class AwsIamUser

author: Chris Redekop
author: Simon Varlow
author: Steffanie Freeman
author: Alex Bedley

def fetch_from_api

def fetch_from_api
  backend = BackendFactory.create(inspec_runner)
  @aws_user_struct ||= nil # silence unitialized warning
  unless @aws_user_struct
    begin
      @aws_user_struct = backend.get_user(user_name: username)
    rescue Aws::IAM::Errors::NoSuchEntity
      @exists = false
      @access_keys = []
      @inline_policy_names = []
      @attached_policy_arns = []
      @attached_policy_names = []
      return
    end
  end
  # TODO: extract properties from aws_user_struct?
  @exists = true
  begin
    _login_profile = backend.get_login_profile(user_name: username)
    @has_console_password = true
    # Password age also available here
  rescue Aws::IAM::Errors::NoSuchEntity
    @has_console_password = false
  end
  mfa_info = backend.list_mfa_devices(user_name: username)
  @has_mfa_enabled = !mfa_info.mfa_devices.empty?
  # TODO: consider returning InSpec AwsIamAccessKey objects
  @access_keys = backend.list_access_keys(user_name: username).access_key_metadata
  # If the above call fails, we get nil here; but we promise access_keys will be an array.
  @access_keys ||= []
  @inline_policy_names = backend.list_user_policies(user_name: username).policy_names
  attached_policies = backend.list_attached_user_policies(user_name: username).attached_policies
  @attached_policy_arns = attached_policies.map { |p| p[:policy_arn] }
  @attached_policy_names = attached_policies.map { |p| p[:policy_name] }
end

def has_attached_policies?

def has_attached_policies?
  return nil unless exists?
  !attached_policy_names.empty?
end

def has_inline_policies?

def has_inline_policies?
  return nil unless exists?
  !inline_policy_names.empty?
end

def name

def name
  warn "[DEPRECATION] - Property ':name' is deprecated on the aws_iam_user resource.  Use ':username' instead."
  username
end

def to_s

def to_s
  "IAM User #{username}"
end

def validate_params(raw_params)

def validate_params(raw_params)
  validated_params = check_resource_param_names(
    raw_params: raw_params,
    allowed_params: [:username, :aws_user_struct, :name, :user],
    allowed_scalar_name: :username,
    allowed_scalar_type: String,
  )
  # If someone passed :name, rename it to :username
  if validated_params.key?(:name)
    warn "[DEPRECATION] - Resource parameter ':name' is deprecated on the aws_iam_user resource.  Use ':username' instead."
    validated_params[:username] = validated_params.delete(:name)
  end
  # If someone passed :user, rename it to :aws_user_struct
  if validated_params.key?(:user)
    warn "[DEPRECATION] - Resource parameter ':user' is deprecated on the aws_iam_user resource.  Use ':aws_user_struct' instead."
    validated_params[:aws_user_struct] = validated_params.delete(:user)
  end
  if validated_params.empty?
    raise ArgumentError, 'You must provide a username to aws_iam_user.'
  end
  validated_params
end

Classes in this namespace

AwsIamUser::Backend

Included Modules

AwsSingularResourceMixin

Instance Methods

Defined in

lib/resources/aws/aws_iam_user.rb