class Aws::IAM::User
Public Class Methods
@overload def initialize(name, options = {})
@param [String] name @option options [Client] :client
@overload def initialize(options = {})
@option options [required, String] :name @option options [Client] :client
# File lib/aws-sdk-iam/user.rb, line 22 def initialize(*args) options = Hash === args.last ? args.pop.dup : {} @name = extract_name(args, options) @data = options.delete(:data) @client = options.delete(:client) || Client.new(options) @waiter_block_warned = false end
Public Instance Methods
@param [String] id @return [AccessKey]
# File lib/aws-sdk-iam/user.rb, line 674 def access_key(id) AccessKey.new( user_name: @name, id: id, client: @client ) end
@example Request syntax with placeholder values
user.access_keys()
@param [Hash] options ({}) @return [AccessKey::Collection]
# File lib/aws-sdk-iam/user.rb, line 687 def access_keys(options = {}) batches = Enumerator.new do |y| options = options.merge(user_name: @name) resp = @client.list_access_keys(options) resp.each_page do |page| batch = [] page.data.access_key_metadata.each do |a| batch << AccessKey.new( user_name: @name, id: a.access_key_id, data: a, client: @client ) end y.yield(batch) end end AccessKey::Collection.new(batches) end
@example Request syntax with placeholder values
user.add_group({ group_name: "groupNameType", # required })
@param [Hash] options ({}) @option options [required, String] :group_name
The name of the group to update. This parameter allows (through its [regex pattern][1]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: \_+=,.@- [1]: http://wikipedia.org/wiki/regex
@return [EmptyStructure]
# File lib/aws-sdk-iam/user.rb, line 322 def add_group(options = {}) options = options.merge(user_name: @name) resp = @client.add_user_to_group(options) resp.data end
The Amazon Resource
Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see [IAM Identifiers] in the *IAM User
Guide*.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html @return [String]
# File lib/aws-sdk-iam/user.rb, line 72 def arn data[:arn] end
@example Request syntax with placeholder values
user.attach_policy({ policy_arn: "arnType", # required })
@param [Hash] options ({}) @option options [required, String] :policy_arn
The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see [Amazon Resource Names (ARNs)][1] in the *Amazon Web Services General Reference*. [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
@return [EmptyStructure]
# File lib/aws-sdk-iam/user.rb, line 344 def attach_policy(options = {}) options = options.merge(user_name: @name) resp = @client.attach_user_policy(options) resp.data end
@example Request syntax with placeholder values
attached_policies = user.attached_policies({ path_prefix: "policyPathType", })
@param [Hash] options ({}) @option options [String] :path_prefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (through its [regex pattern][1]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (`\u0021`) through the DEL character (`\u007F`), including most punctuation characters, digits, and upper and lowercased letters. [1]: http://wikipedia.org/wiki/regex
@return [Policy::Collection]
# File lib/aws-sdk-iam/user.rb, line 729 def attached_policies(options = {}) batches = Enumerator.new do |y| options = options.merge(user_name: @name) resp = @client.list_attached_user_policies(options) resp.each_page do |page| batch = [] page.data.attached_policies.each do |a| batch << Policy.new( arn: a.policy_arn, client: @client ) end y.yield(batch) end end Policy::Collection.new(batches) end
@return [Client]
# File lib/aws-sdk-iam/user.rb, line 142 def client @client end
@example Request syntax with placeholder values
user = user.create({ path: "pathType", permissions_boundary: "arnType", tags: [ { key: "tagKeyType", # required value: "tagValueType", # required }, ], })
@param [Hash] options ({}) @option options [String] :path
The path for the user name. For more information about paths, see [IAM identifiers][1] in the *IAM User Guide*. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern][2]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (`\u0021`) through the DEL character (`\u007F`), including most punctuation characters, digits, and upper and lowercased letters. [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]: http://wikipedia.org/wiki/regex
@option options [String] :permissions_boundary
The ARN of the policy that is used to set the permissions boundary for the user.
@option options [Array<Types::Tag>] :tags
A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*. <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. </note> [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
@return [User]
# File lib/aws-sdk-iam/user.rb, line 399 def create(options = {}) options = options.merge(user_name: @name) resp = @client.create_user(options) User.new( name: options[:user_name], data: resp.data.user, client: @client ) end
@example Request syntax with placeholder values
user.create_access_key_pair()
@param [Hash] options ({}) @return [AccessKeyPair]
# File lib/aws-sdk-iam/user.rb, line 414 def create_access_key_pair(options = {}) options = options.merge(user_name: @name) resp = @client.create_access_key(options) AccessKeyPair.new( user_name: @name, id: resp.data.access_key.access_key_id, secret: resp.data.access_key.secret_access_key, data: resp.data.access_key, client: @client ) end
The date and time, in [ISO 8601 date-time format], when the user was created.
[1]: www.iso.org/iso/iso8601 @return [Time]
# File lib/aws-sdk-iam/user.rb, line 83 def create_date data[:create_date] end
@example Request syntax with placeholder values
loginprofile = user.create_login_profile({ password: "passwordType", # required password_reset_required: false, })
@param [Hash] options ({}) @option options [required, String] :password
The new password for the user. The [regex pattern][1] that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (`\u0020`) through the end of the ASCII character range (`\u00FF`). You can also include the tab (`\u0009`), line feed (`\u000A`), and carriage return (`\u000D`) characters. Any of these characters are valid in a password. However, many tools, such as the Management Console, might restrict the ability to type certain characters because they have special meaning within that tool. [1]: http://wikipedia.org/wiki/regex
@option options [Boolean] :password_reset_required
Specifies whether the user is required to set a new password on next sign-in.
@return [LoginProfile]
# File lib/aws-sdk-iam/user.rb, line 452 def create_login_profile(options = {}) options = options.merge(user_name: @name) resp = @client.create_login_profile(options) LoginProfile.new( user_name: resp.data.login_profile.user_name, data: resp.data.login_profile, client: @client ) end
@example Request syntax with placeholder values
userpolicy = user.create_policy({ policy_name: "policyNameType", # required policy_document: "policyDocumentType", # required })
@param [Hash] options ({}) @option options [required, String] :policy_name
The name of the policy document. This parameter allows (through its [regex pattern][1]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: \_+=,.@- [1]: http://wikipedia.org/wiki/regex
@option options [required, String] :policy_document
The policy document. You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM. The [regex pattern][1] used to validate this parameter is a string of characters consisting of the following: * Any printable ASCII character ranging from the space character (`\u0020`) through the end of the ASCII character range * The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\u00FF`) * The special characters tab (`\u0009`), line feed (`\u000A`), and carriage return (`\u000D`) [1]: http://wikipedia.org/wiki/regex
@return [UserPolicy]
# File lib/aws-sdk-iam/user.rb, line 504 def create_policy(options = {}) options = options.merge(user_name: @name) @client.put_user_policy(options) UserPolicy.new( user_name: @name, name: options[:policy_name], client: @client ) end
@return [Types::User]
Returns the data for this {User}. Calls {Client#get_user} if {#data_loaded?} is `false`.
# File lib/aws-sdk-iam/user.rb, line 162 def data load unless @data @data end
@return [Boolean]
Returns `true` if this resource is loaded. Accessing attributes or {#data} on an unloaded resource will trigger a call to {#load}.
# File lib/aws-sdk-iam/user.rb, line 170 def data_loaded? !!@data end
@example Request syntax with placeholder values
user.delete()
@param [Hash] options ({}) @return [EmptyStructure]
# File lib/aws-sdk-iam/user.rb, line 519 def delete(options = {}) options = options.merge(user_name: @name) resp = @client.delete_user(options) resp.data end
@example Request syntax with placeholder values
user.detach_policy({ policy_arn: "arnType", # required })
@param [Hash] options ({}) @option options [required, String] :policy_arn
The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see [Amazon Resource Names (ARNs)][1] in the *Amazon Web Services General Reference*. [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
@return [EmptyStructure]
# File lib/aws-sdk-iam/user.rb, line 541 def detach_policy(options = {}) options = options.merge(user_name: @name) resp = @client.detach_user_policy(options) resp.data end
@example Request syntax with placeholder values
mfadevice = user.enable_mfa({ serial_number: "serialNumberType", # required authentication_code_1: "authenticationCodeType", # required authentication_code_2: "authenticationCodeType", # required })
@param [Hash] options ({}) @option options [required, String] :serial_number
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. This parameter allows (through its [regex pattern][1]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/- [1]: http://wikipedia.org/wiki/regex
@option options [required, String] :authentication_code_1
An authentication code emitted by the device. The format for this parameter is a string of six digits. Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can [resync the device][1]. [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html
@option options [required, String] :authentication_code_2
A subsequent authentication code emitted by the device. The format for this parameter is a string of six digits. Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can [resync the device][1]. [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html
@return [MfaDevice]
# File lib/aws-sdk-iam/user.rb, line 598 def enable_mfa(options = {}) options = options.merge(user_name: @name) @client.enable_mfa_device(options) MfaDevice.new( user_name: @name, serial_number: options[:serial_number], client: @client ) end
@param [Hash] options ({}) @return [Boolean]
Returns `true` if the User exists.
# File lib/aws-sdk-iam/user.rb, line 177 def exists?(options = {}) begin wait_until_exists(options.merge(max_attempts: 1)) true rescue Aws::Waiters::Errors::UnexpectedError => e raise e.error rescue Aws::Waiters::Errors::WaiterFailed false end end
@example Request syntax with placeholder values
user.groups()
@param [Hash] options ({}) @return [Group::Collection]
# File lib/aws-sdk-iam/user.rb, line 752 def groups(options = {}) batches = Enumerator.new do |y| options = options.merge(user_name: @name) resp = @client.list_groups_for_user(options) resp.each_page do |page| batch = [] page.data.groups.each do |g| batch << Group.new( name: g.group_name, data: g, client: @client ) end y.yield(batch) end end Group::Collection.new(batches) end
@deprecated @api private
# File lib/aws-sdk-iam/user.rb, line 885 def identifiers { name: @name } end
Loads, or reloads {#data} for the current {User}. Returns `self` making it possible to chain methods.
user.reload.data
@return [self]
# File lib/aws-sdk-iam/user.rb, line 152 def load resp = @client.get_user(user_name: @name) @data = resp.user self end
@return [LoginProfile]
# File lib/aws-sdk-iam/user.rb, line 772 def login_profile LoginProfile.new( user_name: @name, client: @client ) end
@param [String] serial_number @return [MfaDevice]
# File lib/aws-sdk-iam/user.rb, line 781 def mfa_device(serial_number) MfaDevice.new( user_name: @name, serial_number: serial_number, client: @client ) end
@example Request syntax with placeholder values
user.mfa_devices()
@param [Hash] options ({}) @return [MfaDevice::Collection]
# File lib/aws-sdk-iam/user.rb, line 794 def mfa_devices(options = {}) batches = Enumerator.new do |y| options = options.merge(user_name: @name) resp = @client.list_mfa_devices(options) resp.each_page do |page| batch = [] page.data.mfa_devices.each do |m| batch << MfaDevice.new( user_name: @name, serial_number: m.serial_number, data: m, client: @client ) end y.yield(batch) end end MfaDevice::Collection.new(batches) end
@return [String]
# File lib/aws-sdk-iam/user.rb, line 33 def name @name end
The date and time, in [ISO 8601 date-time format], when the user's password was last used to sign in to an Amazon Web Services website. For a list of Amazon Web Services websites that capture a user's last sign-in time, see the [Credential reports] topic in the *IAM User
Guide*. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because:
-
The user never had a password.
-
A password exists but has not been used since
IAM
started tracking this information on October 20, 2014.
A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used.
This value is returned only in the GetUser and ListUsers operations.
[1]: www.iso.org/iso/iso8601 [2]: docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html @return [Time]
# File lib/aws-sdk-iam/user.rb, line 113 def password_last_used data[:password_last_used] end
The path to the user. For more information about paths, see [IAM identifiers] in the *IAM User
Guide*.
The ARN of the policy used to set the permissions boundary for the user.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html @return [String]
# File lib/aws-sdk-iam/user.rb, line 48 def path data[:path] end
For more information about permissions boundaries, see [Permissions boundaries for IAM
identities ][1] in the *IAM User
Guide*.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html @return [Types::AttachedPermissionsBoundary]
# File lib/aws-sdk-iam/user.rb, line 124 def permissions_boundary data[:permissions_boundary] end
@example Request syntax with placeholder values
user.policies()
@param [Hash] options ({}) @return [UserPolicy::Collection]
# File lib/aws-sdk-iam/user.rb, line 819 def policies(options = {}) batches = Enumerator.new do |y| options = options.merge(user_name: @name) resp = @client.list_user_policies(options) resp.each_page do |page| batch = [] page.data.policy_names.each do |p| batch << UserPolicy.new( user_name: @name, name: p, client: @client ) end y.yield(batch) end end UserPolicy::Collection.new(batches) end
@param [String] name @return [UserPolicy]
# File lib/aws-sdk-iam/user.rb, line 840 def policy(name) UserPolicy.new( user_name: @name, name: name, client: @client ) end
@example Request syntax with placeholder values
user.remove_group({ group_name: "groupNameType", # required })
@param [Hash] options ({}) @option options [required, String] :group_name
The name of the group to update. This parameter allows (through its [regex pattern][1]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: \_+=,.@- [1]: http://wikipedia.org/wiki/regex
@return [EmptyStructure]
# File lib/aws-sdk-iam/user.rb, line 626 def remove_group(options = {}) options = options.merge(user_name: @name) resp = @client.remove_user_from_group(options) resp.data end
@param [String] id @return [SigningCertificate]
# File lib/aws-sdk-iam/user.rb, line 850 def signing_certificate(id) SigningCertificate.new( user_name: @name, id: id, client: @client ) end
@example Request syntax with placeholder values
user.signing_certificates()
@param [Hash] options ({}) @return [SigningCertificate::Collection]
# File lib/aws-sdk-iam/user.rb, line 863 def signing_certificates(options = {}) batches = Enumerator.new do |y| options = options.merge(user_name: @name) resp = @client.list_signing_certificates(options) resp.each_page do |page| batch = [] page.data.certificates.each do |c| batch << SigningCertificate.new( user_name: @name, id: c.certificate_id, data: c, client: @client ) end y.yield(batch) end end SigningCertificate::Collection.new(batches) end
@example Request syntax with placeholder values
user = user.update({ new_path: "pathType", new_user_name: "userNameType", })
@param [Hash] options ({}) @option options [String] :new_path
New path for the IAM user. Include this parameter only if you're changing the user's path. This parameter allows (through its [regex pattern][1]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (`\u0021`) through the DEL character (`\u007F`), including most punctuation characters, digits, and upper and lowercased letters. [1]: http://wikipedia.org/wiki/regex
@option options [String] :new_user_name
New name for the user. Include this parameter only if you're changing the user's name. IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
@return [User]
# File lib/aws-sdk-iam/user.rb, line 661 def update(options = {}) options = options.merge(user_name: @name) @client.update_user(options) User.new( name: options[:new_user_name], client: @client ) end
The stable and unique string identifying the user. For more information about IDs, see [IAM identifiers] in the *IAM User
Guide*.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html @return [String]
# File lib/aws-sdk-iam/user.rb, line 60 def user_id data[:user_id] end
@deprecated Use [Aws::IAM::Client] wait_until
instead
Waiter polls an API operation until a resource enters a desired state.
@note The waiting operation is performed on a copy. The original resource
remains unchanged.
## Basic Usage
Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.
# polls in a loop until condition is true resource.wait_until(options) {|resource| condition}
## Example
instance.wait_until(max_attempts:10, delay:5) do |instance| instance.state.name == 'running' end
## Configuration
You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to {#wait_until}:
# poll for ~25 seconds resource.wait_until(max_attempts:5,delay:5) {|resource|...}
## Callbacks
You can be notified before each polling attempt and before each delay. If you throw `:success` or `:failure` from these callbacks, it will terminate the waiter.
started_at = Time.now # poll for 1 hour, instead of a number of attempts proc = Proc.new do |attempts, response| throw :failure if Time.now - started_at > 3600 end # disable max attempts instance.wait_until(before_wait:proc, max_attempts:nil) {...}
## Handling Errors
When a waiter is successful, it returns the Resource
. When a waiter fails, it raises an error.
begin resource.wait_until(...) rescue Aws::Waiters::Errors::WaiterFailed # resource did not enter the desired state in time end
@yieldparam [Resource] resource to be used in the waiting condition.
@raise [Aws::Waiters::Errors::FailureStateError] Raised when the waiter
terminates because the waiter has entered a state that it will not transition out of, preventing success. yet successful.
@raise [Aws::Waiters::Errors::UnexpectedError] Raised when an error is
encountered while polling for a resource that is not expected.
@raise [NotImplementedError] Raised when the resource does not
@option options [Integer] :max_attempts (10) Maximum number of attempts @option options [Integer] :delay (10) Delay between each attempt in seconds @option options [Proc] :before_attempt (nil) Callback invoked before each attempt @option options [Proc] :before_wait (nil) Callback invoked before each wait @return [Resource] if the waiter was successful
# File lib/aws-sdk-iam/user.rb, line 285 def wait_until(options = {}, &block) self_copy = self.dup attempts = 0 options[:max_attempts] = 10 unless options.key?(:max_attempts) options[:delay] ||= 10 options[:poller] = Proc.new do attempts += 1 if block.call(self_copy) [:success, self_copy] else self_copy.reload unless attempts == options[:max_attempts] :retry end end Aws::Waiters::Waiter.new(options).wait({}) end
@param [Hash] options ({}) @option options [Integer] :max_attempts (20) @option options [Float] :delay (1) @option options [Proc] :before_attempt @option options [Proc] :before_wait @return [User]
# File lib/aws-sdk-iam/user.rb, line 194 def wait_until_exists(options = {}, &block) options, params = separate_params_and_options(options) waiter = Waiters::UserExists.new(options) yield_waiter_and_warn(waiter, &block) if block_given? waiter.wait(params.merge(user_name: @name)) User.new({ name: @name, client: @client }) end
Private Instance Methods
# File lib/aws-sdk-iam/user.rb, line 892 def extract_name(args, options) value = args[0] || options.delete(:name) case value when String then value when nil then raise ArgumentError, "missing required option :name" else msg = "expected :name to be a String, got #{value.class}" raise ArgumentError, msg end end
# File lib/aws-sdk-iam/user.rb, line 913 def separate_params_and_options(options) opts = Set.new( [:client, :max_attempts, :delay, :before_attempt, :before_wait] ) waiter_opts = {} waiter_params = {} options.each_pair do |key, value| if opts.include?(key) waiter_opts[key] = value else waiter_params[key] = value end end waiter_opts[:client] ||= @client [waiter_opts, waiter_params] end
# File lib/aws-sdk-iam/user.rb, line 903 def yield_waiter_and_warn(waiter, &block) if !@waiter_block_warned msg = "pass options to configure the waiter; "\ "yielding the waiter is deprecated" warn(msg) @waiter_block_warned = true end yield(waiter.waiter) end