fog-aws 0.0.8 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/fog/aws.rb +1 -0
- data/lib/fog/aws/core.rb +2 -1
- data/lib/fog/aws/federation.rb +58 -0
- data/lib/fog/aws/iam.rb +22 -1
- data/lib/fog/aws/models/cloud_watch/alarm.rb +5 -4
- data/lib/fog/aws/parsers/compute/describe_images.rb +1 -1
- data/lib/fog/aws/parsers/sts/assume_role_with_web_identity.rb +20 -0
- data/lib/fog/aws/requests/cloud_watch/describe_alarms.rb +14 -7
- data/lib/fog/aws/requests/federation/get_signin_token.rb +20 -0
- data/lib/fog/aws/requests/iam/create_role.rb +24 -0
- data/lib/fog/aws/requests/iam/delete_role.rb +16 -0
- data/lib/fog/aws/requests/iam/get_role.rb +23 -0
- data/lib/fog/aws/requests/iam/list_roles.rb +22 -0
- data/lib/fog/aws/requests/sts/assume_role_with_web_identity.rb +45 -0
- data/lib/fog/aws/signaturev4.rb +3 -1
- data/lib/fog/aws/sts.rb +1 -0
- data/lib/fog/aws/version.rb +1 -1
- data/tests/requests/federation/get_signin_token_tests.rb +11 -0
- data/tests/requests/iam/role_tests.rb +7 -18
- data/tests/requests/sts/assume_role_tests.rb +13 -13
- data/tests/requests/sts/assume_role_with_saml_tests.rb +13 -13
- data/tests/requests/sts/assume_role_with_web_identity_tests.rb +26 -0
- data/tests/signaturev4_tests.rb +6 -0
- metadata +8 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 22f2c524c85c86ab1668a6852c9c6c4f22545f45
|
|
4
|
+
data.tar.gz: 790fb6ee76f14d24586006db89bcd96a6f890e2e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 09ac54ca56bc9da50d39ee43c762a4837daa9fb5a2c6617c75d11adb191a18ed863d339e141f257edec655e03475772065d0237e210776223723700257fa8df7
|
|
7
|
+
data.tar.gz: 2606b75208e8cf01a729b8ae2ab930619c2b1b021925ffa67d087657ced1a8ec714bb4a917095ea7ca3787eb8499c68e2480358fc0615c8e31a5fa945874762b
|
data/.gitignore
CHANGED
data/lib/fog/aws.rb
CHANGED
data/lib/fog/aws/core.rb
CHANGED
|
@@ -21,6 +21,7 @@ module Fog
|
|
|
21
21
|
service(:elasticache, 'Elasticache')
|
|
22
22
|
service(:elb, 'ELB')
|
|
23
23
|
service(:emr, 'EMR')
|
|
24
|
+
service(:federation, 'Federation')
|
|
24
25
|
service(:glacier, 'Glacier')
|
|
25
26
|
service(:iam, 'IAM')
|
|
26
27
|
service(:rds, 'RDS')
|
|
@@ -109,7 +110,7 @@ module Fog
|
|
|
109
110
|
end
|
|
110
111
|
end
|
|
111
112
|
body.chop!
|
|
112
|
-
|
|
113
|
+
|
|
113
114
|
headers['Authorization'] = options[:signer].sign({:method => options[:method], :headers => headers, :body => body, :query => {}, :path => options[:path]}, date)
|
|
114
115
|
|
|
115
116
|
return body, headers
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
require 'fog/aws/core'
|
|
2
|
+
|
|
3
|
+
module Fog
|
|
4
|
+
module AWS
|
|
5
|
+
class Federation < Fog::Service
|
|
6
|
+
extend Fog::AWS::CredentialFetcher::ServiceMethods
|
|
7
|
+
|
|
8
|
+
recognizes :instrumentor, :instrumentor_name
|
|
9
|
+
|
|
10
|
+
request_path 'fog/aws/requests/federation'
|
|
11
|
+
|
|
12
|
+
request 'get_signin_token'
|
|
13
|
+
|
|
14
|
+
class Mock
|
|
15
|
+
def self.data
|
|
16
|
+
@data ||= {}
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def self.reset
|
|
20
|
+
@data = nil
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def initialize(options={})
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def data
|
|
27
|
+
self.class.data
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def reset_data
|
|
31
|
+
self.class.reset
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
class Real
|
|
36
|
+
include Fog::AWS::CredentialFetcher::ConnectionMethods
|
|
37
|
+
|
|
38
|
+
def initialize(options={})
|
|
39
|
+
@instrumentor = options[:instrumentor]
|
|
40
|
+
@instrumentor_name = options[:instrumentor_name] || 'fog.aws.federation'
|
|
41
|
+
@connection_options = options[:connection_options] || {}
|
|
42
|
+
@host = 'signin.aws.amazon.com'
|
|
43
|
+
@path = '/federation'
|
|
44
|
+
@scheme = 'https'
|
|
45
|
+
@connection = Excon.new("#{@scheme}://#{@host}#{@path}")
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def request(action, session)
|
|
49
|
+
response = @connection.get(
|
|
50
|
+
:query => "Action=#{action}&SessionType=json&Session=#{session}",
|
|
51
|
+
:expects => 200
|
|
52
|
+
).body
|
|
53
|
+
Fog::JSON.decode(response)
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
end
|
data/lib/fog/aws/iam.rb
CHANGED
|
@@ -25,7 +25,7 @@ module Fog
|
|
|
25
25
|
request :create_role
|
|
26
26
|
request :create_user
|
|
27
27
|
request :delete_access_key
|
|
28
|
-
request :delete_account_password_policy
|
|
28
|
+
request :delete_account_password_policy
|
|
29
29
|
request :delete_account_alias
|
|
30
30
|
request :delete_group
|
|
31
31
|
request :delete_group_policy
|
|
@@ -120,6 +120,27 @@ module Fog
|
|
|
120
120
|
:created_at => Time.now,
|
|
121
121
|
:policies => {}
|
|
122
122
|
}
|
|
123
|
+
end,
|
|
124
|
+
:roles => Hash.new do |rhash, rkey|
|
|
125
|
+
rhash[rkey] = {
|
|
126
|
+
:role_id => Fog::AWS::Mock.key_id,
|
|
127
|
+
:arn => "arn:aws:iam:#{Fog::AWS::Mock.owner_id}:role/#{rkey}",
|
|
128
|
+
:create_date => Time.now,
|
|
129
|
+
:assume_role_policy_document => {
|
|
130
|
+
"Version" => "2012-10-17",
|
|
131
|
+
"Statement" => [
|
|
132
|
+
{
|
|
133
|
+
"Effect" => "Allow",
|
|
134
|
+
"Principal" => {
|
|
135
|
+
"Service" => [
|
|
136
|
+
"ec2.amazonaws.com"
|
|
137
|
+
]
|
|
138
|
+
},
|
|
139
|
+
"Action" => ["sts:AssumeRole"]
|
|
140
|
+
}
|
|
141
|
+
]
|
|
142
|
+
},
|
|
143
|
+
}
|
|
123
144
|
end
|
|
124
145
|
}
|
|
125
146
|
end
|
|
@@ -28,20 +28,21 @@ module Fog
|
|
|
28
28
|
attribute :unit, :aliases => 'Unit'
|
|
29
29
|
|
|
30
30
|
def initialize(attributes)
|
|
31
|
-
|
|
32
|
-
|
|
31
|
+
self.namespace ||= "AWS/EC2"
|
|
32
|
+
self.evaluation_periods ||= 1
|
|
33
33
|
super
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
def save
|
|
37
37
|
requires :id
|
|
38
38
|
requires :comparison_operator
|
|
39
|
-
requires :evaluation_periods
|
|
40
39
|
requires :metric_name
|
|
41
|
-
requires :namespace
|
|
42
40
|
requires :period
|
|
43
41
|
requires :statistic
|
|
44
42
|
requires :threshold
|
|
43
|
+
requires :namespace
|
|
44
|
+
requires :evaluation_periods
|
|
45
|
+
|
|
45
46
|
|
|
46
47
|
options = Hash[self.class.aliases.map { |key, value| [key, send(value)] }]
|
|
47
48
|
options.delete_if { |key, value| value.nil? }
|
|
@@ -30,7 +30,7 @@ module Fog
|
|
|
30
30
|
case name
|
|
31
31
|
when 'blockDeviceMapping'
|
|
32
32
|
@in_block_device_mapping = false
|
|
33
|
-
when 'deviceName', 'virtualName', 'snapshotId', 'deleteOnTermination'
|
|
33
|
+
when 'deviceName', 'virtualName', 'snapshotId', 'deleteOnTermination', 'volumeType', 'encrypted'
|
|
34
34
|
@block_device_mapping[name] = value
|
|
35
35
|
when 'volumeSize'
|
|
36
36
|
@block_device_mapping[name] = value.to_i
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
module Fog
|
|
2
|
+
module Parsers
|
|
3
|
+
module AWS
|
|
4
|
+
module STS
|
|
5
|
+
class AssumeRoleWithWithWebIdentity < Fog::Parsers::Base
|
|
6
|
+
def reset
|
|
7
|
+
@response = {}
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def end_element(name)
|
|
11
|
+
case name
|
|
12
|
+
when 'AssumedRoleUser', 'Audience', 'Credentials', 'PackedPolicySize', 'Provider', 'SubjectFromWebIdentityToken'
|
|
13
|
+
@response[name] = @value.strip
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -35,17 +35,24 @@ module Fog
|
|
|
35
35
|
|
|
36
36
|
class Mock
|
|
37
37
|
def describe_alarms(options={})
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
38
|
+
|
|
39
|
+
records = if alarm_names = options.delete('AlarmNames')
|
|
40
|
+
[*alarm_names].inject({}) do |r, name|
|
|
41
|
+
(record = data[:metric_alarms][name]) ? r.merge(name => record) : r
|
|
42
|
+
end
|
|
43
|
+
else
|
|
44
|
+
self.data[:metric_alarms]
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
results = records.inject([]) do |r, (name, data)|
|
|
48
|
+
r << {'AlarmName' => name}.merge(data)
|
|
43
49
|
end
|
|
50
|
+
|
|
44
51
|
response = Excon::Response.new
|
|
45
52
|
response.status = 200
|
|
46
53
|
response.body = {
|
|
47
|
-
'DescribeAlarmsResult' => results,
|
|
48
|
-
'ResponseMetadata'
|
|
54
|
+
'DescribeAlarmsResult' => { 'MetricAlarms' => results },
|
|
55
|
+
'ResponseMetadata' => { 'RequestId' => Fog::AWS::Mock.request_id }
|
|
49
56
|
}
|
|
50
57
|
response
|
|
51
58
|
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
module Fog
|
|
2
|
+
module AWS
|
|
3
|
+
class Federation
|
|
4
|
+
class Real
|
|
5
|
+
def get_signin_token(session)
|
|
6
|
+
|
|
7
|
+
request('getSigninToken', CGI.escape(Fog::JSON.encode(session)))
|
|
8
|
+
end
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
class Mock
|
|
12
|
+
def get_signin_token(session)
|
|
13
|
+
{
|
|
14
|
+
'SigninToken' => Fog::Mock.random_base64(752)
|
|
15
|
+
}
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -50,6 +50,30 @@ module Fog
|
|
|
50
50
|
)
|
|
51
51
|
end
|
|
52
52
|
end
|
|
53
|
+
|
|
54
|
+
class Mock
|
|
55
|
+
def create_role(role_name, assume_role_policy_document, path = '/')
|
|
56
|
+
if data[:roles].key?(role_name)
|
|
57
|
+
raise Fog::AWS::IAM::EntityAlreadyExists.new("Role with name #{role_name} already exists")
|
|
58
|
+
else
|
|
59
|
+
data[:roles][role_name][:path] = path
|
|
60
|
+
Excon::Response.new.tap do |response|
|
|
61
|
+
response.body = {
|
|
62
|
+
'Role' => {
|
|
63
|
+
'Arn' => data[:roles][role_name][:arn].strip,
|
|
64
|
+
'AssumeRolePolicyDocument' => Fog::JSON.encode(data[:roles][role_name][:assume_role_policy_document]),
|
|
65
|
+
'CreateDate' => data[:roles][role_name][:create_date],
|
|
66
|
+
'Path' => path,
|
|
67
|
+
'RoleId' => data[:roles][role_name][:role_id].strip,
|
|
68
|
+
'RoleName' => role_name,
|
|
69
|
+
},
|
|
70
|
+
'RequestId' => Fog::AWS::Mock.request_id
|
|
71
|
+
}
|
|
72
|
+
response.status = 200
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
end
|
|
53
77
|
end
|
|
54
78
|
end
|
|
55
79
|
end
|
|
@@ -25,6 +25,22 @@ module Fog
|
|
|
25
25
|
)
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
|
+
|
|
29
|
+
class Mock
|
|
30
|
+
def delete_role(role_name)
|
|
31
|
+
role = data[:roles][role_name]
|
|
32
|
+
|
|
33
|
+
if role
|
|
34
|
+
data[:roles].delete(role_name)
|
|
35
|
+
Excon::Response.new.tap do |response|
|
|
36
|
+
response.status = 200
|
|
37
|
+
response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
|
|
38
|
+
end
|
|
39
|
+
else
|
|
40
|
+
raise Fog::AWS::IAM::NotFound.new("The role with name #{role_name} cannot be found.")
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
28
44
|
end
|
|
29
45
|
end
|
|
30
46
|
end
|
|
@@ -31,6 +31,29 @@ module Fog
|
|
|
31
31
|
)
|
|
32
32
|
end
|
|
33
33
|
end
|
|
34
|
+
|
|
35
|
+
class Mock
|
|
36
|
+
def get_role(role_name)
|
|
37
|
+
role = self.data[:roles][role_name]
|
|
38
|
+
|
|
39
|
+
raise Fog::AWS::IAM::NotFound.new("The role with name #{role_name} cannot be found") unless role
|
|
40
|
+
|
|
41
|
+
Excon::Response.new.tap do |response|
|
|
42
|
+
response.body = {
|
|
43
|
+
'Role' => {
|
|
44
|
+
'Arn' => role[:arn].strip,
|
|
45
|
+
'AssumeRolePolicyDocument' => Fog::JSON.encode(role[:assume_role_policy_document]),
|
|
46
|
+
'CreateDate' => role[:create_date],
|
|
47
|
+
'Path' => role[:path],
|
|
48
|
+
'RoleId' => role[:role_id].strip,
|
|
49
|
+
'RoleName' => role_name,
|
|
50
|
+
},
|
|
51
|
+
'RequestId' => Fog::AWS::Mock.request_id
|
|
52
|
+
}
|
|
53
|
+
response.status = 200
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
34
57
|
end
|
|
35
58
|
end
|
|
36
59
|
end
|
|
@@ -36,6 +36,28 @@ module Fog
|
|
|
36
36
|
}.merge!(options))
|
|
37
37
|
end
|
|
38
38
|
end
|
|
39
|
+
|
|
40
|
+
class Mock
|
|
41
|
+
def list_roles(options={})
|
|
42
|
+
Excon::Response.new.tap do |response|
|
|
43
|
+
response.body = {
|
|
44
|
+
'Roles' => data[:roles].map do |role, data|
|
|
45
|
+
{
|
|
46
|
+
'Arn' => data[:arn].strip,
|
|
47
|
+
'AssumeRolePolicyDocument' => Fog::JSON.encode(data[:assume_role_policy_document]),
|
|
48
|
+
'RoleId' => data[:role_id],
|
|
49
|
+
'Path' => data[:path],
|
|
50
|
+
'RoleName' => role,
|
|
51
|
+
'CreateDate' => data[:create_date],
|
|
52
|
+
}
|
|
53
|
+
end,
|
|
54
|
+
'RequestId' => Fog::AWS::Mock.request_id,
|
|
55
|
+
'IsTruncated' => false,
|
|
56
|
+
}
|
|
57
|
+
response.status = 200
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
39
61
|
end
|
|
40
62
|
end
|
|
41
63
|
end
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
module Fog
|
|
2
|
+
module AWS
|
|
3
|
+
class STS
|
|
4
|
+
class Real
|
|
5
|
+
require 'fog/aws/parsers/sts/assume_role_with_web_identity'
|
|
6
|
+
|
|
7
|
+
def assume_role_with_web_identity(role_arn, web_identity_token, role_session_name, options={})
|
|
8
|
+
request_unsigned(
|
|
9
|
+
'Action' => 'AssumeRoleWithWebIdentity',
|
|
10
|
+
'RoleArn' => role_arn,
|
|
11
|
+
'RoleSessionName' => role_session_name,
|
|
12
|
+
'DurationSeconds' => options[:duration] || 3600,
|
|
13
|
+
:idempotent => true,
|
|
14
|
+
:parser => Fog::Parsers::AWS::STS::AssumeRoleWithWebIdentity.new
|
|
15
|
+
)
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
class Mock
|
|
20
|
+
def assume_role_with_web_identity(role_arn, web_identity_token, role_session_name, options={})
|
|
21
|
+
role = options[:iam].data[:roles].values.detect { |r| r[:arn] == role_arn }
|
|
22
|
+
|
|
23
|
+
Excon::Response.new.tap do |response|
|
|
24
|
+
response.body = {
|
|
25
|
+
'AssumedRoleUser' => {
|
|
26
|
+
'Arn' => role[:arn],
|
|
27
|
+
'AssumedRoleId' => role[:role_id]
|
|
28
|
+
},
|
|
29
|
+
'Audience' => 'fog',
|
|
30
|
+
'Credentials' => {
|
|
31
|
+
'AccessKeyId' => Fog::AWS::Mock.key_id(20),
|
|
32
|
+
'Expiration' => options[:expiration] || Time.now + 3600,
|
|
33
|
+
'SecretAccessKey' => Fog::AWS::Mock.key_id(40),
|
|
34
|
+
'SessionToken' => Fog::Mock.random_hex(8)
|
|
35
|
+
},
|
|
36
|
+
'Provider' => 'fog',
|
|
37
|
+
'SubjectFromWebIdentityToken' => Fog::Mock.random_hex(8)
|
|
38
|
+
}
|
|
39
|
+
response.status = 200
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
data/lib/fog/aws/signaturev4.rb
CHANGED
|
@@ -79,7 +79,9 @@ DATA
|
|
|
79
79
|
protected
|
|
80
80
|
|
|
81
81
|
def canonical_path(path)
|
|
82
|
-
|
|
82
|
+
#leading and trailing repeated slashes are collapsed, but not ones that appear elsewhere
|
|
83
|
+
path = path.gsub(%r{\A/+},'/').gsub(%r{/+\z},'/')
|
|
84
|
+
components = path.split('/',-1)
|
|
83
85
|
path = components.inject([]) do |acc, component|
|
|
84
86
|
case component
|
|
85
87
|
when '.' #canonicalize by removing .
|
data/lib/fog/aws/sts.rb
CHANGED
data/lib/fog/aws/version.rb
CHANGED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
Shindo.tests('AWS::Federation | signin tokens', ['aws']) do
|
|
2
|
+
@signin_token_format = {
|
|
3
|
+
'SigninToken' => String
|
|
4
|
+
}
|
|
5
|
+
|
|
6
|
+
tests("#get_signin_token").formats(@signin_token_format) do
|
|
7
|
+
pending unless Fog.mocking?
|
|
8
|
+
|
|
9
|
+
Fog::AWS[:federation].get_signin_token("test_policy")
|
|
10
|
+
end
|
|
11
|
+
end
|
|
@@ -2,42 +2,32 @@ Shindo.tests('AWS::IAM | role requests', ['aws']) do
|
|
|
2
2
|
tests('success') do
|
|
3
3
|
|
|
4
4
|
@role = {
|
|
5
|
-
'Arn'
|
|
5
|
+
'Arn' => String,
|
|
6
6
|
'AssumeRolePolicyDocument' => String,
|
|
7
|
-
'CreateDate'
|
|
8
|
-
'Path'
|
|
9
|
-
'RoleId'
|
|
10
|
-
'RoleName'
|
|
7
|
+
'CreateDate' => Time,
|
|
8
|
+
'Path' => String,
|
|
9
|
+
'RoleId' => String,
|
|
10
|
+
'RoleName' => String
|
|
11
11
|
}
|
|
12
12
|
@role_format = {
|
|
13
13
|
'Role' => @role,
|
|
14
14
|
'RequestId' => String
|
|
15
15
|
}
|
|
16
16
|
tests("#create_role('fogrole')").formats(@role_format) do
|
|
17
|
-
pending if Fog.mocking?
|
|
18
17
|
Fog::AWS[:iam].create_role('fogrole', Fog::AWS::IAM::EC2_ASSUME_ROLE_POLICY).body
|
|
19
18
|
end
|
|
20
19
|
|
|
21
20
|
tests("#get_role('fogrole')").formats(@role_format) do
|
|
22
|
-
pending if Fog.mocking?
|
|
23
21
|
Fog::AWS[:iam].get_role('fogrole').body
|
|
24
22
|
end
|
|
25
23
|
|
|
26
24
|
@list_roles_format = {
|
|
27
|
-
'Roles'
|
|
28
|
-
|
|
29
|
-
'AssumeRolePolicyDocument' => String,
|
|
30
|
-
'CreateDate' => Time,
|
|
31
|
-
'Path' => String,
|
|
32
|
-
'RoleId' => String,
|
|
33
|
-
'RoleName' => String
|
|
34
|
-
}],
|
|
35
|
-
'RequestId' => String,
|
|
25
|
+
'Roles' => [@role],
|
|
26
|
+
'RequestId' => String,
|
|
36
27
|
'IsTruncated' => Fog::Boolean,
|
|
37
28
|
}
|
|
38
29
|
|
|
39
30
|
tests("#list_roles").formats(@list_roles_format) do
|
|
40
|
-
pending if Fog.mocking?
|
|
41
31
|
body = Fog::AWS[:iam].list_roles.body
|
|
42
32
|
returns(true){!! body['Roles'].find {|role| role['RoleName'] == 'fogrole'}}
|
|
43
33
|
body
|
|
@@ -159,7 +149,6 @@ Shindo.tests('AWS::IAM | role requests', ['aws']) do
|
|
|
159
149
|
end
|
|
160
150
|
|
|
161
151
|
tests("#delete_role('fogrole'").formats(AWS::IAM::Formats::BASIC) do
|
|
162
|
-
pending if Fog.mocking?
|
|
163
152
|
Fog::AWS[:iam].delete_role('fogrole').body
|
|
164
153
|
end
|
|
165
154
|
end
|
|
@@ -1,19 +1,19 @@
|
|
|
1
1
|
Shindo.tests('AWS::STS | assume role', ['aws']) do
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
@policy = {"Statement" => [{"Effect" => "Allow", "Action" => "*", "Resource" => "*"}]}
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
5
|
+
@response_format = {
|
|
6
|
+
'SessionToken' => String,
|
|
7
|
+
'SecretAccessKey' => String,
|
|
8
|
+
'Expiration' => String,
|
|
9
|
+
'AccessKeyId' => String,
|
|
10
|
+
'Arn' => String,
|
|
11
|
+
'RequestId' => String
|
|
12
|
+
}
|
|
13
13
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
14
|
+
tests("#assume_role('rolename', 'assumed_role_session', 'external_id', #{@policy.inspect}, 900)").formats(@response_format) do
|
|
15
|
+
pending if Fog.mocking?
|
|
16
|
+
Fog::AWS[:sts].assume_role("rolename","assumed_role_session","external_id", @policy, 900).body
|
|
17
|
+
end
|
|
18
18
|
|
|
19
19
|
end
|
|
@@ -1,18 +1,18 @@
|
|
|
1
1
|
Shindo.tests('AWS::STS | assume role with SAML', ['aws']) do
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
@policy = {"Statement" => [{"Effect" => "Allow", "Action" => "*", "Resource" => "*"}]}
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
5
|
+
@response_format = {
|
|
6
|
+
'SessionToken' => String,
|
|
7
|
+
'SecretAccessKey' => String,
|
|
8
|
+
'Expiration' => String,
|
|
9
|
+
'AccessKeyId' => String,
|
|
10
|
+
'Arn' => String,
|
|
11
|
+
'RequestId' => String
|
|
12
|
+
}
|
|
13
13
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
14
|
+
tests("#assume_role_with_saml('role_arn', 'principal_arn', 'saml_assertion', #{@policy.inspect}, 900)").formats(@response_format) do
|
|
15
|
+
pending if Fog.mocking?
|
|
16
|
+
Fog::AWS[:sts].assume_role_with_saml("role_arn","principal_arn","saml_assertion", @policy, 900).body
|
|
17
|
+
end
|
|
18
18
|
end
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
Shindo.tests('AWS::STS | assume role with web identity', ['aws']) do
|
|
2
|
+
@sts = Fog::AWS[:sts]
|
|
3
|
+
@iam = Fog::AWS[:iam]
|
|
4
|
+
@role = @iam.create_role('sts', Fog::AWS::IAM::EC2_ASSUME_ROLE_POLICY).body['Role']
|
|
5
|
+
@token = Fog::AWS::Mock.key_id
|
|
6
|
+
|
|
7
|
+
@response_format = {
|
|
8
|
+
'AssumedRoleUser' => {
|
|
9
|
+
'Arn' => String,
|
|
10
|
+
'AssumedRoleId' => String,
|
|
11
|
+
},
|
|
12
|
+
'Audience' => String,
|
|
13
|
+
'Credentials' => {
|
|
14
|
+
'AccessKeyId' => String,
|
|
15
|
+
'Expiration' => Time,
|
|
16
|
+
'SecretAccessKey' => String,
|
|
17
|
+
'SessionToken' => String,
|
|
18
|
+
},
|
|
19
|
+
'Provider' => String,
|
|
20
|
+
'SubjectFromWebIdentityToken' => String,
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
tests("#assume_role_with_web_identity('#{@role['Arn']}', '#{@token}', 'fog')").formats(@response_format) do
|
|
24
|
+
@sts.assume_role_with_web_identity(@role['Arn'], @token, 'fog', :iam => @iam).body
|
|
25
|
+
end
|
|
26
|
+
end
|
data/tests/signaturev4_tests.rb
CHANGED
|
@@ -62,6 +62,12 @@ Shindo.tests('AWS | signaturev4', ['aws']) do
|
|
|
62
62
|
end
|
|
63
63
|
end
|
|
64
64
|
|
|
65
|
+
tests('get with repeated // inside path') do
|
|
66
|
+
returns(@signer.sign({:query => {}, :headers => {'Host' => 'host.foo.com', 'Date' => 'Mon, 09 Sep 2011 23:36:00 GMT'}, :method => :get, :path => '/foo//bar//baz'}, @now)) do
|
|
67
|
+
'AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b250c85c72c5d7c33f67759c7a1ad79ea381cf62105290cecd530af2771575d4'
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
|
|
65
71
|
tests('get with repeated trailing / ') do
|
|
66
72
|
returns(@signer.sign({:query => {}, :headers => {'Host' => 'host.foo.com', 'Date' => 'Mon, 09 Sep 2011 23:36:00 GMT'}, :method => :get, :path => '//foo//'}, @now)) do
|
|
67
73
|
'AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b00392262853cfe3201e47ccf945601079e9b8a7f51ee4c3d9ee4f187aa9bf19'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fog-aws
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 0.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Lane
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-
|
|
12
|
+
date: 2015-02-03 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -146,6 +146,7 @@ files:
|
|
|
146
146
|
- lib/fog/aws/elb.rb
|
|
147
147
|
- lib/fog/aws/elb/policy_types.rb
|
|
148
148
|
- lib/fog/aws/emr.rb
|
|
149
|
+
- lib/fog/aws/federation.rb
|
|
149
150
|
- lib/fog/aws/glacier.rb
|
|
150
151
|
- lib/fog/aws/iam.rb
|
|
151
152
|
- lib/fog/aws/models/auto_scaling/activities.rb
|
|
@@ -624,6 +625,7 @@ files:
|
|
|
624
625
|
- lib/fog/aws/parsers/storage/list_parts.rb
|
|
625
626
|
- lib/fog/aws/parsers/sts/assume_role.rb
|
|
626
627
|
- lib/fog/aws/parsers/sts/assume_role_with_saml.rb
|
|
628
|
+
- lib/fog/aws/parsers/sts/assume_role_with_web_identity.rb
|
|
627
629
|
- lib/fog/aws/parsers/sts/get_session_token.rb
|
|
628
630
|
- lib/fog/aws/rds.rb
|
|
629
631
|
- lib/fog/aws/redshift.rb
|
|
@@ -926,6 +928,7 @@ files:
|
|
|
926
928
|
- lib/fog/aws/requests/emr/run_job_flow.rb
|
|
927
929
|
- lib/fog/aws/requests/emr/set_termination_protection.rb
|
|
928
930
|
- lib/fog/aws/requests/emr/terminate_job_flows.rb
|
|
931
|
+
- lib/fog/aws/requests/federation/get_signin_token.rb
|
|
929
932
|
- lib/fog/aws/requests/glacier/abort_multipart_upload.rb
|
|
930
933
|
- lib/fog/aws/requests/glacier/complete_multipart_upload.rb
|
|
931
934
|
- lib/fog/aws/requests/glacier/create_archive.rb
|
|
@@ -1176,6 +1179,7 @@ files:
|
|
|
1176
1179
|
- lib/fog/aws/requests/storage/upload_part.rb
|
|
1177
1180
|
- lib/fog/aws/requests/sts/assume_role.rb
|
|
1178
1181
|
- lib/fog/aws/requests/sts/assume_role_with_saml.rb
|
|
1182
|
+
- lib/fog/aws/requests/sts/assume_role_with_web_identity.rb
|
|
1179
1183
|
- lib/fog/aws/requests/sts/get_federation_token.rb
|
|
1180
1184
|
- lib/fog/aws/requests/sts/get_session_token.rb
|
|
1181
1185
|
- lib/fog/aws/ses.rb
|
|
@@ -1345,6 +1349,7 @@ files:
|
|
|
1345
1349
|
- tests/requests/emr/helper.rb
|
|
1346
1350
|
- tests/requests/emr/instance_group_tests.rb
|
|
1347
1351
|
- tests/requests/emr/job_flow_tests.rb
|
|
1352
|
+
- tests/requests/federation/get_signin_token_tests.rb
|
|
1348
1353
|
- tests/requests/glacier/archive_tests.rb
|
|
1349
1354
|
- tests/requests/glacier/multipart_upload_tests.rb
|
|
1350
1355
|
- tests/requests/glacier/tree_hash_tests.rb
|
|
@@ -1397,6 +1402,7 @@ files:
|
|
|
1397
1402
|
- tests/requests/storage/versioning_tests.rb
|
|
1398
1403
|
- tests/requests/sts/assume_role_tests.rb
|
|
1399
1404
|
- tests/requests/sts/assume_role_with_saml_tests.rb
|
|
1405
|
+
- tests/requests/sts/assume_role_with_web_identity_tests.rb
|
|
1400
1406
|
- tests/requests/sts/get_federation_token_tests.rb
|
|
1401
1407
|
- tests/requests/sts/session_token_tests.rb
|
|
1402
1408
|
- tests/signaturev4_tests.rb
|