awspec 0.36.1 → 0.37.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d3fddd77e3ed0bec352d8a53cfaa7f239b1fb896
-  data.tar.gz: f259c5bb2c4b5b90ab582c808d718d9f362a990d
+  metadata.gz: 943408f055cbbe94af820dc9a73e46fd9865cd0d
+  data.tar.gz: 24a1f2214ca5d14790ed98ff429a14392e39c236
 SHA512:
-  metadata.gz: 45c6af40e0ccbc9fd2d766dcd6df9dbf66168079e12893156ec5b7ece8190fe554b849f88c5eac54e80759ebe5c9bd47460790099356288da483123ba614cfbf
-  data.tar.gz: 32e845dd34c5dc984cf5959bef2bb9b9d2e59f86d65cda1d45b6b6de16d51bb61c24afb12d8aa2514e9ddbea530a8c181e166e78f192ccf90682b97e34e859ac
+  metadata.gz: 4c6731a2c4b4700a53ce01370f5f30866d3e166e7b407ae79c9ea8e407a8c054f36868d49e40e112f5062470c2c700dbf6ffc1f1f056fe943c7945a89ffae67a
+  data.tar.gz: 4de99f88703f60ef5d0016aa4ff5c6b76d07f0a7f0d42358ddf2163a94d1e473521930e85b44c86cb31f090c87a2f87222748119a775625c30d839d2a587e349

data/doc/_resource_types/iam_group.md

@@ -30,3 +30,39 @@ describe iam_group('my-iam-group') do
   it { should have_iam_user('my-iam-user') }
 end
 ```
+
+### have_inline_group
+
+```ruby
+describe iam_group('my-iam-group') do
+  it { should have_inline_policy('InlineEC2FullAccess') }
+  it do
+    should have_inline_policy('InlineEC2FullAccess').policy_document(<<-'DOC')
+{
+  "Statement": [
+    {
+      "Action": "ec2:*",
+      "Effect": "Allow",
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": "elasticloadbalancing:*",
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": "cloudwatch:*",
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": "autoscaling:*",
+      "Resource": "*"
+    }
+  ]
+}
+DOC
+  end
+end
+```

data/doc/_resource_types/iam_policy.md

@@ -33,7 +33,7 @@ end
 ### be_attached_to_user
 
 ```ruby
-describe iam_policy('my-iam-policy') do
-  it { should be_attached_to_policy('my-iam-policy') }
+describe iam_policy('my-iam-user') do
+  it { should be_attached_to_user('my-iam-user') }
 end
 ```

data/doc/_resource_types/iam_role.md

@@ -22,3 +22,31 @@ describe iam_role('my-iam-role') do
   it { should have_iam_policy('ReadOnlyAccess') }
 end
 ```
+
+### have_inline_policy
+
+```ruby
+describe iam_role('my-iam-role') do
+  it { should have_inline_policy('AllowS3BucketAccess') }
+  it do
+    should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
+{
+"Statement": [
+    {
+     "Action": [
+        "s3:ListAllMyBuckets"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::*"
+    },
+    {
+      "Action": "s3:*",
+      "Effect": "Allow",
+      "Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
+    }
+  ]
+}
+DOC
+  end
+end
+```

data/doc/_resource_types/iam_user.md

@@ -23,6 +23,34 @@ describe iam_user('my-iam-user') do
 end
 ```
 
+### have_inline_policy
+
+```ruby
+describe iam_user('my-iam-user') do
+  it { should have_inline_policy('AllowS3BucketAccess') }
+  it do
+    should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
+{
+"Statement": [
+    {
+     "Action": [
+        "s3:ListAllMyBuckets"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::*"
+    },
+    {
+      "Action": "s3:*",
+      "Effect": "Allow",
+      "Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
+    }
+  ]
+}
+DOC
+  end
+end
+```
+
 ### belong_to_iam_group
 
 ```ruby

data/doc/resource_types.md

@@ -527,6 +527,9 @@ describe iam_group('my-iam-group') do
 end
 ```
 
+
+### have_inline_policy
+
 ### its(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)
 ## <a name="iam_policy">iam_policy</a>
 
@@ -571,8 +574,8 @@ end
 ### be_attached_to_user
 
 ```ruby
-describe iam_policy('my-iam-policy') do
-  it { should be_attached_to_policy('my-iam-policy') }
+describe iam_policy('my-iam-user') do
+  it { should be_attached_to_user('my-iam-user') }
 end
 ```
 
@@ -608,6 +611,35 @@ describe iam_role('my-iam-role') do
 end
 ```
 
+
+### have_inline_policy
+
+```ruby
+describe iam_role('my-iam-role') do
+  it { should have_inline_policy('AllowS3BucketAccess') }
+  it do
+    should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
+{
+"Statement": [
+    {
+     "Action": [
+        "s3:ListAllMyBuckets"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::*"
+    },
+    {
+      "Action": "s3:*",
+      "Effect": "Allow",
+      "Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
+    }
+  ]
+}
+DOC
+  end
+end
+```
+
 ### its(:path), its(:role_name), its(:role_id), its(:arn), its(:create_date), its(:assume_role_policy_document)
 ## <a name="iam_user">iam_user</a>
 
@@ -641,6 +673,35 @@ end
 ```
 
 
+### have_inline_policy
+
+```ruby
+describe iam_user('my-iam-user') do
+  it { should have_inline_policy('AllowS3BucketAccess') }
+  it do
+    should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
+{
+"Statement": [
+    {
+     "Action": [
+        "s3:ListAllMyBuckets"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::*"
+    },
+    {
+      "Action": "s3:*",
+      "Effect": "Allow",
+      "Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
+    }
+  ]
+}
+DOC
+  end
+end
+```
+
+
 ### belong_to_iam_group
 
 ```ruby

data/lib/awspec/matcher.rb

@@ -18,6 +18,7 @@ require 'awspec/matcher/have_route'
 
 # IAM User
 require 'awspec/matcher/belong_to_iam_group'
+require 'awspec/matcher/have_inline_policy'
 
 # IAM User/Group/Role
 require 'awspec/matcher/be_allowed_action'

data/lib/awspec/matcher/have_inline_policy.rb

@@ -0,0 +1,9 @@
+RSpec::Matchers.define :have_inline_policy do |policy_name|
+  match do |iam_type|
+    iam_type.has_inline_policy?(policy_name, @document)
+  end
+
+  chain :policy_document do |document|
+    @document = document
+  end
+end

data/lib/awspec/stub/iam_group.rb

@@ -39,6 +39,15 @@ Aws.config[:iam] = {
       is_truncated: false,
       marker: nil
     },
+    get_group_policy: {
+      group_name: 'my-iam-group',
+      policy_name: 'InlineEC2FullAccess',
+      policy_document: '{"Statement": [{"Action": "ec2:*","Effect": "Allow",' \
+                       '"Resource": "*"},{"Effect": "Allow","Action": "elasticloadbalancing:*",' \
+                       '"Resource": "*"},{"Effect": "Allow","Action": "cloudwatch:*",' \
+                       '"Resource": "*"},{"Effect": "Allow","Action": "autoscaling:*",' \
+                       '"Resource": "*"}]}'
+    },
     simulate_principal_policy: {
       evaluation_results: [
         {

data/lib/awspec/stub/iam_role.rb

@@ -19,6 +19,14 @@ Aws.config[:iam] = {
       is_truncated: false,
       marker: nil
     },
+    get_role_policy: {
+      role_name: 'my-iam-role',
+      policy_name: 'AllowS3BucketAccess',
+      policy_document: '{"Statement": [{"Action": ["s3:ListAllMyBuckets"],' \
+                       '"Effect": "Allow","Resource": "arn:aws:s3:::*"},' \
+                       '{"Action": "s3:*","Effect": "Allow","Resource":' \
+                       '["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]}]}'
+    },
     simulate_principal_policy: {
       evaluation_results: [
         {

data/lib/awspec/stub/iam_user.rb

@@ -30,6 +30,14 @@ Aws.config[:iam] = {
       is_truncated: false,
       marker: nil
     },
+    get_user_policy: {
+      user_name: 'my-iam-user',
+      policy_name: 'AllowS3BucketAccess',
+      policy_document: '{"Statement": [{"Action": ["s3:ListAllMyBuckets"],' \
+                       '"Effect": "Allow","Resource": "arn:aws:s3:::*"},' \
+                       '{"Action": "s3:*","Effect": "Allow","Resource":' \
+                       '["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]}]}'
+    },
     simulate_principal_policy: {
       evaluation_results: [
         {

data/lib/awspec/type/iam_group.rb

@@ -22,5 +22,14 @@ module Awspec::Type
         policy.policy_arn == policy_id || policy.policy_name == policy_id
       end
     end
+
+    def has_inline_policy?(policy_name, document = nil)
+      res = iam_client.get_group_policy({
+                                          group_name: @resource_via_client.group_name,
+                                          policy_name: policy_name
+                                        })
+      return JSON.parse(URI.decode(res.policy_document)) == JSON.parse(document) if document
+      res
+    end
   end
 end

data/lib/awspec/type/iam_role.rb

@@ -12,5 +12,14 @@ module Awspec::Type
         policy.policy_arn == policy_id || policy.policy_name == policy_id
       end
     end
+
+    def has_inline_policy?(policy_name, document = nil)
+      res = iam_client.get_role_policy({
+                                         role_name: @resource_via_client.role_name,
+                                         policy_name: policy_name
+                                       })
+      return JSON.parse(URI.decode(res.policy_document)) == JSON.parse(document) if document
+      res
+    end
   end
 end

data/lib/awspec/type/iam_user.rb

@@ -12,5 +12,14 @@ module Awspec::Type
         policy.policy_arn == policy_id || policy.policy_name == policy_id
       end
     end
+
+    def has_inline_policy?(policy_name, document = nil)
+      res = iam_client.get_user_policy({
+                                         user_name: @resource_via_client.user_name,
+                                         policy_name: policy_name
+                                       })
+      return JSON.parse(URI.decode(res.policy_document)) == JSON.parse(document) if document
+      res
+    end
   end
 end

data/lib/awspec/version.rb

@@ -1,3 +1,3 @@
 module Awspec
-  VERSION = '0.36.1'
+  VERSION = '0.37.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awspec
 version: !ruby/object:Gem::Version
-  version: 0.36.1
+  version: 0.37.0
 platform: ruby
 authors:
 - k1LoW
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-03-24 00:00:00.000000000 Z
+date: 2016-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -320,6 +320,7 @@ files:
 - lib/awspec/matcher/belong_to_replication_group.rb
 - lib/awspec/matcher/belong_to_subnet.rb
 - lib/awspec/matcher/belong_to_vpc.rb
+- lib/awspec/matcher/have_inline_policy.rb
 - lib/awspec/matcher/have_private_ip_address.rb
 - lib/awspec/matcher/have_record_set.rb
 - lib/awspec/matcher/have_route.rb