kumogata-template 0.0.35 → 0.0.36
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.travis.yml +4 -2
- data/Gemfile +1 -1
- data/Rakefile +1 -1
- data/kumogata-template.gemspec +4 -4
- data/lib/kumogata/template/alb.rb +48 -34
- data/lib/kumogata/template/api-gateway.rb +262 -0
- data/lib/kumogata/template/autoscaling.rb +17 -44
- data/lib/kumogata/template/certificate.rb +11 -8
- data/lib/kumogata/template/cloudfront.rb +67 -60
- data/lib/kumogata/template/cloudwatch.rb +7 -12
- data/lib/kumogata/template/codebuild.rb +4 -8
- data/lib/kumogata/template/codecommit.rb +2 -6
- data/lib/kumogata/template/codedeploy.rb +15 -0
- data/lib/kumogata/template/cognito.rb +203 -0
- data/lib/kumogata/template/const.rb +109 -47
- data/lib/kumogata/template/datapipeline.rb +16 -47
- data/lib/kumogata/template/dynamodb.rb +17 -8
- data/lib/kumogata/template/ec2.rb +61 -10
- data/lib/kumogata/template/ecr.rb +11 -9
- data/lib/kumogata/template/ecs.rb +256 -91
- data/lib/kumogata/template/elasticbeanstalk.rb +6 -9
- data/lib/kumogata/template/elb.rb +9 -24
- data/lib/kumogata/template/emr.rb +184 -51
- data/lib/kumogata/template/events.rb +22 -10
- data/lib/kumogata/template/ext/kumogata.rb +7 -7
- data/lib/kumogata/template/helper.rb +189 -130
- data/lib/kumogata/template/iam.rb +556 -146
- data/lib/kumogata/template/kinesis.rb +282 -0
- data/lib/kumogata/template/lambda.rb +43 -2
- data/lib/kumogata/template/logs.rb +2 -6
- data/lib/kumogata/template/nlb.rb +10 -0
- data/lib/kumogata/template/pinpoint.rb +83 -0
- data/lib/kumogata/template/rds.rb +52 -0
- data/lib/kumogata/template/redshift.rb +15 -6
- data/lib/kumogata/template/role.rb +425 -0
- data/lib/kumogata/template/s3.rb +120 -80
- data/lib/kumogata/template/sns.rb +2 -6
- data/lib/kumogata/template/version.rb +1 -1
- data/lib/kumogata/template.rb +9 -1
- data/template/_template.rb +2 -2
- data/template/alb-load-balancer.rb +5 -4
- data/template/alb-target-group.rb +8 -9
- data/template/api-gateway-account.rb +15 -0
- data/template/api-gateway-api-key.rb +22 -0
- data/template/api-gateway-authorizer.rb +38 -0
- data/template/api-gateway-base-path-mapping.rb +23 -0
- data/template/api-gateway-client-certificate.rb +16 -0
- data/template/api-gateway-deployment.rb +24 -0
- data/template/api-gateway-domain-name.rb +17 -0
- data/template/api-gateway-method.rb +71 -0
- data/template/api-gateway-model.rb +23 -0
- data/template/api-gateway-resource.rb +32 -0
- data/template/api-gateway-rest-api.rb +29 -0
- data/template/api-gateway-stage.rb +33 -0
- data/template/api-gateway-usage-plan-key.rb +19 -0
- data/template/api-gateway-usage-plan.rb +24 -0
- data/template/autoscaling-group.rb +2 -2
- data/template/autoscaling-launch-configuration.rb +7 -4
- data/template/autoscaling-scheduled-action.rb +0 -1
- data/template/certificate.rb +2 -2
- data/template/cloudfront-distribution.rb +4 -0
- data/template/cloudfront-origin-access-identity.rb +19 -0
- data/template/cloudtrail.rb +6 -4
- data/template/cloudwatch-alarm.rb +9 -3
- data/template/codebuild-project.rb +3 -3
- data/template/codecommit-repository.rb +2 -2
- data/template/codedeploy-application.rb +1 -1
- data/template/codedeploy-deployment-config.rb +1 -1
- data/template/codedeploy-deployment-group.rb +2 -0
- data/template/cognito-identity-pool.rb +34 -0
- data/template/cognito-identity-role-attachment.rb +22 -0
- data/template/cognito-user-pool-client.rb +28 -0
- data/template/cognito-user-pool-group.rb +24 -0
- data/template/cognito-user-pool-user-to-group-attachment.rb +20 -0
- data/template/cognito-user-pool-user.rb +28 -0
- data/template/cognito-user-pool.rb +45 -0
- data/template/datapipeline-pipeline.rb +4 -4
- data/template/dynamodb-table.rb +5 -1
- data/template/ec2-eip-association.rb +1 -1
- data/template/ec2-instance.rb +4 -1
- data/template/ec2-nat-gateway.rb +4 -0
- data/template/ec2-route.rb +4 -0
- data/template/ec2-security-group-ingress.rb +1 -1
- data/template/ec2-security-group.rb +2 -2
- data/template/ec2-subnet.rb +8 -4
- data/template/ec2-volume.rb +1 -2
- data/template/ec2-vpc-cidr-block.rb +4 -2
- data/template/ec2-vpc-endpoint.rb +5 -2
- data/template/ecr-repository.rb +2 -2
- data/template/ecs-cluster.rb +1 -1
- data/template/ecs-service.rb +19 -7
- data/template/ecs-task-definition.rb +4 -4
- data/template/elasticache-cache-cluster.rb +1 -1
- data/template/elasticache-parameter-group.rb +1 -1
- data/template/elasticache-replication-group.rb +1 -1
- data/template/elasticache-subnet-group.rb +1 -1
- data/template/elasticbeanstalk-application-version.rb +1 -1
- data/template/elasticbeanstalk-application.rb +1 -1
- data/template/elasticbeanstalk-configuration-template.rb +1 -1
- data/template/elasticbeanstalk-environment.rb +1 -1
- data/template/elb-load-balancer.rb +2 -2
- data/template/emr-cluster.rb +3 -3
- data/template/emr-instance-group-config.rb +4 -2
- data/template/emr-security-configuration.rb +17 -0
- data/template/emr-step.rb +2 -2
- data/template/events-rule.rb +8 -8
- data/template/iam-group.rb +2 -2
- data/template/iam-instance-profile.rb +2 -2
- data/template/iam-managed-policy.rb +1 -1
- data/template/iam-policy.rb +1 -1
- data/template/iam-role.rb +17 -2
- data/template/iam-user.rb +4 -4
- data/template/kinesis-firehose-delivery-stream.rb +36 -0
- data/template/kinesis-stream.rb +21 -0
- data/template/kms-alias.rb +2 -2
- data/template/kms-key.rb +1 -1
- data/template/lambda-alias.rb +2 -2
- data/template/lambda-event-source-mapping.rb +4 -4
- data/template/lambda-function.rb +17 -17
- data/template/lambda-permission.rb +31 -10
- data/template/lambda-version.rb +4 -2
- data/template/logs-destination.rb +1 -1
- data/template/logs-log-group.rb +1 -1
- data/template/logs-log-stream.rb +4 -2
- data/template/logs-metric-filter.rb +1 -1
- data/template/logs-subscription_filter.rb +1 -1
- data/template/mappings-ec2.rb +114 -52
- data/template/output-arn.rb +12 -4
- data/template/output-certificate.rb +11 -0
- data/template/output-distribution.rb +11 -0
- data/template/output-domain-name.rb +11 -0
- data/template/output-ecr-repository.rb +16 -0
- data/template/output-eip.rb +11 -0
- data/template/output-lambda-function.rb +6 -0
- data/template/output-name.rb +7 -2
- data/template/output-origin-access-identity.rb +13 -0
- data/template/output-rds-cluster.rb +17 -0
- data/template/{output-rds.rb → output-rds-instance.rb} +1 -1
- data/template/output-redshift.rb +11 -0
- data/template/output-rest-api.rb +11 -0
- data/template/output-s3.rb +3 -0
- data/template/output-stage.rb +19 -0
- data/template/output-subnet.rb +6 -3
- data/template/output-trail.rb +14 -0
- data/template/output-user-pool-client.rb +14 -0
- data/template/output-user-pool.rb +17 -0
- data/template/output-vpc.rb +13 -3
- data/template/output.rb +3 -2
- data/template/parameter-ec2.rb +10 -4
- data/template/parameter-elasticache.rb +1 -1
- data/template/parameter-rds.rb +51 -4
- data/template/parameter-redshift.rb +31 -1
- data/template/parameter.rb +87 -7
- data/template/rds-db-cluster-parameter-group.rb +18 -4
- data/template/rds-db-cluster.rb +19 -7
- data/template/rds-db-instance.rb +55 -131
- data/template/rds-db-parameter-group.rb +29 -3
- data/template/rds-db-subnet-group.rb +1 -1
- data/template/rds-event-subscription.rb +2 -4
- data/template/rds-option-group.rb +28 -5
- data/template/redshift-cluster-parameter-group.rb +3 -1
- data/template/redshift-cluster-security-group.rb +17 -0
- data/template/redshift-cluster-subnet-group.rb +3 -1
- data/template/redshift-cluster.rb +15 -12
- data/template/s3-bucket.rb +10 -5
- data/template/sns-topic.rb +2 -2
- data/template/sqs-queue.rb +1 -1
- data/test/abstract_unit.rb +2 -9
- data/test/cloudfront_test.rb +57 -28
- data/test/codedeploy_test.rb +21 -0
- data/test/datapipeline_test.rb +0 -22
- data/test/ec2_test.rb +12 -52
- data/test/ecs_test.rb +30 -26
- data/test/emr_test.rb +101 -20
- data/test/events_test.rb +47 -0
- data/test/helper_test.rb +251 -281
- data/test/iam_test.rb +572 -57
- data/test/lambda_test.rb +1 -1
- data/test/s3_test.rb +49 -14
- data/test/template/alb-load-balancer_test.rb +4 -5
- data/test/template/alb-target-group_test.rb +1 -3
- data/test/template/api-gateway-account_test.rb +26 -0
- data/test/template/api-gateway-api-key_test.rb +33 -0
- data/test/template/api-gateway-authorizer_test.rb +62 -0
- data/test/template/api-gateway-base-path-mapping_test.rb +27 -0
- data/test/template/api-gateway-client-certificate_test.rb +21 -0
- data/test/template/api-gateway-deployment_test.rb +27 -0
- data/test/template/api-gateway-domain-name_test.rb +26 -0
- data/test/template/api-gateway-method_test.rb +29 -0
- data/test/template/api-gateway-model_test.rb +37 -0
- data/test/template/api-gateway-resource_test.rb +82 -0
- data/test/template/api-gateway-rest-api_test.rb +33 -0
- data/test/template/api-gateway-stage_test.rb +39 -0
- data/test/template/api-gateway-usage-plan-key_test.rb +25 -0
- data/test/template/api-gateway-usage-plan_test.rb +42 -0
- data/test/template/cloudfront-distribution_test.rb +41 -3
- data/test/template/cloudtrail_test.rb +13 -5
- data/test/template/cloudwatch-alarm_test.rb +14 -2
- data/test/template/codebuild-project_test.rb +2 -11
- data/test/template/codecommit-repository_test.rb +12 -1
- data/test/template/cognito-identity-pool_test.rb +32 -0
- data/test/template/cognito-identity-role-attachment_test.rb +38 -0
- data/test/template/cognito-user-pool-client_test.rb +36 -0
- data/test/template/cognito-user-pool-group_test.rb +36 -0
- data/test/template/cognito-user-pool-user-to-group-attachment_test.rb +29 -0
- data/test/template/cognito-user-pool-user_test.rb +38 -0
- data/test/template/cognito-user-pool_test.rb +99 -0
- data/test/template/datapipeline-pipeline_test.rb +45 -6
- data/test/template/dynamodb-table_test.rb +19 -1
- data/test/template/ec2-instance_test.rb +9 -1
- data/test/template/ec2-nat-gateway_test.rb +29 -1
- data/test/template/ec2-security-group-egress_test.rb +1 -0
- data/test/template/ec2-security-group-ingress_test.rb +1 -0
- data/test/template/ec2-security-group_test.rb +11 -1
- data/test/template/ec2-spot-fleet_test.rb +1 -1
- data/test/template/ec2-subnet_test.rb +62 -1
- data/test/template/ec2-vpc-cidr-block_test.rb +1 -1
- data/test/template/ec2-vpc-endpoint_test.rb +56 -0
- data/test/template/ecr-repository_test.rb +63 -11
- data/test/template/ecs-service_test.rb +13 -2
- data/test/template/ecs-task-definition_test.rb +86 -13
- data/test/template/elasticache-cache-cluster_test.rb +4 -6
- data/test/template/elasticache-replication-group_test.rb +1 -1
- data/test/template/elasticbeanstalk-application-version_test.rb +1 -0
- data/test/template/elasticbeanstalk-application_test.rb +2 -1
- data/test/template/elasticbeanstalk-configuration-template_test.rb +2 -1
- data/test/template/elasticbeanstalk-template_test.rb +1 -0
- data/test/template/elb-load-balancer_test.rb +1 -3
- data/test/template/emr-cluster_test.rb +2 -14
- data/test/template/emr-instance-group-config_test.rb +2 -4
- data/test/template/emr-security-configuration_test.rb +34 -0
- data/test/template/emr-step_test.rb +2 -6
- data/test/template/events-rule_test.rb +3 -3
- data/test/template/iam-group_test.rb +11 -1
- data/test/template/iam-instance-profile_test.rb +11 -1
- data/test/template/iam-managed-policy_test.rb +1 -0
- data/test/template/iam-policy_test.rb +1 -3
- data/test/template/iam-role_test.rb +12 -2
- data/test/template/iam-user_test.rb +11 -17
- data/test/template/kinesis-firehorse-delivery-stream_test.rb +68 -0
- data/test/template/kinesis-stream_test.rb +61 -0
- data/test/template/kms-key_test.rb +1 -0
- data/test/template/lambda-alias_test.rb +2 -3
- data/test/template/lambda-event-source-mapping_test.rb +1 -1
- data/test/template/lambda-function_test.rb +20 -32
- data/test/template/lambda-permission_test.rb +7 -4
- data/test/template/lambda-version_test.rb +5 -2
- data/test/template/logs-log-group_test.rb +1 -3
- data/test/template/logs-log-stream_test.rb +2 -6
- data/test/template/logs-metric-filter_test.rb +1 -3
- data/test/template/logs-subscription-filter_test.rb +1 -3
- data/test/template/mappings-ec2_test.rb +10 -3
- data/test/template/output-domain-name_test.rb +30 -0
- data/test/template/output-name_test.rb +9 -0
- data/test/template/{output-rds_test.rb → output-rds-instance_test.rb} +2 -2
- data/test/template/output-rest-api_test.rb +30 -0
- data/test/template/output-s3_test.rb +9 -0
- data/test/template/output-stage_test.rb +43 -0
- data/test/template/output-user-pool-client_test.rb +39 -0
- data/test/template/output-user-pool_test.rb +48 -0
- data/test/template/output_test.rb +3 -1
- data/test/template/parameter-ec2_test.rb +22 -24
- data/test/template/parameter-elasticache_test.rb +2 -1
- data/test/template/parameter-rds_test.rb +32 -3
- data/test/template/parameter-redshift_test.rb +31 -2
- data/test/template/parameter_test.rb +37 -4
- data/test/template/rds-db-cluster-parameter-group_test.rb +1 -1
- data/test/template/rds-db-cluster_test.rb +4 -20
- data/test/template/rds-db-instance_test.rb +3 -373
- data/test/template/rds-db-parameter-group_test.rb +1 -1
- data/test/template/rds-option-group_test.rb +2 -2
- data/test/template/redshift-cluster-parameter-group_test.rb +28 -0
- data/test/template/redshift-cluster-security-group_test.rb +49 -0
- data/test/template/redshift-cluster-subnet-group_test.rb +28 -0
- data/test/template/redshift-cluster_test.rb +33 -5
- data/test/template/s3-bucket_test.rb +6 -20
- metadata +130 -22
@@ -2,6 +2,7 @@
|
|
2
2
|
# Helper - IAM
|
3
3
|
#
|
4
4
|
require 'kumogata/template/helper'
|
5
|
+
require 'kumogata/template/pinpoint'
|
5
6
|
|
6
7
|
def _iam_to_policy(value)
|
7
8
|
case value
|
@@ -9,60 +10,35 @@ def _iam_to_policy(value)
|
|
9
10
|
'AdministratorAccess'
|
10
11
|
when 'power'
|
11
12
|
'PowerUserAccess'
|
12
|
-
when
|
13
|
+
when /readonly/
|
13
14
|
'ReadOnlyAccess'
|
15
|
+
when 'database', 'network', 'system'
|
16
|
+
"#{value.upcase}Administrator"
|
14
17
|
else
|
15
18
|
value
|
16
19
|
end
|
17
20
|
end
|
18
21
|
|
19
|
-
def
|
20
|
-
|
21
|
-
when "=", "eq"
|
22
|
-
value = "string equals"
|
23
|
-
when "!=", "ne"
|
24
|
-
value = "string not equals"
|
25
|
-
end
|
26
|
-
|
27
|
-
if value.include? " "
|
28
|
-
value.split(" ").map(&:capitalize).join("")
|
29
|
-
else
|
30
|
-
value
|
31
|
-
end
|
22
|
+
def _iam_to_condition_s3_bucket_owner_full_control()
|
23
|
+
{ '=': { 's3:x-amz-acl': 'bucket-owner-full-control' } }
|
32
24
|
end
|
33
25
|
|
34
|
-
def
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
last_key = nil
|
40
|
-
v.each do |vv|
|
41
|
-
if value.key? last_key
|
42
|
-
value[last_key] = vv
|
43
|
-
else
|
44
|
-
value[vv] = nil
|
45
|
-
last_key = vv
|
46
|
-
end
|
26
|
+
def _iam_policies(name, args)
|
27
|
+
(args[name.to_sym] || []).collect.with_index do |v, i|
|
28
|
+
case v[:policy]
|
29
|
+
when 'pinpoint-full'
|
30
|
+
v[:document] = _pinpoint_to_iam_full(v[:app])
|
47
31
|
end
|
48
|
-
condition[key] = value
|
49
|
-
end
|
50
|
-
condition
|
51
|
-
end
|
52
32
|
|
53
|
-
|
54
|
-
|
55
|
-
policies = args[name.to_sym] || []
|
56
|
-
policies.each_with_index do |v, i|
|
57
|
-
array << _{
|
33
|
+
v[:name] = "policy-#{i + 1}"
|
34
|
+
_{
|
58
35
|
PolicyDocument do
|
59
36
|
Version "2012-10-17"
|
60
37
|
Statement _iam_policy_document("document", v)
|
61
38
|
end
|
62
|
-
PolicyName
|
39
|
+
PolicyName _name("policy", v)
|
63
40
|
}
|
64
41
|
end
|
65
|
-
array
|
66
42
|
end
|
67
43
|
|
68
44
|
def _iam_policy_principal(args, key = "principal")
|
@@ -74,7 +50,7 @@ def _iam_policy_principal(args, key = "principal")
|
|
74
50
|
account = principal[:account]
|
75
51
|
if account.is_a? Hash
|
76
52
|
_{
|
77
|
-
AWS _iam_arn("iam", { type: "user", account_id: account[:id],
|
53
|
+
AWS _iam_arn("iam", { type: "user", account_id: account[:id], name: account[:name] })
|
78
54
|
}
|
79
55
|
else
|
80
56
|
_{
|
@@ -82,10 +58,10 @@ def _iam_policy_principal(args, key = "principal")
|
|
82
58
|
}
|
83
59
|
end
|
84
60
|
elsif principal.key? :accounts
|
85
|
-
accounts = []
|
86
|
-
|
87
|
-
accounts << _iam_arn("iam", { type: "user", account_id: v[:id], user: v[:name] })
|
61
|
+
accounts = principal[:accounts].collect do |v|
|
62
|
+
_iam_arn("iam", { type: "user", account_id: v[:id], name: v[:name] })
|
88
63
|
end
|
64
|
+
|
89
65
|
_{
|
90
66
|
AWS accounts
|
91
67
|
}
|
@@ -96,9 +72,13 @@ def _iam_policy_principal(args, key = "principal")
|
|
96
72
|
elsif principal.key? :assumed_role
|
97
73
|
assumed_role = principal[:assumed_role]
|
98
74
|
_{
|
99
|
-
AWS _iam_arn("
|
100
|
-
{
|
101
|
-
account_id: assumed_role[:id],
|
75
|
+
AWS _iam_arn("sts",
|
76
|
+
{ type: "assumed-role",
|
77
|
+
account_id: assumed_role[:id], name: assumed_role[:name] })
|
78
|
+
}
|
79
|
+
elsif principal.key? :service_region
|
80
|
+
_{
|
81
|
+
Service _sub_service(principal[:service_region])
|
102
82
|
}
|
103
83
|
elsif principal.key? :services or principal.key? :service
|
104
84
|
_{
|
@@ -109,70 +89,115 @@ def _iam_policy_principal(args, key = "principal")
|
|
109
89
|
CanonicalUser principal[:canonical]
|
110
90
|
}
|
111
91
|
else
|
112
|
-
|
92
|
+
''
|
113
93
|
end
|
114
94
|
end
|
115
95
|
|
116
96
|
def _iam_policy_document(name, args)
|
117
|
-
|
118
|
-
|
97
|
+
(args[name.to_sym] || []).collect do |v|
|
98
|
+
_services =
|
99
|
+
if v.key? :service
|
100
|
+
[ v[:service] ]
|
101
|
+
else
|
102
|
+
v[:services] || []
|
103
|
+
end
|
104
|
+
next if _services.empty?
|
119
105
|
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
106
|
+
_actions =
|
107
|
+
if v.key? :action
|
108
|
+
[ v[:action] ]
|
109
|
+
else
|
110
|
+
v[:actions] || [ "*" ]
|
111
|
+
end
|
124
112
|
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
113
|
+
sid = v[:sid] || ''
|
114
|
+
|
115
|
+
actions = []
|
116
|
+
_services.each do |s|
|
117
|
+
_actions.each do |a|
|
118
|
+
actions <<
|
119
|
+
unless a[0].match(/^[a-z]/).nil?
|
120
|
+
"#{s}:#{_capitalize(a)}"
|
121
|
+
else
|
122
|
+
"#{s}:#{a}"
|
123
|
+
end
|
124
|
+
end
|
130
125
|
end
|
126
|
+
|
127
|
+
resource =
|
128
|
+
if v.key? :resources
|
129
|
+
_services.collect{|s| _iam_arn(s, v[:resources]) }.flatten
|
130
|
+
elsif v.key? :resource
|
131
|
+
_services.collect{|s| _iam_arn(s, v[:resource]) }.flatten
|
132
|
+
else
|
133
|
+
[ "*" ]
|
134
|
+
end
|
131
135
|
principal = _iam_policy_principal(v)
|
132
136
|
not_principal = _iam_policy_principal(v, "not_principal")
|
133
137
|
|
134
|
-
|
135
|
-
Sid
|
136
|
-
Effect v[:effect] ||
|
137
|
-
NotAction
|
138
|
+
_{
|
139
|
+
Sid sid unless sid.empty?
|
140
|
+
Effect v[:effect] || 'Allow'
|
141
|
+
NotAction v[:no_action] if v.key? :no_action
|
138
142
|
Action actions
|
139
143
|
Resource resource unless v.key? :no_resource
|
140
144
|
Principal principal unless principal.empty?
|
141
145
|
NotPrincipal not_principal unless not_principal.empty?
|
142
|
-
Condition
|
146
|
+
Condition _iam_policy_conditions(v[:condition]) if v.key? :condition
|
143
147
|
}
|
144
148
|
end
|
145
|
-
array
|
146
149
|
end
|
147
150
|
|
148
151
|
def _iam_assume_role_policy_document(args)
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
+
cognito = args[:cognito] || false
|
153
|
+
aws = args[:aws] || []
|
154
|
+
federated =
|
155
|
+
if cognito
|
156
|
+
"cognito-identity.#{DOMAIN}"
|
152
157
|
else
|
153
|
-
""
|
158
|
+
args[:federated] || ""
|
154
159
|
end
|
155
|
-
service =
|
160
|
+
service =
|
161
|
+
if args.key? :services or args.key? :service
|
162
|
+
(args[:services] || [ args[:service] ]).collect{|v| "#{v}.#{DOMAIN}" }
|
163
|
+
else
|
164
|
+
''
|
165
|
+
end
|
166
|
+
canonical = args[:canonical] || ""
|
167
|
+
action =
|
168
|
+
if cognito
|
169
|
+
"assume role with web identity"
|
170
|
+
else
|
171
|
+
args[:action] || "assume role"
|
172
|
+
end
|
173
|
+
cond_auds = _ref_string_default("cond_auds", args)
|
174
|
+
cond_external = _ref_string_default("cond_external", args)
|
175
|
+
cond_amr = args[:cond_amr] || ""
|
156
176
|
condition =
|
157
|
-
|
177
|
+
unless cond_auds.empty? and cond_external.empty? and cond_amr.empty?
|
158
178
|
true
|
159
179
|
else
|
160
180
|
false
|
161
181
|
end
|
162
|
-
external_id = args[:external_id] || ""
|
163
182
|
|
164
183
|
[
|
165
184
|
_{
|
166
185
|
Effect "Allow"
|
167
186
|
Principal _{
|
168
|
-
AWS aws unless aws.empty?
|
169
|
-
|
187
|
+
AWS _iam_arn("iam", aws) unless aws.empty?
|
188
|
+
Federated federated unless federated.empty?
|
189
|
+
Service service unless service.empty?
|
190
|
+
CanonicalUser canonical unless canonical.empty?
|
170
191
|
}
|
171
|
-
Action [ "sts
|
192
|
+
Action [ "sts:#{_capitalize(action)}" ]
|
172
193
|
Condition _{
|
173
194
|
StringEquals _{
|
174
|
-
|
195
|
+
cognito____identity___amazonaws___com_aud cond_auds unless cond_auds.empty?
|
196
|
+
sts_ExternalId cond_external unless cond_external.empty?
|
175
197
|
}
|
198
|
+
ForAnyValue_StringLike _{
|
199
|
+
cognito____identity___amazonaws___com_amr cond_amr unless cond_amr.empty?
|
200
|
+
} if cognito
|
176
201
|
} if condition
|
177
202
|
}
|
178
203
|
]
|
@@ -184,109 +209,413 @@ def _iam_arn(service, resource)
|
|
184
209
|
def _convert(args)
|
185
210
|
return "" if args.empty?
|
186
211
|
return args if args.is_a? String
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
v
|
197
|
-
end
|
212
|
+
result = args.collect do |k, v|
|
213
|
+
case k.to_s
|
214
|
+
when "ref"
|
215
|
+
_{ Ref _resource_name(v) }
|
216
|
+
when /ref_(.*)/
|
217
|
+
_ref_pseudo($1)
|
218
|
+
else
|
219
|
+
v
|
220
|
+
end
|
198
221
|
end
|
199
|
-
(args.size == 1) ?
|
222
|
+
(args.size == 1) ? result.first : result
|
200
223
|
end
|
201
224
|
|
202
|
-
def
|
203
|
-
|
225
|
+
def _value(name, value, default = "*")
|
226
|
+
if value.key? "ref_#{name}".to_sym
|
227
|
+
{ ref_: value["ref_#{name}".to_sym] }
|
228
|
+
elsif value.key? "import_#{name}".to_sym
|
229
|
+
{ import_: value["import_#{name}".to_sym] }
|
230
|
+
else
|
231
|
+
value[name.to_sym] || default
|
232
|
+
end
|
204
233
|
end
|
205
234
|
|
206
235
|
arn_prefix = "arn:aws:#{service}"
|
236
|
+
resources =
|
237
|
+
if resource.is_a? String
|
238
|
+
[ { resource: resource } ]
|
239
|
+
elsif resource.is_a? Hash
|
240
|
+
[ resource ]
|
241
|
+
else
|
242
|
+
resource
|
243
|
+
end
|
244
|
+
|
207
245
|
case service
|
246
|
+
when "apigateway"
|
247
|
+
resources.each_with_index do |v, i|
|
248
|
+
resources[i][:account_id] = false
|
249
|
+
resources[i][:values] = [ _value("path", v) ]
|
250
|
+
end
|
251
|
+
|
252
|
+
when "execute-api"
|
253
|
+
resources.each_with_index do |v, i|
|
254
|
+
resources[i][:values] = [ _value("id", v), "/", _value("stage", v), "/",
|
255
|
+
_value("http", v), _value("path", v, "/*") ]
|
256
|
+
end
|
257
|
+
|
258
|
+
when "artifact"
|
259
|
+
resources.each_with_index do |v, i|
|
260
|
+
resources[i][:values] = [ "report-package/", _value("document", v), "/", _value("report", v) ]
|
261
|
+
end
|
262
|
+
|
263
|
+
when "autoscaling"
|
264
|
+
resources.each_with_index do |v, i|
|
265
|
+
type =
|
266
|
+
case v[:type]
|
267
|
+
when "policy"
|
268
|
+
"scalingPolicy"
|
269
|
+
else
|
270
|
+
"autoScalingGroup"
|
271
|
+
end
|
272
|
+
values = [ type, ":", _value("id", v), ":autoScalingGroupName/", _value("name", v) ]
|
273
|
+
values << _value("sub_name", v) if v[:type] == "policy"
|
274
|
+
resources[i][:values] = values
|
275
|
+
end
|
276
|
+
|
277
|
+
when "acm"
|
278
|
+
resources.each_with_index do |v, i|
|
279
|
+
resources[i][:values] = [ "certificate/", _value("id", v) ]
|
280
|
+
end
|
281
|
+
|
282
|
+
when "cloudformation"
|
283
|
+
resources.each_with_index do |v, i|
|
284
|
+
type =
|
285
|
+
if v[:type] == "change"
|
286
|
+
"changeSet"
|
287
|
+
else
|
288
|
+
"stack"
|
289
|
+
end
|
290
|
+
resources[i][:values] = [ type, "/", _value("name", v), "/", _value("id", v) ]
|
291
|
+
end
|
292
|
+
|
293
|
+
when "cloudsearch"
|
294
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "domain/", _value("name", v) ] }
|
295
|
+
|
296
|
+
when "cloudtrail"
|
297
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "trail/", _value("name", v) ] }
|
298
|
+
|
299
|
+
when "events"
|
300
|
+
resources.each_with_index do |v, i|
|
301
|
+
resources[i][:region] = "*"
|
302
|
+
resources[i][:account_id] = "*"
|
303
|
+
resources[i][:value] = "*"
|
304
|
+
end
|
305
|
+
|
306
|
+
when "codebuild"
|
307
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v, "project"), "/", _value("name", v) ] }
|
308
|
+
|
309
|
+
when "codecommit"
|
310
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("id", v) ] }
|
311
|
+
|
312
|
+
when "codedeploy"
|
313
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v), "/", _value("spec", v) ] }
|
314
|
+
|
315
|
+
when "cognito-idp"
|
316
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "userpool/", _value("id", v) ] }
|
317
|
+
|
318
|
+
when "cognito-identity"
|
319
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "identitypool/", _value("id", v) ] }
|
320
|
+
|
321
|
+
when "cognito-sync"
|
322
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "identitypool/", _value("id", v) ] }
|
323
|
+
|
324
|
+
when "config"
|
325
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "config-rule/", _value("name", v) ] }
|
326
|
+
|
327
|
+
when "codepipeline"
|
328
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("spec", v) ] }
|
329
|
+
|
330
|
+
when "codestar"
|
331
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("spec", v) ] }
|
332
|
+
|
333
|
+
when "directconnect"
|
334
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v), "/", _value("id", v) ] }
|
335
|
+
|
336
|
+
when "dynamodb"
|
337
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "table/", _value("name", v) ] }
|
338
|
+
|
339
|
+
when "ec2"
|
340
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v), "/", _value("id", v) ] }
|
341
|
+
|
342
|
+
when "ecr"
|
343
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "repository/", _value("name", v) ] }
|
344
|
+
|
345
|
+
when "ecs"
|
346
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v), "/", _value("name", v) ] }
|
347
|
+
|
348
|
+
when "elasticbeanstalk"
|
349
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v), "/", _value("name", v) ] }
|
350
|
+
|
351
|
+
when "elasticache"
|
352
|
+
resources.each_with_index do |v, i|
|
353
|
+
type = v[:type] || "cluster"
|
354
|
+
resources[i][:values] = [ type, ":", _value("name", v) ]
|
355
|
+
end
|
356
|
+
|
357
|
+
when "elasticfilesystem"
|
358
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "file-system/", _value("id", v) ] }
|
359
|
+
|
360
|
+
when "elasticloadbalancing"
|
361
|
+
resources.each_with_index do |v, i|
|
362
|
+
v[:type] = "loadbalancer" unless v.key? :type
|
363
|
+
type =
|
364
|
+
if v.key? :elb
|
365
|
+
v[:type]
|
366
|
+
else
|
367
|
+
if v[:type] == "targetgroup"
|
368
|
+
v[:type]
|
369
|
+
else
|
370
|
+
"#{v[:type]}/app"
|
371
|
+
end
|
372
|
+
end
|
373
|
+
values = [ type, "/", _value("name", v) ]
|
374
|
+
values << [ "/", _value("id", v) ] unless v.key? :elb
|
375
|
+
resources[i][:values] = values
|
376
|
+
end
|
377
|
+
|
378
|
+
when "elastictranscoder"
|
379
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("resource", v), "/", _value("id", v) ] }
|
380
|
+
|
381
|
+
when "es"
|
382
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "domain/", _value("name", v) ] }
|
383
|
+
|
384
|
+
when "firehose"
|
385
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "deliverystream/", _value("name", v) ] }
|
386
|
+
|
387
|
+
when "glacier"
|
388
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "valuts/", _value("name", v) ] }
|
389
|
+
|
390
|
+
when "health"
|
391
|
+
resources.each_with_index do |v, i|
|
392
|
+
type = v[:type] || "event"
|
393
|
+
resources[i][:account_id] = false if type == "event"
|
394
|
+
resources[i][:values] = [ type, "/", _value("id", v) ]
|
395
|
+
end
|
396
|
+
|
397
|
+
when "iam"
|
398
|
+
resources.each_with_index do |v, i|
|
399
|
+
resources[i][:region] = false
|
400
|
+
v[:name] =
|
401
|
+
if v.key? :type and v[:type] == "policy"
|
402
|
+
_iam_to_policy(v[:name])
|
403
|
+
else
|
404
|
+
v[:name]
|
405
|
+
end
|
406
|
+
if v.key? :type
|
407
|
+
resources[i][:values] = [ _value("type", v), "/", _value("name", v) ]
|
408
|
+
else
|
409
|
+
resources[i][:value] = "root"
|
410
|
+
end
|
411
|
+
end
|
412
|
+
|
413
|
+
when "iot"
|
414
|
+
resources.each_with_index do |v, i|
|
415
|
+
type = v[:type]
|
416
|
+
value_key =
|
417
|
+
if type == "cert"
|
418
|
+
"id"
|
419
|
+
else
|
420
|
+
"name"
|
421
|
+
end
|
422
|
+
resources[i][:values] = [ v[:type], "/", _value(value_key, v) ]
|
423
|
+
end
|
424
|
+
|
425
|
+
when "kinesis"
|
426
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "stream/", _value("name", v) ] }
|
427
|
+
|
428
|
+
when "kms"
|
429
|
+
resources.each_with_index do |v, i|
|
430
|
+
type = v[:type] || "key"
|
431
|
+
value_key =
|
432
|
+
if type == "key"
|
433
|
+
"id"
|
434
|
+
else
|
435
|
+
"alias"
|
436
|
+
end
|
437
|
+
resources[i][:values] = [ v[:type] || "key", "/", _value(value_key, v) ]
|
438
|
+
end
|
439
|
+
|
440
|
+
when "lambda"
|
441
|
+
resources.each_with_index do |v, i|
|
442
|
+
type = v[:type] || "function"
|
443
|
+
values = [ type, ":", _value("name", v) ]
|
444
|
+
values << [ ":", _value("alias", v) ] if v.key? :alias
|
445
|
+
values << [ ":", _value("id", v) ] if v.key? :id
|
446
|
+
resources[i][:values] = values
|
447
|
+
end
|
448
|
+
|
449
|
+
when "logs"
|
450
|
+
resources.each_with_index do |v, i|
|
451
|
+
resources[i][:region] = v[:region] if v.key? :region
|
452
|
+
resources[i][:values] = [ _value("type", v), ':', _value("name", v) ]
|
453
|
+
resources[i][:values] += [ ':', 'log-stream', ':', _value("stream", v) ] if v.key? :stream
|
454
|
+
end
|
455
|
+
|
456
|
+
when "machinelearning"
|
457
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v), "/", _value("id", v) ] }
|
458
|
+
|
459
|
+
when "mobilehub"
|
460
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "project/", _value("id", v) ] }
|
461
|
+
|
462
|
+
when "mobiletargeting"
|
463
|
+
resources.each_with_index do |v, i|
|
464
|
+
resources[i][:region] = AWS_REGION[:virginia]
|
465
|
+
resources[i][:values] = (v.key? :reports) ? [ 'reports' ] : [ 'apps', '/', _value("app", v) ]
|
466
|
+
resources[i][:values] += [ '/', 'campaigns', '/', _value("campaigns", v) ] if v.key? :campaigns
|
467
|
+
resources[i][:values] += [ '/', 'segments', '/', _value("segments", v) ] if v.key? :segments
|
468
|
+
end
|
469
|
+
|
470
|
+
when "organizations"
|
471
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v), "/", _value("id", v) ] }
|
472
|
+
|
473
|
+
when "polly"
|
474
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ "lexicon/", _value("name", v) ] }
|
475
|
+
|
476
|
+
when "redshift", "rds"
|
477
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v), "/", _value("name", v) ] }
|
478
|
+
|
479
|
+
when "route53"
|
480
|
+
resources.each_with_index do |v, i|
|
481
|
+
resources[i][:account_id] = false
|
482
|
+
resources[i][:region] = false
|
483
|
+
resources[i][:values] = [ _value("type", v), "/", _value("id", v) ]
|
484
|
+
end
|
485
|
+
|
208
486
|
when "s3"
|
209
487
|
arn_prefix_s3 = "#{arn_prefix}:::"
|
210
488
|
if resource.is_a? String
|
211
|
-
"#{arn_prefix_s3}#{resource}"
|
489
|
+
return "#{arn_prefix_s3}#{resource}"
|
212
490
|
|
213
491
|
elsif resource.is_a? Hash
|
214
|
-
_join([ arn_prefix_s3, _convert(resource) ], "")
|
492
|
+
return _join([ arn_prefix_s3, _convert(resource) ], "")
|
215
493
|
|
216
494
|
else
|
217
|
-
|
218
|
-
|
495
|
+
s3, s3_map = [], []
|
496
|
+
resources.each_with_index do |v, i|
|
219
497
|
if v.is_a? String
|
220
|
-
|
498
|
+
s3 << v
|
221
499
|
elsif v.is_a? Hash
|
222
|
-
|
500
|
+
s3 << _convert(v)
|
223
501
|
else
|
224
502
|
tmp = [ arn_prefix_s3 ]
|
225
503
|
tmp += v.collect{|vv| _convert(vv) }
|
226
|
-
|
504
|
+
s3_map << _{ Fn__Join "", tmp }
|
227
505
|
end
|
228
506
|
end
|
229
|
-
return
|
507
|
+
return s3_map unless s3_map.empty?
|
230
508
|
|
231
|
-
if
|
232
|
-
|
509
|
+
if s3.select{|v| v.is_a? Hash }.empty?
|
510
|
+
return s3.collect{|v| "#{arn_prefix_s3}#{v}" }
|
233
511
|
else
|
234
|
-
_join(
|
512
|
+
return _join(s3.insert(0, arn_prefix_s3), "")
|
235
513
|
end
|
236
514
|
end
|
237
515
|
|
238
|
-
when "
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
516
|
+
when "ses"
|
517
|
+
resources.each_with_index{|v| resources[i][:value] = v }
|
518
|
+
|
519
|
+
when "sns"
|
520
|
+
resources.each_with_index do |v, i|
|
521
|
+
values = [ _value("name", v) ]
|
522
|
+
values << [ ":", _value("id", v) ] if v.key? :id
|
523
|
+
resources[i][:values] = values
|
245
524
|
end
|
246
525
|
|
247
|
-
when "
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
526
|
+
when "ssm"
|
527
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v), "/", _value("id", v) ] }
|
528
|
+
|
529
|
+
when "sqs"
|
530
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("name", v) ] }
|
531
|
+
|
532
|
+
when "states"
|
533
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v), ":", _value("name", v) ] }
|
534
|
+
|
535
|
+
when "storagegateway"
|
536
|
+
resources.each_with_index{|v, i| resources[i][:values] = [ _value("type", v), "/", _value("name", v) ] }
|
537
|
+
|
538
|
+
when "sts"
|
539
|
+
resources.each_with_index do |v, i|
|
540
|
+
resources[i][:region] = false
|
541
|
+
resources[i][:value] =
|
542
|
+
if v.key? :type
|
543
|
+
"#{v[:type]}/#{v[:name]}"
|
544
|
+
else
|
545
|
+
"root"
|
546
|
+
end
|
261
547
|
end
|
262
|
-
_convert_resource(resource)
|
263
548
|
|
264
|
-
when "
|
265
|
-
|
266
|
-
|
267
|
-
|
549
|
+
when "trustedadvisor"
|
550
|
+
resources.each_with_index do |v, i|
|
551
|
+
resources[i][:region] = false
|
552
|
+
resources[i][:values] = [ "checks/", _value("code", v), "/", _value("id", v) ]
|
553
|
+
end
|
268
554
|
|
269
|
-
when "
|
270
|
-
|
555
|
+
when "waf"
|
556
|
+
resources.each_with_index do |v, i|
|
557
|
+
resources[i][:region] = false
|
558
|
+
resources[i][:values] = [ _value("type", v), "/", _value("id", v) ]
|
559
|
+
end
|
560
|
+
end
|
271
561
|
|
272
|
-
|
273
|
-
|
274
|
-
resource.collect!{|v| "#{arn_prefix}:#{v[:region]}:#{v[:account_id]}:#{v[:type]}/#{v[:name]}" }
|
275
|
-
_convert_resource(resource)
|
562
|
+
_iam_arn_resource(arn_prefix, resources)
|
563
|
+
end
|
276
564
|
|
277
|
-
|
278
|
-
|
279
|
-
|
280
|
-
|
281
|
-
|
565
|
+
def _iam_arn_resource(prefix, resource)
|
566
|
+
def _arn(arn, value)
|
567
|
+
"#{arn}#{value}".include?("${") ? _sub("#{arn}#{value}") : "#{arn}#{value}"
|
568
|
+
end
|
569
|
+
|
570
|
+
resources =
|
571
|
+
if resource.is_a? String or resource.is_a? Hash
|
572
|
+
[ resource ]
|
573
|
+
else
|
574
|
+
resource
|
282
575
|
end
|
283
|
-
|
576
|
+
result = resources.collect do |v|
|
577
|
+
region =
|
578
|
+
if v.is_a? Hash and v.key? :region
|
579
|
+
v[:region]
|
580
|
+
else
|
581
|
+
_var_pseudo("region")
|
582
|
+
end
|
583
|
+
account =
|
584
|
+
if v.is_a? Hash and v.key? :account_id
|
585
|
+
v[:account_id]
|
586
|
+
else
|
587
|
+
_var_pseudo("account_id")
|
588
|
+
end
|
589
|
+
arn =
|
590
|
+
if account == false
|
591
|
+
"#{prefix}:#{region}::"
|
592
|
+
elsif region == false
|
593
|
+
"#{prefix}::#{account}:"
|
594
|
+
else
|
595
|
+
"#{prefix}:#{region}:#{account}:"
|
596
|
+
end
|
284
597
|
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
598
|
+
if v.is_a? String
|
599
|
+
_arn(arn, v)
|
600
|
+
else
|
601
|
+
if v.key? :value
|
602
|
+
_arn(arn, v[:value])
|
603
|
+
else
|
604
|
+
values = v[:values] || []
|
605
|
+
if values.empty?
|
606
|
+
_arn(arn, "*:*")
|
607
|
+
else
|
608
|
+
if values.select{|vv| vv.is_a? Hash }.empty?
|
609
|
+
_arn(arn, values.join(""))
|
610
|
+
else
|
611
|
+
values.collect!{|vv| (vv.is_a? String) ? vv : _ref_string("", vv) }
|
612
|
+
_join([ _arn(arn, ""), values ].flatten, "")
|
613
|
+
end
|
614
|
+
end
|
615
|
+
end
|
616
|
+
end
|
289
617
|
end
|
618
|
+
(result.length == 1) ? result.first : result
|
290
619
|
end
|
291
620
|
|
292
621
|
def _iam_login_profile(args)
|
@@ -300,11 +629,92 @@ def _iam_login_profile(args)
|
|
300
629
|
end
|
301
630
|
|
302
631
|
def _iam_managed_policies(args)
|
303
|
-
|
632
|
+
(args[:managed_policies] || []).collect do |v|
|
633
|
+
_iam_arn("iam", { account_id: "aws", type: "policy", name: v })
|
634
|
+
end
|
635
|
+
end
|
636
|
+
|
637
|
+
def _iam_policy_conditions(args)
|
638
|
+
args = [ args ] if args.is_a? Hash
|
639
|
+
|
640
|
+
conditions = {}
|
641
|
+
args.each do |v|
|
642
|
+
case v
|
643
|
+
when 's3 bucket owner full control'
|
644
|
+
v = _iam_to_condition_s3_bucket_owner_full_control
|
645
|
+
end if v.is_a? String
|
304
646
|
|
305
|
-
|
306
|
-
|
307
|
-
|
647
|
+
v.each_pair do |kk, vv|
|
648
|
+
operator =
|
649
|
+
case kk.to_s
|
650
|
+
when '='
|
651
|
+
'Equals'
|
652
|
+
when '!='
|
653
|
+
'NotEquals'
|
654
|
+
when '=='
|
655
|
+
'EqualsIgnoreCase'
|
656
|
+
when '!=='
|
657
|
+
'NotEqualsIgnoreCase'
|
658
|
+
when '=~'
|
659
|
+
'Like'
|
660
|
+
when '!~'
|
661
|
+
'NotLike'
|
662
|
+
when '<'
|
663
|
+
'LessThan'
|
664
|
+
when '<='
|
665
|
+
'LessThanEquals'
|
666
|
+
when '>'
|
667
|
+
'GreaterThan'
|
668
|
+
when '>='
|
669
|
+
'GreaterThanEquals'
|
670
|
+
end
|
671
|
+
type =
|
672
|
+
if vv.key? :type
|
673
|
+
case vv[:type]
|
674
|
+
when /str/
|
675
|
+
'String'
|
676
|
+
when /int/
|
677
|
+
'Numeric'
|
678
|
+
when /date/
|
679
|
+
'Date'
|
680
|
+
when /bool/
|
681
|
+
'Bool'
|
682
|
+
when /bin/
|
683
|
+
'Binary'
|
684
|
+
when /ip/
|
685
|
+
'IpAddress'
|
686
|
+
when /noip/
|
687
|
+
'NotIpAddress'
|
688
|
+
when /arn/
|
689
|
+
'Arn'
|
690
|
+
when /null/, /nil/
|
691
|
+
'Null'
|
692
|
+
else
|
693
|
+
'String'
|
694
|
+
end
|
695
|
+
else
|
696
|
+
'String'
|
697
|
+
end
|
698
|
+
vv.delete(:type) if vv.key? :type
|
699
|
+
operator = '' if type =~ /(Ip|Null)/
|
700
|
+
if vv.key? :exists
|
701
|
+
exists = 'IfExists'
|
702
|
+
vv.delete(:exists)
|
703
|
+
end
|
704
|
+
value = {}
|
705
|
+
vv.each_pair do |kkk, vvv|
|
706
|
+
if vvv.is_a? Integer
|
707
|
+
type = 'Numeric'
|
708
|
+
vvv = vvv.to_s
|
709
|
+
elsif vvv.is_a? TrueClass or vvv.is_a? FalseClass
|
710
|
+
type = 'Bool'
|
711
|
+
operator = ''
|
712
|
+
vvv = vvv.to_s
|
713
|
+
end
|
714
|
+
value[kkk.to_s] = vvv
|
715
|
+
end
|
716
|
+
conditions["#{type}#{operator}#{exists}"] = value
|
717
|
+
end
|
308
718
|
end
|
309
|
-
|
719
|
+
conditions
|
310
720
|
end
|