# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
# Licensed under the Apache License, Version 2.0 (the "License"). You
# may not use this file except in compliance with the License. A copy of
# the License is located at
#
# http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
require 'aws/iam/collection'
require 'aws/iam/signing_certificate'
module AWS
class IAM
# This is the primary interface for uploading X.509 signing certificates
# to an AWS account or an IAM user.
#
# iam = AWS::IAM.new
#
# # upload a certificate for the AWS account:
# iam.signing_certificates.upload(<<-CERT)
# -----BEGIN CERTIFICATE-----
# MIICdzCCAeCgAwIBAgIFGS4fY6owDQYJKoZIhvcNAQEFBQAwUzELMAkGA1UEBhMC
# ......
# Glli79yh87PRi0vNDlFEoHXNynkvC/c4TiWruZ4haM9BR9EdWr1DBNNu73ui093K
# F9TbdXSWdgMl7E0=
# -----END CERTIFICATE-----
# CERT
#
# If you want to work with an IAM user's certificates just use the
# signing certificate interface on a user:
#
# user = iam.users['someuser']
# user.signing_certificates.upload(cert_body)
#
class SigningCertificateCollection
include Collection
# @param [Hash] options
# @option options [User] :user (nil) When +:user+ is provided the
# collection will represents the signing certificates belonging only
# to that user. When +:user+ is omitted the collection will manage
# root credentials on the AWS account (instead those belonging to a
# particular user).
def initialize options = {}
@user = options[:user]
@user ? super(@user, options) : super(options)
end
# @return [User,nil] Returns the user this collection belongs to.
# Returns +nil+ if the collection represents the root credentials
# for the account. If the configured credentials belong to an
# IAM user, then that user is the implied owner.
attr_reader :user
# @param [String] certificate_body The contents of the signing
# certificate.
# @return [SigningCertificate] Returns the newly created signing
# certificate.
def upload certificate_body
options = {}
options[:certificate_body] = certificate_body
options[:user_name] = user.name if user
resp = client.upload_signing_certificate(options)
SigningCertificate.new_from(:upload_signing_certificate,
resp.certificate, resp.certificate.certificate_id, new_options)
end
alias_method :create, :upload
# @param [String] certificate_id The ID of the signing certificate.
# @return [SigningCertificate] Returns a reference to the signing
# certificate with the given certificate ID.
def [] certificate_id
SigningCertificate.new(certificate_id.to_s, new_options)
end
# Deletes all of the signing certificates from this collection.
# @return [nil]
def clear
each do |certificate|
certificate.delete
end
nil
end
# Yields once for each signing certificate.
#
# You can limit the number of certificates yielded using +:limit+.
#
# @param [Hash] options
# @option options [Integer] :limit The maximum number of certificates
# to yield.
# @option options [Integer] :batch_size The maximum number of
# certificates received each service reqeust.
# @yieldparam [SigningCertificate] signing_certificate
# @return [nil]
def each options = {}, &block
each_options = options.dup
each_options[:user_name] = user.name if user
super(each_options, &block)
end
# @private
protected
def each_item response, &block
response.certificates.each do |item|
cert = SigningCertificate.new_from(:list_signing_certificates,
item, item.certificate_id, new_options)
yield(cert)
end
end
# @private
protected
def new_options
user ? { :user => user } : { :config => config }
end
end
end
end