kumogata-template 0.0.24 → 0.0.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/kumogata/template/ecr.rb +1 -0
  3. data/lib/kumogata/template/iam.rb +41 -2
  4. data/lib/kumogata/template/version.rb +1 -1
  5. data/test/iam_test.rb +100 -0
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: cbf61b8ef2bf5c32a549e814951df8e3b0d4cb07
4
- data.tar.gz: 6a90ad4bf7b62fe24b80e2fd2eb3ae7168a69d40
3
+ metadata.gz: e68d851f205814db46daa78d9f8de23d90daed76
4
+ data.tar.gz: 48272c915961e88257895459d16a76a7831f2403
5
5
  SHA512:
6
- metadata.gz: '0019ed1d64bad5e176a59482d69d4cba3f29e7ce5782e934aca546a92acdb55182e1521b3065cdcdfdcf56e06a4d7d4560d4e12a1fcbd3cc82a9756bb7571bff'
7
- data.tar.gz: 4612fc3e3861d342cb056bd1ada8db81817ed3a270ba6827bf87273e063d88e82066c11834f2576a92c28555ff3cac38e22bf17705662f040e512482a774e7ec
6
+ metadata.gz: 6596787ad06441fcec1780d68e3aa9dc50403e8c579f6485dd658fc258e65b62ea3ed7cf2c7155007e3a05288ec2d418b5afb1afb534d326084e1115c0ce6988
7
+ data.tar.gz: 50bb3f63b35bad4356cefac50b15873561ea7a668220345db3739df3064c146ced30929593bd0ddd7fe263febd2bd1f77f385b3f5676cadec5a9f68d9899808f
data/lib/kumogata/template/ecr.rb CHANGED
@@ -2,6 +2,7 @@
2
2
  # Helper - ECR
3
3
  #
4
4
  require 'kumogata/template/helper'
5
+ require 'kumogata/template/iam'
5
6
 
6
7
 
7
8
  def _ecr_policy(name, args)
data/lib/kumogata/template/iam.rb CHANGED
@@ -16,6 +16,41 @@ def _iam_to_policy(value)
16
16
  end
17
17
  end
18
18
 
19
+ def _iam_to_policy_condition_operator(value)
20
+ case value
21
+ when "=", "eq"
22
+ value = "string equals"
23
+ when "!=", "ne"
24
+ value = "string not equals"
25
+ end
26
+
27
+ if value.include? " "
28
+ value.split(" ").map(&:capitalize).join("")
29
+ else
30
+ value
31
+ end
32
+ end
33
+
34
+ def _iam_to_policy_condition(args)
35
+ condition = {}
36
+ args.each_pair do |k, v|
37
+ key = _iam_to_policy_condition_operator(k.to_s)
38
+ value = {}
39
+ last_key = nil
40
+ v.each do |vv|
41
+ if value.key? last_key
42
+ value[last_key] = vv
43
+ else
44
+ value[vv] = nil
45
+ last_key = vv
46
+ end
47
+ end
48
+ condition[key] = value
49
+ end
50
+
51
+ condition
52
+ end
53
+
19
54
  def _iam_policies(name, args)
20
55
  array = []
21
56
  policies = args[name.to_sym] || []
@@ -37,22 +72,26 @@ def _iam_policy_document(name, args)
37
72
  action = v[:action] || [ "*" ]
38
73
  next if service.empty? or action.empty?
39
74
 
40
- actions = action.collect{|v| "#{service}:#{v}" }
75
+ actions = action.collect{|vv| "#{service}:#{vv}" }
41
76
  if v.key? :resource
42
77
  if v[:resource].is_a? String
43
78
  resource = _iam_arn(service, v[:resource])
44
79
  else
45
- resource = v[:resource].collect{|v| _iam_arn(service, v) }
80
+ resource = v[:resource].collect{|vv| _iam_arn(service, vv) }
46
81
  end
47
82
  else
48
83
  resource = [ "*" ]
49
84
  end
50
85
 
51
86
  array << _{
87
+ Sid v[:sid] if v.key :sid
52
88
  Effect v[:effect] || "Allow"
89
+ NotAction no_action v[:no_action] if v.key? :no_action
53
90
  Action actions
54
91
  Resource resource unless v.key? :no_resource
55
92
  Principal v[:principal] if v.key? :principal
93
+ NotPrincipal v[:not_principal] if v.key? :not_principal
94
+ Condition _iam_to_policy_condition(v[:condition]) if v.key? :condition
56
95
  }
57
96
  end
58
97
  array
data/lib/kumogata/template/version.rb CHANGED
@@ -1 +1 @@
1
- KUMOGATA_TEMPLATE_VERSION = '0.0.24'
1
+ KUMOGATA_TEMPLATE_VERSION = '0.0.25'
data/test/iam_test.rb CHANGED
@@ -2,6 +2,57 @@ require 'abstract_unit'
2
2
  require 'kumogata/template/iam'
3
3
 
4
4
  class IamTest < Minitest::Test
5
+ def test_iam_to_policy_condition
6
+ template = <<-EOS
7
+ condition = { "=": [ "s3:x-amz-acl", "bucket-owner-full-control" ] }
8
+ Test _iam_to_policy_condition(condition)
9
+ EOS
10
+ act_template = run_client_as_json(template)
11
+ exp_template = <<-EOS
12
+ {
13
+ "Test": {
14
+ "StringEquals": {
15
+ "s3:x-amz-acl": "bucket-owner-full-control"
16
+ }
17
+ }
18
+ }
19
+ EOS
20
+ assert_equal exp_template.chomp, act_template
21
+
22
+ template = <<-EOS
23
+ condition = {
24
+ "=": [ "aws:UserAgent", "Example Corp Java Client" ],
25
+ "date greater than": [ "aws:CurrentTime", "2013-08-16T12:00:00Z" ],
26
+ "numeric less than equals": [ "s3:max-keys", "10" ],
27
+ "ip address": [ "aws:SourceIp", ["192.0.2.0/24", "203.0.113.0/24"] ],
28
+ }
29
+ Test _iam_to_policy_condition(condition)
30
+ EOS
31
+ act_template = run_client_as_json(template)
32
+ exp_template = <<-EOS
33
+ {
34
+ "Test": {
35
+ "StringEquals": {
36
+ "aws:UserAgent": "Example Corp Java Client"
37
+ },
38
+ "DateGreaterThan": {
39
+ "aws:CurrentTime": "2013-08-16T12:00:00Z"
40
+ },
41
+ "NumericLessThanEquals": {
42
+ "s3:max-keys": "10"
43
+ },
44
+ "IpAddress": {
45
+ "aws:SourceIp": [
46
+ "192.0.2.0/24",
47
+ "203.0.113.0/24"
48
+ ]
49
+ }
50
+ }
51
+ }
52
+ EOS
53
+ assert_equal exp_template.chomp, act_template
54
+ end
55
+
5
56
  def test_iam_policies
6
57
  template = <<-EOS
7
58
  Policies _iam_policies "test", test: [ { document: [ { service: "s3" } ] } ]
@@ -51,6 +102,55 @@ PolicyDocument _iam_policy_document "test", test: [ { service: "s3" } ]
51
102
  }
52
103
  EOS
53
104
  assert_equal exp_template.chomp, act_template
105
+
106
+ template = <<-EOS
107
+ PolicyDocument _iam_policy_document "test", test: [ { service: "s3", sid: "test" } ]
108
+ EOS
109
+ act_template = run_client_as_json(template)
110
+ exp_template = <<-EOS
111
+ {
112
+ "PolicyDocument": [
113
+ {
114
+ "Effect": "Allow",
115
+ "Action": [
116
+ "s3:*"
117
+ ],
118
+ "Resource": [
119
+ "*"
120
+ ]
121
+ }
122
+ ]
123
+ }
124
+ EOS
125
+ assert_equal exp_template.chomp, act_template
126
+
127
+ template = <<-EOS
128
+ condition = { "=": [ "s3:x-amz-acl", "bucket-owner-full-control" ] }
129
+ PolicyDocument _iam_policy_document "test", test: [ { service: "s3", sid: "test", condition: condition } ]
130
+ EOS
131
+ act_template = run_client_as_json(template)
132
+ exp_template = <<-EOS
133
+ {
134
+ "PolicyDocument": [
135
+ {
136
+ "Effect": "Allow",
137
+ "Action": [
138
+ "s3:*"
139
+ ],
140
+ "Resource": [
141
+ "*"
142
+ ],
143
+ "Condition": {
144
+ "StringEquals": {
145
+ "s3:x-amz-acl": "bucket-owner-full-control"
146
+ }
147
+ }
148
+ }
149
+ ]
150
+ }
151
+ EOS
152
+ assert_equal exp_template.chomp, act_template
153
+
54
154
  end
55
155
 
56
156
  def test_iam_assume_role_policy_document
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kumogata-template
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.24
4
+ version: 0.0.25
5
5
  platform: ruby
6
6
  authors:
7
7
  - Naoya Nakazawa
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-05-06 00:00:00.000000000 Z
11
+ date: 2017-05-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk