lucid-cumulus 0.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/.gitignore +3 -0
- data/.travis.yml +11 -0
- data/Gemfile +4 -0
- data/Gemfile.lock +29 -0
- data/LICENSE +202 -0
- data/README.md +41 -0
- data/autocomplete +137 -0
- data/bin/cumulus +658 -0
- data/cumulus +2 -0
- data/lib/autoscaling/AutoScaling.rb +40 -0
- data/lib/autoscaling/loader/Loader.rb +56 -0
- data/lib/autoscaling/manager/Manager.rb +360 -0
- data/lib/autoscaling/models/AlarmConfig.rb +165 -0
- data/lib/autoscaling/models/AlarmDiff.rb +172 -0
- data/lib/autoscaling/models/AutoScalingDiff.rb +178 -0
- data/lib/autoscaling/models/GroupConfig.rb +330 -0
- data/lib/autoscaling/models/PolicyConfig.rb +135 -0
- data/lib/autoscaling/models/PolicyDiff.rb +73 -0
- data/lib/autoscaling/models/ScheduledActionDiff.rb +53 -0
- data/lib/autoscaling/models/ScheduledConfig.rb +96 -0
- data/lib/aws_extensions/ec2/DhcpOptions.rb +41 -0
- data/lib/aws_extensions/ec2/Instance.rb +29 -0
- data/lib/aws_extensions/ec2/NetworkAcl.rb +25 -0
- data/lib/aws_extensions/ec2/NetworkInterface.rb +14 -0
- data/lib/aws_extensions/ec2/RouteTable.rb +26 -0
- data/lib/aws_extensions/ec2/SecurityGroup.rb +16 -0
- data/lib/aws_extensions/ec2/Subnet.rb +28 -0
- data/lib/aws_extensions/ec2/Volume.rb +24 -0
- data/lib/aws_extensions/ec2/Vpc.rb +14 -0
- data/lib/aws_extensions/ec2/VpcEndpoint.rb +11 -0
- data/lib/aws_extensions/elb/BackendServerDescription.rb +12 -0
- data/lib/aws_extensions/elb/PolicyDescription.rb +14 -0
- data/lib/aws_extensions/kinesis/StreamDescription.rb +12 -0
- data/lib/aws_extensions/route53/AliasTarget.rb +21 -0
- data/lib/aws_extensions/s3/Bucket.rb +33 -0
- data/lib/aws_extensions/s3/BucketAcl.rb +28 -0
- data/lib/aws_extensions/s3/BucketCors.rb +17 -0
- data/lib/aws_extensions/s3/BucketLifecycle.rb +21 -0
- data/lib/aws_extensions/s3/BucketLogging.rb +18 -0
- data/lib/aws_extensions/s3/BucketNotification.rb +23 -0
- data/lib/aws_extensions/s3/BucketPolicy.rb +18 -0
- data/lib/aws_extensions/s3/BucketTagging.rb +15 -0
- data/lib/aws_extensions/s3/BucketVersioning.rb +14 -0
- data/lib/aws_extensions/s3/BucketWebsite.rb +49 -0
- data/lib/aws_extensions/s3/CORSRule.rb +27 -0
- data/lib/aws_extensions/s3/ReplicationConfiguration.rb +22 -0
- data/lib/cloudfront/CloudFront.rb +83 -0
- data/lib/cloudfront/loader/Loader.rb +31 -0
- data/lib/cloudfront/manager/Manager.rb +183 -0
- data/lib/cloudfront/models/CacheBehaviorConfig.rb +237 -0
- data/lib/cloudfront/models/CacheBehaviorDiff.rb +211 -0
- data/lib/cloudfront/models/CustomOriginConfig.rb +51 -0
- data/lib/cloudfront/models/CustomOriginDiff.rb +74 -0
- data/lib/cloudfront/models/DistributionConfig.rb +183 -0
- data/lib/cloudfront/models/DistributionDiff.rb +131 -0
- data/lib/cloudfront/models/InvalidationConfig.rb +37 -0
- data/lib/cloudfront/models/OriginConfig.rb +144 -0
- data/lib/cloudfront/models/OriginDiff.rb +86 -0
- data/lib/cloudfront/models/OriginSslProtocols.rb +28 -0
- data/lib/cloudfront/models/OriginSslProtocolsDiff.rb +39 -0
- data/lib/common/BaseLoader.rb +80 -0
- data/lib/common/manager/Manager.rb +148 -0
- data/lib/common/models/Diff.rb +114 -0
- data/lib/common/models/ListChange.rb +21 -0
- data/lib/common/models/TagsDiff.rb +55 -0
- data/lib/common/models/UTCTimeSource.rb +17 -0
- data/lib/conf/Configuration.rb +365 -0
- data/lib/ec2/EC2.rb +503 -0
- data/lib/ec2/IPProtocolMapping.rb +165 -0
- data/lib/ec2/loaders/EbsLoader.rb +19 -0
- data/lib/ec2/loaders/InstanceLoader.rb +32 -0
- data/lib/ec2/managers/EbsManager.rb +176 -0
- data/lib/ec2/managers/InstanceManager.rb +509 -0
- data/lib/ec2/models/EbsGroupConfig.rb +133 -0
- data/lib/ec2/models/EbsGroupDiff.rb +48 -0
- data/lib/ec2/models/InstanceConfig.rb +202 -0
- data/lib/ec2/models/InstanceDiff.rb +95 -0
- data/lib/elb/ELB.rb +148 -0
- data/lib/elb/loader/Loader.rb +65 -0
- data/lib/elb/manager/Manager.rb +581 -0
- data/lib/elb/models/AccessLogConfig.rb +82 -0
- data/lib/elb/models/AccessLogDiff.rb +47 -0
- data/lib/elb/models/HealthCheckConfig.rb +91 -0
- data/lib/elb/models/HealthCheckDiff.rb +50 -0
- data/lib/elb/models/ListenerConfig.rb +99 -0
- data/lib/elb/models/ListenerDiff.rb +91 -0
- data/lib/elb/models/LoadBalancerConfig.rb +239 -0
- data/lib/elb/models/LoadBalancerDiff.rb +265 -0
- data/lib/iam/IAM.rb +36 -0
- data/lib/iam/loader/Loader.rb +117 -0
- data/lib/iam/manager/IamGroups.rb +98 -0
- data/lib/iam/manager/IamResource.rb +288 -0
- data/lib/iam/manager/IamRoles.rb +112 -0
- data/lib/iam/manager/IamUsers.rb +54 -0
- data/lib/iam/manager/Manager.rb +29 -0
- data/lib/iam/migration/AssumeRoleUnifier.rb +34 -0
- data/lib/iam/migration/PolicyUnifier.rb +90 -0
- data/lib/iam/models/GroupConfig.rb +40 -0
- data/lib/iam/models/IamDiff.rb +132 -0
- data/lib/iam/models/PolicyConfig.rb +67 -0
- data/lib/iam/models/ResourceWithPolicy.rb +208 -0
- data/lib/iam/models/RoleConfig.rb +53 -0
- data/lib/iam/models/StatementConfig.rb +35 -0
- data/lib/iam/models/UserConfig.rb +21 -0
- data/lib/kinesis/Kinesis.rb +94 -0
- data/lib/kinesis/loader/Loader.rb +19 -0
- data/lib/kinesis/manager/Manager.rb +206 -0
- data/lib/kinesis/models/StreamConfig.rb +75 -0
- data/lib/kinesis/models/StreamDiff.rb +58 -0
- data/lib/lambda/Lambda.rb +41 -0
- data/lib/route53/loader/Loader.rb +32 -0
- data/lib/route53/manager/Manager.rb +241 -0
- data/lib/route53/models/AliasTarget.rb +86 -0
- data/lib/route53/models/RecordConfig.rb +178 -0
- data/lib/route53/models/RecordDiff.rb +140 -0
- data/lib/route53/models/Vpc.rb +24 -0
- data/lib/route53/models/ZoneConfig.rb +156 -0
- data/lib/route53/models/ZoneDiff.rb +118 -0
- data/lib/s3/S3.rb +89 -0
- data/lib/s3/loader/Loader.rb +66 -0
- data/lib/s3/manager/Manager.rb +296 -0
- data/lib/s3/models/BucketConfig.rb +321 -0
- data/lib/s3/models/BucketDiff.rb +167 -0
- data/lib/s3/models/GrantConfig.rb +189 -0
- data/lib/s3/models/GrantDiff.rb +50 -0
- data/lib/s3/models/LifecycleConfig.rb +142 -0
- data/lib/s3/models/LifecycleDiff.rb +46 -0
- data/lib/s3/models/LoggingConfig.rb +81 -0
- data/lib/s3/models/NotificationConfig.rb +157 -0
- data/lib/s3/models/NotificationDiff.rb +62 -0
- data/lib/s3/models/ReplicationConfig.rb +133 -0
- data/lib/s3/models/ReplicationDiff.rb +60 -0
- data/lib/s3/models/WebsiteConfig.rb +107 -0
- data/lib/security/SecurityGroups.rb +39 -0
- data/lib/security/loader/Loader.rb +94 -0
- data/lib/security/manager/Manager.rb +246 -0
- data/lib/security/models/RuleConfig.rb +161 -0
- data/lib/security/models/RuleDiff.rb +72 -0
- data/lib/security/models/RuleMigration.rb +127 -0
- data/lib/security/models/SecurityGroupConfig.rb +172 -0
- data/lib/security/models/SecurityGroupDiff.rb +112 -0
- data/lib/sns/SNS.rb +40 -0
- data/lib/sqs/SQS.rb +62 -0
- data/lib/sqs/loader/Loader.rb +34 -0
- data/lib/sqs/manager/Manager.rb +128 -0
- data/lib/sqs/models/DeadLetterConfig.rb +70 -0
- data/lib/sqs/models/DeadLetterDiff.rb +35 -0
- data/lib/sqs/models/QueueConfig.rb +115 -0
- data/lib/sqs/models/QueueDiff.rb +89 -0
- data/lib/util/Colors.rb +111 -0
- data/lib/util/StatusCodes.rb +51 -0
- data/lib/vpc/loader/Loader.rb +73 -0
- data/lib/vpc/manager/Manager.rb +954 -0
- data/lib/vpc/models/AclEntryConfig.rb +150 -0
- data/lib/vpc/models/AclEntryDiff.rb +54 -0
- data/lib/vpc/models/DhcpConfig.rb +100 -0
- data/lib/vpc/models/DhcpDiff.rb +90 -0
- data/lib/vpc/models/EndpointConfig.rb +76 -0
- data/lib/vpc/models/EndpointDiff.rb +69 -0
- data/lib/vpc/models/NetworkAclConfig.rb +87 -0
- data/lib/vpc/models/NetworkAclDiff.rb +116 -0
- data/lib/vpc/models/RouteConfig.rb +82 -0
- data/lib/vpc/models/RouteDiff.rb +50 -0
- data/lib/vpc/models/RouteTableConfig.rb +92 -0
- data/lib/vpc/models/RouteTableDiff.rb +101 -0
- data/lib/vpc/models/SubnetConfig.rb +113 -0
- data/lib/vpc/models/SubnetDiff.rb +78 -0
- data/lib/vpc/models/VpcConfig.rb +173 -0
- data/lib/vpc/models/VpcDiff.rb +315 -0
- data/lucid-cumulus.gemspec +20 -0
- data/rakefile.rb +8 -0
- metadata +245 -0
@@ -0,0 +1,67 @@
|
|
1
|
+
require "conf/Configuration"
|
2
|
+
|
3
|
+
require "json"
|
4
|
+
|
5
|
+
module Cumulus
|
6
|
+
module IAM
|
7
|
+
# Public: Represents a policy in AWS. Contains StatementConfig objects that
|
8
|
+
# define the things this policy allows.
|
9
|
+
class PolicyConfig
|
10
|
+
|
11
|
+
attr_accessor :name
|
12
|
+
|
13
|
+
# Public: Constructor. Will be created with no statements.
|
14
|
+
def initialize
|
15
|
+
@version = Configuration.instance.iam.policy_version
|
16
|
+
@statements = []
|
17
|
+
end
|
18
|
+
|
19
|
+
# Public: Add a StatementConfig object to the statements in this PolicyConfig
|
20
|
+
#
|
21
|
+
# statement - the StatementConfig object to add to this PolicyConfig
|
22
|
+
def add_statement(statement)
|
23
|
+
@statements.push(statement)
|
24
|
+
end
|
25
|
+
|
26
|
+
# Public: Determine if this policy is empty. It is considered empty if there
|
27
|
+
# are no statements.
|
28
|
+
#
|
29
|
+
# Returns true if empty, false if not
|
30
|
+
def empty?
|
31
|
+
@statements.empty?
|
32
|
+
end
|
33
|
+
|
34
|
+
# Public: Create a JSON string representing this PolicyConfig which can be
|
35
|
+
# used by AWS IAMs.
|
36
|
+
#
|
37
|
+
# Returns the String JSON representation
|
38
|
+
def as_json
|
39
|
+
as_hash.to_json
|
40
|
+
end
|
41
|
+
|
42
|
+
# Public: Create a pretty JSON string representing this PolicyConfig which can
|
43
|
+
# be used by AWS IAMs.
|
44
|
+
#
|
45
|
+
# Returns the String JSON representation (pretty printed)
|
46
|
+
def as_pretty_json
|
47
|
+
JSON.pretty_generate(as_hash)
|
48
|
+
end
|
49
|
+
|
50
|
+
# Public: Create a Hash that contains the data in this PolicyConfig which will
|
51
|
+
# conform to the AWS IAM format when converted to JSON
|
52
|
+
#
|
53
|
+
# Returns a Hash representing this PolicyConfig
|
54
|
+
def as_hash
|
55
|
+
statements = @statements.map do |statement|
|
56
|
+
statement.as_hash
|
57
|
+
end
|
58
|
+
|
59
|
+
{
|
60
|
+
"Version" => @version,
|
61
|
+
"Statement" => statements
|
62
|
+
}
|
63
|
+
end
|
64
|
+
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
@@ -0,0 +1,208 @@
|
|
1
|
+
require "conf/Configuration"
|
2
|
+
require "iam/loader/Loader"
|
3
|
+
require "iam/models/IamDiff"
|
4
|
+
require "iam/models/PolicyConfig"
|
5
|
+
require "iam/models/StatementConfig"
|
6
|
+
require "util/Colors"
|
7
|
+
|
8
|
+
require "json"
|
9
|
+
|
10
|
+
module Cumulus
|
11
|
+
module IAM
|
12
|
+
# Public: Represents a configuration for a resource that has attached policies.
|
13
|
+
# Lazily loads its static and template policies as needed. Is the base class for
|
14
|
+
# groups, roles, and users.
|
15
|
+
#
|
16
|
+
# Additionally, exposes a constructor that takes no parameters. This parameter
|
17
|
+
# essentially creates an "empty resource", which can then be filled and json
|
18
|
+
# configuration can be generated from the object. This is useful when migrating.
|
19
|
+
class ResourceWithPolicy
|
20
|
+
|
21
|
+
attr_accessor :attached_policies
|
22
|
+
attr_accessor :name
|
23
|
+
attr_reader :inlines
|
24
|
+
attr_reader :statics
|
25
|
+
attr_reader :type
|
26
|
+
|
27
|
+
# Public: Constructor.
|
28
|
+
#
|
29
|
+
# name - the name of the resource
|
30
|
+
# json - a hash containing JSON configuration for this resource, if nil, this
|
31
|
+
# resource will be an "empty resource"
|
32
|
+
def initialize(name = nil, json = nil)
|
33
|
+
if !json.nil?
|
34
|
+
@name = name
|
35
|
+
@json = json
|
36
|
+
@attached_policies = json["policies"]["attached"]
|
37
|
+
@statics = json["policies"]["static"]
|
38
|
+
@templates = json["policies"]["templates"]
|
39
|
+
@inlines = json["policies"]["inlines"]
|
40
|
+
else
|
41
|
+
@name = nil
|
42
|
+
@attached_policies = []
|
43
|
+
@statics = []
|
44
|
+
@templates = []
|
45
|
+
@inlines = []
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
# Public: Generate the JSON string to turn this object back into a Cumulus
|
50
|
+
# config file.
|
51
|
+
#
|
52
|
+
# Returns the JSON string.
|
53
|
+
def json
|
54
|
+
JSON.pretty_generate(hash)
|
55
|
+
end
|
56
|
+
|
57
|
+
# Public: Generate a hash that represents this config. This hash will be json
|
58
|
+
# serializable to Cumulus config format
|
59
|
+
#
|
60
|
+
# Returns the hash
|
61
|
+
def hash
|
62
|
+
{
|
63
|
+
"name" => @name,
|
64
|
+
"policies" => {
|
65
|
+
"attached" => @attached_policies,
|
66
|
+
"inlines" => @inlines.flatten,
|
67
|
+
"static" => @statics,
|
68
|
+
"templates" => @templates
|
69
|
+
}
|
70
|
+
}
|
71
|
+
end
|
72
|
+
|
73
|
+
# Public: Lazily produce the inline policy document for this resource as a
|
74
|
+
# PolicyConfig. Includes the static and inline policies as well as applied
|
75
|
+
# templates.
|
76
|
+
#
|
77
|
+
# Returns the policy for this resource as a PolicyConfig
|
78
|
+
def policy
|
79
|
+
@policy ||= init_policy
|
80
|
+
end
|
81
|
+
|
82
|
+
# Internal: Produce the inline policy document for this resource as a
|
83
|
+
# PolicyConfig. Includes the static and inline policies as well as applied
|
84
|
+
# templates.
|
85
|
+
#
|
86
|
+
# Returns the policy for this resource as a PolicyConfig
|
87
|
+
def init_policy
|
88
|
+
policy = PolicyConfig.new
|
89
|
+
static_statements.each do |statement|
|
90
|
+
policy.add_statement(statement)
|
91
|
+
end
|
92
|
+
template_statements.each do |statement|
|
93
|
+
policy.add_statement(statement)
|
94
|
+
end
|
95
|
+
inline_statements.each do |statement|
|
96
|
+
policy.add_statement(statement)
|
97
|
+
end
|
98
|
+
policy
|
99
|
+
end
|
100
|
+
private :init_policy
|
101
|
+
|
102
|
+
# Public: Produce the name for the policy that will be generated for this
|
103
|
+
# resource.
|
104
|
+
#
|
105
|
+
# Returns the String name
|
106
|
+
def generated_policy_name
|
107
|
+
policy_prefix = Configuration.instance.iam.policy_prefix
|
108
|
+
policy_suffix = Configuration.instance.iam.policy_suffix
|
109
|
+
"#{policy_prefix}#{@name}#{policy_suffix}"
|
110
|
+
end
|
111
|
+
|
112
|
+
# Internal: Lazily load the static policies for this resource
|
113
|
+
#
|
114
|
+
# Returns an Array of static policies as StatementConfig
|
115
|
+
def static_statements
|
116
|
+
@static_statements ||= init_static_statements
|
117
|
+
end
|
118
|
+
private :static_statements
|
119
|
+
|
120
|
+
# Internal: Load the static policies for this resource
|
121
|
+
#
|
122
|
+
# Returns an Array of static policies as StatementConfig
|
123
|
+
def init_static_statements
|
124
|
+
statements = []
|
125
|
+
@statics.map do |name|
|
126
|
+
statements << Loader.static_policy(name)
|
127
|
+
end
|
128
|
+
statements.flatten!
|
129
|
+
statements
|
130
|
+
end
|
131
|
+
private :init_static_statements
|
132
|
+
|
133
|
+
# Internal: Lazily load the template policies for this resource, applying
|
134
|
+
# template variables
|
135
|
+
#
|
136
|
+
# Returns an Array of applied templates as StatementConfig objects
|
137
|
+
def template_statements
|
138
|
+
@template_statements ||= init_template_statements
|
139
|
+
end
|
140
|
+
private :template_statements
|
141
|
+
|
142
|
+
# Internal: Load the template policies for this resource, applying template
|
143
|
+
# variables
|
144
|
+
#
|
145
|
+
# Returns an Array of applied templates as StatementConfig objects
|
146
|
+
def init_template_statements
|
147
|
+
@templates.map do |template|
|
148
|
+
Loader.template_policy(template["template"], template["vars"])
|
149
|
+
end.flatten
|
150
|
+
end
|
151
|
+
private :init_template_statements
|
152
|
+
|
153
|
+
# Internal: Load the inline policies defined in the JSON config for this
|
154
|
+
# resource.
|
155
|
+
def inline_statements
|
156
|
+
@inlines.map do |inline|
|
157
|
+
StatementConfig.new(inline)
|
158
|
+
end
|
159
|
+
end
|
160
|
+
private :inline_statements
|
161
|
+
|
162
|
+
# Public: Diff this resource with the resource from AWS
|
163
|
+
#
|
164
|
+
# aws_resource - the Aws::IAM::* resource to compare against
|
165
|
+
#
|
166
|
+
# Returns an array of IamDiff objects representing the differences
|
167
|
+
def diff(aws_resource)
|
168
|
+
diffs = []
|
169
|
+
|
170
|
+
aws_policies = Hash[aws_resource.policies.map { |p| [p.name, p] }]
|
171
|
+
p = policy
|
172
|
+
p.name = generated_policy_name
|
173
|
+
|
174
|
+
# check if we've ever generated a policy for this resource
|
175
|
+
if !aws_policies.key?(generated_policy_name) and !policy.empty?
|
176
|
+
diffs << IamDiff.added_policy(generated_policy_name, p)
|
177
|
+
end
|
178
|
+
|
179
|
+
# loop through all the policies and look for changes
|
180
|
+
aws_policies.each do |name, aws_policy|
|
181
|
+
if name != generated_policy_name
|
182
|
+
diffs << IamDiff.unmanaged_policy(name)
|
183
|
+
else
|
184
|
+
aws_statements = JSON.parse(URI.unescape(aws_policy.policy_document))["Statement"]
|
185
|
+
local_statements = p.as_hash["Statement"]
|
186
|
+
|
187
|
+
if aws_statements != local_statements
|
188
|
+
diff = IamDiff.new(IamChange::POLICY, aws_statements, p)
|
189
|
+
diff.policy_name = generated_policy_name
|
190
|
+
diffs << diff
|
191
|
+
end
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
# look for changes in managed policies
|
196
|
+
aws_arns = aws_resource.attached_policies.map { |a| a.arn }
|
197
|
+
new_policies = @attached_policies.select { |local| !aws_arns.include?(local) }
|
198
|
+
removed_policies = aws_arns.select { |aws| !@attached_policies.include?(aws) }
|
199
|
+
if !new_policies.empty? or !removed_policies.empty?
|
200
|
+
diffs << IamDiff.attached(new_policies, removed_policies)
|
201
|
+
end
|
202
|
+
|
203
|
+
diffs
|
204
|
+
end
|
205
|
+
|
206
|
+
end
|
207
|
+
end
|
208
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
require "iam/models/IamDiff"
|
2
|
+
require "iam/models/ResourceWithPolicy"
|
3
|
+
|
4
|
+
require "json"
|
5
|
+
|
6
|
+
module Cumulus
|
7
|
+
module IAM
|
8
|
+
# Public: Represents a config file for a role. Will lazily load its static and
|
9
|
+
# template policies as needed.
|
10
|
+
class RoleConfig < ResourceWithPolicy
|
11
|
+
|
12
|
+
attr_accessor :policy_document
|
13
|
+
|
14
|
+
# Public: Constructor.
|
15
|
+
#
|
16
|
+
# name - the name of the role
|
17
|
+
# json - the Hash containing the JSON configuration for this RoleConfig, if
|
18
|
+
# nil, this will be an "empty RoleConfig"
|
19
|
+
def initialize(name = nil, json = nil)
|
20
|
+
super(name, json)
|
21
|
+
@policy_document = Loader.policy_document(json["policy-document"]) unless json.nil?
|
22
|
+
@type = "role"
|
23
|
+
end
|
24
|
+
|
25
|
+
# override diff to check for changes in policy documents
|
26
|
+
def diff(aws_resource)
|
27
|
+
differences = super(aws_resource)
|
28
|
+
|
29
|
+
aws_policy = JSON.parse(URI.unescape(aws_resource.assume_role_policy_document)).to_s
|
30
|
+
|
31
|
+
if one_line_policy_document != aws_policy
|
32
|
+
differences << IamDiff.new(IamChange::POLICY_DOC, aws_resource, self)
|
33
|
+
end
|
34
|
+
|
35
|
+
differences
|
36
|
+
end
|
37
|
+
|
38
|
+
def hash
|
39
|
+
h = super()
|
40
|
+
h["policy-document"] = @policy_document
|
41
|
+
h
|
42
|
+
end
|
43
|
+
|
44
|
+
# Internal: Get the policy document as a one line string for easier comparison
|
45
|
+
#
|
46
|
+
# Returns the policy on one line
|
47
|
+
def one_line_policy_document
|
48
|
+
JSON.parse(@policy_document).to_s
|
49
|
+
end
|
50
|
+
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
module Cumulus
|
2
|
+
module IAM
|
3
|
+
# Public: Represents a policy config file.
|
4
|
+
class StatementConfig
|
5
|
+
|
6
|
+
attr_reader :effect
|
7
|
+
attr_reader :action
|
8
|
+
attr_reader :resource
|
9
|
+
|
10
|
+
# Public: Constructor.
|
11
|
+
#
|
12
|
+
# json - the Hash containing the JSON configuration for this StatementConfig
|
13
|
+
def initialize(json)
|
14
|
+
@effect = json["Effect"]
|
15
|
+
@action = json["Action"]
|
16
|
+
@resource = json["Resource"]
|
17
|
+
@condition = json["Condition"]
|
18
|
+
end
|
19
|
+
|
20
|
+
# Public: Create a Hash that contains the data in this StatementConfig which
|
21
|
+
# can be turned into JSON that matches the format for AWS IAMS.
|
22
|
+
#
|
23
|
+
# Returns the Hash representing this StatementConfig.
|
24
|
+
def as_hash
|
25
|
+
{
|
26
|
+
"Effect" => @effect,
|
27
|
+
"Action" => @action,
|
28
|
+
"Resource" => @resource,
|
29
|
+
"Condition" => @condition
|
30
|
+
}.reject { |k, v| v.nil? }
|
31
|
+
end
|
32
|
+
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require "iam/models/ResourceWithPolicy"
|
2
|
+
|
3
|
+
module Cumulus
|
4
|
+
module IAM
|
5
|
+
# Public: Represents a config file for a user. Lazily loads its static and
|
6
|
+
# template policies as needed.
|
7
|
+
class UserConfig < ResourceWithPolicy
|
8
|
+
|
9
|
+
# Public: Constructor
|
10
|
+
#
|
11
|
+
# name - the name of the user
|
12
|
+
# json - the Hash containing the JSON configuration for this UserConfig, if
|
13
|
+
# nil, this will be an "empty UserConfig"
|
14
|
+
def initialize(name = nil, json = nil)
|
15
|
+
super(name, json)
|
16
|
+
@type = "user"
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,94 @@
|
|
1
|
+
require "aws-sdk"
|
2
|
+
|
3
|
+
module Cumulus
|
4
|
+
module Kinesis
|
5
|
+
class << self
|
6
|
+
|
7
|
+
@@client = Aws::Kinesis::Client.new(Configuration.instance.client)
|
8
|
+
|
9
|
+
require "aws_extensions/kinesis/StreamDescription"
|
10
|
+
Aws::Kinesis::Types::StreamDescription.send(:include, AwsExtensions::Kinesis::StreamDescription)
|
11
|
+
|
12
|
+
# Public - Returns a Hash of stream name to Aws::Kinesis::Types::StreamDescription with all shards loaded
|
13
|
+
def named_streams
|
14
|
+
@named_streams ||= Hash[stream_names.map { |name| [name, describe_stream(name)] }]
|
15
|
+
end
|
16
|
+
|
17
|
+
# Public - Returns an array of all the stream names
|
18
|
+
def stream_names
|
19
|
+
@stream_names ||= init_stream_names
|
20
|
+
end
|
21
|
+
|
22
|
+
# Public - Returns a Hash of stream name to tags
|
23
|
+
def stream_tags
|
24
|
+
@stream_tags ||= Hash[stream_names.map { |name| [name, init_tags(name) ] }]
|
25
|
+
end
|
26
|
+
|
27
|
+
# Public - Load the entire stream description with all shards
|
28
|
+
#
|
29
|
+
# Returns a Aws::Kinesis::Types::StreamDescription with all shards loaded
|
30
|
+
def describe_stream(stream_name)
|
31
|
+
stream = @@client.describe_stream({
|
32
|
+
stream_name: stream_name
|
33
|
+
}).stream_description
|
34
|
+
|
35
|
+
while stream.has_more_shards do
|
36
|
+
stream_continued = @@client.describe_stream({
|
37
|
+
stream_name: stream_name,
|
38
|
+
exclusive_start_shard_id: stream.shards.last.shard_id
|
39
|
+
}).stream_description
|
40
|
+
|
41
|
+
stream.shards.concat(stream_continued.shards)
|
42
|
+
stream.has_more_shards = stream_continued.has_more_shards
|
43
|
+
end
|
44
|
+
|
45
|
+
stream
|
46
|
+
end
|
47
|
+
|
48
|
+
private
|
49
|
+
|
50
|
+
# Internal - Load the tags for a stream
|
51
|
+
#
|
52
|
+
# Returns a Hash containing the tags as key/value pairs
|
53
|
+
def init_tags(stream_name)
|
54
|
+
response = @@client.list_tags_for_stream({
|
55
|
+
stream_name: stream_name,
|
56
|
+
})
|
57
|
+
|
58
|
+
tags = response.tags
|
59
|
+
|
60
|
+
while response.has_more_tags do
|
61
|
+
response = @@client.list_tags_for_stream({
|
62
|
+
stream_name: stream_name,
|
63
|
+
exclusive_start_tag_key: tags.last.key
|
64
|
+
})
|
65
|
+
|
66
|
+
tags.concat(response.tags)
|
67
|
+
end
|
68
|
+
|
69
|
+
Hash[tags.map { |tag| [tag.key, tag.value] }]
|
70
|
+
end
|
71
|
+
|
72
|
+
# Internal - Load the list of stream names
|
73
|
+
#
|
74
|
+
# Returns the stream names as an Array
|
75
|
+
def init_stream_names
|
76
|
+
streams = []
|
77
|
+
|
78
|
+
has_more_streams = true
|
79
|
+
|
80
|
+
while has_more_streams do
|
81
|
+
response = @@client.list_streams({
|
82
|
+
exclusive_start_stream_name: streams.last
|
83
|
+
})
|
84
|
+
|
85
|
+
streams.concat(response.stream_names)
|
86
|
+
has_more_streams = response.has_more_streams
|
87
|
+
end
|
88
|
+
|
89
|
+
streams
|
90
|
+
end
|
91
|
+
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|