class AwsIamUsers

author: Chris Redekop
author: Simon Varlow
author: Steffanie Freeman
author: Alex Bedley

def self.lazy_get_login_profile(row, _criterion, table)

def self.lazy_get_login_profile(row, _criterion, table)
  backend = BackendFactory.create(table.resource.inspec_runner)
  begin
    _login_profile = backend.get_login_profile(user_name: row[:user_name])
    row[:has_console_password] = true
  rescue Aws::IAM::Errors::NoSuchEntity
    row[:has_console_password] = false
  end
  row[:has_console_password?] = row[:has_console_password]
end

def self.lazy_list_attached_policies(row, _criterion, table)

def self.lazy_list_attached_policies(row, _criterion, table)
  backend = BackendFactory.create(table.resource.inspec_runner)
  attached_policies = backend.list_attached_user_policies(user_name: row[:user_name]).attached_policies
  row[:has_attached_policies] = !attached_policies.empty?
  row[:has_attached_policies?] = row[:has_attached_policies]
  row[:attached_policy_names] = attached_policies.map { |p| p[:policy_name] }
  row[:attached_policy_arns] = attached_policies.map { |p| p[:policy_arn] }
end

def self.lazy_list_mfa_devices(row, _criterion, table)

def self.lazy_list_mfa_devices(row, _criterion, table)
  backend = BackendFactory.create(table.resource.inspec_runner)
  begin
    aws_mfa_devices = backend.list_mfa_devices(user_name: row[:user_name])
    row[:has_mfa_enabled] = !aws_mfa_devices.mfa_devices.empty?
  rescue Aws::IAM::Errors::NoSuchEntity
    row[:has_mfa_enabled] = false
  end
  row[:has_mfa_enabled?] = row[:has_mfa_enabled]
end

def self.lazy_list_user_policies(row, _criterion, table)

def self.lazy_list_user_policies(row, _criterion, table)
  backend = BackendFactory.create(table.resource.inspec_runner)
  row[:inline_policy_names] = backend.list_user_policies(user_name: row[:user_name]).policy_names
  row[:has_inline_policies] = !row[:inline_policy_names].empty?
  row[:has_inline_policies?] = row[:has_inline_policies]
end

def fetch_from_api

def fetch_from_api
  backend = BackendFactory.create(inspec_runner)
  @table = fetch_from_api_paginated(backend)
  @table.each do |user|
    password_last_used = user[:password_last_used]
    user[:password_ever_used?] = !password_last_used.nil?
    user[:password_never_used?] = password_last_used.nil?
    if user[:password_ever_used?]
      user[:password_last_used_days_ago] = ((Time.now - password_last_used) / (24*60*60)).to_i
    end
  end
  @table
end

def fetch_from_api_paginated(backend)

def fetch_from_api_paginated(backend)
  table = []
  page_marker = nil
  loop do
    api_result = backend.list_users(marker: page_marker)
    table += api_result.users.map(&:to_h)
    page_marker = api_result.marker
    break unless api_result.is_truncated
  end
  table
end

def to_s

def to_s
  'IAM Users'
end

def validate_params(raw_params)

def validate_params(raw_params)
  # No params yet
  unless raw_params.empty?
    raise ArgumentError, 'aws_iam_users does not accept resource parameters'
  end
  raw_params
end

Modules

Classes

class AwsIamUsers

def self.lazy_get_login_profile(row, _criterion, table)

def self.lazy_list_attached_policies(row, _criterion, table)

def self.lazy_list_mfa_devices(row, _criterion, table)

def self.lazy_list_user_policies(row, _criterion, table)

def fetch_from_api

def fetch_from_api_paginated(backend)

def to_s

def validate_params(raw_params)

Classes in this namespace

Included Modules

Class Methods

Instance Methods

Defined in