# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You
# may not use this file except in compliance with the License. A copy of
# the License is located at
#
#     http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.

module AWS
  class IAM

    
    # Represents an IAM User.  Each AWS account can have many users.  Users
    # can be organized (optionally) into groups.  Users (and groups) can be
    # given policies that affect that they can do.
    #
    # == Creating A User
    #
    #   iam = AWS::IAM.new
    #
    #   user = iam.users.create('johndoe')
    # 
    #
    # == Renaming a User
    #
    # You can only edit a user's name and path (both of which will modify
    # the user's ARN).
    #
    #   user = iam.users['johndoe']
    #   user.name = 'newname'
    #
    # == User Path
    # 
    # When you create a user you can assign a path.  Paths must begin and
    # end with a forward slash (/).  
    #
    #   user = iam.users.create('newuser', :path => '/developers/ruby/')
    #
    # Paths are a useful tool for organizing/tagging users.  You can later
    # enumerate users by their path prefixes:
    #
    #   iam.users.each(:path_prefix => '/developers').each do |developer|
    #     puts developer.name
    #   end
    #
    # == Login Profile
    #
    # A login profile is required for an IAM user to use the AWS Management
    # console (web interface).  See {LoginProfile} for more information.
    #
    # == Deleting Users
    #
    # In order to delete a user you must first remove it from all of its
    # groups and delete all of its signing certificates.  Once this is done:
    #
    class User < Resource

      prefix_update_attributes

      # @param [String] name The IAM user name for this user.
      # @param [Hash] options
      def initialize name, options = {}
        options[:name] = name
        super(options)
      end

      # @attr [String] The IAM user name.
      mutable_attribute :name, :static => true, :as => :user_name

      # @attr_reader [String] The user's unique ID.
      attribute :id, :static => true, :as => :user_id

      # @attr_reader [Time] When the user was created.
      attribute :create_date, :static => true

      # @attr_reader [String] The user's ARN (Amazon Resource Name).
      attribute :arn

      # @attr [String] The path for this user.  Paths are used to 
      #   identify which division or part of an organization the user 
      #   belongs to.
      mutable_attribute :path

      populates_from(:create_user, :get_user) do |resp|
        resp.user if resp.user.user_name == name
      end

      populates_from(:list_users, :get_group) do |resp|
        resp.users.find{|u| u.user_name == name }
      end

      # Deletes this user.
      # @return [nil]
      def delete
        client.delete_user(resource_options)
        nil
      end

      def delete!
        groups.clear
        access_keys.clear
        policies.clear
        mfa_devices.clear
        signing_certificates.clear
        login_profile.delete if login_profile.exists?
        delete
      end

      # Returns a collection that represents all policies for this user.
      #
      #   user.policies.each do |policy|
      #     puts policy.name
      #   end
      #
      # @return [PolicyCollection] Returns a collection that represents
      #   all policies for this user.
      def policies
        UserPolicyCollection.new(self)  
      end

      # Returns a collection that represents the signing certificates
      # belonging to this user.
      #
      #   user.signing_certificates.each do |cert|
      #     # ...
      #   end
      #
      # If you need to access the signing certificates of this AWS account,
      # see {IAM#signing_certificates}.
      # 
      # @return [SigningCertificateCollection] Returns a collection that
      #   represents signing certificates for this user.
      def signing_certificates
        SigningCertificateCollection.new(:user => self, :config => config)
      end

      # @return [MFADeviceCollection] Returns a collection that represents 
      #   all MFA devices assigned to this user.
      def mfa_devices
        MFADeviceCollection.new(self)
      end

      # A login profile is a user name and password that enables a
      # user to log in to the {http://aws.amazon.com/console AWS
      # Management Console}.  The object returned by this method
      # allows you to set or delete the password.  For example:
      #
      #   user.login_profile.password = "TheNewPassword"
      #
      # @return [LoginProfile] Returns the login profile for this
      #   user.
      def login_profile
        LoginProfile.new(self)
      end

      # Returns a collection that represents the access keys for this user.
      #
      #   user.access_keys.each do |access_key|
      #     puts access_key.id
      #   end
      #
      # @return [AccessKeyCollection] Returns a collection that represents all
      #   access keys for this user.
      def access_keys
        AccessKeyCollection.new(:user => self)
      end

      # Returns a collection that includes all of the groups the user
      # is in.
      #
      # @return [UserGroupCollection]
      def groups
        UserGroupCollection.new(self)
      end

      # @private
      protected
      def resource_identifiers
        [[:user_name, name]]
      end

    end
  end
end