil
end

.server_certificate_idObject



113
114
115
# File 'lib/fog/aws/iam.rb', line 113

def self.server_certificate_id
  Fog::Mock.random_hex(16)
end

Instance Method Details

#add_user_to_group(group_name, user_name) ⇒ Object



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# File 'lib/fog/aws/requests/iam/add_user_to_group.rb', line 35

def add_user_to_group(group_name, user_name)
  if data[:groups].has_key? group_name
    if data[:users].has_key? user_name

      unless data[:groups][group_name][:members].include?(user_name)
        data[:groups][group_name][:members] << user_name
      end

      Excon::Response.new.tap do |response|
        response.status = 200
        response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      end
    else
      raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The group with name #{group_name} cannot be found.")
  end
end

#create_access_key(options) ⇒ Object



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# File 'lib/fog/aws/requests/iam/create_access_key.rb', line 36

def create_access_key(options)
  #FIXME: Not 100% correct as AWS will use the signing credentials when there is no 'UserName' in the options hash
  #       Also doesn't raise an error when there are too many keys
  user_name = options['UserName']
  if data[:users].has_key? user_name
    key = { 'SecretAccessKey' => Fog::Mock.random_base64(40),
            'Status' => 'Active',
            'AccessKeyId' => Fog::AWS::Mock.key_id(20),
            'UserName' => user_name
          }

    data[:users][user_name][:access_keys] << key

    Excon::Response.new.tap do |response|
      response.status = 200
      response.body = { 'AccessKey' => key,
                        'RequestId' => Fog::AWS::Mock.request_id } 
    end
  else
    raise Fog::AWS::IAM::NotFound.new('The user with name booboboboob cannot be found.')
  end
end

#create_group(group_name, path = '/') ⇒ Object



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'lib/fog/aws/requests/iam/create_group.rb', line 40

def create_group(group_name, path = '/')
  if data[:groups].has_key? group_name
    raise Fog::AWS::IAM::EntityAlreadyExists.new("Group with name #{group_name} already exists.")
  else
    data[:groups][group_name][:path] = path
    Excon::Response.new.tap do |response|
      response.body = { 'Group' => {
                                     'GroupId'   => (data[:groups][group_name][:group_id]).strip,
                                     'GroupName' => group_name,
                                     'Path'      => path,
                                     'Arn'       => (data[:groups][group_name][:arn]).strip },
                        'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  end

end

#create_user(user_name, path = '/') ⇒ Object



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'lib/fog/aws/requests/iam/create_user.rb', line 39

def create_user(user_name, path='/')
  if data[:users].has_key? user_name
    raise Fog::AWS::IAM::EntityAlreadyExists.new "User with name #{user_name} already exists."
  else
    data[:users][user_name][:path] = path
    Excon::Response.new.tap do |response|
      response.status = 200
      response.body = { 'User' => {
                                   "UserId"   => data[:users][user_name][:user_id],
                                   "Path"     => path,
                                   "UserName" => user_name,
                                   "Arn"      => (data[:users][user_name][:arn]).strip
                                   },
                        'RequestId' => Fog::AWS::Mock.request_id
                       }
    end
  end
end

#dataObject



121
122
123
# File 'lib/fog/aws/iam.rb', line 121

def data
  self.class.data[@aws_access_key_id]
end

#delete_access_key(access_key_id, options = {}) ⇒ Object



35
36
37
38
39
40
41
42
43
44
45
46
# File 'lib/fog/aws/requests/iam/delete_access_key.rb', line 35

def delete_access_key(access_key_id, options = {})
  user_name = options['UserName']
  if user_name && data[:users].has_key?(user_name) && data[:users][user_name][:access_keys].any? { |akey| akey['AccessKeyId'] == access_key_id }
    data[:users][user_name][:access_keys].delete_if { |akey| akey['AccessKeyId'] == access_key_id }
    Excon::Response.new.tap do |response|
      response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The Access Key with id #{access_key_id} cannot be found.")
  end
end

#delete_group(group_name) ⇒ Object



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# File 'lib/fog/aws/requests/iam/delete_group.rb', line 33

def delete_group(group_name)
  if data[:groups].has_key? group_name
    if data[:groups][group_name][:members].empty?
      data[:groups].delete group_name
      Excon::Response.new.tap do |response|
        response.status = 200
        response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      end
    else
      raise Fog::AWS::IAM::Error.new("DeleteConflict => Cannot delete entity, must delete users in group first.")
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The group with name #{group_name} cannot be found.")
  end
end

#delete_server_certificate(server_certificate_name) ⇒ Object



32
33
34
35
36
37
38
39
40
41
42
# File 'lib/fog/aws/requests/iam/delete_server_certificate.rb', line 32

def delete_server_certificate(server_certificate_name)
  response = Excon::Response.new
  response.status = 200
  response.body = {
    'RequestId' => Fog::AWS::Mock.request_id
  }

  self.data[:server_certificates].delete(server_certificate_name)

  response
end

#delete_user(user_name) ⇒ Object



33
34
35
36
37
38
39
40
41
42
43
44
# File 'lib/fog/aws/requests/iam/delete_user.rb', line 33

def delete_user(user_name)
  if data[:users].has_key? user_name
    data[:users].delete user_name
    Excon::Response.new.tap do |response|
      response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
  end

end

#delete_user_policy(user_name, policy_name) ⇒ Object



35
36
37
38
39
40
41
42
43
44
45
# File 'lib/fog/aws/requests/iam/delete_user_policy.rb', line 35

def delete_user_policy(user_name, policy_name)
  if data[:users].has_key?(user_name) && data[:users][user_name][:policies].has_key?(policy_name)
    data[:users][user_name][:policies].delete policy_name
    Excon::Response.new.tap do |response|
      response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The user policy with name #{policy_name} cannot be found.")
  end
end

#get_group(group_name, options = {}) ⇒ Object



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/fog/aws/requests/iam/get_group.rb', line 43

def get_group(group_name, options = {})
  raise Fog::AWS::IAM::NotFound.new(
    "The user with name #{group_name} cannot be found."
  ) unless self.data[:groups].key?(group_name)
  Excon::Response.new.tap do |response|
    response.body = { 'Group' =>  { 
                                     'GroupId'   => data[:groups][group_name][:group_id],
                                     'Path'     => data[:groups][group_name][:path],
                                     'GroupName' => group_name,
                                     'Arn'      => (data[:groups][group_name][:arn]).strip 
                                  },
                      'Users' => data[:groups][group_name][:members].map { |user| get_user(user).body['User'] },
                      'RequestId'   => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end

#get_server_certificate(name) ⇒ Object



32
33
34
35
36
37
38
39
40
41
42
43
# File 'lib/fog/aws/requests/iam/get_server_certificate.rb', line 32

def get_server_certificate(name)
  raise Fog::AWS::IAM::NotFound unless certificate = self.data[:server_certificates][name]

  response = Excon::Response.new
  response.status = 200
  response.body = {
    'Certificate' => certificate,
    'RequestId' => Fog::AWS::Mock.request_id
  }

  response
end

#get_user(user, options = {}) ⇒ Object



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/fog/aws/requests/iam/get_user.rb', line 38

def get_user(user, options = {})
  raise Fog::AWS::IAM::NotFound.new(
    "The user with name #{user} cannot be found."
  ) unless self.data[:users].key?(user)
  Excon::Response.new.tap do |response|
    response.body = {'User' =>  { 
                                  'UserId'   => data[:users][user][:user_id],
                                  'Path'     => data[:users][user][:path],
                                  'UserName' => user,
                                  'Arn'      => (data[:users][user][:arn]).strip 
                                },
                     'RequestId'   => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end

#get_user_policy(policy_name, user_name) ⇒ Object



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# File 'lib/fog/aws/requests/iam/get_user_policy.rb', line 35

def get_user_policy(policy_name, user_name)
  raise Fog::AWS::IAM::NotFound.new("The user with name #{user} cannot be found.") unless self.data[:users].key?(user_name)
  raise Fog::AWS::IAM::NotFound.new("The policy with name #{policy_name} cannot be found.") unless self.data[:users][user_name][:policies].key?(policy_name)
  Excon::Response.new.tap do |response|
    response.body = { 'Policy' =>  { 
                        'PolicyName' => policy_name,
                        'UserName' => user_name,
                        'PolicyDocument' => data[:users][user_name][:policies][policy_name]
                      },
                      'IsTruncated' => false,
                      'RequestId'   => Fog::AWS::Mock.request_id 
                    }
    response.status = 200
  end
end

#list_access_keys(options = {}) ⇒ Object



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# File 'lib/fog/aws/requests/iam/list_access_keys.rb', line 41

def list_access_keys(options = {})
  #FIXME: Doesn't do anything with options, aside from UserName
  user = options['UserName']

  if data[:users].has_key? user
    Excon::Response.new.tap do |response|
      response.body = { 'AccessKeys' => data[:users][user][:access_keys].map do |akey|
                                          {'Status' => akey['Status'], 'AccessKeyId' => akey['AccessKeyId']}
                                        end,
                         'IsTruncated' => false,
                         'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The user with name #{user} cannot be found.")
  end
end

#list_groups(options = {}) ⇒ Object



43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'lib/fog/aws/requests/iam/list_groups.rb', line 43

def list_groups(options = {} )
  #FIXME: Doesn't observe options
  Excon::Response.new.tap do |response|
    response.status = 200
    response.body = { 'Groups' => data[:groups].map do |name, group|
                                    { 'GroupId'   => group[:group_id],
                                      'GroupName' => name,
                                      'Path'      => group[:path],
                                      'Arn'       => (group[:arn]).strip }
                                  end,
                      'IsTruncated' => false,
                      'RequestId' => Fog::AWS::Mock.request_id }
  end
end

#list_groups_for_user(user_name, options = {}) ⇒ Object



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# File 'lib/fog/aws/requests/iam/list_groups_for_user.rb', line 43

def list_groups_for_user(user_name, options = {})
  #FIXME: Does not consider options
  if data[:users].has_key? user_name
    Excon::Response.new.tap do |response|
      response.status = 200
      response.body = { 'GroupsForUser' => data[:groups].select do |name, group|
                                             group[:members].include? user_name
                                           end.map do |name, group|
                                             { 'GroupId'   => group[:group_id],
                                               'GroupName' => name,
                                               'Path'      => group[:path],
                                               'Arn'       => (group[:arn]).strip }
                                           end,
                        'IsTruncated' => false,
                        'RequestId' => Fog::AWS::Mock.request_id
                      }
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
  end
end

#list_server_certificates(options = {}) ⇒ Object



42
43
44
45
46
47
48
49
50
51
52
# File 'lib/fog/aws/requests/iam/list_server_certificates.rb', line 42

def list_server_certificates(options = {})
  certificates = self.data[:server_certificates].values
  certificates = certificates.select { |certificate| certificate['Path'] =~ Regexp.new("^#{options['PathPrefix']}") } if options['PathPrefix']
  response = Excon::Response.new
  response.status = 200
  response.body = {
    'Certificates' => certificates
  }

  response
end

#list_user_policies(user_name, options = {}) ⇒ Object



40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/fog/aws/requests/iam/list_user_policies.rb', line 40

def list_user_policies(user_name, options = {})
  #FIXME: doesn't use options atm
  if data[:users].has_key? user_name
    Excon::Response.new.tap do |response|
      response.body = { 'PolicyNames' => data[:users][user_name][:policies].keys,
                        'IsTruncated' => false,
                        'RequestId'   => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
  end
end

#list_users(options = {}) ⇒ Object



42
43
44
45
46
47
48
49
50
51
52
53
54
55
# File 'lib/fog/aws/requests/iam/list_users.rb', line 42

def list_users(options = {})
  #FIXME: none of the options are currently supported
  Excon::Response.new.tap do |response|
    response.body = {'Users' => data[:users].map do |user, data|
                                  { 'UserId'   => data[:user_id],
                                    'Path'     => data[:path],
                                    'UserName' => user,
                                    'Arn'      => (data[:arn]).strip }
                                end,
                     'IsTruncated' => false,
                     'RequestId'   => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end

#put_user_policy(user_name, policy_name, policy_document) ⇒ Object

FIXME: You can’t actually use the credentials for anything elsewhere in Fog FIXME: Doesn’t do any validation on the policy



39
40
41
42
43
44
45
46
47
48
49
50
# File 'lib/fog/aws/requests/iam/put_user_policy.rb', line 39

def put_user_policy(user_name, policy_name, policy_document)
  if data[:users].has_key? user_name
    data[:users][user_name][:policies][policy_name] = policy_document

    Excon::Response.new.tap do |response|
      response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
  end
end

#remove_user_from_group(group_name, user_name) ⇒ Object



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# File 'lib/fog/aws/requests/iam/remove_user_from_group.rb', line 35

def remove_user_from_group(group_name, user_name)
  if data[:groups].has_key? group_name
    if data[:users].has_key? user_name
      data[:groups][group_name][:members].delete_if { |item| item == user_name }
      Excon::Response.new.tap do |response|
        response.status = 200
        response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      end
    else
      raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The group with name #{group_name} cannot be found.")
  end
end

#reset_dataObject



125
126
127
# File 'lib/fog/aws/iam.rb', line 125

def reset_data
  self.class.data.delete(@aws_access_key_id)
end

#update_server_certificate(server_certificate_name, options = {}) ⇒ Object



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/fog/aws/requests/iam/update_server_certificate.rb', line 37

def update_server_certificate(server_certificate_name, options = {})
  new_server_certificate_name = options['NewServerCertificateName']
  if self.data[:server_certificates][new_server_certificate_name]
    raise Fog::AWS::IAM::EntityAlreadyExists.new("The Server Certificate with name #{server_certificate_name} already exists.")
  end
  unless certificate = self.data[:server_certificates].delete(server_certificate_name)
    raise Fog::AWS::IAM::NotFound.new("The Server Certificate with name #{server_certificate_name} cannot be found.")
  end

  if new_server_certificate_name
    certificate['ServerCertificateName'] = new_server_certificate_name
  end

  if new_path = options['NewPath']
    certificate['Path'] = new_path
  end

  self.data[:server_certificates][certificate['ServerCertificateName']] = certificate

  Excon::Response.new.tap do |response|
    response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end

#upload_server_certificate(certificate, private_key, name, options = {}) ⇒ Object



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'lib/fog/aws/requests/iam/upload_server_certificate.rb', line 46

def upload_server_certificate(certificate, private_key, name, options = {})
  if certificate.nil? || certificate.empty? || private_key.nil? || private_key.empty?
    raise Fog::AWS::IAM::ValidationError.new
  end
  response = Excon::Response.new

  # Validate cert and key
  begin
    # must be an RSA private key
    raise OpenSSL::PKey::RSAError unless private_key =~ /BEGIN RSA PRIVATE KEY/

    cert = OpenSSL::X509::Certificate.new(certificate)
    chain = OpenSSL::X509::Certificate.new(options['CertificateChain']) if options['CertificateChain']
    key = OpenSSL::PKey::RSA.new(private_key)
  rescue OpenSSL::X509::CertificateError, OpenSSL::PKey::RSAError => e
    message = if e.is_a?(OpenSSL::X509::CertificateError)
                "Invalid Public Key Certificate."
              else
                "Invalid Private Key."
              end
    raise Fog::AWS::IAM::MalformedCertificate.new(message)
  end

  unless cert.check_private_key(key)
    raise Fog::AWS::IAM::KeyPairMismatch.new
  end

  if self.data[:server_certificates][name]
    raise Fog::AWS::IAM::EntityAlreadyExists.new
  else
    response.status = 200
    path = options['Path'] || "/"
    data = {
      'Arn' => Fog::AWS::Mock.arn('iam', self.data[:owner_id], "server-certificate/#{name}"),
      'Path' => path,
      'ServerCertificateId' => Fog::AWS::IAM::Mock.server_certificate_id,
      'ServerCertificateName' => name,
      'UploadDate' => Time.now
    }
    self.data[:server_certificates][name] = data
    response.body = {
      'Certificate' => data,
      'RequestId' => Fog::AWS::Mock.request_id
    }
  end

  response
end