-
Notifications
You must be signed in to change notification settings - Fork 9
/
alicloud_ram_users.rb
142 lines (129 loc) · 4.46 KB
/
alicloud_ram_users.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
require 'alicloud_backend'
class AliCloudRamUsers < AliCloudResourceBase
name 'alicloud_ram_users'
desc 'Verifies settings for AliCloud ram users.'
example <<-EXAMPLE
# Ensure there's more than 1 users
describe alicloud_ram_users do
its('entries.count') { should be > 1 }
end
EXAMPLE
attr_reader :table
# FilterTable setup
FilterTable.create
.register_column(:update_dates, field: :update_date)
.register_column(:user_names, field: :user_name)
.register_column(:user_ids, field: :user_id)
.register_column(:comments_s, field: :comments)
.register_column(:display_names, field: :display_name)
.register_column(:create_dates, field: :create_date)
.register_column(:has_console_access, field: :has_console_access)
.register_column(:access_keys, field: :access_keys)
.register_column(:has_access_key, field: :has_access_key)
.register_column(:active_access_keys, field: :active_access_keys)
.register_column(:has_active_access_key, field: :has_active_access_key)
.register_column(:has_console_and_key_access, field: :has_console_and_key_access)
.register_column(:has_mfa_enabled, field: :has_mfa_enabled)
.install_filter_methods_on_resource(self, :table)
def initialize(opts = {})
super(opts)
validate_parameters(required: %i(region))
@users = fetch_users(opt[:region])
return [] if !@users || @users.empty?
user_rows = []
@users.map do |user|
user_name = user['UserName']
login_profile = fetch_login_profile(opts[:region], user_name)
access_keys = fetch_access_keys(opts[:region], user_name)
active_access_keys = if access_keys.nil?
[]
else
access_keys.select do |x|
x['Status'] == 'Active'
end.map { |x| x['AccessKeyId'] }
end
mfa = fetch_user_mfa(opts[:region], user_name)
user_rows += [{
update_date: user['UpdateDate'],
user_name: user_name,
user_id: user['UserId'],
comments: user['Comments'],
display_name: user['DisplayName'],
create_date: user['CreateDate'],
has_console_access: login_profile.nil? ? false : true,
access_keys: access_keys.nil? ? [] : access_keys.map { |x| x['AccessKeyId'] },
has_access_key: access_keys.nil? ? false : true,
active_access_keys: if access_keys.nil?
[]
else
access_keys.select do |x|
x['Status'] == 'Active'
end.map { |x| x['AccessKeyId'] }
end,
has_active_access_key: active_access_keys.count.positive? ? true : false,
has_console_and_key_access: !login_profile.nil? && active_access_keys.count.positive?,
has_mfa_enabled: mfa.nil? ? false : true,
}]
end
@table = user_rows
end
def fetch_users(_region)
catch_alicloud_errors do
resp = @alicloud.ram_client.request(
action: 'ListUsers',
params: {
'RegionId': opts[:region],
},
)['Users']['User']
return resp
end
end
def fetch_login_profile(region, user)
catch_alicloud_errors('EntityNotExist.User.LoginProfile') do
resp = @alicloud.ram_client.request(
action: 'GetLoginProfile',
params: {
'RegionId': region,
'UserName': user,
},
opts: {
method: 'POST',
},
)['LoginProfile']
return resp
end
end
def fetch_access_keys(region, user)
catch_alicloud_errors do
resp = @alicloud.ram_client.request(
action: 'ListAccessKeys',
params: {
'RegionId': region,
'UserName': user,
},
opts: {
method: 'POST',
},
)['AccessKeys']['AccessKey']
return resp
end
end
def fetch_user_mfa(region, user)
catch_alicloud_errors('EntityNotExist.User.MFADevice') do
resp = @alicloud.ram_client.request(
action: 'GetUserMFAInfo',
params: {
'RegionId': region,
'UserName': user,
},
opts: {
method: 'POST',
},
)['MFADevice']
return resp
end
end
def exists?
end
end