Class: AwsIamPasswordPolicy

Inherits:
Object
  • Object
show all
Defined in:
lib/resources/aws/aws_iam_password_policy.rb

Instance Method Summary collapse

Constructor Details

#initialize(conn = nil) ⇒ AwsIamPasswordPolicy

TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'lib/resources/aws/aws_iam_password_policy.rb', line 21

def initialize(conn = nil)
  catch_aws_errors do
    begin
      if conn
        # We're in a mocked unit test.
        @policy = conn.iam_resource.
      else
        # Don't use the resource approach.  It's a CRUD operation
        # - if the policy does not exist, you get back a blank object to  populate and save.
        # Using the Client will throw an exception if no policy exists.
        @policy = inspec_runner.backend.aws_client(Aws::IAM::Client)..password_policy
      end
    rescue Aws::IAM::Errors::NoSuchEntity
      @policy = nil
    end
  end
end

Instance Method Details

#allow_users_to_change_passwords?Boolean

This one has an awkward name mapping

Returns:

  • (Boolean)


111
112
113
# File 'lib/resources/aws/aws_iam_password_policy.rb', line 111

def allow_users_to_change_passwords?
  @policy.allow_users_to_change_password
end

#catch_aws_errorsObject

TODO: DRY up, see github.com/chef/inspec/issues/2633 Copied from resource_support/aws/aws_resource_mixin.rb



41
42
43
44
45
46
47
48
49
50
# File 'lib/resources/aws/aws_iam_password_policy.rb', line 41

def catch_aws_errors
  yield
rescue Aws::Errors::MissingCredentialsError
  # The AWS error here is unhelpful:
  # "unable to sign request without credentials set"
  Inspec::Log.error "It appears that you have not set your AWS credentials.  You may set them using environment variables, or using the 'aws://region/aws_credentials_profile' target.  See https://www.inspec.io/docs/reference/platforms for details."
  fail_resource("No AWS credentials available")
rescue Aws::Errors::ServiceError => e
  fail_resource e.message
end

#exists?Boolean

Returns:

  • (Boolean)


68
69
70
# File 'lib/resources/aws/aws_iam_password_policy.rb', line 68

def exists?
  !@policy.nil?
end

#inspec_runnerObject

TODO: DRY up, see github.com/chef/inspec/issues/2633 Copied from resource_support/aws/aws_singular_resource_mixin.rb



54
55
56
57
58
59
60
61
62
# File 'lib/resources/aws/aws_iam_password_policy.rb', line 54

def inspec_runner
  # When running under inspec-cli, we have an 'inspec' method that
  # returns the runner. When running under unit tests, we don't
  # have that, but we still have to call this to pass something
  # (nil is OK) to the backend.
  # TODO: remove with https://github.com/chef/inspec-aws/issues/216
  # TODO: remove after rewrite to include AwsSingularResource
  inspec if respond_to?(:inspec)
end

#max_password_age_in_daysObject



78
79
80
81
82
# File 'lib/resources/aws/aws_iam_password_policy.rb', line 78

def max_password_age_in_days
  raise "this policy does not expire passwords" unless expire_passwords?

  @policy.max_password_age
end

#minimum_password_lengthObject

————————– Properties —————————-#



74
75
76
# File 'lib/resources/aws/aws_iam_password_policy.rb', line 74

def minimum_password_length
  @policy.minimum_password_length
end

#number_of_passwords_to_rememberObject



84
85
86
87
88
89
# File 'lib/resources/aws/aws_iam_password_policy.rb', line 84

def number_of_passwords_to_remember
  raise "this policy does not prevent password reuse" \
    unless prevent_password_reuse?

  @policy.password_reuse_prevention
end

#prevent_password_reuse?Boolean

This one has custom logic and renaming

Returns:

  • (Boolean)


117
118
119
# File 'lib/resources/aws/aws_iam_password_policy.rb', line 117

def prevent_password_reuse?
  !@policy.password_reuse_prevention.nil?
end

#to_sObject



64
65
66
# File 'lib/resources/aws/aws_iam_password_policy.rb', line 64

def to_s
  "IAM Password-Policy"
end