Class: AwsIamAccessKey

Inherits:

Object

• Object
• AwsIamAccessKey

Includes:

AwsSingularResourceMixin

Defined in:

lib/resources/aws/aws_iam_access_key.rb

Defined Under Namespace

Classes: Backend

Instance Attribute Summary

• #access_key_id ⇒ Object (also: #id) readonly

  Returns the value of attribute access_key_id.

• #create_date ⇒ Object readonly

  Returns the value of attribute create_date.

• #status ⇒ Object readonly

  Returns the value of attribute status.

• #username ⇒ Object readonly

  Returns the value of attribute username.

Instance Method Summary

• #active? ⇒ Boolean
• #fetch_from_api ⇒ Object
• #last_used_date ⇒ Object
• #to_s ⇒ Object
• #validate_params(raw_params) ⇒ Object

Methods included from AwsSingularResourceMixin

#exists?, included

Methods included from AwsResourceMixin

#catch_aws_errors, #check_resource_param_names, #initialize, #inspec_runner

Instance Attribute Details

#access_key_id ⇒ Object (readonly) Also known as: id

Returns the value of attribute access_key_id.

# File 'lib/resources/aws/aws_iam_access_key.rb', line 19

def access_key_id
  @access_key_id
end

#create_date ⇒ Object (readonly)

Returns the value of attribute create_date.

# File 'lib/resources/aws/aws_iam_access_key.rb', line 19

def create_date
  @create_date
end

#status ⇒ Object (readonly)

Returns the value of attribute status.

# File 'lib/resources/aws/aws_iam_access_key.rb', line 19

def status
  @status
end

#username ⇒ Object (readonly)

Returns the value of attribute username.

# File 'lib/resources/aws/aws_iam_access_key.rb', line 19

def username
  @username
end

Instance Method Details

#active? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/aws/aws_iam_access_key.rb', line 48

def active?
  return nil unless exists?

  status == "Active"
end

#fetch_from_api ⇒ Object

# File 'lib/resources/aws/aws_iam_access_key.rb', line 68

def fetch_from_api
  backend = BackendFactory.create(inspec_runner)
  query = {}
  query[:user_name] = username if username

  response = backend.list_access_keys(query)

  access_keys = response.access_key_metadata.select do |key|
    if access_key_id
      key.access_key_id == access_key_id
    else
      true
    end
  end

  if access_keys.empty?
    @exists = false
    return
  end

  if access_keys.count > 1
    raise "More than one access key matched for aws_iam_access_key.  Use more specific paramaters, such as access_key_id."
  end

  @exists = true
  @access_key_id = access_keys[0].access_key_id
  @username = access_keys[0].user_name
  @create_date = access_keys[0].create_date
  @status = access_keys[0].status
  # Last used date is lazily loaded, separate API call
rescue Aws::IAM::Errors::NoSuchEntity
  @exists = false
end

#last_used_date ⇒ Object

# File 'lib/resources/aws/aws_iam_access_key.rb', line 58

def last_used_date
  return nil unless exists?
  return @last_used_date if defined? @last_used_date

  backend = BackendFactory.create(inspec_runner)
  catch_aws_errors do
    @last_used_date = backend.get_access_key_last_used({ access_key_id: access_key_id }).access_key_last_used.last_used_date
  end
end

#to_s ⇒ Object

# File 'lib/resources/aws/aws_iam_access_key.rb', line 54

def to_s
  "IAM Access-Key #{access_key_id}"
end

#validate_params(raw_params) ⇒ Object

# File 'lib/resources/aws/aws_iam_access_key.rb', line 22

def validate_params(raw_params)
  recognized_params = check_resource_param_names(
    raw_params: raw_params,
    allowed_params: %i{username id access_key_id},
    allowed_scalar_name: :access_key_id,
    allowed_scalar_type: String
  )

  # id and access_key_id are aliases; standardize on access_key_id
  recognized_params[:access_key_id] = recognized_params.delete(:id) if recognized_params.key?(:id)

  # Validate format of access_key_id
  if recognized_params[:access_key_id] &&
      recognized_params[:access_key_id] !~ (/^AKIA[0-9A-Z]{16}$/)
    raise ArgumentError, "Incorrect format for Access Key ID - expected AKIA followed " \
          "by 16 letters or numbers"
  end

  # One of username and access_key_id is required
  if recognized_params[:username].nil? && recognized_params[:access_key_id].nil?
    raise ArgumentError, "You must provide at lease one of access_key_id or username to aws_iam_access_key"
  end

  recognized_params
end