Class: AwsIamUsers

Inherits:
Object
  • Object
show all
Includes:
AwsPluralResourceMixin
Defined in:
lib/resources/aws/aws_iam_users.rb

Overview

author: Alex Bedley author: Steffanie Freeman author: Simon Varlow author: Chris Redekop

Defined Under Namespace

Classes: Backend

Instance Attribute Summary

Attributes included from AwsPluralResourceMixin

#table

Instance Method Summary collapse

Methods included from AwsPluralResourceMixin

included

Methods included from AwsResourceMixin

#catch_aws_errors, #check_resource_param_names, #initialize, #inspec_runner

Instance Method Details

#fetch_from_apiObject 



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/resources/aws/aws_iam_users.rb', line 52

def fetch_from_api
  backend = BackendFactory.create(inspec_runner)
  @table = fetch_from_api_paginated(backend)

  # TODO: lazy columns - https://github.com/chef/inspec-aws/issues/100
  @table.each do |user|
    begin
       = backend.(user_name: user[:user_name])
      user[:has_console_password] = true
    rescue Aws::IAM::Errors::NoSuchEntity
      user[:has_console_password] = false
    end
    user[:has_console_password?] = user[:has_console_password]

    begin
      aws_mfa_devices = backend.list_mfa_devices(user_name: user[:user_name])
      user[:has_mfa_enabled] = !aws_mfa_devices.mfa_devices.empty?
    rescue Aws::IAM::Errors::NoSuchEntity
      user[:has_mfa_enabled] = false
    end
    user[:has_mfa_enabled?] = user[:has_mfa_enabled]
    password_last_used = user[:password_last_used]
    user[:password_ever_used?] = !password_last_used.nil?
    user[:password_never_used?] = password_last_used.nil?
    next unless user[:password_ever_used?]
    user[:password_last_used_days_ago] = ((Time.now - password_last_used) / (24*60*60)).to_i
  end
  @table
end

#fetch_from_api_paginated(backend) ⇒ Object 



40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/resources/aws/aws_iam_users.rb', line 40

def fetch_from_api_paginated(backend)
  table = []
  page_marker = nil
  loop do
    api_result = backend.list_users(marker: page_marker)
    table += api_result.users.map(&:to_h)
    page_marker = api_result.marker
    break unless api_result.is_truncated
  end
  table
end

#to_sObject 



82
83
84
 
# File 'lib/resources/aws/aws_iam_users.rb', line 82

def to_s
  'IAM Users'
end

#validate_params(raw_params) ⇒ Object 



32
33
34
35
36
37
38
 
# File 'lib/resources/aws/aws_iam_users.rb', line 32

def validate_params(raw_params)
  # No params yet
  unless raw_params.empty?
    raise ArgumentError, 'aws_iam_users does not accept resource parameters'
  end
  raw_params
end