class Fog::AWS::IAM::Mock

Public Class Methods

data() click to toggle source
# File lib/fog/aws/iam.rb, line 91
def self.data
  @data ||= Hash.new do |hash, key|
    hash[key] = {
      :owner_id => Fog::AWS::Mock.owner_id,
      :server_certificates => {},
      :access_keys => [{
        "Status" => "Active",
        "AccessKeyId" => key
      }],
      :devices => [{
        :enable_date   => Time.now,
        :serial_number => 'R1234',
        :user_name     => 'Bob'
      }],
      :users => Hash.new do |uhash, ukey|
        uhash[ukey] = {
          :user_id     => Fog::AWS::Mock.key_id,
          :path        => '/',
          :arn         => "arn:aws:iam::#{Fog::AWS::Mock.owner_id}:user/#{ukey}",
          :access_keys => [],
          :created_at  => Time.now,
          :policies    => {}
        }
      end,
      :groups => Hash.new do |ghash, gkey|
        ghash[gkey] = {
          :group_id   => Fog::AWS::Mock.key_id,
          :arn        => "arn:aws:iam::#{Fog::AWS::Mock.owner_id}:group/#{gkey}",
          :members    => [],
          :created_at  => Time.now,
          :policies    => {}
        }
      end
    }
  end
end
new(options={}) click to toggle source
# File lib/fog/aws/iam.rb, line 136
def initialize(options={})
  @use_iam_profile = options[:use_iam_profile]
  @aws_credentials_expire_at = Time::now + 20
  setup_credentials(options)
end
reset() click to toggle source
# File lib/fog/aws/iam.rb, line 128
def self.reset
  @data = nil
end
server_certificate_id() click to toggle source
# File lib/fog/aws/iam.rb, line 132
def self.server_certificate_id
  Fog::Mock.random_hex(16)
end

Public Instance Methods

add_user_to_group(group_name, user_name) click to toggle source
# File lib/fog/aws/requests/iam/add_user_to_group.rb, line 32
def add_user_to_group(group_name, user_name)
  if data[:groups].key? group_name
    if data[:users].key? user_name

      unless data[:groups][group_name][:members].include?(user_name)
        data[:groups][group_name][:members] << user_name
      end

      Excon::Response.new.tap do |response|
        response.status = 200
        response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      end
    else
      raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The group with name #{group_name} cannot be found.")
  end
end
create_access_key(options) click to toggle source
# File lib/fog/aws/requests/iam/create_access_key.rb, line 34
def create_access_key(options)
  #FIXME: Not 100% correct as AWS will use the signing credentials when there is no 'UserName' in the options hash
  #       Also doesn't raise an error when there are too many keys
  if user = options['UserName']
    if data[:users].key? user
      access_keys_data = data[:users][user][:access_keys]
    else
      raise Fog::AWS::IAM::NotFound.new('The user with name #{user_name} cannot be found.')
    end
  else
    access_keys_data = data[:access_keys]
  end

  key = { 'SecretAccessKey' => Fog::Mock.random_base64(40),
          'Status' => 'Active',
          'AccessKeyId' => Fog::AWS::Mock.key_id(20),
        }
  if user
    key["UserName"] = user
  end

  access_keys_data << key

  Excon::Response.new.tap do |response|
    response.status = 200
    response.body = { 'AccessKey' => key,
                      'RequestId' => Fog::AWS::Mock.request_id }
  end
end
create_group(group_name, path = '/') click to toggle source
# File lib/fog/aws/requests/iam/create_group.rb, line 37
def create_group(group_name, path = '/')
  if data[:groups].key? group_name
    raise Fog::AWS::IAM::EntityAlreadyExists.new("Group with name #{group_name} already exists.")
  else
    data[:groups][group_name][:path] = path
    Excon::Response.new.tap do |response|
      response.body = { 'Group' => {
                                     'GroupId'   => (data[:groups][group_name][:group_id]).strip,
                                     'GroupName' => group_name,
                                     'Path'      => path,
                                     'Arn'       => (data[:groups][group_name][:arn]).strip },
                        'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  end
end
create_user(user_name, path='/') click to toggle source
# File lib/fog/aws/requests/iam/create_user.rb, line 37
def create_user(user_name, path='/')
  if data[:users].key? user_name
    raise Fog::AWS::IAM::EntityAlreadyExists.new "User with name #{user_name} already exists."
  else
    data[:users][user_name][:path] = path
    Excon::Response.new.tap do |response|
      response.status = 200
      response.body = { 'User' => {
                                   "UserId"     => data[:users][user_name][:user_id],
                                   "Path"       => path,
                                   "UserName"   => user_name,
                                   "Arn"        => (data[:users][user_name][:arn]).strip,
                                   "CreateDate" => data[:users][user_name][:created_at]
                                   },
                        'RequestId' => Fog::AWS::Mock.request_id
                       }
    end
  end
end
data() click to toggle source
# File lib/fog/aws/iam.rb, line 142
def data
  self.class.data[@aws_access_key_id]
end
delete_access_key(access_key_id, options = {}) click to toggle source
# File lib/fog/aws/requests/iam/delete_access_key.rb, line 32
def delete_access_key(access_key_id, options = {})
  user_name = options['UserName']
  if user_name && data[:users].key?(user_name) && data[:users][user_name][:access_keys].any? { |akey| akey['AccessKeyId'] == access_key_id }
    data[:users][user_name][:access_keys].delete_if { |akey| akey['AccessKeyId'] == access_key_id }
    Excon::Response.new.tap do |response|
      response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The Access Key with id #{access_key_id} cannot be found.")
  end
end
delete_account_password_policy() click to toggle source
# File lib/fog/aws/requests/iam/delete_account_password_policy.rb, line 27
def delete_account_password_policy
  Excon::Response.new.tap do |response|
    response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end
delete_group(group_name) click to toggle source
# File lib/fog/aws/requests/iam/delete_group.rb, line 30
def delete_group(group_name)
  if data[:groups].key? group_name
    if data[:groups][group_name][:members].empty?
      data[:groups].delete group_name
      Excon::Response.new.tap do |response|
        response.status = 200
        response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      end
    else
      raise Fog::AWS::IAM::Error.new("DeleteConflict => Cannot delete entity, must delete users in group first.")
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The group with name #{group_name} cannot be found.")
  end
end
delete_server_certificate(server_certificate_name) click to toggle source
# File lib/fog/aws/requests/iam/delete_server_certificate.rb, line 30
def delete_server_certificate(server_certificate_name)
  response = Excon::Response.new
  response.status = 200
  response.body = {
    'RequestId' => Fog::AWS::Mock.request_id
  }

  unless self.data[:server_certificates].delete(server_certificate_name)
    raise Fog::AWS::IAM::NotFound.new("The Server Certificate with name #{server_certificate_name} cannot be found.")
  end

  response
end
delete_user(user_name) click to toggle source
# File lib/fog/aws/requests/iam/delete_user.rb, line 30
def delete_user(user_name)
  if data[:users].key? user_name
    data[:users].delete user_name
    Excon::Response.new.tap do |response|
      response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
  end
end
delete_user_policy(user_name, policy_name) click to toggle source
# File lib/fog/aws/requests/iam/delete_user_policy.rb, line 32
def delete_user_policy(user_name, policy_name)
  if data[:users].key?(user_name) && data[:users][user_name][:policies].key?(policy_name)
    data[:users][user_name][:policies].delete policy_name
    Excon::Response.new.tap do |response|
      response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The user policy with name #{policy_name} cannot be found.")
  end
end
get_account_password_policy() click to toggle source
# File lib/fog/aws/requests/iam/get_account_password_policy.rb, line 27
def get_account_password_policy()
  Excon::Response.new.tap do |response|
    response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end
get_account_summary() click to toggle source
# File lib/fog/aws/requests/iam/get_account_summary.rb, line 48
def get_account_summary
  Excon::Response.new.tap do |response|
    response.status = 200
    response.body = {
      'Summary' => {
        'AccessKeysPerUserQuota' => 2,
        'AccountMFAEnabled' => 0,
        'GroupPolicySizeQuota' => 10240,
        'Groups' => 31,
        'GroupsPerUserQuota' => 10,
        'GroupsQuota' => 50,
        'MFADevices' => 20,
        'MFADevicesInUse' => 10,
        'ServerCertificates' => 5,
        'ServerCertificatesQuota' => 10,
        'SigningCertificatesPerUserQuota' => 2,
        'UserPolicySizeQuota' => 10240,
        'Users' => 35,
        'UsersQuota' => 150,
      },
      'RequestId' => Fog::AWS::Mock.request_id
    }
  end
end
get_group(group_name, options = {}) click to toggle source
# File lib/fog/aws/requests/iam/get_group.rb, line 41
def get_group(group_name, options = {})
  raise Fog::AWS::IAM::NotFound.new(
    "The user with name #{group_name} cannot be found."
  ) unless self.data[:groups].key?(group_name)
  Excon::Response.new.tap do |response|
    response.body = { 'Group' =>  {
                                     'GroupId'   => data[:groups][group_name][:group_id],
                                     'Path'     => data[:groups][group_name][:path],
                                     'GroupName' => group_name,
                                     'Arn'      => (data[:groups][group_name][:arn]).strip
                                  },
                      'Users' => data[:groups][group_name][:members].map { |user| get_user(user).body['User'] },
                      'RequestId'   => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end
get_group_policy(policy_name, group_name) click to toggle source
# File lib/fog/aws/requests/iam/get_group_policy.rb, line 33
def get_group_policy(policy_name, group_name)
  raise Fog::AWS::IAM::NotFound.new("The group with name #{group_name} cannot be found.") unless self.data[:groups].key?(group_name)
  raise Fog::AWS::IAM::NotFound.new("The policy with name #{policy_name} cannot be found.") unless self.data[:groups][group_name][:policies].key?(policy_name)
  Excon::Response.new.tap do |response|
    response.body = { 'Policy' =>  {
                        'PolicyName' => policy_name,
                        'GroupName' => group_name,
                        'PolicyDocument' => data[:groups][group_name][:policies][policy_name]
                      },
                      'IsTruncated' => false,
                      'RequestId'   => Fog::AWS::Mock.request_id
                    }
    response.status = 200
  end
end
get_server_certificate(name) click to toggle source
# File lib/fog/aws/requests/iam/get_server_certificate.rb, line 30
def get_server_certificate(name)
  raise Fog::AWS::IAM::NotFound unless certificate = self.data[:server_certificates][name]

  response = Excon::Response.new
  response.status = 200
  response.body = {
    'Certificate' => certificate,
    'RequestId' => Fog::AWS::Mock.request_id
  }

  response
end
get_user(user, options = {}) click to toggle source
# File lib/fog/aws/requests/iam/get_user.rb, line 36
def get_user(user, options = {})
  raise Fog::AWS::IAM::NotFound.new(
    "The user with name #{user} cannot be found."
  ) unless self.data[:users].key?(user)
  Excon::Response.new.tap do |response|
    response.body = {'User' =>  {
                                  'UserId'     => data[:users][user][:user_id],
                                  'Path'       => data[:users][user][:path],
                                  'UserName'   => user,
                                  'Arn'        => (data[:users][user][:arn]).strip,
                                  'CreateDate' => data[:users][user][:created_at]
                                },
                     'RequestId'   => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end
get_user_policy(policy_name, user_name) click to toggle source
# File lib/fog/aws/requests/iam/get_user_policy.rb, line 33
def get_user_policy(policy_name, user_name)
  raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.") unless self.data[:users].key?(user_name)
  raise Fog::AWS::IAM::NotFound.new("The policy with name #{policy_name} cannot be found.") unless self.data[:users][user_name][:policies].key?(policy_name)
  Excon::Response.new.tap do |response|
    response.body = { 'Policy' =>  {
                        'PolicyName' => policy_name,
                        'UserName' => user_name,
                        'PolicyDocument' => data[:users][user_name][:policies][policy_name]
                      },
                      'IsTruncated' => false,
                      'RequestId'   => Fog::AWS::Mock.request_id
                    }
    response.status = 200
  end
end
list_access_keys(options = {}) click to toggle source
# File lib/fog/aws/requests/iam/list_access_keys.rb, line 38
def list_access_keys(options = {})
  #FIXME: Doesn't do anything with options, aside from UserName
  if user = options['UserName']
    if data[:users].key? user
      access_keys_data = data[:users][user][:access_keys]
    else
      raise Fog::AWS::IAM::NotFound.new("The user with name #{user} cannot be found.")
    end
  else
    access_keys_data = data[:access_keys]
  end

  Excon::Response.new.tap do |response|
    response.body = { 'AccessKeys' => access_keys_data.map do |akey|
                                        {'Status' => akey['Status'], 'AccessKeyId' => akey['AccessKeyId']}
                                      end,
                       'IsTruncated' => false,
                       'RequestId' => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end
list_groups(options = {} ) click to toggle source
# File lib/fog/aws/requests/iam/list_groups.rb, line 40
def list_groups(options = {} )
  #FIXME: Doesn't observe options
  Excon::Response.new.tap do |response|
    response.status = 200
    response.body = { 'Groups' => data[:groups].map do |name, group|
                                    { 'GroupId'   => group[:group_id],
                                      'GroupName' => name,
                                      'Path'      => group[:path],
                                      'Arn'       => (group[:arn]).strip }
                                  end,
                      'IsTruncated' => false,
                      'RequestId' => Fog::AWS::Mock.request_id }
  end
end
list_groups_for_user(user_name, options = {}) click to toggle source
# File lib/fog/aws/requests/iam/list_groups_for_user.rb, line 41
def list_groups_for_user(user_name, options = {})
  #FIXME: Does not consider options
  if data[:users].key? user_name
    Excon::Response.new.tap do |response|
      response.status = 200
      response.body = { 'GroupsForUser' => data[:groups].select do |name, group|
                                             group[:members].include? user_name
                                           end.map do |name, group|
                                             { 'GroupId'   => group[:group_id],
                                               'GroupName' => name,
                                               'Path'      => group[:path],
                                               'Arn'       => (group[:arn]).strip }
                                           end,
                        'IsTruncated' => false,
                        'RequestId' => Fog::AWS::Mock.request_id
                      }
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
  end
end
list_mfa_devices(options = {}) click to toggle source
# File lib/fog/aws/requests/iam/list_mfa_devices.rb, line 39
def list_mfa_devices(options = {})
  #FIXME: Doesn't observe options
  Excon::Response.new.tap do |response|
    response.status = 200
    response.body = { 'MFADevices' => data[:devices].map do |device|
                                    { 'EnableDate'   => device[:enable_date],
                                      'SerialNumber' => device[:serial_number],
                                      'UserName'     => device[:user_name] }
                                  end,
                      'IsTruncated' => false,
                      'RequestId' => Fog::AWS::Mock.request_id }
  end
end
list_server_certificates(options = {}) click to toggle source
# File lib/fog/aws/requests/iam/list_server_certificates.rb, line 40
def list_server_certificates(options = {})
  certificates = self.data[:server_certificates].values
  certificates = certificates.select { |certificate| certificate['Path'] =~ Regexp.new("^#{options['PathPrefix']}") } if options['PathPrefix']
  response = Excon::Response.new
  response.status = 200
  response.body = {
    'Certificates' => certificates
  }

  response
end
list_user_policies(user_name, options = {}) click to toggle source
# File lib/fog/aws/requests/iam/list_user_policies.rb, line 37
def list_user_policies(user_name, options = {})
  #FIXME: doesn't use options atm
  if data[:users].key? user_name
    Excon::Response.new.tap do |response|
      response.body = { 'PolicyNames' => data[:users][user_name][:policies].keys,
                        'IsTruncated' => false,
                        'RequestId'   => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
  end
end
list_users(options = {}) click to toggle source
# File lib/fog/aws/requests/iam/list_users.rb, line 40
def list_users(options = {})
  #FIXME: none of the options are currently supported
  Excon::Response.new.tap do |response|
    response.body = {'Users' => data[:users].map do |user, data|
                                  { 'UserId'     => data[:user_id],
                                    'Path'       => data[:path],
                                    'UserName'   => user,
                                    'Arn'        => (data[:arn]).strip,
                                    'CreateDate' => data[:created_at]}
                                end,
                     'IsTruncated' => false,
                     'RequestId'   => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end
put_group_policy(group_name, policy_name, policy_document) click to toggle source

FIXME: You can’t actually use the credentials for anything elsewhere in Fog FIXME: Doesn’t do any validation on the policy

# File lib/fog/aws/requests/iam/put_group_policy.rb, line 35
def put_group_policy(group_name, policy_name, policy_document)
  if data[:groups].key? group_name
    data[:groups][group_name][:policies][policy_name] = policy_document

    Excon::Response.new.tap do |response|
      response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The group with name #{group_name} cannot be found.")
  end
end
put_user_policy(user_name, policy_name, policy_document) click to toggle source

FIXME: You can’t actually use the credentials for anything elsewhere in Fog FIXME: Doesn’t do any validation on the policy

# File lib/fog/aws/requests/iam/put_user_policy.rb, line 36
def put_user_policy(user_name, policy_name, policy_document)
  if data[:users].key? user_name
    data[:users][user_name][:policies][policy_name] = policy_document

    Excon::Response.new.tap do |response|
      response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      response.status = 200
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
  end
end
remove_user_from_group(group_name, user_name) click to toggle source
# File lib/fog/aws/requests/iam/remove_user_from_group.rb, line 32
def remove_user_from_group(group_name, user_name)
  if data[:groups].key? group_name
    if data[:users].key? user_name
      data[:groups][group_name][:members].delete_if { |item| item == user_name }
      Excon::Response.new.tap do |response|
        response.status = 200
        response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
      end
    else
      raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
    end
  else
    raise Fog::AWS::IAM::NotFound.new("The group with name #{group_name} cannot be found.")
  end
end
reset_data() click to toggle source
# File lib/fog/aws/iam.rb, line 146
def reset_data
  self.class.data.delete(@aws_access_key_id)
end
setup_credentials(options) click to toggle source
# File lib/fog/aws/iam.rb, line 150
def setup_credentials(options)
  @aws_access_key_id = options[:aws_access_key_id]
end
update_access_key(access_key_id, status, options = {}) click to toggle source
# File lib/fog/aws/requests/iam/update_access_key.rb, line 34
def update_access_key(access_key_id, status, options = {})
  if user = options['UserName']
    if data[:users].key? user
      access_keys_data = data[:users][user][:access_keys]
    else
      raise Fog::AWS::IAM::NotFound.new('The user with name #{user_name} cannot be found.')
    end
  else
    access_keys_data = data[:access_keys]
  end
  key = access_keys_data.find{|k| k["AccessKeyId"] == access_key_id}
  key["Status"] = status
  Excon::Response.new.tap do |response|
    response.status = 200
    response.body = { 'AccessKey' => key,
                      'RequestId' => Fog::AWS::Mock.request_id }
  end
end
update_account_password_policy(minimum_password_length, max_password_age, password_reuse_prevention,require_symbols,require_numbers,require_uppercase_characters, require_lowercase_characters,allow_users_to_change_password, hard_expiry, expire_passwords) click to toggle source
# File lib/fog/aws/requests/iam/update_account_password_policy.rb, line 47
def update_account_password_policy(minimum_password_length, max_password_age, password_reuse_prevention,require_symbols,require_numbers,require_uppercase_characters, require_lowercase_characters,allow_users_to_change_password, hard_expiry, expire_passwords)
  Excon::Response.new.tap do |response|
    response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end
update_server_certificate(server_certificate_name, options = {}) click to toggle source
# File lib/fog/aws/requests/iam/update_server_certificate.rb, line 36
def update_server_certificate(server_certificate_name, options = {})
  new_server_certificate_name = options['NewServerCertificateName']
  if self.data[:server_certificates][new_server_certificate_name]
    raise Fog::AWS::IAM::EntityAlreadyExists.new("The Server Certificate with name #{server_certificate_name} already exists.")
  end
  unless certificate = self.data[:server_certificates].delete(server_certificate_name)
    raise Fog::AWS::IAM::NotFound.new("The Server Certificate with name #{server_certificate_name} cannot be found.")
  end

  if new_server_certificate_name
    certificate['ServerCertificateName'] = new_server_certificate_name
  end

  if new_path = options['NewPath']
    certificate['Path'] = new_path
  end

  self.data[:server_certificates][certificate['ServerCertificateName']] = certificate

  Excon::Response.new.tap do |response|
    response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
    response.status = 200
  end
end
upload_server_certificate(certificate, private_key, name, options = {}) click to toggle source
# File lib/fog/aws/requests/iam/upload_server_certificate.rb, line 44
def upload_server_certificate(certificate, private_key, name, options = {})
  if certificate.nil? || certificate.empty? || private_key.nil? || private_key.empty?
    raise Fog::AWS::IAM::ValidationError.new
  end
  response = Excon::Response.new

  # Validate cert and key
  begin
    # must be an RSA private key
    raise OpenSSL::PKey::RSAError unless private_key =~ /BEGIN RSA PRIVATE KEY/

    cert = OpenSSL::X509::Certificate.new(certificate)
    chain = OpenSSL::X509::Certificate.new(options['CertificateChain']) if options['CertificateChain']
    key = OpenSSL::PKey::RSA.new(private_key)
  rescue OpenSSL::X509::CertificateError, OpenSSL::PKey::RSAError => e
    message = if e.is_a?(OpenSSL::X509::CertificateError)
                "Invalid Public Key Certificate."
              else
                "Invalid Private Key."
              end
    raise Fog::AWS::IAM::MalformedCertificate.new(message)
  end

  unless cert.check_private_key(key)
    raise Fog::AWS::IAM::KeyPairMismatch.new
  end

  if self.data[:server_certificates][name]
    raise Fog::AWS::IAM::EntityAlreadyExists.new("The Server Certificate with name #{name} already exists.")
  else
    response.status = 200
    path = options['Path'] || "/"
    data = {
      'Arn' => Fog::AWS::Mock.arn('iam', self.data[:owner_id], "server-certificate/#{name}"),
      'Path' => path,
      'ServerCertificateId' => Fog::AWS::IAM::Mock.server_certificate_id,
      'ServerCertificateName' => name,
      'UploadDate' => Time.now
    }
    self.data[:server_certificates][name] = data
    response.body = {
      'Certificate' => data,
      'RequestId' => Fog::AWS::Mock.request_id
    }
  end

  response
end