kumogata-template 0.0.23 → 0.0.24
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/kumogata/template.rb +1 -0
- data/lib/kumogata/template/ecr.rb +24 -0
- data/lib/kumogata/template/iam.rb +4 -4
- data/lib/kumogata/template/version.rb +1 -1
- data/template/ecr-repository.rb +21 -0
- data/test/template/ecr-repository_test.rb +55 -0
- metadata +5 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cbf61b8ef2bf5c32a549e814951df8e3b0d4cb07
|
|
4
|
+
data.tar.gz: 6a90ad4bf7b62fe24b80e2fd2eb3ae7168a69d40
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '0019ed1d64bad5e176a59482d69d4cba3f29e7ce5782e934aca546a92acdb55182e1521b3065cdcdfdcf56e06a4d7d4560d4e12a1fcbd3cc82a9756bb7571bff'
|
|
7
|
+
data.tar.gz: 4612fc3e3861d342cb056bd1ada8db81817ed3a270ba6827bf87273e063d88e82066c11834f2576a92c28555ff3cac38e22bf17705662f040e512482a774e7ec
|
data/Gemfile.lock
CHANGED
data/lib/kumogata/template.rb
CHANGED
|
@@ -10,6 +10,7 @@ require 'kumogata/template/const'
|
|
|
10
10
|
require 'kumogata/template/datapipeline'
|
|
11
11
|
require 'kumogata/template/dynamodb'
|
|
12
12
|
require 'kumogata/template/ec2'
|
|
13
|
+
require 'kumogata/template/ecr'
|
|
13
14
|
require 'kumogata/template/ecs'
|
|
14
15
|
require 'kumogata/template/elasticache'
|
|
15
16
|
require 'kumogata/template/elasticbeanstalk'
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
#
|
|
2
|
+
# Helper - ECR
|
|
3
|
+
#
|
|
4
|
+
require 'kumogata/template/helper'
|
|
5
|
+
|
|
6
|
+
|
|
7
|
+
def _ecr_policy(name, args)
|
|
8
|
+
action = args[name.to_sym][:action] || []
|
|
9
|
+
user = args[name.to_sym][:user] || []
|
|
10
|
+
users = []
|
|
11
|
+
user.each do |v|
|
|
12
|
+
users << _iam_arn("iam", { account_id: v[:id], type: "user", user: v[:name] })
|
|
13
|
+
end
|
|
14
|
+
principal = _{
|
|
15
|
+
AWS users
|
|
16
|
+
}
|
|
17
|
+
policy = {
|
|
18
|
+
service: "ecr",
|
|
19
|
+
action: action,
|
|
20
|
+
principal: principal,
|
|
21
|
+
no_resource: true,
|
|
22
|
+
}
|
|
23
|
+
_iam_policy_document("policy", { policy: [ policy ] })
|
|
24
|
+
end
|
|
@@ -18,7 +18,7 @@ end
|
|
|
18
18
|
|
|
19
19
|
def _iam_policies(name, args)
|
|
20
20
|
array = []
|
|
21
|
-
policies = args[
|
|
21
|
+
policies = args[name.to_sym] || []
|
|
22
22
|
policies.each_with_index do |v, i|
|
|
23
23
|
array << _{
|
|
24
24
|
PolicyDocument _iam_policy_document("document", v)
|
|
@@ -30,7 +30,7 @@ end
|
|
|
30
30
|
|
|
31
31
|
def _iam_policy_document(name, args)
|
|
32
32
|
array = []
|
|
33
|
-
documents = args[
|
|
33
|
+
documents = args[name.to_sym] || []
|
|
34
34
|
|
|
35
35
|
documents.each do |v|
|
|
36
36
|
service = v[:service] || ""
|
|
@@ -51,7 +51,7 @@ def _iam_policy_document(name, args)
|
|
|
51
51
|
array << _{
|
|
52
52
|
Effect v[:effect] || "Allow"
|
|
53
53
|
Action actions
|
|
54
|
-
Resource resource
|
|
54
|
+
Resource resource unless v.key? :no_resource
|
|
55
55
|
Principal v[:principal] if v.key? :principal
|
|
56
56
|
}
|
|
57
57
|
end
|
|
@@ -150,7 +150,7 @@ def _iam_s3_bucket_policy(region, bucket, prefix, aws_account_id)
|
|
|
150
150
|
service: "s3",
|
|
151
151
|
action: [ "PutObject" ],
|
|
152
152
|
principal: {
|
|
153
|
-
|
|
153
|
+
AWS: [ account_id ],
|
|
154
154
|
},
|
|
155
155
|
resource: resource,
|
|
156
156
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
KUMOGATA_TEMPLATE_VERSION = '0.0.
|
|
1
|
+
KUMOGATA_TEMPLATE_VERSION = '0.0.24'
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
#
|
|
2
|
+
# ECR Repository resource
|
|
3
|
+
# http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html
|
|
4
|
+
#
|
|
5
|
+
require 'kumogata/template/helper'
|
|
6
|
+
require 'kumogata/template/ecr'
|
|
7
|
+
|
|
8
|
+
name = _resource_name(args[:name], "ecr repository")
|
|
9
|
+
repo_name = _ref_name("name", args)
|
|
10
|
+
policy = _ecr_policy("policy", args)
|
|
11
|
+
|
|
12
|
+
_(name) do
|
|
13
|
+
Type "AWS::ECR::Repository"
|
|
14
|
+
Properties do
|
|
15
|
+
RepositoryName repo_name
|
|
16
|
+
RepositoryPolicyText do
|
|
17
|
+
Version "2012-10-17"
|
|
18
|
+
Statement policy
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
require 'abstract_unit'
|
|
2
|
+
|
|
3
|
+
class EcrRepositoryTest < Minitest::Test
|
|
4
|
+
def test_normal
|
|
5
|
+
template = <<-EOS
|
|
6
|
+
action = %w(
|
|
7
|
+
GetDownloadUrlForLayer
|
|
8
|
+
BatchGetImage
|
|
9
|
+
BatchCheckLayerAvailability
|
|
10
|
+
PutImage
|
|
11
|
+
InitiateLayerUpload
|
|
12
|
+
UploadLayerPart
|
|
13
|
+
CompleteLayerUpload
|
|
14
|
+
)
|
|
15
|
+
user = [
|
|
16
|
+
{ id: 1, name: "test" }
|
|
17
|
+
]
|
|
18
|
+
_ecr_repository "test", { policy: { action: action, user: user } }
|
|
19
|
+
EOS
|
|
20
|
+
act_template = run_client_as_json(template)
|
|
21
|
+
exp_template = <<-EOS
|
|
22
|
+
{
|
|
23
|
+
"TestEcrRepository": {
|
|
24
|
+
"Type": "AWS::ECR::Repository",
|
|
25
|
+
"Properties": {
|
|
26
|
+
"RepositoryName": "test",
|
|
27
|
+
"RepositoryPolicyText": {
|
|
28
|
+
"Version": "2012-10-17",
|
|
29
|
+
"Statement": [
|
|
30
|
+
{
|
|
31
|
+
"Effect": "Allow",
|
|
32
|
+
"Action": [
|
|
33
|
+
"ecr:GetDownloadUrlForLayer",
|
|
34
|
+
"ecr:BatchGetImage",
|
|
35
|
+
"ecr:BatchCheckLayerAvailability",
|
|
36
|
+
"ecr:PutImage",
|
|
37
|
+
"ecr:InitiateLayerUpload",
|
|
38
|
+
"ecr:UploadLayerPart",
|
|
39
|
+
"ecr:CompleteLayerUpload"
|
|
40
|
+
],
|
|
41
|
+
"Principal": {
|
|
42
|
+
"AWS": [
|
|
43
|
+
"arn:aws:iam::1:user/test"
|
|
44
|
+
]
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
]
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
EOS
|
|
53
|
+
assert_equal exp_template.chomp, act_template
|
|
54
|
+
end
|
|
55
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kumogata-template
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.24
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Naoya Nakazawa
|
|
@@ -111,6 +111,7 @@ files:
|
|
|
111
111
|
- lib/kumogata/template/datapipeline.rb
|
|
112
112
|
- lib/kumogata/template/dynamodb.rb
|
|
113
113
|
- lib/kumogata/template/ec2.rb
|
|
114
|
+
- lib/kumogata/template/ecr.rb
|
|
114
115
|
- lib/kumogata/template/ecs.rb
|
|
115
116
|
- lib/kumogata/template/elasticache.rb
|
|
116
117
|
- lib/kumogata/template/elasticbeanstalk.rb
|
|
@@ -169,6 +170,7 @@ files:
|
|
|
169
170
|
- template/ec2-vpc-endpoint.rb
|
|
170
171
|
- template/ec2-vpc-gateway-attachment.rb
|
|
171
172
|
- template/ec2-vpc.rb
|
|
173
|
+
- template/ecr-repository.rb
|
|
172
174
|
- template/ecs-cluster.rb
|
|
173
175
|
- template/ecs-service.rb
|
|
174
176
|
- template/ecs-task-definition.rb
|
|
@@ -311,6 +313,7 @@ files:
|
|
|
311
313
|
- test/template/ec2-volume_test.rb
|
|
312
314
|
- test/template/ec2-vpc-gateway-attachment_test.rb
|
|
313
315
|
- test/template/ec2-vpc_test.rb
|
|
316
|
+
- test/template/ecr-repository_test.rb
|
|
314
317
|
- test/template/ecs-cluster_test.rb
|
|
315
318
|
- test/template/ecs-service_test.rb
|
|
316
319
|
- test/template/ecs-task-definition_test.rb
|
|
@@ -479,6 +482,7 @@ test_files:
|
|
|
479
482
|
- test/template/ec2-volume_test.rb
|
|
480
483
|
- test/template/ec2-vpc-gateway-attachment_test.rb
|
|
481
484
|
- test/template/ec2-vpc_test.rb
|
|
485
|
+
- test/template/ecr-repository_test.rb
|
|
482
486
|
- test/template/ecs-cluster_test.rb
|
|
483
487
|
- test/template/ecs-service_test.rb
|
|
484
488
|
- test/template/ecs-task-definition_test.rb
|