kumogata-template 0.0.24 → 0.0.25

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cbf61b8ef2bf5c32a549e814951df8e3b0d4cb07
-  data.tar.gz: 6a90ad4bf7b62fe24b80e2fd2eb3ae7168a69d40
+  metadata.gz: e68d851f205814db46daa78d9f8de23d90daed76
+  data.tar.gz: 48272c915961e88257895459d16a76a7831f2403
 SHA512:
-  metadata.gz: '0019ed1d64bad5e176a59482d69d4cba3f29e7ce5782e934aca546a92acdb55182e1521b3065cdcdfdcf56e06a4d7d4560d4e12a1fcbd3cc82a9756bb7571bff'
-  data.tar.gz: 4612fc3e3861d342cb056bd1ada8db81817ed3a270ba6827bf87273e063d88e82066c11834f2576a92c28555ff3cac38e22bf17705662f040e512482a774e7ec
+  metadata.gz: 6596787ad06441fcec1780d68e3aa9dc50403e8c579f6485dd658fc258e65b62ea3ed7cf2c7155007e3a05288ec2d418b5afb1afb534d326084e1115c0ce6988
+  data.tar.gz: 50bb3f63b35bad4356cefac50b15873561ea7a668220345db3739df3064c146ced30929593bd0ddd7fe263febd2bd1f77f385b3f5676cadec5a9f68d9899808f

data/lib/kumogata/template/ecr.rb

@@ -2,6 +2,7 @@
 # Helper - ECR
 #
 require 'kumogata/template/helper'
+require 'kumogata/template/iam'
 
 
 def _ecr_policy(name, args)

data/lib/kumogata/template/iam.rb

@@ -16,6 +16,41 @@ def _iam_to_policy(value)
   end
 end
 
+def _iam_to_policy_condition_operator(value)
+  case value
+  when "=", "eq"
+    value = "string equals"
+  when "!=", "ne"
+    value = "string not equals"
+  end
+
+  if value.include? " "
+    value.split(" ").map(&:capitalize).join("")
+  else
+    value
+  end
+end
+
+def _iam_to_policy_condition(args)
+  condition = {}
+  args.each_pair do |k, v|
+    key = _iam_to_policy_condition_operator(k.to_s)
+    value = {}
+    last_key = nil
+    v.each do |vv|
+      if value.key? last_key
+        value[last_key] = vv
+      else
+        value[vv] = nil
+        last_key = vv
+      end
+    end
+    condition[key] = value
+  end
+
+  condition
+end
+
 def _iam_policies(name, args)
   array = []
   policies = args[name.to_sym] || []
@@ -37,22 +72,26 @@ def _iam_policy_document(name, args)
     action = v[:action] || [ "*" ]
     next if service.empty? or action.empty?
 
-    actions = action.collect{|v| "#{service}:#{v}" }
+    actions = action.collect{|vv| "#{service}:#{vv}" }
     if v.key? :resource
       if v[:resource].is_a? String
         resource = _iam_arn(service, v[:resource])
       else
-        resource = v[:resource].collect{|v| _iam_arn(service, v) }
+        resource = v[:resource].collect{|vv| _iam_arn(service, vv) }
       end
     else
       resource = [ "*" ]
     end
 
     array << _{
+      Sid v[:sid] if v.key :sid
       Effect v[:effect] || "Allow"
+      NotAction no_action v[:no_action] if v.key? :no_action
       Action actions
       Resource resource unless v.key? :no_resource
       Principal v[:principal] if v.key? :principal
+      NotPrincipal v[:not_principal] if v.key? :not_principal
+      Condition _iam_to_policy_condition(v[:condition]) if v.key? :condition
     }
   end
   array

data/lib/kumogata/template/version.rb

@@ -1 +1 @@
-KUMOGATA_TEMPLATE_VERSION = '0.0.24'
+KUMOGATA_TEMPLATE_VERSION = '0.0.25'

data/test/iam_test.rb

@@ -2,6 +2,57 @@ require 'abstract_unit'
 require 'kumogata/template/iam'
 
 class IamTest < Minitest::Test
+  def test_iam_to_policy_condition
+    template = <<-EOS
+condition = { "=": [ "s3:x-amz-acl", "bucket-owner-full-control" ] }
+Test _iam_to_policy_condition(condition)
+    EOS
+    act_template = run_client_as_json(template)
+    exp_template = <<-EOS
+{
+  "Test": {
+    "StringEquals": {
+      "s3:x-amz-acl": "bucket-owner-full-control"
+    }
+  }
+}
+    EOS
+    assert_equal exp_template.chomp, act_template
+
+    template = <<-EOS
+condition = {
+  "=": [ "aws:UserAgent", "Example Corp Java Client" ],
+  "date greater than": [ "aws:CurrentTime", "2013-08-16T12:00:00Z" ],
+  "numeric less than equals": [ "s3:max-keys", "10" ],
+  "ip address": [ "aws:SourceIp", ["192.0.2.0/24", "203.0.113.0/24"] ],
+}
+Test _iam_to_policy_condition(condition)
+    EOS
+    act_template = run_client_as_json(template)
+    exp_template = <<-EOS
+{
+  "Test": {
+    "StringEquals": {
+      "aws:UserAgent": "Example Corp Java Client"
+    },
+    "DateGreaterThan": {
+      "aws:CurrentTime": "2013-08-16T12:00:00Z"
+    },
+    "NumericLessThanEquals": {
+      "s3:max-keys": "10"
+    },
+    "IpAddress": {
+      "aws:SourceIp": [
+        "192.0.2.0/24",
+        "203.0.113.0/24"
+      ]
+    }
+  }
+}
+    EOS
+    assert_equal exp_template.chomp, act_template
+  end
+
   def test_iam_policies
     template = <<-EOS
 Policies _iam_policies "test", test: [ { document: [ { service: "s3" } ] } ]
@@ -51,6 +102,55 @@ PolicyDocument _iam_policy_document "test", test: [ { service: "s3" } ]
 }
     EOS
     assert_equal exp_template.chomp, act_template
+
+    template = <<-EOS
+PolicyDocument _iam_policy_document "test", test: [ { service: "s3", sid: "test" } ]
+    EOS
+    act_template = run_client_as_json(template)
+    exp_template = <<-EOS
+{
+  "PolicyDocument": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+    EOS
+    assert_equal exp_template.chomp, act_template
+
+    template = <<-EOS
+condition = { "=": [ "s3:x-amz-acl", "bucket-owner-full-control" ] }
+PolicyDocument _iam_policy_document "test", test: [ { service: "s3", sid: "test", condition: condition } ]
+    EOS
+    act_template = run_client_as_json(template)
+    exp_template = <<-EOS
+{
+  "PolicyDocument": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ],
+      "Condition": {
+        "StringEquals": {
+          "s3:x-amz-acl": "bucket-owner-full-control"
+        }
+      }
+    }
+  ]
+}
+    EOS
+    assert_equal exp_template.chomp, act_template
+
   end
 
   def test_iam_assume_role_policy_document

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kumogata-template
 version: !ruby/object:Gem::Version
-  version: 0.0.24
+  version: 0.0.25
 platform: ruby
 authors:
 - Naoya Nakazawa
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-05-06 00:00:00.000000000 Z
+date: 2017-05-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk