awspec 0.37.2 → 0.37.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/awspec/command/generate.rb +1 -1
- data/lib/awspec/generator.rb +1 -0
- data/lib/awspec/generator/spec/iam_group.rb +1 -1
- data/lib/awspec/generator/spec/iam_role.rb +39 -0
- data/lib/awspec/generator/spec/iam_user.rb +1 -1
- data/lib/awspec/helper/finder/iam.rb +19 -32
- data/lib/awspec/stub/iam_role.rb +8 -1
- data/lib/awspec/version.rb +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: df2237f15e0f8fc77dcb398e0b5a462bde783374
|
|
4
|
+
data.tar.gz: 99eca7ac1a36e1884bc0b407d6704079e7c00d82
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 668f32efbdf99aa6814fbd747937179dfdb30e7961c8fc0f2cef11281808ba60766782a19efe0cd4537b0526a09bf51e80d743cda06fc55d8cd46b2656a03f6f
|
|
7
|
+
data.tar.gz: 7ef884d94a0508331e646500e0fdda5968a91d3301fcc018435f973790f6fc0aa230745eec05e51dd7b30ba83149b0f1dbc97999195be92c7a32198bd1aba1b5
|
|
@@ -36,7 +36,7 @@ module Awspec
|
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
types_for_generate_all = %w(
|
|
39
|
-
iam_policy cloudwatch_alarm directconnect ebs lambda iam_user iam_group
|
|
39
|
+
iam_policy cloudwatch_alarm directconnect ebs lambda iam_user iam_group iam_role
|
|
40
40
|
)
|
|
41
41
|
|
|
42
42
|
types_for_generate_all.each do |type|
|
data/lib/awspec/generator.rb
CHANGED
|
@@ -18,6 +18,7 @@ require 'awspec/generator/spec/lambda'
|
|
|
18
18
|
require 'awspec/generator/spec/network_interface'
|
|
19
19
|
require 'awspec/generator/spec/iam_user'
|
|
20
20
|
require 'awspec/generator/spec/iam_group'
|
|
21
|
+
require 'awspec/generator/spec/iam_role'
|
|
21
22
|
|
|
22
23
|
# Doc
|
|
23
24
|
require 'awspec/generator/doc/type'
|
|
@@ -6,7 +6,7 @@ module Awspec::Generator
|
|
|
6
6
|
groups = select_all_iam_groups
|
|
7
7
|
raise 'Not Found IAM Group' if groups.empty?
|
|
8
8
|
specs = groups.map do |group|
|
|
9
|
-
inline_policies =
|
|
9
|
+
inline_policies = select_inline_policy_by_group_name(group.group_name).map do |policy_name|
|
|
10
10
|
res = iam_client.get_group_policy({
|
|
11
11
|
group_name: group.group_name,
|
|
12
12
|
policy_name: policy_name
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module Awspec::Generator
|
|
2
|
+
module Spec
|
|
3
|
+
class IamRole
|
|
4
|
+
include Awspec::Helper::Finder
|
|
5
|
+
def generate_all
|
|
6
|
+
roles = select_all_iam_roles
|
|
7
|
+
raise 'Not Found IAM Role' if roles.empty?
|
|
8
|
+
specs = roles.map do |role|
|
|
9
|
+
inline_policies = select_inline_policy_by_role_name(role.role_name).map do |policy_name|
|
|
10
|
+
res = iam_client.get_role_policy({
|
|
11
|
+
role_name: role.role_name,
|
|
12
|
+
policy_name: policy_name
|
|
13
|
+
})
|
|
14
|
+
document = JSON.generate(JSON.parse(URI.decode(res.policy_document)))
|
|
15
|
+
"it { should have_inline_policy('#{policy_name}').document('#{document}') }"
|
|
16
|
+
end
|
|
17
|
+
content = ERB.new(iam_role_spec_template, nil, '-').result(binding).gsub(/^\n/, '')
|
|
18
|
+
end
|
|
19
|
+
specs.join("\n")
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def iam_role_spec_template
|
|
23
|
+
template = <<-'EOF'
|
|
24
|
+
describe iam_role('<%= role.role_name %>') do
|
|
25
|
+
it { should exist }
|
|
26
|
+
its(:arn) { should eq '<%= role.arn %>' }
|
|
27
|
+
its(:create_date) { should eq Time.parse('<%= role.create_date %>') }
|
|
28
|
+
<% select_iam_policy_by_role_name(role.role_name).each do |policy| %> it { should have_iam_policy('<%= policy.policy_name %>') }
|
|
29
|
+
<% end %>
|
|
30
|
+
<%- inline_policies.each do |line| -%>
|
|
31
|
+
<%= line %>
|
|
32
|
+
<%- end -%>
|
|
33
|
+
end
|
|
34
|
+
EOF
|
|
35
|
+
template
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -6,7 +6,7 @@ module Awspec::Generator
|
|
|
6
6
|
users = select_all_iam_users
|
|
7
7
|
raise 'Not Found IAM User' if users.empty?
|
|
8
8
|
specs = users.map do |user|
|
|
9
|
-
inline_policies =
|
|
9
|
+
inline_policies = select_inline_policy_by_user_name(user.user_name).map do |policy_name|
|
|
10
10
|
res = iam_client.get_user_policy({
|
|
11
11
|
user_name: user.user_name,
|
|
12
12
|
policy_name: policy_name
|
|
@@ -36,39 +36,20 @@ module Awspec::Helper
|
|
|
36
36
|
res.groups
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
def select_iam_policy_by_group_name(group_name)
|
|
47
|
-
res = iam_client.list_attached_group_policies({
|
|
48
|
-
group_name: group_name
|
|
49
|
-
})
|
|
50
|
-
res.attached_policies
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
def select_iam_policy_by_role_name(role_name)
|
|
54
|
-
res = iam_client.list_attached_role_policies({
|
|
55
|
-
role_name: role_name
|
|
56
|
-
})
|
|
57
|
-
res.attached_policies
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
def select_inine_policy_by_user_name(user_name)
|
|
61
|
-
res = iam_client.list_user_policies({
|
|
62
|
-
user_name: user_name
|
|
63
|
-
})
|
|
64
|
-
res.policy_names
|
|
65
|
-
end
|
|
39
|
+
%w(user group role).each do |type|
|
|
40
|
+
define_method 'select_iam_policy_by_' + type + '_name' do |name|
|
|
41
|
+
res = iam_client.method('list_attached_' + type + '_policies').call({
|
|
42
|
+
(type + '_name').to_sym => name
|
|
43
|
+
})
|
|
44
|
+
res.attached_policies
|
|
45
|
+
end
|
|
66
46
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
47
|
+
define_method 'select_inline_policy_by_' + type + '_name' do |name|
|
|
48
|
+
res = iam_client.method('list_' + type + '_policies').call({
|
|
49
|
+
(type + '_name').to_sym => name
|
|
50
|
+
})
|
|
51
|
+
res.policy_names
|
|
52
|
+
end
|
|
72
53
|
end
|
|
73
54
|
|
|
74
55
|
def select_all_attached_policies
|
|
@@ -114,6 +95,12 @@ module Awspec::Helper
|
|
|
114
95
|
responce.groups
|
|
115
96
|
end.flatten
|
|
116
97
|
end
|
|
98
|
+
|
|
99
|
+
def select_all_iam_roles
|
|
100
|
+
iam_client.list_roles.map do |responce|
|
|
101
|
+
responce.roles
|
|
102
|
+
end.flatten
|
|
103
|
+
end
|
|
117
104
|
end
|
|
118
105
|
end
|
|
119
106
|
end
|
data/lib/awspec/stub/iam_role.rb
CHANGED
|
@@ -6,7 +6,7 @@ Aws.config[:iam] = {
|
|
|
6
6
|
role_name: 'my-iam-role',
|
|
7
7
|
role_id: 'RABCDEFGHI123455689',
|
|
8
8
|
arn: 'arn:aws:iam::123456789012:role/my-iam-role',
|
|
9
|
-
create_date: Time.
|
|
9
|
+
create_date: Time.new(2015, 1, 2, 9, 00, 00, '+00:00')
|
|
10
10
|
]
|
|
11
11
|
},
|
|
12
12
|
list_attached_role_policies: {
|
|
@@ -19,6 +19,13 @@ Aws.config[:iam] = {
|
|
|
19
19
|
is_truncated: false,
|
|
20
20
|
marker: nil
|
|
21
21
|
},
|
|
22
|
+
list_role_policies: {
|
|
23
|
+
policy_names: [
|
|
24
|
+
'AllowS3BucketAccess'
|
|
25
|
+
],
|
|
26
|
+
is_truncated: false,
|
|
27
|
+
marker: nil
|
|
28
|
+
},
|
|
22
29
|
get_role_policy: {
|
|
23
30
|
role_name: 'my-iam-role',
|
|
24
31
|
policy_name: 'AllowS3BucketAccess',
|
data/lib/awspec/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.37.
|
|
4
|
+
version: 0.37.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- k1LoW
|
|
@@ -274,6 +274,7 @@ files:
|
|
|
274
274
|
- lib/awspec/generator/spec/elb.rb
|
|
275
275
|
- lib/awspec/generator/spec/iam_group.rb
|
|
276
276
|
- lib/awspec/generator/spec/iam_policy.rb
|
|
277
|
+
- lib/awspec/generator/spec/iam_role.rb
|
|
277
278
|
- lib/awspec/generator/spec/iam_user.rb
|
|
278
279
|
- lib/awspec/generator/spec/lambda.rb
|
|
279
280
|
- lib/awspec/generator/spec/nat_gateway.rb
|