awspec 0.9.0 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/doc/resource_types.md +26 -0
- data/lib/awspec.rb +1 -0
- data/lib/awspec/cli.rb +1 -1
- data/lib/awspec/command/generate.rb +6 -0
- data/lib/awspec/generator.rb +1 -0
- data/lib/awspec/generator/doc/type/iam_policy.rb +17 -0
- data/lib/awspec/generator/doc/type/iam_role.rb +17 -0
- data/lib/awspec/generator/spec/iam_policy.rb +56 -0
- data/lib/awspec/helper/finder/auto_scaling.rb +1 -1
- data/lib/awspec/helper/finder/ebs.rb +2 -2
- data/lib/awspec/helper/finder/ec2.rb +9 -9
- data/lib/awspec/helper/finder/elb.rb +1 -1
- data/lib/awspec/helper/finder/iam.rb +83 -22
- data/lib/awspec/helper/finder/lambda.rb +8 -13
- data/lib/awspec/helper/finder/rds.rb +1 -1
- data/lib/awspec/helper/finder/route53.rb +2 -10
- data/lib/awspec/helper/finder/security_group.rb +3 -3
- data/lib/awspec/helper/finder/vpc.rb +6 -6
- data/lib/awspec/helper/type.rb +2 -1
- data/lib/awspec/stub/iam_policy.rb +43 -0
- data/lib/awspec/stub/iam_role.rb +23 -0
- data/lib/awspec/type/iam_policy.rb +52 -0
- data/lib/awspec/type/iam_role.rb +16 -0
- data/lib/awspec/version.rb +1 -1
- metadata +9 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9ad0f1b784e4a2c835c7b1508a0bc47ad33d55ce
|
|
4
|
+
data.tar.gz: a5a394655631e518def240482d1d15cb8e1b26d5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 65dc425d78cf4c8bb53ee28bcdf87b0c1d4de12f3b17880af3eb414e83eaf32ad2ee93533861b8d424910e6987345684f6cc4eecdb02553451991ded3da815e0
|
|
7
|
+
data.tar.gz: 49abee0c1e4cbb78f5afd949b39314aa9d6f8be45966d14f718dc0f4e6ed77a6a54a7663ec82de8e89d40970015fa62feb22293b2414def1c93f219564a9802f
|
data/README.md
CHANGED
|
@@ -95,8 +95,8 @@ $ awspec generate ec2 vpc-ab123cde >> spec/ec2_spec.rb
|
|
|
95
95
|
- IAM
|
|
96
96
|
- [x] IAM User (`iam_user`)
|
|
97
97
|
- [x] IAM Group (`iam_group`)
|
|
98
|
-
- [
|
|
99
|
-
- [
|
|
98
|
+
- [x] IAM Role (`iam_role`)
|
|
99
|
+
- [x] IAM Policy (`iam_policy`)
|
|
100
100
|
|
|
101
101
|
[Resource Types more infomation here](doc/resource_types.md)
|
|
102
102
|
|
data/doc/resource_types.md
CHANGED
|
@@ -15,6 +15,8 @@
|
|
|
15
15
|
| [lambda](#lambda)
|
|
16
16
|
| [iam_user](#iam_user)
|
|
17
17
|
| [iam_group](#iam_group)
|
|
18
|
+
| [iam_role](#iam_role)
|
|
19
|
+
| [iam_policy](#iam_policy)
|
|
18
20
|
|
|
19
21
|
## <a name="ec2">ec2</a>
|
|
20
22
|
|
|
@@ -292,3 +294,27 @@ IamGroup resource type.
|
|
|
292
294
|
### have_iam_user
|
|
293
295
|
|
|
294
296
|
#### its(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)
|
|
297
|
+
## <a name="iam_role">iam_role</a>
|
|
298
|
+
|
|
299
|
+
IamRole resource type.
|
|
300
|
+
|
|
301
|
+
### exist
|
|
302
|
+
|
|
303
|
+
### have_iam_policy
|
|
304
|
+
|
|
305
|
+
#### its(:path), its(:role_name), its(:role_id), its(:arn), its(:create_date), its(:assume_role_policy_document)
|
|
306
|
+
## <a name="iam_policy">iam_policy</a>
|
|
307
|
+
|
|
308
|
+
IamPolicy resource type.
|
|
309
|
+
|
|
310
|
+
### exist
|
|
311
|
+
|
|
312
|
+
### be_attachable
|
|
313
|
+
|
|
314
|
+
### be_attached_to_group
|
|
315
|
+
|
|
316
|
+
### be_attached_to_role
|
|
317
|
+
|
|
318
|
+
### be_attached_to_user
|
|
319
|
+
|
|
320
|
+
#### its(:policy_name), its(:policy_id), its(:arn), its(:path), its(:default_version_id), its(:attachment_count), its(:is_attachable), its(:description), its(:create_date), its(:update_date)
|
data/lib/awspec.rb
CHANGED
data/lib/awspec/cli.rb
CHANGED
|
@@ -22,6 +22,12 @@ module Awspec
|
|
|
22
22
|
puts Awspec::Generator::Spec::Route53HostedZone.new.generate_by_domain_name(hosted_zone)
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
+
desc 'iam_policy', 'Generate attached iam_policy spec'
|
|
26
|
+
def iam_policy
|
|
27
|
+
load_secrets
|
|
28
|
+
puts Awspec::Generator::Spec::IamPolicy.new.generate_all
|
|
29
|
+
end
|
|
30
|
+
|
|
25
31
|
no_commands do
|
|
26
32
|
def load_secrets
|
|
27
33
|
creds = YAML.load_file('spec/secrets.yml') if File.exist?('spec/secrets.yml')
|
data/lib/awspec/generator.rb
CHANGED
|
@@ -7,6 +7,7 @@ require 'awspec/generator/spec/vpc'
|
|
|
7
7
|
require 'awspec/generator/spec/security_group'
|
|
8
8
|
require 'awspec/generator/spec/route53_hosted_zone'
|
|
9
9
|
require 'awspec/generator/spec/elb'
|
|
10
|
+
require 'awspec/generator/spec/iam_policy'
|
|
10
11
|
|
|
11
12
|
# Doc
|
|
12
13
|
require 'awspec/generator/doc/type'
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module Awspec::Generator
|
|
2
|
+
module Doc
|
|
3
|
+
module Type
|
|
4
|
+
class IamPolicy < Base
|
|
5
|
+
def initialize
|
|
6
|
+
super
|
|
7
|
+
@type_name = 'IamPolicy'
|
|
8
|
+
@type = Awspec::Type::IamPolicy.new('my-iam-policy')
|
|
9
|
+
@ret = @type.resource
|
|
10
|
+
@matchers = []
|
|
11
|
+
@ignore_matchers = []
|
|
12
|
+
@describes = []
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module Awspec::Generator
|
|
2
|
+
module Doc
|
|
3
|
+
module Type
|
|
4
|
+
class IamRole < Base
|
|
5
|
+
def initialize
|
|
6
|
+
super
|
|
7
|
+
@type_name = 'IamRole'
|
|
8
|
+
@type = Awspec::Type::IamRole.new('my-iam-role')
|
|
9
|
+
@ret = @type.resource
|
|
10
|
+
@matchers = []
|
|
11
|
+
@ignore_matchers = []
|
|
12
|
+
@describes = []
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
module Awspec::Generator
|
|
2
|
+
module Spec
|
|
3
|
+
class IamPolicy
|
|
4
|
+
include Awspec::Helper::Finder
|
|
5
|
+
def generate_all
|
|
6
|
+
policies = select_all_attached_policies
|
|
7
|
+
policies.empty? && fail('Not Found policy')
|
|
8
|
+
ERB.new(policy_spec_template, nil, '-').result(binding).chomp
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
# rubocop:disable all
|
|
12
|
+
def policy_spec_template
|
|
13
|
+
template = <<-'EOF'
|
|
14
|
+
<% policies.each do |policy| %>
|
|
15
|
+
describe iam_policy('<%= policy.policy_name %>') do
|
|
16
|
+
it { should exist }
|
|
17
|
+
<%- if policy.is_attachable -%>
|
|
18
|
+
it { should be_attachable }
|
|
19
|
+
<%- else -%>
|
|
20
|
+
it { should_not be_attachable }
|
|
21
|
+
<%- end -%>
|
|
22
|
+
its(:arn) { should eq '<%= policy.arn %>' }
|
|
23
|
+
its(:update_date) { should eq Time.parse('<%= policy.update_date %>') }
|
|
24
|
+
its(:attachment_count) { should eq <%= policy.attachment_count %> }
|
|
25
|
+
<%- users = select_attached_users(policy.arn) -%>
|
|
26
|
+
<%- if users.empty? -%>
|
|
27
|
+
it { should_not be_attached_to_user }
|
|
28
|
+
<%- else -%>
|
|
29
|
+
<%- users.each do |user| -%>
|
|
30
|
+
it { should be_attached_to_user('<%= user.user_name %>') }
|
|
31
|
+
<%- end -%>
|
|
32
|
+
<%- end -%>
|
|
33
|
+
<%- groups = select_attached_groups(policy.arn) -%>
|
|
34
|
+
<%- if groups.empty? -%>
|
|
35
|
+
it { should_not be_attached_to_group }
|
|
36
|
+
<%- else -%>
|
|
37
|
+
<%- groups.each do |group| -%>
|
|
38
|
+
it { should be_attached_to_group('<%= group.group_name %>') }
|
|
39
|
+
<%- end -%>
|
|
40
|
+
<%- end -%>
|
|
41
|
+
<%- roles = select_attached_roles(policy.arn) -%>
|
|
42
|
+
<%- if roles.empty? -%>
|
|
43
|
+
it { should_not be_attached_to_role }
|
|
44
|
+
<%- else -%>
|
|
45
|
+
<%- roles.each do |role| -%>
|
|
46
|
+
it { should be_attached_to_role('<%= role.role_name %>') }
|
|
47
|
+
<%- end -%>
|
|
48
|
+
<%- end -%>
|
|
49
|
+
end
|
|
50
|
+
<% end %>
|
|
51
|
+
EOF
|
|
52
|
+
template
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
@@ -5,7 +5,7 @@ module Awspec::Helper
|
|
|
5
5
|
res = @auto_scaling_client.describe_auto_scaling_groups({
|
|
6
6
|
auto_scaling_group_names: [id]
|
|
7
7
|
})
|
|
8
|
-
res[:auto_scaling_groups]
|
|
8
|
+
res[:auto_scaling_groups].first if res[:auto_scaling_groups].count == 1
|
|
9
9
|
end
|
|
10
10
|
end
|
|
11
11
|
end
|
|
@@ -5,11 +5,11 @@ module Awspec::Helper
|
|
|
5
5
|
res = @ec2_client.describe_volumes({
|
|
6
6
|
filters: [{ name: 'volume-id', values: [volume_id] }]
|
|
7
7
|
})
|
|
8
|
-
return res[:volumes]
|
|
8
|
+
return res[:volumes].first if res[:volumes].count == 1
|
|
9
9
|
res = @ec2_client.describe_volumes({
|
|
10
10
|
filters: [{ name: 'tag:Name', values: [volume_id] }]
|
|
11
11
|
})
|
|
12
|
-
return res[:volumes]
|
|
12
|
+
return res[:volumes].first if res[:volumes].count == 1
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def select_ebs_by_instance_id(id)
|
|
@@ -32,45 +32,45 @@ module Awspec::Helper
|
|
|
32
32
|
else
|
|
33
33
|
return nil
|
|
34
34
|
end
|
|
35
|
-
return res[:reservations][
|
|
36
|
-
|
|
35
|
+
return res[:reservations].first[:instances].first if res[:reservations].count == 1 && \
|
|
36
|
+
res[:reservations].first[:instances].count == 1
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def find_subnet(subnet_id)
|
|
40
40
|
res = @ec2_client.describe_subnets({
|
|
41
41
|
filters: [{ name: 'subnet-id', values: [subnet_id] }]
|
|
42
42
|
})
|
|
43
|
-
return res[:subnets]
|
|
43
|
+
return res[:subnets].first if res[:subnets].count == 1
|
|
44
44
|
res = @ec2_client.describe_subnets({
|
|
45
45
|
filters: [{ name: 'tag:Name', values: [subnet_id] }]
|
|
46
46
|
})
|
|
47
|
-
return res[:subnets]
|
|
47
|
+
return res[:subnets].first if res[:subnets].count == 1
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
def find_internet_gateway(gateway_id)
|
|
51
51
|
res = @ec2_client.describe_internet_gateways({
|
|
52
52
|
filters: [{ name: 'internet-gateway-id', values: [gateway_id] }]
|
|
53
53
|
})
|
|
54
|
-
return res[:internet_gateways]
|
|
54
|
+
return res[:internet_gateways].first if res[:internet_gateways].count == 1
|
|
55
55
|
res = @ec2_client.describe_internet_gateways({
|
|
56
56
|
filters: [{ name: 'tag:Name', values: [gateway_id] }]
|
|
57
57
|
})
|
|
58
|
-
return res[:internet_gateways]
|
|
58
|
+
return res[:internet_gateways].first if res[:internet_gateways].count == 1
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
def find_security_group(sg_id)
|
|
62
62
|
res = @ec2_client.describe_security_groups({
|
|
63
63
|
filters: [{ name: 'group-id', values: [sg_id] }]
|
|
64
64
|
})
|
|
65
|
-
return res[:security_groups]
|
|
65
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
66
66
|
res = @ec2_client.describe_security_groups({
|
|
67
67
|
filters: [{ name: 'group-name', values: [sg_id] }]
|
|
68
68
|
})
|
|
69
|
-
return res[:security_groups]
|
|
69
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
70
70
|
res = @ec2_client.describe_security_groups({
|
|
71
71
|
filters: [{ name: 'tag:Name', values: [sg_id] }]
|
|
72
72
|
})
|
|
73
|
-
return res[:security_groups]
|
|
73
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
74
74
|
end
|
|
75
75
|
|
|
76
76
|
def select_ec2_by_vpc_id(vpc_id)
|
|
@@ -5,7 +5,7 @@ module Awspec::Helper
|
|
|
5
5
|
res = @elb_client.describe_load_balancers({
|
|
6
6
|
load_balancer_names: [id]
|
|
7
7
|
})
|
|
8
|
-
return res[:load_balancer_descriptions]
|
|
8
|
+
return res[:load_balancer_descriptions].first if res[:load_balancer_descriptions].count == 1
|
|
9
9
|
rescue
|
|
10
10
|
return nil
|
|
11
11
|
end
|
|
@@ -2,37 +2,59 @@ module Awspec::Helper
|
|
|
2
2
|
module Finder
|
|
3
3
|
module Iam
|
|
4
4
|
def find_iam_user(id)
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
selected = []
|
|
6
|
+
res = @iam_client.list_users
|
|
7
|
+
|
|
7
8
|
loop do
|
|
8
|
-
res
|
|
9
|
-
|
|
10
|
-
)
|
|
11
|
-
marker = res.marker
|
|
12
|
-
break if res.users.empty?
|
|
13
|
-
res.users.each do |user|
|
|
14
|
-
users.push(user) if user.user_name == id || user.user_id == id
|
|
9
|
+
selected += res.users.select do |u|
|
|
10
|
+
u.user_name == id || u.user_id == id || u.arn == id
|
|
15
11
|
end
|
|
16
|
-
|
|
12
|
+
(res.next_page? && res = res.next_page) || break
|
|
17
13
|
end
|
|
18
|
-
|
|
14
|
+
|
|
15
|
+
selected.first if selected.count == 1
|
|
19
16
|
end
|
|
20
17
|
|
|
21
18
|
def find_iam_group(id)
|
|
22
|
-
|
|
23
|
-
|
|
19
|
+
selected = []
|
|
20
|
+
res = @iam_client.list_groups
|
|
21
|
+
|
|
22
|
+
loop do
|
|
23
|
+
selected += res.groups.select do |g|
|
|
24
|
+
g.group_name == id || g.group_id == id || g.arn == id
|
|
25
|
+
end
|
|
26
|
+
(res.next_page? && res = res.next_page) || break
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
selected.first if selected.count == 1
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def find_iam_role(id)
|
|
33
|
+
selected = []
|
|
34
|
+
res = @iam_client.list_roles
|
|
35
|
+
|
|
24
36
|
loop do
|
|
25
|
-
res
|
|
26
|
-
|
|
27
|
-
)
|
|
28
|
-
marker = res.marker
|
|
29
|
-
break if res.groups.empty?
|
|
30
|
-
res.groups.each do |group|
|
|
31
|
-
groups.push(group) if group.group_name == id || group.group_id == id
|
|
37
|
+
selected += res.roles.select do |r|
|
|
38
|
+
r.role_name == id || r.role_id == id || r.arn == id
|
|
32
39
|
end
|
|
33
|
-
|
|
40
|
+
(res.next_page? && res = res.next_page) || break
|
|
34
41
|
end
|
|
35
|
-
|
|
42
|
+
|
|
43
|
+
selected.first if selected.count == 1
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def find_iam_policy(id)
|
|
47
|
+
selected = []
|
|
48
|
+
res = @iam_client.list_policies
|
|
49
|
+
|
|
50
|
+
loop do
|
|
51
|
+
selected += res.policies.select do |p|
|
|
52
|
+
p.policy_name == id || p.policy_id == id || p.arn == id
|
|
53
|
+
end
|
|
54
|
+
(res.next_page? && res = res.next_page) || break
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
selected.first if selected.count == 1
|
|
36
58
|
end
|
|
37
59
|
|
|
38
60
|
def select_iam_group_by_user_name(user_name)
|
|
@@ -55,6 +77,45 @@ module Awspec::Helper
|
|
|
55
77
|
})
|
|
56
78
|
res.attached_policies
|
|
57
79
|
end
|
|
80
|
+
|
|
81
|
+
def select_iam_policy_by_role_name(role_name)
|
|
82
|
+
res = @iam_client.list_attached_role_policies({
|
|
83
|
+
role_name: role_name
|
|
84
|
+
})
|
|
85
|
+
res.attached_policies
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
def select_all_attached_policies
|
|
89
|
+
selected = []
|
|
90
|
+
res = @iam_client.list_policies
|
|
91
|
+
|
|
92
|
+
loop do
|
|
93
|
+
selected += res.policies.select { |p| p.attachment_count > 0 }
|
|
94
|
+
(res.next_page? && res = res.next_page) || break
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
selected
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def select_attached_entities(policy_id)
|
|
101
|
+
policy = find_iam_policy(policy_id)
|
|
102
|
+
@iam_client.list_entities_for_policy(policy_arn: policy[:arn])
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
def select_attached_users(policy_id)
|
|
106
|
+
entities = select_attached_entities(policy_id)
|
|
107
|
+
entities.policy_users
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
def select_attached_groups(policy_id)
|
|
111
|
+
entities = select_attached_entities(policy_id)
|
|
112
|
+
entities.policy_groups
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
def select_attached_roles(policy_id)
|
|
116
|
+
entities = select_attached_entities(policy_id)
|
|
117
|
+
entities.policy_roles
|
|
118
|
+
end
|
|
58
119
|
end
|
|
59
120
|
end
|
|
60
121
|
end
|
|
@@ -2,22 +2,17 @@ module Awspec::Helper
|
|
|
2
2
|
module Finder
|
|
3
3
|
module Lambda
|
|
4
4
|
def find_lambda(id)
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
selected = []
|
|
6
|
+
res = @lambda_client.list_functions
|
|
7
|
+
|
|
7
8
|
loop do
|
|
8
|
-
res
|
|
9
|
-
|
|
10
|
-
)
|
|
11
|
-
marker = res.next_marker
|
|
12
|
-
break if res.functions.empty?
|
|
13
|
-
res.functions.each do |function|
|
|
14
|
-
if function.function_name == id || function.function_arn == id
|
|
15
|
-
functions.push(function)
|
|
16
|
-
end
|
|
9
|
+
selected += res.functions.select do |function|
|
|
10
|
+
function.function_name == id || function.function_arn == id
|
|
17
11
|
end
|
|
18
|
-
|
|
12
|
+
(res.next_page? && res = res.next_page) || break
|
|
19
13
|
end
|
|
20
|
-
|
|
14
|
+
|
|
15
|
+
selected.first if selected.count == 1
|
|
21
16
|
end
|
|
22
17
|
|
|
23
18
|
def select_event_source_by_function_arn(function_arn)
|
|
@@ -6,7 +6,7 @@ module Awspec::Helper
|
|
|
6
6
|
res = @rds_client.describe_db_instances({
|
|
7
7
|
db_instance_identifier: id
|
|
8
8
|
})
|
|
9
|
-
return res[:db_instances]
|
|
9
|
+
return res[:db_instances].first if res[:db_instances].count == 1
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def select_rds_by_vpc_id(vpc_id)
|
|
@@ -2,22 +2,14 @@ module Awspec::Helper
|
|
|
2
2
|
module Finder
|
|
3
3
|
module Route53
|
|
4
4
|
def find_hosted_zone(id)
|
|
5
|
-
|
|
6
|
-
marker = nil
|
|
5
|
+
res = @route53_client.list_hosted_zones
|
|
7
6
|
loop do
|
|
8
|
-
res = @route53_client.list_hosted_zones({
|
|
9
|
-
marker: marker
|
|
10
|
-
})
|
|
11
|
-
marker = res.marker
|
|
12
|
-
break if res.hosted_zones.empty?
|
|
13
7
|
res.hosted_zones.each do |hosted_zone|
|
|
14
|
-
hosted_zones[hosted_zone[:name]] = hosted_zones
|
|
15
8
|
if hosted_zone[:name] == id || hosted_zone[:id] == '/hostedzone/' + id || hosted_zone[:id] == id
|
|
16
9
|
return hosted_zone
|
|
17
10
|
end
|
|
18
11
|
end
|
|
19
|
-
|
|
20
|
-
break if marker.nil?
|
|
12
|
+
(res.next_page? && res = res.next_page) || break
|
|
21
13
|
end
|
|
22
14
|
end
|
|
23
15
|
end
|
|
@@ -6,17 +6,17 @@ module Awspec::Helper
|
|
|
6
6
|
filters: [{ name: 'group-id', values: [id] }]
|
|
7
7
|
})
|
|
8
8
|
|
|
9
|
-
return res[:security_groups]
|
|
9
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
10
10
|
res = @ec2_client.describe_security_groups({
|
|
11
11
|
filters: [{ name: 'group-name', values: [id] }]
|
|
12
12
|
})
|
|
13
13
|
|
|
14
|
-
return res[:security_groups]
|
|
14
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
15
15
|
res = @ec2_client.describe_security_groups({
|
|
16
16
|
filters: [{ name: 'tag:Name', values: [id] }]
|
|
17
17
|
})
|
|
18
18
|
|
|
19
|
-
return res[:security_groups]
|
|
19
|
+
return res[:security_groups].first if res[:security_groups].count == 1
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def select_security_group_by_vpc_id(vpc_id)
|
|
@@ -5,33 +5,33 @@ module Awspec::Helper
|
|
|
5
5
|
res = @ec2_client.describe_vpcs({
|
|
6
6
|
filters: [{ name: 'vpc-id', values: [id] }]
|
|
7
7
|
})
|
|
8
|
-
return res[:vpcs]
|
|
8
|
+
return res[:vpcs].first if res[:vpcs].count == 1
|
|
9
9
|
res = @ec2_client.describe_vpcs({
|
|
10
10
|
filters: [{ name: 'tag:Name', values: [id] }]
|
|
11
11
|
})
|
|
12
|
-
return res[:vpcs]
|
|
12
|
+
return res[:vpcs].first if res[:vpcs].count == 1
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def find_route_table(route_table_id)
|
|
16
16
|
res = @ec2_client.describe_route_tables({
|
|
17
17
|
filters: [{ name: 'route-table-id', values: [route_table_id] }]
|
|
18
18
|
})
|
|
19
|
-
return res[:route_tables]
|
|
19
|
+
return res[:route_tables].first if res[:route_tables].count == 1
|
|
20
20
|
res = @ec2_client.describe_route_tables({
|
|
21
21
|
filters: [{ name: 'tag:Name', values: [route_table_id] }]
|
|
22
22
|
})
|
|
23
|
-
return res[:route_tables]
|
|
23
|
+
return res[:route_tables].first if res[:route_tables].count == 1
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def find_network_acl(id)
|
|
27
27
|
res = @ec2_client.describe_network_acls({
|
|
28
28
|
filters: [{ name: 'network-acl-id', values: [id] }]
|
|
29
29
|
})
|
|
30
|
-
return res[:network_acls]
|
|
30
|
+
return res[:network_acls].first if res[:network_acls].count == 1
|
|
31
31
|
res = @ec2_client.describe_network_acls({
|
|
32
32
|
filters: [{ name: 'tag:Name', values: [id] }]
|
|
33
33
|
})
|
|
34
|
-
return res[:network_acls]
|
|
34
|
+
return res[:network_acls].first if res[:network_acls].count == 1
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
def select_route_table_by_vpc_id(vpc_id)
|
data/lib/awspec/helper/type.rb
CHANGED
|
@@ -4,7 +4,8 @@ module Awspec
|
|
|
4
4
|
TYPES = %w(
|
|
5
5
|
base ec2 rds rds_db_parameter_group security_group
|
|
6
6
|
vpc s3 route53_hosted_zone auto_scaling_group subnet
|
|
7
|
-
route_table ebs elb lambda iam_user iam_group
|
|
7
|
+
route_table ebs elb lambda iam_user iam_group iam_role
|
|
8
|
+
iam_policy
|
|
8
9
|
)
|
|
9
10
|
|
|
10
11
|
TYPES.each do |type|
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
Aws.config[:iam] = {
|
|
2
|
+
stub_responses: {
|
|
3
|
+
list_policies: {
|
|
4
|
+
policies: [
|
|
5
|
+
{
|
|
6
|
+
attachment_count: 1,
|
|
7
|
+
arn: 'arn:aws:iam::aws:policy/my-iam-policy',
|
|
8
|
+
is_attachable: true,
|
|
9
|
+
policy_id: 'PABCDEFGHI123455689',
|
|
10
|
+
policy_name: 'my-iam-policy',
|
|
11
|
+
update_date: Time.new(2015, 1, 2, 10, 00, 00, '+00:00')
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
attachment_count: 1,
|
|
15
|
+
arn: 'arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator',
|
|
16
|
+
is_attachable: true,
|
|
17
|
+
policy_id: 'PABCDEFGHI123455688',
|
|
18
|
+
policy_name: 'AmazonAPIGatewayAdministrator',
|
|
19
|
+
update_date: Time.new(2015, 7, 9, 17, 34, 45, '+00:00')
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
attachment_count: 1,
|
|
23
|
+
arn: 'arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole',
|
|
24
|
+
is_attachable: true,
|
|
25
|
+
policy_id: 'PABCDEFGHI123455687',
|
|
26
|
+
policy_name: 'AmazonEC2RoleforDataPipelineRole',
|
|
27
|
+
update_date: Time.new(2015, 3, 19, 19, 21, 14, '+00:00')
|
|
28
|
+
}
|
|
29
|
+
]
|
|
30
|
+
},
|
|
31
|
+
list_entities_for_policy: {
|
|
32
|
+
policy_roles: [
|
|
33
|
+
{ role_name: 'HelloIAmGodRole' }
|
|
34
|
+
],
|
|
35
|
+
policy_users: [
|
|
36
|
+
{ user_name: 'my-iam-user' }
|
|
37
|
+
],
|
|
38
|
+
policy_groups: [
|
|
39
|
+
{ group_name: 'my-iam-group' }
|
|
40
|
+
]
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
Aws.config[:iam] = {
|
|
2
|
+
stub_responses: {
|
|
3
|
+
list_roles: {
|
|
4
|
+
roles: [
|
|
5
|
+
path: '/',
|
|
6
|
+
role_name: 'my-iam-role',
|
|
7
|
+
role_id: 'RABCDEFGHI123455689',
|
|
8
|
+
arn: 'arn:aws:iam::123456789012:role/my-iam-role',
|
|
9
|
+
create_date: Time.local(2015)
|
|
10
|
+
]
|
|
11
|
+
},
|
|
12
|
+
list_attached_role_policies: {
|
|
13
|
+
attached_policies: [
|
|
14
|
+
{
|
|
15
|
+
policy_arn: 'arn:aws:iam::aws:policy/ReadOnlyAccess',
|
|
16
|
+
policy_name: 'ReadOnlyAccess'
|
|
17
|
+
}
|
|
18
|
+
],
|
|
19
|
+
is_truncated: false,
|
|
20
|
+
maker: nil
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
module Awspec::Type
|
|
2
|
+
class IamPolicy < Base
|
|
3
|
+
def initialize(id)
|
|
4
|
+
super
|
|
5
|
+
@resource = find_iam_policy(id)
|
|
6
|
+
@id = @resource[:policy_id] if @resource
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def attachable?
|
|
10
|
+
policy.is_attachable
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def attached_to_user?(user_id = nil)
|
|
14
|
+
users = select_attached_users(@id)
|
|
15
|
+
if user_id
|
|
16
|
+
user = find_iam_user(user_id)
|
|
17
|
+
return false unless user
|
|
18
|
+
users.any? do |u|
|
|
19
|
+
u.user_name == user[:user_name]
|
|
20
|
+
end
|
|
21
|
+
else
|
|
22
|
+
!users.empty?
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def attached_to_group?(group_id = nil)
|
|
27
|
+
groups = select_attached_groups(@id)
|
|
28
|
+
if group_id
|
|
29
|
+
group = find_iam_group(group_id)
|
|
30
|
+
return false unless group
|
|
31
|
+
groups.any? do |g|
|
|
32
|
+
g.group_name == group[:group_name]
|
|
33
|
+
end
|
|
34
|
+
else
|
|
35
|
+
!groups.empty?
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def attached_to_role?(role_id = nil)
|
|
40
|
+
roles = select_attached_roles(@id)
|
|
41
|
+
if role_id
|
|
42
|
+
role = find_iam_role(role_id)
|
|
43
|
+
return false unless role
|
|
44
|
+
roles.any? do |r|
|
|
45
|
+
r.role_name == role[:role_name]
|
|
46
|
+
end
|
|
47
|
+
else
|
|
48
|
+
!roles.empty?
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
module Awspec::Type
|
|
2
|
+
class IamRole < Base
|
|
3
|
+
def initialize(id)
|
|
4
|
+
super
|
|
5
|
+
@resource = find_iam_role(id)
|
|
6
|
+
@id = @resource[:role_id] if @resource
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def has_iam_policy?(policy_id)
|
|
10
|
+
policies = select_iam_policy_by_role_name(@resource[:role_name])
|
|
11
|
+
policies.find do |policy|
|
|
12
|
+
policy.policy_arn == policy_id || policy.policy_name == policy_id
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
data/lib/awspec/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- k1LoW
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-09-
|
|
11
|
+
date: 2015-09-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -162,6 +162,8 @@ files:
|
|
|
162
162
|
- lib/awspec/generator/doc/type/ec2.rb
|
|
163
163
|
- lib/awspec/generator/doc/type/elb.rb
|
|
164
164
|
- lib/awspec/generator/doc/type/iam_group.rb
|
|
165
|
+
- lib/awspec/generator/doc/type/iam_policy.rb
|
|
166
|
+
- lib/awspec/generator/doc/type/iam_role.rb
|
|
165
167
|
- lib/awspec/generator/doc/type/iam_user.rb
|
|
166
168
|
- lib/awspec/generator/doc/type/lambda.rb
|
|
167
169
|
- lib/awspec/generator/doc/type/rds.rb
|
|
@@ -174,6 +176,7 @@ files:
|
|
|
174
176
|
- lib/awspec/generator/doc/type/vpc.rb
|
|
175
177
|
- lib/awspec/generator/spec/ec2.rb
|
|
176
178
|
- lib/awspec/generator/spec/elb.rb
|
|
179
|
+
- lib/awspec/generator/spec/iam_policy.rb
|
|
177
180
|
- lib/awspec/generator/spec/rds.rb
|
|
178
181
|
- lib/awspec/generator/spec/route53_hosted_zone.rb
|
|
179
182
|
- lib/awspec/generator/spec/security_group.rb
|
|
@@ -208,6 +211,8 @@ files:
|
|
|
208
211
|
- lib/awspec/stub/ec2.rb
|
|
209
212
|
- lib/awspec/stub/elb.rb
|
|
210
213
|
- lib/awspec/stub/iam_group.rb
|
|
214
|
+
- lib/awspec/stub/iam_policy.rb
|
|
215
|
+
- lib/awspec/stub/iam_role.rb
|
|
211
216
|
- lib/awspec/stub/iam_user.rb
|
|
212
217
|
- lib/awspec/stub/lambda.rb
|
|
213
218
|
- lib/awspec/stub/rds.rb
|
|
@@ -225,6 +230,8 @@ files:
|
|
|
225
230
|
- lib/awspec/type/ec2.rb
|
|
226
231
|
- lib/awspec/type/elb.rb
|
|
227
232
|
- lib/awspec/type/iam_group.rb
|
|
233
|
+
- lib/awspec/type/iam_policy.rb
|
|
234
|
+
- lib/awspec/type/iam_role.rb
|
|
228
235
|
- lib/awspec/type/iam_user.rb
|
|
229
236
|
- lib/awspec/type/lambda.rb
|
|
230
237
|
- lib/awspec/type/rds.rb
|