-
Notifications
You must be signed in to change notification settings - Fork 20
/
aws_iam_access_key.rb
106 lines (83 loc) · 2.41 KB
/
aws_iam_access_key.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
require '_aws'
# author: Chris Redekop
class AwsIamAccessKey < Inspec.resource(1)
name 'aws_iam_access_key'
desc 'Verifies settings for AWS IAM access keys'
example "
describe aws_iam_access_key(username: 'username', id: 'access-key id') do
it { should exist }
it { should_not be_active }
its('create_date') { should be > Time.now - 365 * 86400 }
its('last_used_date') { should be > Time.now - 90 * 86400 }
end
"
def initialize(opts, decorator = IamClientDecorator.new)
@access_key = opts[:access_key]
@username = opts[:username]
@id = @access_key ? @access_key.access_key_id : opts[:id]
@decorator = decorator
end
def exists?
!access_key.nil?
rescue AccessKeyNotFoundError, Aws::IAM::Errors::NoSuchEntity
false
end
def id
access_key.access_key_id
end
def active?
'Active'.eql? access_key.status
end
def create_date
access_key.create_date
end
def last_used_date
access_key_last_used.last_used_date
end
def to_s
"IAM Access-Key #{@id}"
end
class AccessKeyNotFoundError < StandardError
end
class IamClientDecorator
def initialize(validator = ArgumentValidator.new,
conn = AWSConnection.new)
@validator = validator
@client = conn.iam_client
end
def get_access_key(username, id)
@validator.validate_username(username)
@validator.validate_id(id)
access_key =
@client.list_access_keys({ user_name: username })
.access_key_metadata.select { |x| x.access_key_id.eql? id }.first
if access_key.nil?
raise AccessKeyNotFoundError, 'access key not found '.concat(
"[username = \"#{username}\", id = \"#{id}\"]",
)
end
access_key
end
def get_access_key_last_used(id)
@validator.validate_id(id)
@client.get_access_key_last_used({ access_key_id: id })
.access_key_last_used
end
class ArgumentValidator
[:username, :id].each do |argument|
define_method "validate_#{argument}" do |value|
return unless value.nil?
raise ArgumentError,
"missing required resource argument \"#{argument}\""
end
end
end
end
private
def access_key
@access_key ||= @decorator.get_access_key(@username, @id)
end
def access_key_last_used
@access_key_last_used ||= @decorator.get_access_key_last_used(@id)
end
end