awscli 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/lib/awscli.rb +7 -0
- data/lib/awscli/cli/iam.rb +10 -0
- data/lib/awscli/cli/iam/group.rb +46 -0
- data/lib/awscli/cli/iam/policies.rb +82 -0
- data/lib/awscli/cli/iam/profiles.rb +55 -0
- data/lib/awscli/cli/iam/roles.rb +43 -0
- data/lib/awscli/cli/iam/user.rb +128 -0
- data/lib/awscli/connection.rb +10 -0
- data/lib/awscli/ec2.rb +1 -1
- data/lib/awscli/iam.rb +395 -0
- data/lib/awscli/version.rb +1 -1
- metadata +10 -13
- data/features/awscli.feature +0 -8
- data/features/step_definitions/awscli_steps.rb +0 -6
- data/features/support/env.rb +0 -15
- data/test/default_test.rb +0 -14
- data/test/test_helper.rb +0 -9
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
MGYzNjYyNTcyZTBiZGQzNjM2MDM5YWIwMDE5ZGJkY2U0OTkwZTgxYQ==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
MGI5OWM2NWI5YzkxNDU2YjcyY2FiZGFjNTcyN2Y1MjA5YWYxZGVlMw==
|
7
7
|
!binary "U0hBNTEy":
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
MWJjMmZmZGU0YzI2YzcxOWFiYTlhZGJmZTNiZjE3NDA4ZjliN2M1MzVhY2Ew
|
10
|
+
ODk5NDA1OTE4YTViYzExNjRjY2M4NTgyODQ4Y2EyMDJkZTQ4ZTVkYTc0M2Rj
|
11
|
+
MjJhMTE4YjllMWZkYjhjY2U3YmVhZmQ3ZGE1MWZmZTg2NDNlOWI=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
ZDIxYjZhZWUyMjg0ZTk2NzI3OWQ3Y2Y4OWI1MWExZDk1OWU3ODcxMmNjYTRi
|
14
|
+
NmE3ZDA1Yjg5ZWRmMGVlYzlkZTU2N2NlZWVlNDYyMTNlNzc5NzYzOWE3MGEz
|
15
|
+
MTExODI3YzQyMWRjYzM0OGYyNDNiNTliYzlhMjRkNDAzZjQ5ZTM=
|
data/lib/awscli.rb
CHANGED
@@ -48,4 +48,11 @@ module AwsCli
|
|
48
48
|
require 'awscli/cli/as/groups'
|
49
49
|
require 'awscli/cli/as/instances'
|
50
50
|
require 'awscli/cli/as/policies'
|
51
|
+
#IAM
|
52
|
+
require 'awscli/cli/iam'
|
53
|
+
require 'awscli/cli/iam/user'
|
54
|
+
require 'awscli/cli/iam/group'
|
55
|
+
require 'awscli/cli/iam/policies'
|
56
|
+
require 'awscli/cli/iam/roles'
|
57
|
+
require 'awscli/cli/iam/profiles'
|
51
58
|
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
module AwsCli
|
2
|
+
module CLI
|
3
|
+
module IAM
|
4
|
+
require 'awscli/cli/iam'
|
5
|
+
class Group < Thor
|
6
|
+
|
7
|
+
desc 'list', 'list users'
|
8
|
+
long_desc <<-DESC
|
9
|
+
Lists the users that have the specified path prefix. If there are none, the action returns an empty list.
|
10
|
+
DESC
|
11
|
+
method_option :path, :aliases => '-p', :default => '/', :desc => 'The path prefix for filtering the results. For example, /division_abc/subdivision_xyz/ would get all users whose path starts with /division_abc/subdivision_xyz/. Default: prints all groups'
|
12
|
+
def list
|
13
|
+
create_iam_object
|
14
|
+
@iam.list options[:path]
|
15
|
+
end
|
16
|
+
|
17
|
+
desc 'create', 'create a new group'
|
18
|
+
method_option :group_name, :aliases => '-g', :required => true, :desc => 'name of the group to create (do not include path)'
|
19
|
+
method_option :path, :aliases => '-p', :default => '/', :desc => 'optional path to group, defaults to "/"'
|
20
|
+
def create
|
21
|
+
create_iam_object
|
22
|
+
@iam.create options[:group_name], options[:path]
|
23
|
+
end
|
24
|
+
|
25
|
+
desc 'delete', 'delete existing group'
|
26
|
+
method_option :group_name, :aliases => '-g', :required => true, :desc => 'name of the group to delete'
|
27
|
+
def delete
|
28
|
+
create_iam_object
|
29
|
+
@iam.delete options[:group_name]
|
30
|
+
end
|
31
|
+
|
32
|
+
private
|
33
|
+
|
34
|
+
def create_iam_object
|
35
|
+
puts 'IAM Establishing Connetion...'
|
36
|
+
$iam_conn = Awscli::Connection.new.request_iam
|
37
|
+
puts 'IAM Establishing Connetion... OK'
|
38
|
+
@iam = Awscli::Iam::Group.new($iam_conn)
|
39
|
+
end
|
40
|
+
|
41
|
+
AwsCli::CLI::Iam.register AwsCli::CLI::IAM::Group, :group, 'group [COMMAND]', 'IAM Group Management'
|
42
|
+
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,82 @@
|
|
1
|
+
module AwsCli
|
2
|
+
module CLI
|
3
|
+
module IAM
|
4
|
+
require 'awscli/cli/iam'
|
5
|
+
class Policies < Thor
|
6
|
+
|
7
|
+
desc 'add [OPTIONS]', 'Adds (or updates) a policy document associated with the specified user/group'
|
8
|
+
long_desc <<-DESC
|
9
|
+
Creates a policy based on the information you provide and attaches the policy to the specified user/group. The command accepts a file containing the policy.
|
10
|
+
Use http://awspolicygen.s3.amazonaws.com/policygen.html to generate policy documents
|
11
|
+
DESC
|
12
|
+
method_option :user_name, :aliases => '-u', :banner => 'NAME', :desc => 'Name of the user the policy is for'
|
13
|
+
method_option :group_name, :aliases => '-g', :banner => 'NAME', :desc => 'Name of the group the policy is for'
|
14
|
+
method_option :role_name, :aliases => '-r', :banner => 'NAME', :desc => 'Name of the role the policy is for'
|
15
|
+
method_option :policy_name, :aliases => '-p', :required => true, :banner => 'NAME', :desc => 'Name you want to assign the policy'
|
16
|
+
method_option :policy_document, :aliases => '-f', :required => true, :banner => 'PATH', :desc => 'Path and name of the file containing the policy, Use http://awspolicygen.s3.amazonaws.com/policygen.html to generate policy documents'
|
17
|
+
def add
|
18
|
+
create_iam_object
|
19
|
+
if !options[:user_name] and !options[:group_name] and !options[:role_name]
|
20
|
+
puts 'should pass either --user-name or --group-name or --role-name'
|
21
|
+
exit
|
22
|
+
end
|
23
|
+
@iam.add_policy_document options
|
24
|
+
end
|
25
|
+
|
26
|
+
# desc 'addpolicy', 'Creates a policy based on the information you provide and attaches the policy to the specified user'
|
27
|
+
# long_desc <<-DESC
|
28
|
+
# Use this command if you need a simple policy with no conditions, and you don't want to write the policy yourself. If you need a policy with conditions, you must write the policy yourself and upload it with addpolicydoc.
|
29
|
+
# DESC
|
30
|
+
# method_option :user_name, :aliases => '-u', :required => true, :desc => 'Name of the user the policy is for'
|
31
|
+
# method_option :policy_name, :aliases => '-p', :required => true, :desc => 'Name you want to assign the policy'
|
32
|
+
# method_option :effect, :aliases => '-e', :required => true, :desc => 'The value for the policys Effect element. Specifies whether the policy results in an allow or a deny, Valid Values: Allow | Deny'
|
33
|
+
# method_option :action, :aliases => '-a', :type => :array, :required => true, :desc => 'The value for the policys Action element. Specifies the service and action you want to allow or deny permission to. For example: -a iam:ListAccessKeys. You can use wildcards, and you can specify more than one -a Action option in the request'
|
34
|
+
# method_option :resouce_name, :aliases => '-r', :type => :array, :required => true, :desc => 'The value for the policys Resource element. Specifies the Amazon Resource Name (ARN) for the resource (or resources) the policy applies to. You can use wildcards, and you can specify more than one -r AMAZON RESOURCE NAME option in the request'
|
35
|
+
# method_option :output, :aliases => '-o', :type => :boolean, :default => false, :desc => 'Causes the output to include the JSON policy document that IAM created for you'
|
36
|
+
# def addpolicy
|
37
|
+
# create_iam_object
|
38
|
+
# @iam.add_policy options
|
39
|
+
# end
|
40
|
+
|
41
|
+
desc 'list [OPTIONS]' , 'list policies for a user/group pass respective options'
|
42
|
+
method_option :user_name, :aliases => '-u', :desc => 'name of the user to list policies for'
|
43
|
+
method_option :group_name, :aliases => '-g', :desc => 'name of the gourp to list policies for'
|
44
|
+
method_option :role_name, :aliases => '-r', :desc => 'name of the role to list policies for'
|
45
|
+
def list
|
46
|
+
if !options[:user_name] and !options[:group_name] and !options[:role_name]
|
47
|
+
puts 'should pass either --user-name or --group-name or --role-name'
|
48
|
+
exit
|
49
|
+
end
|
50
|
+
create_iam_object
|
51
|
+
@iam.list options
|
52
|
+
end
|
53
|
+
|
54
|
+
desc 'delete [OPTIONS]', 'delete policy associated with a user/group'
|
55
|
+
method_option :user_name, :aliases => '-u', :desc => 'name of the user to delete policies for'
|
56
|
+
method_option :group_name, :aliases => '-g', :desc => 'name of the gourp to delete policies for'
|
57
|
+
method_option :role_name, :aliases => '-r', :banner => 'NAME', :desc => 'Name of the role to delete the policy for'
|
58
|
+
method_option :policy_name, :aliases => '-p', :required => true, :desc => 'name of the policy to delete'
|
59
|
+
def delete
|
60
|
+
if !options[:user_name] and !options[:group_name] and !options[:role_name]
|
61
|
+
puts 'should pass either --user-name or --group-name or --role-name'
|
62
|
+
exit
|
63
|
+
end
|
64
|
+
create_iam_object
|
65
|
+
@iam.delete_policy options
|
66
|
+
end
|
67
|
+
|
68
|
+
private
|
69
|
+
|
70
|
+
def create_iam_object
|
71
|
+
puts 'IAM Establishing Connetion...'
|
72
|
+
$iam_conn = Awscli::Connection.new.request_iam
|
73
|
+
puts 'IAM Establishing Connetion... OK'
|
74
|
+
@iam = Awscli::Iam::Policies.new($iam_conn)
|
75
|
+
end
|
76
|
+
|
77
|
+
AwsCli::CLI::Iam.register AwsCli::CLI::IAM::Policies, :policies, 'policies [COMMAND]', 'IAM Policies Management'
|
78
|
+
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
module AwsCli
|
2
|
+
module CLI
|
3
|
+
module IAM
|
4
|
+
require 'awscli/cli/iam'
|
5
|
+
class Profiles < Thor
|
6
|
+
|
7
|
+
desc 'list', 'list available isntance profiles, specify role to list profiles specific to that role'
|
8
|
+
method_option :role, :aliases => '-r', :banner => 'NAME', :desc => 'role name to list instance profiles for'
|
9
|
+
def list
|
10
|
+
create_iam_object
|
11
|
+
if options[:role]
|
12
|
+
@iam.list_for_role options[:role]
|
13
|
+
else
|
14
|
+
@iam.list
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
desc 'create', 'Creates a new instance profile'
|
19
|
+
method_option :profile_name, :aliases => '-p', :banner => 'NAME', :required => true, :desc => 'name of the isntance profile to create'
|
20
|
+
method_option :path, :aliases => '-p', :default => '/', :desc => 'optional path to group, defaults to /'
|
21
|
+
def create
|
22
|
+
create_iam_object
|
23
|
+
@iam.create options[:profile_name], options[:path]
|
24
|
+
end
|
25
|
+
|
26
|
+
desc 'delete', 'Deletes an existing instance profile from your AWS account'
|
27
|
+
method_option :profile_name, :aliases => '-p', :banner => 'NAME', :required => true, :desc => 'name of the isntance profile to create'
|
28
|
+
def delete
|
29
|
+
create_iam_object
|
30
|
+
@iam.delete options[:profile_name]
|
31
|
+
end
|
32
|
+
|
33
|
+
desc 'delete_role', 'Removes a role from a instance profile'
|
34
|
+
method_option :profile_name, :aliases => '-p', :banner => 'NAME', :required => true, :desc => 'Name of the instance profile to update'
|
35
|
+
method_option :role_name, :aliases => '-r', :banner => 'NAME', :required => true, :desc => 'Name of the role to remove'
|
36
|
+
def delete_role
|
37
|
+
create_iam_object
|
38
|
+
@iam.remove_role_from_instance_profile options[:profile_name], options[:role_name]
|
39
|
+
end
|
40
|
+
|
41
|
+
private
|
42
|
+
|
43
|
+
def create_iam_object
|
44
|
+
puts 'IAM Establishing Connetion...'
|
45
|
+
$iam_conn = Awscli::Connection.new.request_iam
|
46
|
+
puts 'IAM Establishing Connetion... OK'
|
47
|
+
@iam = Awscli::Iam::Profiles.new($iam_conn)
|
48
|
+
end
|
49
|
+
|
50
|
+
AwsCli::CLI::Iam.register AwsCli::CLI::IAM::Profiles, :profiles, 'profiles [COMMAND]', 'IAM Profiles Management'
|
51
|
+
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
module AwsCli
|
2
|
+
module CLI
|
3
|
+
module IAM
|
4
|
+
require 'awscli/cli/iam'
|
5
|
+
class Roles < Thor
|
6
|
+
|
7
|
+
desc 'list', 'list available roles'
|
8
|
+
def list
|
9
|
+
create_iam_object
|
10
|
+
@iam.list
|
11
|
+
end
|
12
|
+
|
13
|
+
desc 'create', 'Creates a new role for your AWS account'
|
14
|
+
method_option :role_name, :aliases => '-r', :required => true, :desc => 'name of the role to create'
|
15
|
+
method_option :policy_document, :aliases => '-d', :required => true, :banner => 'PATH', :desc => 'path to the policy document that grants an entity permission to assume the role'
|
16
|
+
method_option :path, :aliases => '-p', :default => '/', :desc => 'Path to the user If you dont want the role to have a path, set to /'
|
17
|
+
def create
|
18
|
+
create_iam_object
|
19
|
+
@iam.create_role options
|
20
|
+
end
|
21
|
+
|
22
|
+
desc 'delete', 'Deletes an existing role from your AWS account'
|
23
|
+
method_option :role_name, :aliases => '-r', :required => true, :desc => 'name of the role to delete'
|
24
|
+
def delete
|
25
|
+
create_iam_object
|
26
|
+
@iam.delete_role options[:role_name]
|
27
|
+
end
|
28
|
+
|
29
|
+
private
|
30
|
+
|
31
|
+
def create_iam_object
|
32
|
+
puts 'IAM Establishing Connetion...'
|
33
|
+
$iam_conn = Awscli::Connection.new.request_iam
|
34
|
+
puts 'IAM Establishing Connetion... OK'
|
35
|
+
@iam = Awscli::Iam::Roles.new($iam_conn)
|
36
|
+
end
|
37
|
+
|
38
|
+
AwsCli::CLI::Iam.register AwsCli::CLI::IAM::Roles, :roles, 'roles [COMMAND]', 'IAM Roles Management'
|
39
|
+
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,128 @@
|
|
1
|
+
module AwsCli
|
2
|
+
module CLI
|
3
|
+
module IAM
|
4
|
+
require 'awscli/cli/iam'
|
5
|
+
class User < Thor
|
6
|
+
|
7
|
+
desc 'list', 'list users'
|
8
|
+
long_desc <<-DESC
|
9
|
+
Lists the users that have the specified path prefix. If there are none, the action returns an empty list.
|
10
|
+
DESC
|
11
|
+
method_option :path, :aliases => '-p', :default => '/', :desc => 'The path prefix for filtering the results. For example, /division_abc/subdivision_xyz/ would get all users whose path starts with /division_abc/subdivision_xyz/. Default: prints all users'
|
12
|
+
# method_option :marker, :aliases => '-m', :desc => 'used to paginate subsequent requests'
|
13
|
+
# method_option :maxitems, :alises => '-i', :type => :numeric, :desc => 'limit results to this number per page'
|
14
|
+
def list
|
15
|
+
create_iam_object
|
16
|
+
@iam.list options[:path]
|
17
|
+
end
|
18
|
+
|
19
|
+
desc 'create', 'create a user'
|
20
|
+
long_desc <<-DESC
|
21
|
+
Creates a new user in your AWS account. Optionally adds the user to one or more groups, and creates an access key for the user.
|
22
|
+
DESC
|
23
|
+
method_option :user_name, :aliases => '-u', :required => true, :desc => 'name of the user to create (do not include path)'
|
24
|
+
method_option :path, :aliases => '-p', :defualt => '/', :desc => 'optional path to group, defaults to "/"'
|
25
|
+
method_option :group, :aliases => '-g', :desc => 'name of a group you want to add the user to'
|
26
|
+
method_option :access_key, :alises => '-k', :desc => 'creates an access key for the user'
|
27
|
+
def create
|
28
|
+
create_iam_object
|
29
|
+
@iam.create options[:user_name], options[:path]
|
30
|
+
end
|
31
|
+
|
32
|
+
desc 'delete', 'delete existing user'
|
33
|
+
method_option :user_name, :aliases => '-u', :required => true, :desc => 'name of the user to delete (dont include path)'
|
34
|
+
def delete
|
35
|
+
create_iam_object
|
36
|
+
@iam.delete options[:user_name]
|
37
|
+
end
|
38
|
+
|
39
|
+
desc 'cak', 'create access key for user'
|
40
|
+
long_desc <<-DESC
|
41
|
+
Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified user. The default status for new keys is Active.
|
42
|
+
DESC
|
43
|
+
method_option :user_name, :aliases => '-u', :required => true, :desc => 'The user name that the new key will belong to'
|
44
|
+
def cak
|
45
|
+
create_iam_object
|
46
|
+
@iam.create_user_access_key options[:user_name]
|
47
|
+
end
|
48
|
+
|
49
|
+
desc 'lak', 'list access keys for a user'
|
50
|
+
method_option :user_name, :aliases => '-u', :required => true, :desc => 'The user name to list the access keys for'
|
51
|
+
def lak
|
52
|
+
create_iam_object
|
53
|
+
@iam.list_user_access_keys options[:user_name]
|
54
|
+
end
|
55
|
+
|
56
|
+
desc 'dak', 'delete access key for a user'
|
57
|
+
method_option :user_name, :aliases => '-u', :required => true, :desc => 'The username to delete the access key for'
|
58
|
+
method_option :access_key_id, :aliases => '-a', :required => true, :desc => 'Access key id to delete'
|
59
|
+
def dak
|
60
|
+
create_iam_object
|
61
|
+
@iam.delete_user_access_key options[:user_name], options[:access_key_id]
|
62
|
+
end
|
63
|
+
|
64
|
+
desc 'update', 'updates the name and/or the path of the specified user'
|
65
|
+
method_option :user_name, :aliases => '-u', :required => true, :desc => 'The user name to update the information for'
|
66
|
+
method_option :new_user_name, :aliases => '-n', :banner => 'USERNAME', :desc => 'New name for the user. Include this parameter only if you are changing the users name.'
|
67
|
+
method_option :new_path, :aliases => '-p', :banner => 'PATH' , :desc => 'New path for the user. Include this parameter only if you are changing the users path'
|
68
|
+
def update
|
69
|
+
create_iam_object
|
70
|
+
if !options[:new_user_name] and !options[:new_path]
|
71
|
+
puts 'Should pass atleast one option to change, either --new-user-name (or) --new-path'
|
72
|
+
exit
|
73
|
+
end
|
74
|
+
@iam.update_user options
|
75
|
+
end
|
76
|
+
|
77
|
+
desc 'addtogroup', 'Add an existing user to a group'
|
78
|
+
method_option :user_name, :aliases => '-u', :required => true, :desc => 'name of user to add'
|
79
|
+
method_option :group_name, :aliases => '-g', :required => true, :desc => 'name of the group'
|
80
|
+
def addtogroup
|
81
|
+
create_iam_object
|
82
|
+
@iam.add_user_to_group options[:user_name], options[:group_name]
|
83
|
+
end
|
84
|
+
|
85
|
+
desc 'removefromgroup', 'Remove a user from a group'
|
86
|
+
method_option :user_name, :aliases => '-u', :required => true, :desc => 'name of user to remove'
|
87
|
+
method_option :group_name, :aliases => '-g', :required => true, :desc => 'name of the group to remove from'
|
88
|
+
def removefromgroup
|
89
|
+
create_iam_object
|
90
|
+
@iam.remove_user_from_group options[:user_name], options[:group_name]
|
91
|
+
end
|
92
|
+
|
93
|
+
desc 'listgroups', 'List groups for user'
|
94
|
+
method_option :user_name, :aliases => '-u', :required => true, :desc => 'name of the user to list the groups for'
|
95
|
+
def listgroups
|
96
|
+
create_iam_object
|
97
|
+
@iam.list_groups_for_user options[:user_name]
|
98
|
+
end
|
99
|
+
|
100
|
+
desc 'passwd [OPTIONS]', 'add/change user password'
|
101
|
+
method_option :user_name, :aliases => '-u', :required => true, :desc => 'name of the user to change password for'
|
102
|
+
method_option :password, :alases => '-p', :desc => 'password for the user'
|
103
|
+
method_option :genereate, :aliases => '-g', :type => :boolean, :default => false, :desc => 'generates the password'
|
104
|
+
method_option :remove, :aliases => '-r', :type => :boolean, :default => false, :desc => 'remove password for the user'
|
105
|
+
def passwd
|
106
|
+
create_iam_object
|
107
|
+
if options[:remove]
|
108
|
+
@iam.remove_password options[:user_name]
|
109
|
+
else
|
110
|
+
@iam.assign_password options[:user_name], options[:password], options[:genereate]
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
114
|
+
private
|
115
|
+
|
116
|
+
def create_iam_object
|
117
|
+
puts 'IAM Establishing Connetion...'
|
118
|
+
$iam_conn = Awscli::Connection.new.request_iam
|
119
|
+
puts 'IAM Establishing Connetion... OK'
|
120
|
+
@iam = Awscli::Iam::User.new($iam_conn)
|
121
|
+
end
|
122
|
+
|
123
|
+
AwsCli::CLI::Iam.register AwsCli::CLI::IAM::User, :user, 'user [COMMAND]', 'IAM User Management'
|
124
|
+
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
128
|
+
end
|
data/lib/awscli/connection.rb
CHANGED
@@ -55,8 +55,18 @@ module Awscli
|
|
55
55
|
|
56
56
|
def request_as
|
57
57
|
# => returns AWS Auto Scaling connection object
|
58
|
+
#remove region if passed from config
|
58
59
|
Fog::AWS::AutoScaling.new(@@config)
|
59
60
|
end
|
60
61
|
|
62
|
+
def request_iam
|
63
|
+
# => returns AWS IAM object
|
64
|
+
if @@config['region']
|
65
|
+
#remove region
|
66
|
+
@@config.reject!{ |k| k == "region" }
|
67
|
+
end
|
68
|
+
Fog::AWS::IAM.new(@@config)
|
69
|
+
end
|
70
|
+
|
61
71
|
end
|
62
72
|
end
|
data/lib/awscli/ec2.rb
CHANGED
data/lib/awscli/iam.rb
ADDED
@@ -0,0 +1,395 @@
|
|
1
|
+
require 'json'
|
2
|
+
|
3
|
+
module Awscli
|
4
|
+
module Iam
|
5
|
+
|
6
|
+
class User
|
7
|
+
def initialize connection, options = {}
|
8
|
+
@@conn = connection
|
9
|
+
end
|
10
|
+
|
11
|
+
def list path
|
12
|
+
begin
|
13
|
+
users = @@conn.list_users('PathPrefix' => path).body['Users']
|
14
|
+
Formatador.display_table(users)
|
15
|
+
rescue Fog::AWS::IAM::ValidationError
|
16
|
+
puts "ValidationError: #{$!}"
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def create username, path
|
21
|
+
# TODO: Include other options as well
|
22
|
+
begin
|
23
|
+
@@conn.create_user(username, path ||= '/')
|
24
|
+
puts "Created User: #{username}"
|
25
|
+
rescue Fog::AWS::IAM::ValidationError
|
26
|
+
puts "ValidationError: #{$!}"
|
27
|
+
rescue Fog::AWS::IAM::EntityAlreadyExists
|
28
|
+
puts "[Error] User Exists: #{$!}"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def create_user_access_key username
|
33
|
+
begin
|
34
|
+
data = @@conn.create_access_key('UserName' => username)
|
35
|
+
accesskeyid = data.body['AccessKey']['AccessKeyId']
|
36
|
+
secretaccesskey = data.body['AccessKey']['SecretAccessKey']
|
37
|
+
keystatus = data.body['AccessKey']['Status']
|
38
|
+
puts 'Store the following access id and secret key:'
|
39
|
+
puts "AccessKey: #{accesskeyid}"
|
40
|
+
puts "SecretAccessKey: #{secretaccesskey}"
|
41
|
+
rescue Fog::AWS::IAM::NotFound
|
42
|
+
puts "[Error]: #{$!}"
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
def list_user_access_keys username
|
47
|
+
begin
|
48
|
+
@@conn.access_keys(:username => username).table
|
49
|
+
rescue Fog::AWS::IAM::NotFound
|
50
|
+
puts "[Error]: #{$!}"
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
def delete_user_access_key username, accesskeyid
|
55
|
+
begin
|
56
|
+
@@conn.delete_access_key(accesskeyid, 'UserName' => username)
|
57
|
+
puts "Deleted AccessKey for user: #{username}"
|
58
|
+
rescue Fog::AWS::IAM::NotFound
|
59
|
+
puts "[Error]: #{$!}"
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def update_user options
|
64
|
+
opts = Marshal.load(Marshal.dump(options))
|
65
|
+
opts.reject! { |k| k == 'user_name' }
|
66
|
+
if new_user_name = opts.delete(:new_user_name)
|
67
|
+
opts.merge!('NewUserName' => new_user_name)
|
68
|
+
end
|
69
|
+
if new_path = opts.delete(:new_path)
|
70
|
+
opts.merge!('NewPath' => new_path)
|
71
|
+
end
|
72
|
+
begin
|
73
|
+
@@conn.update_user(options[:user_name], opts)
|
74
|
+
puts 'Updated user details'
|
75
|
+
rescue Fog::AWS::IAM::EntityAlreadyExists
|
76
|
+
puts '[Error] User already exists, pass in a different username'
|
77
|
+
rescue Fog::AWS::IAM::ValidationError
|
78
|
+
puts "ValidationError: #{$!}"
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
def add_user_to_group username, groupname
|
83
|
+
begin
|
84
|
+
@@conn.add_user_to_group(groupname, username)
|
85
|
+
puts "Added user: #{username}, to group: #{groupname}"
|
86
|
+
rescue Fog::AWS::IAM::NotFound
|
87
|
+
puts "[Error]: #{$!}"
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
def remove_user_from_group username, groupname
|
92
|
+
begin
|
93
|
+
@@conn.remove_user_from_group(groupname, username)
|
94
|
+
puts "Removed user: #{username}, from group: #{groupname}"
|
95
|
+
rescue Fog::AWS::IAM::NotFound
|
96
|
+
puts "[Error]: #{$!}"
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
def list_groups_for_user username
|
101
|
+
begin
|
102
|
+
groups = @@conn.list_groups_for_user(username).body['GroupsForUser']
|
103
|
+
Formatador.display_table(groups)
|
104
|
+
rescue Fog::AWS::IAM::NotFound => e
|
105
|
+
puts "[Error]: #{$!}"
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
def add_policy options
|
110
|
+
end
|
111
|
+
|
112
|
+
def assign_password username, password, autogenpwd = false
|
113
|
+
password = if autogenpwd
|
114
|
+
# generate a random password
|
115
|
+
((33..126).map { |i| i.chr }).to_a.shuffle[0..14].join
|
116
|
+
end
|
117
|
+
begin
|
118
|
+
@@conn.create_login_profile(username, password)
|
119
|
+
puts "Assigned user #{username} password: #{password}"
|
120
|
+
rescue Fog::AWS::IAM::NotFound, Fog::AWS::IAM::ValidationError
|
121
|
+
puts "[Error]: #{$!}"
|
122
|
+
rescue Fog::AWS::IAM::Error
|
123
|
+
puts "[Error]: #{$!}"
|
124
|
+
if $!.to_s =~ /PasswordPolicyViolation/
|
125
|
+
#TODO: show password policy, this is not available in fog
|
126
|
+
puts "Revisit your password polocies"
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
def remove_password username
|
132
|
+
begin
|
133
|
+
@@conn.delete_login_profile(username)
|
134
|
+
rescue Fog::AWS::IAM::Error, Fog::AWS::IAM::NotFound
|
135
|
+
puts "[Error]: #{$!}"
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
def delete username
|
140
|
+
begin
|
141
|
+
@@conn.delete_user(username)
|
142
|
+
puts "Deleted User: #{username}"
|
143
|
+
rescue Fog::AWS::IAM::NotFound
|
144
|
+
puts "[Error]: #{$!}"
|
145
|
+
end
|
146
|
+
end
|
147
|
+
end
|
148
|
+
|
149
|
+
class Group
|
150
|
+
def initialize connection, options = {}
|
151
|
+
@@conn = connection
|
152
|
+
end
|
153
|
+
|
154
|
+
def list path
|
155
|
+
begin
|
156
|
+
groups = @@conn.list_groups('PathPrefix' => path).body['Groups']
|
157
|
+
Formatador.display_table(groups)
|
158
|
+
rescue Fog::AWS::IAM::ValidationError
|
159
|
+
puts "ValidationError: #{$!}"
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
def create groupname, path
|
164
|
+
begin
|
165
|
+
@@conn.create_group(groupname, path ||= '/')
|
166
|
+
puts "Created group: #{groupname}"
|
167
|
+
rescue Fog::AWS::IAM::ValidationError
|
168
|
+
puts "ValidationError: #{$!}"
|
169
|
+
rescue Fog::AWS::IAM::EntityAlreadyExists
|
170
|
+
puts "[Error] Group Exists: #{$!}"
|
171
|
+
end
|
172
|
+
end
|
173
|
+
|
174
|
+
def delete groupname
|
175
|
+
begin
|
176
|
+
@@conn.delete_group(groupname)
|
177
|
+
puts "Create group: #{groupname}"
|
178
|
+
rescue Fog::AWS::IAM::NotFound
|
179
|
+
puts "[Error]: #{$!}"
|
180
|
+
end
|
181
|
+
end
|
182
|
+
end
|
183
|
+
|
184
|
+
class Policies
|
185
|
+
def initialize connection, options = {}
|
186
|
+
@@conn = connection
|
187
|
+
end
|
188
|
+
|
189
|
+
def list options
|
190
|
+
if options[:user_name]
|
191
|
+
user = @@conn.users.get(options[:user_name])
|
192
|
+
abort "[Error]: User not found #{user_name}" unless user
|
193
|
+
user.policies.table
|
194
|
+
elsif options[:group_name]
|
195
|
+
begin
|
196
|
+
grp_policies = @@conn.list_group_policies(options[:group_name]).body['PolicyNames'].map { |p| { 'Policy' => p } }
|
197
|
+
Formatador.display_table(grp_policies)
|
198
|
+
rescue Fog::AWS::IAM::NotFound
|
199
|
+
puts "[Error]: #{$!}"
|
200
|
+
end
|
201
|
+
elsif options[:role_name]
|
202
|
+
begin
|
203
|
+
role_policies = @@conn.list_role_policies(options[:role_name]).body['PolicyNames'].map { |p| {'Policy' => p} }
|
204
|
+
Formatador.display_table(role_policies)
|
205
|
+
rescue Fog::AWS::IAM::NotFound
|
206
|
+
puts "[Error]: #{$!}"
|
207
|
+
end
|
208
|
+
end
|
209
|
+
end
|
210
|
+
|
211
|
+
def add_policy_document options
|
212
|
+
document = options[:policy_document]
|
213
|
+
policyname = options[:policy_name]
|
214
|
+
#validate json document
|
215
|
+
doc_path = File.expand_path(document)
|
216
|
+
abort "Invalid file path: #{file_path}" unless File.exist?(doc_path)
|
217
|
+
json_string = File.read(doc_path)
|
218
|
+
abort "Invalid JSON format found in the document: #{document}" unless valid_json?(json_string)
|
219
|
+
begin
|
220
|
+
if options[:user_name]
|
221
|
+
@@conn.put_user_policy(options[:user_name],
|
222
|
+
policyname,
|
223
|
+
JSON.parse(json_string) #json parsed to hash
|
224
|
+
)
|
225
|
+
puts "Added policy: #{policyname} to user: #{options[:user_name]}"
|
226
|
+
elsif options[:group_name]
|
227
|
+
@@conn.put_group_policy(option[:group_name],
|
228
|
+
policyname,
|
229
|
+
JSON.parse(json_string)
|
230
|
+
)
|
231
|
+
puts "Added policy: #{policyname} to group: #{options[:group_name]}"
|
232
|
+
elsif options[:role_name]
|
233
|
+
@@conn.put_role_policy(options[:role_name],
|
234
|
+
policyname,
|
235
|
+
JSON.parse(json_string)
|
236
|
+
)
|
237
|
+
end
|
238
|
+
puts "Added Policy #{policyname} from #{document}"
|
239
|
+
rescue Fog::AWS::IAM::NotFound
|
240
|
+
puts "[Error]: #{$!}"
|
241
|
+
rescue Fog::AWS::IAM::Error
|
242
|
+
puts "[Error]: #{$!}"
|
243
|
+
end
|
244
|
+
|
245
|
+
# => Example Documents
|
246
|
+
|
247
|
+
# iam.put_user_policy(username, 'UserKeyPolicy', {
|
248
|
+
# 'Statement' => [
|
249
|
+
# 'Effect' => 'Allow',
|
250
|
+
# 'Action' => 'iam:*AccessKey*',
|
251
|
+
# 'Resource' => arn
|
252
|
+
# ]
|
253
|
+
# })
|
254
|
+
|
255
|
+
# iam.put_user_policy(username, 'UserS3Policy', {
|
256
|
+
# 'Statement' => [
|
257
|
+
# {
|
258
|
+
# 'Effect' => 'Allow',
|
259
|
+
# 'Action' => ['s3:*'],
|
260
|
+
# 'Resource' => [
|
261
|
+
# "arn:aws:s3:::#{bucket_name}",
|
262
|
+
# "arn:aws:s3:::#{bucket_name}/*"
|
263
|
+
# ]
|
264
|
+
# }, {
|
265
|
+
# 'Effect' => 'Deny',
|
266
|
+
# 'Action' => ['s3:*'],
|
267
|
+
# 'NotResource' => [
|
268
|
+
# "arn:aws:s3:::#{bucket_name}",
|
269
|
+
# "arn:aws:s3:::#{bucket_name}/*"
|
270
|
+
# ]
|
271
|
+
# }
|
272
|
+
# ]
|
273
|
+
# })
|
274
|
+
end
|
275
|
+
|
276
|
+
def delete_policy options
|
277
|
+
begin
|
278
|
+
if options[:user_name]
|
279
|
+
@@conn.delete_user_policy(options[:user_name], options[:policy_name])
|
280
|
+
elsif options[:group_name]
|
281
|
+
@@conn.delete_group_policy(options[:group_name], options[:policy_name])
|
282
|
+
elsif options[:role_name]
|
283
|
+
@@conn.delete_role_policy(options[:role_name], options[:policy_name])
|
284
|
+
end
|
285
|
+
puts "Deleted Policy #{options[:policy_name]}"
|
286
|
+
rescue Fog::AWS::IAM::NotFound
|
287
|
+
puts "[Error]: #{$!}"
|
288
|
+
rescue Fog::AWS::IAM::Error
|
289
|
+
puts "[Error]: #{$!}"
|
290
|
+
end
|
291
|
+
end
|
292
|
+
|
293
|
+
def valid_json? json_string
|
294
|
+
JSON.parse(json_string)
|
295
|
+
return true
|
296
|
+
rescue JSON::ParserError
|
297
|
+
return false
|
298
|
+
end
|
299
|
+
end
|
300
|
+
|
301
|
+
class Roles
|
302
|
+
def initialize connection, options = {}
|
303
|
+
@@conn = connection
|
304
|
+
end
|
305
|
+
|
306
|
+
def list
|
307
|
+
roles = @@conn.list_roles.body['Roles']
|
308
|
+
Formatador.display_table(roles, ['Arn', 'RoleName', 'Path', 'RoleId'])
|
309
|
+
end
|
310
|
+
|
311
|
+
def create_role rolename, document, path
|
312
|
+
#TODO: Build document in line from options use iam-rolecreate as reference
|
313
|
+
doc_path = File.expand_path(document)
|
314
|
+
abort "Invalid file path: #{file_path}" unless File.exist?(doc_path)
|
315
|
+
json_string = File.read(doc_path)
|
316
|
+
abort "Invalid JSON format found in the document: #{document}" unless valid_json?(json_string)
|
317
|
+
begin
|
318
|
+
@@conn.create_role(rolename, JSON.parse(json_string), path)
|
319
|
+
# Example document, AssumeRolePolicyDocument={"Version":"2008-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":["ec2.amazonaws.com"]},"Action":["sts:AssumeRole"]}]}
|
320
|
+
puts "Created role: #{rolename}"
|
321
|
+
rescue Fog::AWS::IAM::Error
|
322
|
+
puts "[Error]: #{$!}"
|
323
|
+
end
|
324
|
+
end
|
325
|
+
|
326
|
+
def delete_role rolename
|
327
|
+
begin
|
328
|
+
@@conn.delete_role(rolename)
|
329
|
+
puts "Deleted Role #{rolename}"
|
330
|
+
rescue Fog::AWS::IAM::NotFound, Fog::AWS::IAM::Error
|
331
|
+
if $!.to_s =~ /must remove roles from instance profile first/
|
332
|
+
puts "[Error]: #{$!}"
|
333
|
+
profile = @@conn.list_instance_profiles_for_role('test').body['InstanceProfiles'].map { |k| k['InstanceProfileName'] }
|
334
|
+
puts "Associated instance profile name: #{profile.to_s}, delete the instance profile using `awscli iam profiles delete-role --profile-name=NAME --role-name=NAME`"
|
335
|
+
else
|
336
|
+
puts "[Error]: #{$!}"
|
337
|
+
end
|
338
|
+
end
|
339
|
+
end
|
340
|
+
|
341
|
+
def valid_json? json_string
|
342
|
+
# => validates json document
|
343
|
+
JSON.parse(json_string)
|
344
|
+
return true
|
345
|
+
rescue JSON::ParserError
|
346
|
+
return false
|
347
|
+
end
|
348
|
+
end
|
349
|
+
|
350
|
+
class Profiles
|
351
|
+
def initialize connection, options = {}
|
352
|
+
@@conn = connection
|
353
|
+
end
|
354
|
+
|
355
|
+
def list
|
356
|
+
profiles = @@conn.list_instance_profiles.body['InstanceProfiles']
|
357
|
+
Formatador.display_table(profiles, ['Arn', 'InstanceProfileName', 'InstanceProfileId', 'Path', 'Roles'])
|
358
|
+
end
|
359
|
+
|
360
|
+
def list_for_role rolename
|
361
|
+
begin
|
362
|
+
profiles = @@conn.list_instance_profiles_for_role(rolename).body['InstanceProfiles']
|
363
|
+
Formatador.display_table(profiles, ['Arn', 'InstanceProfileName', 'InstanceProfileId', 'Path', 'Roles'])
|
364
|
+
rescue Fog::AWS::IAM::NotFound, Fog::AWS::IAM::Error
|
365
|
+
puts "[Error]: #{$!}"
|
366
|
+
end
|
367
|
+
end
|
368
|
+
|
369
|
+
def remove_role_from_instance_profile rolename, profilename
|
370
|
+
begin
|
371
|
+
@@conn.remove_role_from_instance_profile(rolename, profilename)
|
372
|
+
rescue Fog::AWS::IAM::NotFound, Fog::AWS::IAM::Error
|
373
|
+
puts "[Error]: #{$!}"
|
374
|
+
end
|
375
|
+
end
|
376
|
+
|
377
|
+
def create profilename, path
|
378
|
+
begin
|
379
|
+
@@conn.create_instance_profile(profilename, path)
|
380
|
+
rescue Fog::AWS::IAM::NotFound, Fog::AWS::IAM::Error
|
381
|
+
puts "[Error]: #{$!}"
|
382
|
+
end
|
383
|
+
end
|
384
|
+
|
385
|
+
def delete profilename
|
386
|
+
begin
|
387
|
+
@@conn.delete_instance_profile(profilename)
|
388
|
+
rescue Fog::AWS::IAM::NotFound, Fog::AWS::IAM::Error
|
389
|
+
puts "[Error]: #{$!}"
|
390
|
+
end
|
391
|
+
end
|
392
|
+
end
|
393
|
+
|
394
|
+
end
|
395
|
+
end
|
data/lib/awscli/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: awscli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ashrith
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-
|
11
|
+
date: 2013-04-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -134,6 +134,12 @@ files:
|
|
134
134
|
- lib/awscli/cli/ec2/vpc/route_tables.rb
|
135
135
|
- lib/awscli/cli/ec2/vpc.rb
|
136
136
|
- lib/awscli/cli/ec2.rb
|
137
|
+
- lib/awscli/cli/iam/group.rb
|
138
|
+
- lib/awscli/cli/iam/policies.rb
|
139
|
+
- lib/awscli/cli/iam/profiles.rb
|
140
|
+
- lib/awscli/cli/iam/roles.rb
|
141
|
+
- lib/awscli/cli/iam/user.rb
|
142
|
+
- lib/awscli/cli/iam.rb
|
137
143
|
- lib/awscli/cli/s3/directories.rb
|
138
144
|
- lib/awscli/cli/s3/files.rb
|
139
145
|
- lib/awscli/cli/s3.rb
|
@@ -142,16 +148,12 @@ files:
|
|
142
148
|
- lib/awscli/ec2.rb
|
143
149
|
- lib/awscli/errors.rb
|
144
150
|
- lib/awscli/helper.rb
|
151
|
+
- lib/awscli/iam.rb
|
145
152
|
- lib/awscli/s3.rb
|
146
153
|
- lib/awscli/version.rb
|
147
154
|
- lib/awscli.rb
|
148
|
-
- test/default_test.rb
|
149
|
-
- test/test_helper.rb
|
150
155
|
- README.md
|
151
156
|
- LICENSE
|
152
|
-
- features/awscli.feature
|
153
|
-
- features/step_definitions/awscli_steps.rb
|
154
|
-
- features/support/env.rb
|
155
157
|
homepage: http://github.com/ashrithr/awscli
|
156
158
|
licenses:
|
157
159
|
- MIT
|
@@ -178,9 +180,4 @@ signing_key:
|
|
178
180
|
specification_version: 4
|
179
181
|
summary: Command Line Interface for Amazon Web Services built in Ruby, using Fog and
|
180
182
|
Thor
|
181
|
-
test_files:
|
182
|
-
- features/awscli.feature
|
183
|
-
- features/step_definitions/awscli_steps.rb
|
184
|
-
- features/support/env.rb
|
185
|
-
- test/default_test.rb
|
186
|
-
- test/test_helper.rb
|
183
|
+
test_files: []
|
data/features/awscli.feature
DELETED
data/features/support/env.rb
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
require 'aruba/cucumber'
|
2
|
-
|
3
|
-
ENV['PATH'] = "#{File.expand_path(File.dirname(__FILE__) + '/../../bin')}#{File::PATH_SEPARATOR}#{ENV['PATH']}"
|
4
|
-
LIB_DIR = File.join(File.expand_path(File.dirname(__FILE__)),'..','..','lib')
|
5
|
-
|
6
|
-
Before do
|
7
|
-
# Using "announce" causes massive warnings on 1.9.2
|
8
|
-
@puts = true
|
9
|
-
@original_rubylib = ENV['RUBYLIB']
|
10
|
-
ENV['RUBYLIB'] = LIB_DIR + File::PATH_SEPARATOR + ENV['RUBYLIB'].to_s
|
11
|
-
end
|
12
|
-
|
13
|
-
After do
|
14
|
-
ENV['RUBYLIB'] = @original_rubylib
|
15
|
-
end
|
data/test/default_test.rb
DELETED