kumogata-template 0.0.24 → 0.0.25
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/kumogata/template/ecr.rb +1 -0
- data/lib/kumogata/template/iam.rb +41 -2
- data/lib/kumogata/template/version.rb +1 -1
- data/test/iam_test.rb +100 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e68d851f205814db46daa78d9f8de23d90daed76
|
4
|
+
data.tar.gz: 48272c915961e88257895459d16a76a7831f2403
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6596787ad06441fcec1780d68e3aa9dc50403e8c579f6485dd658fc258e65b62ea3ed7cf2c7155007e3a05288ec2d418b5afb1afb534d326084e1115c0ce6988
|
7
|
+
data.tar.gz: 50bb3f63b35bad4356cefac50b15873561ea7a668220345db3739df3064c146ced30929593bd0ddd7fe263febd2bd1f77f385b3f5676cadec5a9f68d9899808f
|
@@ -16,6 +16,41 @@ def _iam_to_policy(value)
|
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
19
|
+
def _iam_to_policy_condition_operator(value)
|
20
|
+
case value
|
21
|
+
when "=", "eq"
|
22
|
+
value = "string equals"
|
23
|
+
when "!=", "ne"
|
24
|
+
value = "string not equals"
|
25
|
+
end
|
26
|
+
|
27
|
+
if value.include? " "
|
28
|
+
value.split(" ").map(&:capitalize).join("")
|
29
|
+
else
|
30
|
+
value
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
def _iam_to_policy_condition(args)
|
35
|
+
condition = {}
|
36
|
+
args.each_pair do |k, v|
|
37
|
+
key = _iam_to_policy_condition_operator(k.to_s)
|
38
|
+
value = {}
|
39
|
+
last_key = nil
|
40
|
+
v.each do |vv|
|
41
|
+
if value.key? last_key
|
42
|
+
value[last_key] = vv
|
43
|
+
else
|
44
|
+
value[vv] = nil
|
45
|
+
last_key = vv
|
46
|
+
end
|
47
|
+
end
|
48
|
+
condition[key] = value
|
49
|
+
end
|
50
|
+
|
51
|
+
condition
|
52
|
+
end
|
53
|
+
|
19
54
|
def _iam_policies(name, args)
|
20
55
|
array = []
|
21
56
|
policies = args[name.to_sym] || []
|
@@ -37,22 +72,26 @@ def _iam_policy_document(name, args)
|
|
37
72
|
action = v[:action] || [ "*" ]
|
38
73
|
next if service.empty? or action.empty?
|
39
74
|
|
40
|
-
actions = action.collect{|
|
75
|
+
actions = action.collect{|vv| "#{service}:#{vv}" }
|
41
76
|
if v.key? :resource
|
42
77
|
if v[:resource].is_a? String
|
43
78
|
resource = _iam_arn(service, v[:resource])
|
44
79
|
else
|
45
|
-
resource = v[:resource].collect{|
|
80
|
+
resource = v[:resource].collect{|vv| _iam_arn(service, vv) }
|
46
81
|
end
|
47
82
|
else
|
48
83
|
resource = [ "*" ]
|
49
84
|
end
|
50
85
|
|
51
86
|
array << _{
|
87
|
+
Sid v[:sid] if v.key :sid
|
52
88
|
Effect v[:effect] || "Allow"
|
89
|
+
NotAction no_action v[:no_action] if v.key? :no_action
|
53
90
|
Action actions
|
54
91
|
Resource resource unless v.key? :no_resource
|
55
92
|
Principal v[:principal] if v.key? :principal
|
93
|
+
NotPrincipal v[:not_principal] if v.key? :not_principal
|
94
|
+
Condition _iam_to_policy_condition(v[:condition]) if v.key? :condition
|
56
95
|
}
|
57
96
|
end
|
58
97
|
array
|
@@ -1 +1 @@
|
|
1
|
-
KUMOGATA_TEMPLATE_VERSION = '0.0.
|
1
|
+
KUMOGATA_TEMPLATE_VERSION = '0.0.25'
|
data/test/iam_test.rb
CHANGED
@@ -2,6 +2,57 @@ require 'abstract_unit'
|
|
2
2
|
require 'kumogata/template/iam'
|
3
3
|
|
4
4
|
class IamTest < Minitest::Test
|
5
|
+
def test_iam_to_policy_condition
|
6
|
+
template = <<-EOS
|
7
|
+
condition = { "=": [ "s3:x-amz-acl", "bucket-owner-full-control" ] }
|
8
|
+
Test _iam_to_policy_condition(condition)
|
9
|
+
EOS
|
10
|
+
act_template = run_client_as_json(template)
|
11
|
+
exp_template = <<-EOS
|
12
|
+
{
|
13
|
+
"Test": {
|
14
|
+
"StringEquals": {
|
15
|
+
"s3:x-amz-acl": "bucket-owner-full-control"
|
16
|
+
}
|
17
|
+
}
|
18
|
+
}
|
19
|
+
EOS
|
20
|
+
assert_equal exp_template.chomp, act_template
|
21
|
+
|
22
|
+
template = <<-EOS
|
23
|
+
condition = {
|
24
|
+
"=": [ "aws:UserAgent", "Example Corp Java Client" ],
|
25
|
+
"date greater than": [ "aws:CurrentTime", "2013-08-16T12:00:00Z" ],
|
26
|
+
"numeric less than equals": [ "s3:max-keys", "10" ],
|
27
|
+
"ip address": [ "aws:SourceIp", ["192.0.2.0/24", "203.0.113.0/24"] ],
|
28
|
+
}
|
29
|
+
Test _iam_to_policy_condition(condition)
|
30
|
+
EOS
|
31
|
+
act_template = run_client_as_json(template)
|
32
|
+
exp_template = <<-EOS
|
33
|
+
{
|
34
|
+
"Test": {
|
35
|
+
"StringEquals": {
|
36
|
+
"aws:UserAgent": "Example Corp Java Client"
|
37
|
+
},
|
38
|
+
"DateGreaterThan": {
|
39
|
+
"aws:CurrentTime": "2013-08-16T12:00:00Z"
|
40
|
+
},
|
41
|
+
"NumericLessThanEquals": {
|
42
|
+
"s3:max-keys": "10"
|
43
|
+
},
|
44
|
+
"IpAddress": {
|
45
|
+
"aws:SourceIp": [
|
46
|
+
"192.0.2.0/24",
|
47
|
+
"203.0.113.0/24"
|
48
|
+
]
|
49
|
+
}
|
50
|
+
}
|
51
|
+
}
|
52
|
+
EOS
|
53
|
+
assert_equal exp_template.chomp, act_template
|
54
|
+
end
|
55
|
+
|
5
56
|
def test_iam_policies
|
6
57
|
template = <<-EOS
|
7
58
|
Policies _iam_policies "test", test: [ { document: [ { service: "s3" } ] } ]
|
@@ -51,6 +102,55 @@ PolicyDocument _iam_policy_document "test", test: [ { service: "s3" } ]
|
|
51
102
|
}
|
52
103
|
EOS
|
53
104
|
assert_equal exp_template.chomp, act_template
|
105
|
+
|
106
|
+
template = <<-EOS
|
107
|
+
PolicyDocument _iam_policy_document "test", test: [ { service: "s3", sid: "test" } ]
|
108
|
+
EOS
|
109
|
+
act_template = run_client_as_json(template)
|
110
|
+
exp_template = <<-EOS
|
111
|
+
{
|
112
|
+
"PolicyDocument": [
|
113
|
+
{
|
114
|
+
"Effect": "Allow",
|
115
|
+
"Action": [
|
116
|
+
"s3:*"
|
117
|
+
],
|
118
|
+
"Resource": [
|
119
|
+
"*"
|
120
|
+
]
|
121
|
+
}
|
122
|
+
]
|
123
|
+
}
|
124
|
+
EOS
|
125
|
+
assert_equal exp_template.chomp, act_template
|
126
|
+
|
127
|
+
template = <<-EOS
|
128
|
+
condition = { "=": [ "s3:x-amz-acl", "bucket-owner-full-control" ] }
|
129
|
+
PolicyDocument _iam_policy_document "test", test: [ { service: "s3", sid: "test", condition: condition } ]
|
130
|
+
EOS
|
131
|
+
act_template = run_client_as_json(template)
|
132
|
+
exp_template = <<-EOS
|
133
|
+
{
|
134
|
+
"PolicyDocument": [
|
135
|
+
{
|
136
|
+
"Effect": "Allow",
|
137
|
+
"Action": [
|
138
|
+
"s3:*"
|
139
|
+
],
|
140
|
+
"Resource": [
|
141
|
+
"*"
|
142
|
+
],
|
143
|
+
"Condition": {
|
144
|
+
"StringEquals": {
|
145
|
+
"s3:x-amz-acl": "bucket-owner-full-control"
|
146
|
+
}
|
147
|
+
}
|
148
|
+
}
|
149
|
+
]
|
150
|
+
}
|
151
|
+
EOS
|
152
|
+
assert_equal exp_template.chomp, act_template
|
153
|
+
|
54
154
|
end
|
55
155
|
|
56
156
|
def test_iam_assume_role_policy_document
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kumogata-template
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.25
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Naoya Nakazawa
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-05-
|
11
|
+
date: 2017-05-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|