awspec 0.9.0 → 0.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/doc/resource_types.md +26 -0
- data/lib/awspec.rb +1 -0
- data/lib/awspec/cli.rb +1 -1
- data/lib/awspec/command/generate.rb +6 -0
- data/lib/awspec/generator.rb +1 -0
- data/lib/awspec/generator/doc/type/iam_policy.rb +17 -0
- data/lib/awspec/generator/doc/type/iam_role.rb +17 -0
- data/lib/awspec/generator/spec/iam_policy.rb +56 -0
- data/lib/awspec/helper/finder/auto_scaling.rb +1 -1
- data/lib/awspec/helper/finder/ebs.rb +2 -2
- data/lib/awspec/helper/finder/ec2.rb +9 -9
- data/lib/awspec/helper/finder/elb.rb +1 -1
- data/lib/awspec/helper/finder/iam.rb +83 -22
- data/lib/awspec/helper/finder/lambda.rb +8 -13
- data/lib/awspec/helper/finder/rds.rb +1 -1
- data/lib/awspec/helper/finder/route53.rb +2 -10
- data/lib/awspec/helper/finder/security_group.rb +3 -3
- data/lib/awspec/helper/finder/vpc.rb +6 -6
- data/lib/awspec/helper/type.rb +2 -1
- data/lib/awspec/stub/iam_policy.rb +43 -0
- data/lib/awspec/stub/iam_role.rb +23 -0
- data/lib/awspec/type/iam_policy.rb +52 -0
- data/lib/awspec/type/iam_role.rb +16 -0
- data/lib/awspec/version.rb +1 -1
- metadata +9 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9ad0f1b784e4a2c835c7b1508a0bc47ad33d55ce
|
|
4
|
+
data.tar.gz: a5a394655631e518def240482d1d15cb8e1b26d5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 65dc425d78cf4c8bb53ee28bcdf87b0c1d4de12f3b17880af3eb414e83eaf32ad2ee93533861b8d424910e6987345684f6cc4eecdb02553451991ded3da815e0
|
|
7
|
+
data.tar.gz: 49abee0c1e4cbb78f5afd949b39314aa9d6f8be45966d14f718dc0f4e6ed77a6a54a7663ec82de8e89d40970015fa62feb22293b2414def1c93f219564a9802f
|
data/README.md
CHANGED
|
@@ -95,8 +95,8 @@ $ awspec generate ec2 vpc-ab123cde >> spec/ec2_spec.rb
|
|
|
95
95
|
- IAM
|
|
96
96
|
- [x] IAM User (`iam_user`)
|
|
97
97
|
- [x] IAM Group (`iam_group`)
|
|
98
|
-
- [
|
|
99
|
-
- [
|
|
98
|
+
- [x] IAM Role (`iam_role`)
|
|
99
|
+
- [x] IAM Policy (`iam_policy`)
|
|
100
100
|
|
|
101
101
|
[Resource Types more infomation here](doc/resource_types.md)
|
|
102
102
|
|
data/doc/resource_types.md
CHANGED
|
@@ -15,6 +15,8 @@
|
|
|
15
15
|
| [lambda](#lambda)
|
|
16
16
|
| [iam_user](#iam_user)
|
|
17
17
|
| [iam_group](#iam_group)
|
|
18
|
+
| [iam_role](#iam_role)
|
|
19
|
+
| [iam_policy](#iam_policy)
|
|
18
20
|
|
|
19
21
|
## <a name="ec2">ec2</a>
|
|
20
22
|
|
|
@@ -292,3 +294,27 @@ IamGroup resource type.
|
|
|
292
294
|
### have_iam_user
|
|
293
295
|
|
|
294
296
|
#### its(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)
|
|
297
|
+
## <a name="iam_role">iam_role</a>
|
|
298
|
+
|
|
299
|
+
IamRole resource type.
|
|
300
|
+
|
|
301
|
+
### exist
|
|
302
|
+
|
|
303
|
+
### have_iam_policy
|
|
304
|
+
|
|
305
|
+
#### its(:path), its(:role_name), its(:role_id), its(:arn), its(:create_date), its(:assume_role_policy_document)
|
|
306
|
+
## <a name="iam_policy">iam_policy</a>
|
|
307
|
+
|
|
308
|
+
IamPolicy resource type.
|
|
309
|
+
|
|
310
|
+
### exist
|
|
311
|
+
|
|
312
|
+
### be_attachable
|
|
313
|
+
|
|
314
|
+
### be_attached_to_group
|
|
315
|
+
|
|
316
|
+
### be_attached_to_role
|
|
317
|
+
|
|
318
|
+
### be_attached_to_user
|
|
319
|
+
|
|
320
|
+
#### its(:policy_name), its(:policy_id), its(:arn), its(:path), its(:default_version_id), its(:attachment_count), its(:is_attachable), its(:description), its(:create_date), its(:update_date)
|
data/lib/awspec.rb
CHANGED
data/lib/awspec/cli.rb
CHANGED
|
@@ -22,6 +22,12 @@ module Awspec
|
|
|
22
22
|
puts Awspec::Generator::Spec::Route53HostedZone.new.generate_by_domain_name(hosted_zone)
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
+
desc 'iam_policy', 'Generate attached iam_policy spec'
|
|
26
|
+
def iam_policy
|
|
27
|
+
load_secrets
|
|
28
|
+
puts Awspec::Generator::Spec::IamPolicy.new.generate_all
|
|
29
|
+
end
|
|
30
|
+
|
|
25
31
|
no_commands do
|
|
26
32
|
def load_secrets
|
|
27
33
|
creds = YAML.load_file('spec/secrets.yml') if File.exist?('spec/secrets.yml')
|
data/lib/awspec/generator.rb
CHANGED
|
@@ -7,6 +7,7 @@ require 'awspec/generator/spec/vpc'
|
|
|
7
7
|
require 'awspec/generator/spec/security_group'
|
|
8
8
|
require 'awspec/generator/spec/route53_hosted_zone'
|
|
9
9
|
require 'awspec/generator/spec/elb'
|
|
10
|
+
require 'awspec/generator/spec/iam_policy'
|
|
10
11
|
|
|
11
12
|
# Doc
|
|
12
13
|
require 'awspec/generator/doc/type'
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module Awspec::Generator
|
|
2
|
+
module Doc
|
|
3
|
+
module Type
|
|
4
|
+
class IamPolicy < Base
|
|
5
|
+
def initialize
|
|
6
|
+
super
|
|
7
|
+
@type_name = 'IamPolicy'
|
|
8
|
+
@type = Awspec::Type::IamPolicy.new('my-iam-policy')
|
|
9
|
+
@ret = @type.resource
|
|
10
|
+
@matchers = []
|
|
11
|
+
@ignore_matchers = []
|
|
12
|
+
@describes = []
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module Awspec::Generator
|
|
2
|
+
module Doc
|
|
3
|
+
module Type
|
|
4
|
+
class IamRole < Base
|
|
5
|
+
def initialize
|
|
6
|
+
super
|
|
7
|
+
@type_name = 'IamRole'
|
|
8
|
+
@type = Awspec::Type::IamRole.new('my-iam-role')
|
|
9
|
+
@ret = @type.resource
|
|
10
|
+
@matchers = []
|
|
11
|
+
@ignore_matchers = []
|
|
12
|
+
@describes = []
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
module Awspec::Generator
|
|
2
|
+
module Spec
|
|
3
|
+
class IamPolicy
|
|
4
|
+
include Awspec::Helper::Finder
|
|
5
|
+
def generate_all
|
|
6
|
+
policies = select_all_attached_policies
|
|
7
|
+
policies.empty? && fail('Not Found policy')
|
|
8
|
+
ERB.new(policy_spec_template, nil, '-').result(binding).chomp
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
# rubocop:disable all
|
|
12
|
+
def policy_spec_template
|
|
13
|
+
template = <<-'EOF'
|
|
14
|
+
<% policies.each do |policy| %>
|
|
15
|
+
describe iam_policy('<%= policy.policy_name %>') do
|
|
16
|
+
it { should exist }
|
|
17
|
+
<%- if policy.is_attachable -%>
|
|
18
|
+
it { should be_attachable }
|
|
19
|
+
<%- else -%>
|
|
20
|
+
it { should_not be_attachable }
|
|
21
|
+
<%- end -%>
|
|
22
|
+
its(:arn) { should eq '<%= policy.arn %>' }
|
|
23
|
+
its(:update_date) { should eq Time.parse('<%= policy.update_date %>') }
|
|
24
|
+
its(:attachment_count) { should eq <%= policy.attachment_count %> }
|
|
25
|
+
<%- users = select_attached_users(policy.arn) -%>
|
|
26
|
+
<%- if users.empty? -%>
|
|
27
|
+
it { should_not be_attached_to_user }
|
|
28
|
+
<%- else -%>
|
|
29
|
+
<%- users.each do |user| -%>
|
|
30
|
+
it { should be_attached_to_user('<%= user.user_name %>') }
|
|
31
|
+
<%- end -%>
|
|
32
|
+
<%- end -%>
|
|
33
|
+
<%- groups = select_attached_groups(policy.arn) -%>
|
|
34
|
+
<%- if groups.empty? -%>
|
|
35
|
+
it { should_not be_attached_to_group }
|
|
36
|
+
<%- else -%>
|
|
37
|
+
<%- groups.each do |group| -%>
|
|
38
|
+
it { should be_attached_to_group('<%= group.group_name %>') }
|
|
39
|
+
<%- end -%>
|
|
40
|
+
<%- end -%>
|
|
41
|
+
<%- roles = select_attached_roles(policy.arn) -%>
|
|
42
|
+
<%- if roles.empty? -%>
|
|
43
|
+
it { should_not be_attached_to_role }
|
|
44
|
+
<%- else -%>
|
|
45
|
+
<%- roles.each do |role| -%>
|
|
46
|
+
it { should be_attached_to_role('<%= role.role_name %>') }
|
|
47
|
+
<%- end -%>
|
|
48
|
+
<%- end -%>
|
|
49
|
+
end
|
|
50
|
+
<% end %>
|
|
51
|
+
EOF
|
|
52
|
+
template
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
@@ -5,7 +5,7 @@ module Awspec::Helper
|
|
|
5
5
|
res = @auto_scaling_client.describe_auto_scaling_groups({
|
|
6
6
|
auto_scaling_group_names: [id]
|
|
7
7
|
})
|
|
8
|
-
res[:auto_scaling_groups]
|
|
8
|
+
res[:auto_scaling_groups].first if res[:auto_scaling_groups].count == 1
|
|
9
9
|
end
|
|
10
10
|
end
|
|
11
11
|
end
|
|
@@ -5,11 +5,11 @@ module Awspec::Helper
|
|
|
5
5
|
res = @ec2_client.describe_volumes({
|
|
6
6
|
filters: [{ name: 'volume-id', values: [volume_id] }]
|
|
7
7
|
})
|
|
8
|
-
return res[:volumes]
|
|
8
|
+
return res[:volumes].first if res[:volumes].count == 1
|
|
9
9
|
res = @ec2_client.describe_volumes({
|
|
10
10
|
filters: [{ name: 'tag:Name', values: [volume_id] }]
|
|
11
11
|
})
|
|
12
|
-
return res[:volumes]
|
|
12
|
+
return res[:volumes].first if res[:volumes].count == 1
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def select_ebs_by_instance_id(id)
|
|
@@ -32,45 +32,45 @@ module Awspec::Helper
|
|
|
32
32
|
else
|
|
33
33
|
return nil
|
|
34
34
|
end
|
|
35
|
-
return res[:reservations][
|
|
36
|
-
|
|
35
|
+
return res[:reservations].first[:instances].first if res[:reservations].count == 1 && \
|
|
36
|
+
res[:reservations].first[:instances].count == 1
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def find_subnet(subnet_id)
|
|
40
40
|
res = @ec2_client.describe_subnets({
|
|
41
41
|
filters: [{ name: 'subnet-id', values: [subnet_id] }]
|
|
42
42
|
})
|
|
43
|
-
return res[:subnets]
|
|
43
|
+
return res[:subnets].first if res[:subnets].count == 1
|
|
44
44
|
res = @ec2_client.describe_subnets({
|
|
45
45
|
filters: [{ name: 'tag:Name', values: [subnet_id] }]
|
|
46
46
|
})
|
|
47
|
-
return res[:subnets]
|
|
47
|
+
return res[:subnets].first if res[:subnets].count == 1
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
def find_internet_gateway(gateway_id)
|
|
51
51
|
res = @ec2_client.describe_internet_gateways({
|
|
52
52
|
filters: [{ name: 'internet-gateway-id', values: [gateway_id] }]
|
|
53
53
|
})
|
|
54
|
-
return res[:internet_gateways]
|
|
54
|
+
return res[:internet_gateways].first if res[:internet_gateways].count == 1
|
|
55
55
|
res = @ec2_client.describe_internet_gateways({
|
|
56
56
|
filters: [{ name: 'tag:Name', values: [gateway_id] }]
|
|
57
57
|
})
|
|
58
|
-
return res[:internet_gateways]
|
|
58
|
+
return res[:internet_gateways].first if res[:internet_gateways].count == 1
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
def find_security_group(sg_id)
|
|
62
62
|
res = @ec2_client.describe_security_groups({
|
|
63
63
|
filters: [{ name: 'group-id', values: [sg_id] }]
|
|
64
64
|
})
|
|
65
|
-
return res[:security_groups]
|
|
65
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
66
66
|
res = @ec2_client.describe_security_groups({
|
|
67
67
|
filters: [{ name: 'group-name', values: [sg_id] }]
|
|
68
68
|
})
|
|
69
|
-
return res[:security_groups]
|
|
69
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
70
70
|
res = @ec2_client.describe_security_groups({
|
|
71
71
|
filters: [{ name: 'tag:Name', values: [sg_id] }]
|
|
72
72
|
})
|
|
73
|
-
return res[:security_groups]
|
|
73
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
74
74
|
end
|
|
75
75
|
|
|
76
76
|
def select_ec2_by_vpc_id(vpc_id)
|
|
@@ -5,7 +5,7 @@ module Awspec::Helper
|
|
|
5
5
|
res = @elb_client.describe_load_balancers({
|
|
6
6
|
load_balancer_names: [id]
|
|
7
7
|
})
|
|
8
|
-
return res[:load_balancer_descriptions]
|
|
8
|
+
return res[:load_balancer_descriptions].first if res[:load_balancer_descriptions].count == 1
|
|
9
9
|
rescue
|
|
10
10
|
return nil
|
|
11
11
|
end
|
|
@@ -2,37 +2,59 @@ module Awspec::Helper
|
|
|
2
2
|
module Finder
|
|
3
3
|
module Iam
|
|
4
4
|
def find_iam_user(id)
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
selected = []
|
|
6
|
+
res = @iam_client.list_users
|
|
7
|
+
|
|
7
8
|
loop do
|
|
8
|
-
res
|
|
9
|
-
|
|
10
|
-
)
|
|
11
|
-
marker = res.marker
|
|
12
|
-
break if res.users.empty?
|
|
13
|
-
res.users.each do |user|
|
|
14
|
-
users.push(user) if user.user_name == id || user.user_id == id
|
|
9
|
+
selected += res.users.select do |u|
|
|
10
|
+
u.user_name == id || u.user_id == id || u.arn == id
|
|
15
11
|
end
|
|
16
|
-
|
|
12
|
+
(res.next_page? && res = res.next_page) || break
|
|
17
13
|
end
|
|
18
|
-
|
|
14
|
+
|
|
15
|
+
selected.first if selected.count == 1
|
|
19
16
|
end
|
|
20
17
|
|
|
21
18
|
def find_iam_group(id)
|
|
22
|
-
|
|
23
|
-
|
|
19
|
+
selected = []
|
|
20
|
+
res = @iam_client.list_groups
|
|
21
|
+
|
|
22
|
+
loop do
|
|
23
|
+
selected += res.groups.select do |g|
|
|
24
|
+
g.group_name == id || g.group_id == id || g.arn == id
|
|
25
|
+
end
|
|
26
|
+
(res.next_page? && res = res.next_page) || break
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
selected.first if selected.count == 1
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def find_iam_role(id)
|
|
33
|
+
selected = []
|
|
34
|
+
res = @iam_client.list_roles
|
|
35
|
+
|
|
24
36
|
loop do
|
|
25
|
-
res
|
|
26
|
-
|
|
27
|
-
)
|
|
28
|
-
marker = res.marker
|
|
29
|
-
break if res.groups.empty?
|
|
30
|
-
res.groups.each do |group|
|
|
31
|
-
groups.push(group) if group.group_name == id || group.group_id == id
|
|
37
|
+
selected += res.roles.select do |r|
|
|
38
|
+
r.role_name == id || r.role_id == id || r.arn == id
|
|
32
39
|
end
|
|
33
|
-
|
|
40
|
+
(res.next_page? && res = res.next_page) || break
|
|
34
41
|
end
|
|
35
|
-
|
|
42
|
+
|
|
43
|
+
selected.first if selected.count == 1
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def find_iam_policy(id)
|
|
47
|
+
selected = []
|
|
48
|
+
res = @iam_client.list_policies
|
|
49
|
+
|
|
50
|
+
loop do
|
|
51
|
+
selected += res.policies.select do |p|
|
|
52
|
+
p.policy_name == id || p.policy_id == id || p.arn == id
|
|
53
|
+
end
|
|
54
|
+
(res.next_page? && res = res.next_page) || break
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
selected.first if selected.count == 1
|
|
36
58
|
end
|
|
37
59
|
|
|
38
60
|
def select_iam_group_by_user_name(user_name)
|
|
@@ -55,6 +77,45 @@ module Awspec::Helper
|
|
|
55
77
|
})
|
|
56
78
|
res.attached_policies
|
|
57
79
|
end
|
|
80
|
+
|
|
81
|
+
def select_iam_policy_by_role_name(role_name)
|
|
82
|
+
res = @iam_client.list_attached_role_policies({
|
|
83
|
+
role_name: role_name
|
|
84
|
+
})
|
|
85
|
+
res.attached_policies
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
def select_all_attached_policies
|
|
89
|
+
selected = []
|
|
90
|
+
res = @iam_client.list_policies
|
|
91
|
+
|
|
92
|
+
loop do
|
|
93
|
+
selected += res.policies.select { |p| p.attachment_count > 0 }
|
|
94
|
+
(res.next_page? && res = res.next_page) || break
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
selected
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def select_attached_entities(policy_id)
|
|
101
|
+
policy = find_iam_policy(policy_id)
|
|
102
|
+
@iam_client.list_entities_for_policy(policy_arn: policy[:arn])
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
def select_attached_users(policy_id)
|
|
106
|
+
entities = select_attached_entities(policy_id)
|
|
107
|
+
entities.policy_users
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
def select_attached_groups(policy_id)
|
|
111
|
+
entities = select_attached_entities(policy_id)
|
|
112
|
+
entities.policy_groups
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
def select_attached_roles(policy_id)
|
|
116
|
+
entities = select_attached_entities(policy_id)
|
|
117
|
+
entities.policy_roles
|
|
118
|
+
end
|
|
58
119
|
end
|
|
59
120
|
end
|
|
60
121
|
end
|
|
@@ -2,22 +2,17 @@ module Awspec::Helper
|
|
|
2
2
|
module Finder
|
|
3
3
|
module Lambda
|
|
4
4
|
def find_lambda(id)
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
selected = []
|
|
6
|
+
res = @lambda_client.list_functions
|
|
7
|
+
|
|
7
8
|
loop do
|
|
8
|
-
res
|
|
9
|
-
|
|
10
|
-
)
|
|
11
|
-
marker = res.next_marker
|
|
12
|
-
break if res.functions.empty?
|
|
13
|
-
res.functions.each do |function|
|
|
14
|
-
if function.function_name == id || function.function_arn == id
|
|
15
|
-
functions.push(function)
|
|
16
|
-
end
|
|
9
|
+
selected += res.functions.select do |function|
|
|
10
|
+
function.function_name == id || function.function_arn == id
|
|
17
11
|
end
|
|
18
|
-
|
|
12
|
+
(res.next_page? && res = res.next_page) || break
|
|
19
13
|
end
|
|
20
|
-
|
|
14
|
+
|
|
15
|
+
selected.first if selected.count == 1
|
|
21
16
|
end
|
|
22
17
|
|
|
23
18
|
def select_event_source_by_function_arn(function_arn)
|
|
@@ -6,7 +6,7 @@ module Awspec::Helper
|
|
|
6
6
|
res = @rds_client.describe_db_instances({
|
|
7
7
|
db_instance_identifier: id
|
|
8
8
|
})
|
|
9
|
-
return res[:db_instances]
|
|
9
|
+
return res[:db_instances].first if res[:db_instances].count == 1
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def select_rds_by_vpc_id(vpc_id)
|
|
@@ -2,22 +2,14 @@ module Awspec::Helper
|
|
|
2
2
|
module Finder
|
|
3
3
|
module Route53
|
|
4
4
|
def find_hosted_zone(id)
|
|
5
|
-
|
|
6
|
-
marker = nil
|
|
5
|
+
res = @route53_client.list_hosted_zones
|
|
7
6
|
loop do
|
|
8
|
-
res = @route53_client.list_hosted_zones({
|
|
9
|
-
marker: marker
|
|
10
|
-
})
|
|
11
|
-
marker = res.marker
|
|
12
|
-
break if res.hosted_zones.empty?
|
|
13
7
|
res.hosted_zones.each do |hosted_zone|
|
|
14
|
-
hosted_zones[hosted_zone[:name]] = hosted_zones
|
|
15
8
|
if hosted_zone[:name] == id || hosted_zone[:id] == '/hostedzone/' + id || hosted_zone[:id] == id
|
|
16
9
|
return hosted_zone
|
|
17
10
|
end
|
|
18
11
|
end
|
|
19
|
-
|
|
20
|
-
break if marker.nil?
|
|
12
|
+
(res.next_page? && res = res.next_page) || break
|
|
21
13
|
end
|
|
22
14
|
end
|
|
23
15
|
end
|
|
@@ -6,17 +6,17 @@ module Awspec::Helper
|
|
|
6
6
|
filters: [{ name: 'group-id', values: [id] }]
|
|
7
7
|
})
|
|
8
8
|
|
|
9
|
-
return res[:security_groups]
|
|
9
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
10
10
|
res = @ec2_client.describe_security_groups({
|
|
11
11
|
filters: [{ name: 'group-name', values: [id] }]
|
|
12
12
|
})
|
|
13
13
|
|
|
14
|
-
return res[:security_groups]
|
|
14
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
15
15
|
res = @ec2_client.describe_security_groups({
|
|
16
16
|
filters: [{ name: 'tag:Name', values: [id] }]
|
|
17
17
|
})
|
|
18
18
|
|
|
19
|
-
return res[:security_groups]
|
|
19
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def select_security_group_by_vpc_id(vpc_id)
|
|
@@ -5,33 +5,33 @@ module Awspec::Helper
|
|
|
5
5
|
res = @ec2_client.describe_vpcs({
|
|
6
6
|
filters: [{ name: 'vpc-id', values: [id] }]
|
|
7
7
|
})
|
|
8
|
-
return res[:vpcs]
|
|
8
|
+
return res[:vpcs].first if res[:vpcs].count == 1
|
|
9
9
|
res = @ec2_client.describe_vpcs({
|
|
10
10
|
filters: [{ name: 'tag:Name', values: [id] }]
|
|
11
11
|
})
|
|
12
|
-
return res[:vpcs]
|
|
12
|
+
return res[:vpcs].first if res[:vpcs].count == 1
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def find_route_table(route_table_id)
|
|
16
16
|
res = @ec2_client.describe_route_tables({
|
|
17
17
|
filters: [{ name: 'route-table-id', values: [route_table_id] }]
|
|
18
18
|
})
|
|
19
|
-
return res[:route_tables]
|
|
19
|
+
return res[:route_tables].first if res[:route_tables].count == 1
|
|
20
20
|
res = @ec2_client.describe_route_tables({
|
|
21
21
|
filters: [{ name: 'tag:Name', values: [route_table_id] }]
|
|
22
22
|
})
|
|
23
|
-
return res[:route_tables]
|
|
23
|
+
return res[:route_tables].first if res[:route_tables].count == 1
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def find_network_acl(id)
|
|
27
27
|
res = @ec2_client.describe_network_acls({
|
|
28
28
|
filters: [{ name: 'network-acl-id', values: [id] }]
|
|
29
29
|
})
|
|
30
|
-
return res[:network_acls]
|
|
30
|
+
return res[:network_acls].first if res[:network_acls].count == 1
|
|
31
31
|
res = @ec2_client.describe_network_acls({
|
|
32
32
|
filters: [{ name: 'tag:Name', values: [id] }]
|
|
33
33
|
})
|
|
34
|
-
return res[:network_acls]
|
|
34
|
+
return res[:network_acls].first if res[:network_acls].count == 1
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
def select_route_table_by_vpc_id(vpc_id)
|
data/lib/awspec/helper/type.rb
CHANGED
|
@@ -4,7 +4,8 @@ module Awspec
|
|
|
4
4
|
TYPES = %w(
|
|
5
5
|
base ec2 rds rds_db_parameter_group security_group
|
|
6
6
|
vpc s3 route53_hosted_zone auto_scaling_group subnet
|
|
7
|
-
route_table ebs elb lambda iam_user iam_group
|
|
7
|
+
route_table ebs elb lambda iam_user iam_group iam_role
|
|
8
|
+
iam_policy
|
|
8
9
|
)
|
|
9
10
|
|
|
10
11
|
TYPES.each do |type|
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
Aws.config[:iam] = {
|
|
2
|
+
stub_responses: {
|
|
3
|
+
list_policies: {
|
|
4
|
+
policies: [
|
|
5
|
+
{
|
|
6
|
+
attachment_count: 1,
|
|
7
|
+
arn: 'arn:aws:iam::aws:policy/my-iam-policy',
|
|
8
|
+
is_attachable: true,
|
|
9
|
+
policy_id: 'PABCDEFGHI123455689',
|
|
10
|
+
policy_name: 'my-iam-policy',
|
|
11
|
+
update_date: Time.new(2015, 1, 2, 10, 00, 00, '+00:00')
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
attachment_count: 1,
|
|
15
|
+
arn: 'arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator',
|
|
16
|
+
is_attachable: true,
|
|
17
|
+
policy_id: 'PABCDEFGHI123455688',
|
|
18
|
+
policy_name: 'AmazonAPIGatewayAdministrator',
|
|
19
|
+
update_date: Time.new(2015, 7, 9, 17, 34, 45, '+00:00')
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
attachment_count: 1,
|
|
23
|
+
arn: 'arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole',
|
|
24
|
+
is_attachable: true,
|
|
25
|
+
policy_id: 'PABCDEFGHI123455687',
|
|
26
|
+
policy_name: 'AmazonEC2RoleforDataPipelineRole',
|
|
27
|
+
update_date: Time.new(2015, 3, 19, 19, 21, 14, '+00:00')
|
|
28
|
+
}
|
|
29
|
+
]
|
|
30
|
+
},
|
|
31
|
+
list_entities_for_policy: {
|
|
32
|
+
policy_roles: [
|
|
33
|
+
{ role_name: 'HelloIAmGodRole' }
|
|
34
|
+
],
|
|
35
|
+
policy_users: [
|
|
36
|
+
{ user_name: 'my-iam-user' }
|
|
37
|
+
],
|
|
38
|
+
policy_groups: [
|
|
39
|
+
{ group_name: 'my-iam-group' }
|
|
40
|
+
]
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
Aws.config[:iam] = {
|
|
2
|
+
stub_responses: {
|
|
3
|
+
list_roles: {
|
|
4
|
+
roles: [
|
|
5
|
+
path: '/',
|
|
6
|
+
role_name: 'my-iam-role',
|
|
7
|
+
role_id: 'RABCDEFGHI123455689',
|
|
8
|
+
arn: 'arn:aws:iam::123456789012:role/my-iam-role',
|
|
9
|
+
create_date: Time.local(2015)
|
|
10
|
+
]
|
|
11
|
+
},
|
|
12
|
+
list_attached_role_policies: {
|
|
13
|
+
attached_policies: [
|
|
14
|
+
{
|
|
15
|
+
policy_arn: 'arn:aws:iam::aws:policy/ReadOnlyAccess',
|
|
16
|
+
policy_name: 'ReadOnlyAccess'
|
|
17
|
+
}
|
|
18
|
+
],
|
|
19
|
+
is_truncated: false,
|
|
20
|
+
maker: nil
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
module Awspec::Type
|
|
2
|
+
class IamPolicy < Base
|
|
3
|
+
def initialize(id)
|
|
4
|
+
super
|
|
5
|
+
@resource = find_iam_policy(id)
|
|
6
|
+
@id = @resource[:policy_id] if @resource
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def attachable?
|
|
10
|
+
policy.is_attachable
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def attached_to_user?(user_id = nil)
|
|
14
|
+
users = select_attached_users(@id)
|
|
15
|
+
if user_id
|
|
16
|
+
user = find_iam_user(user_id)
|
|
17
|
+
return false unless user
|
|
18
|
+
users.any? do |u|
|
|
19
|
+
u.user_name == user[:user_name]
|
|
20
|
+
end
|
|
21
|
+
else
|
|
22
|
+
!users.empty?
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def attached_to_group?(group_id = nil)
|
|
27
|
+
groups = select_attached_groups(@id)
|
|
28
|
+
if group_id
|
|
29
|
+
group = find_iam_group(group_id)
|
|
30
|
+
return false unless group
|
|
31
|
+
groups.any? do |g|
|
|
32
|
+
g.group_name == group[:group_name]
|
|
33
|
+
end
|
|
34
|
+
else
|
|
35
|
+
!groups.empty?
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def attached_to_role?(role_id = nil)
|
|
40
|
+
roles = select_attached_roles(@id)
|
|
41
|
+
if role_id
|
|
42
|
+
role = find_iam_role(role_id)
|
|
43
|
+
return false unless role
|
|
44
|
+
roles.any? do |r|
|
|
45
|
+
r.role_name == role[:role_name]
|
|
46
|
+
end
|
|
47
|
+
else
|
|
48
|
+
!roles.empty?
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
module Awspec::Type
|
|
2
|
+
class IamRole < Base
|
|
3
|
+
def initialize(id)
|
|
4
|
+
super
|
|
5
|
+
@resource = find_iam_role(id)
|
|
6
|
+
@id = @resource[:role_id] if @resource
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def has_iam_policy?(policy_id)
|
|
10
|
+
policies = select_iam_policy_by_role_name(@resource[:role_name])
|
|
11
|
+
policies.find do |policy|
|
|
12
|
+
policy.policy_arn == policy_id || policy.policy_name == policy_id
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
data/lib/awspec/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- k1LoW
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-09-
|
|
11
|
+
date: 2015-09-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -162,6 +162,8 @@ files:
|
|
|
162
162
|
- lib/awspec/generator/doc/type/ec2.rb
|
|
163
163
|
- lib/awspec/generator/doc/type/elb.rb
|
|
164
164
|
- lib/awspec/generator/doc/type/iam_group.rb
|
|
165
|
+
- lib/awspec/generator/doc/type/iam_policy.rb
|
|
166
|
+
- lib/awspec/generator/doc/type/iam_role.rb
|
|
165
167
|
- lib/awspec/generator/doc/type/iam_user.rb
|
|
166
168
|
- lib/awspec/generator/doc/type/lambda.rb
|
|
167
169
|
- lib/awspec/generator/doc/type/rds.rb
|
|
@@ -174,6 +176,7 @@ files:
|
|
|
174
176
|
- lib/awspec/generator/doc/type/vpc.rb
|
|
175
177
|
- lib/awspec/generator/spec/ec2.rb
|
|
176
178
|
- lib/awspec/generator/spec/elb.rb
|
|
179
|
+
- lib/awspec/generator/spec/iam_policy.rb
|
|
177
180
|
- lib/awspec/generator/spec/rds.rb
|
|
178
181
|
- lib/awspec/generator/spec/route53_hosted_zone.rb
|
|
179
182
|
- lib/awspec/generator/spec/security_group.rb
|
|
@@ -208,6 +211,8 @@ files:
|
|
|
208
211
|
- lib/awspec/stub/ec2.rb
|
|
209
212
|
- lib/awspec/stub/elb.rb
|
|
210
213
|
- lib/awspec/stub/iam_group.rb
|
|
214
|
+
- lib/awspec/stub/iam_policy.rb
|
|
215
|
+
- lib/awspec/stub/iam_role.rb
|
|
211
216
|
- lib/awspec/stub/iam_user.rb
|
|
212
217
|
- lib/awspec/stub/lambda.rb
|
|
213
218
|
- lib/awspec/stub/rds.rb
|
|
@@ -225,6 +230,8 @@ files:
|
|
|
225
230
|
- lib/awspec/type/ec2.rb
|
|
226
231
|
- lib/awspec/type/elb.rb
|
|
227
232
|
- lib/awspec/type/iam_group.rb
|
|
233
|
+
- lib/awspec/type/iam_policy.rb
|
|
234
|
+
- lib/awspec/type/iam_role.rb
|
|
228
235
|
- lib/awspec/type/iam_user.rb
|
|
229
236
|
- lib/awspec/type/lambda.rb
|
|
230
237
|
- lib/awspec/type/rds.rb
|