miam 0.1.0.beta

data/lib/miam/driver.rb

@@ -0,0 +1,248 @@
+class Miam::Driver
+  include Miam::Logger::Helper
+
+  MAX_POLICY_SIZE = 2048
+
+  def initialize(iam, options = {})
+    @iam = iam
+    @options = options
+  end
+
+  def create_user(user_name, attrs)
+    log(:info, "Create User `#{user_name}`", :color => :cyan)
+
+    unless_dry_run do
+      params = {:user_name => user_name}
+      params[:path] = attrs[:path] if attrs[:path]
+      @iam.create_user(params)
+    end
+
+    new_user_attrs = {:groups => [], :policies => {}}
+    new_user_attrs[:path] = attrs[:path] if attrs[:path]
+    new_user_attrs
+  end
+
+  def create_access_key(user_name)
+    log(:info, "Create access key for User `#{user_name}`", :color => :cyan)
+    access_key = nil
+
+    unless_dry_run do
+      resp = @iam.create_access_key(:user_name => user_name)
+
+      access_key = {
+        :access_key_id => resp.access_key.access_key_id,
+        :secret_access_key => resp.access_key.secret_access_key,
+      }
+    end
+
+    access_key
+  end
+
+  def delete_user(user_name, attrs)
+    log(:info, "Delete User `#{user_name}`", :color => :red)
+
+    unless_dry_run do
+      if attrs[:login_profile]
+        @iam.delete_login_profile(:user_name => user_name)
+      end
+
+      attrs[:policies].keys.each do |policy_name|
+        @iam.delete_user_policy(:user_name => user_name, :policy_name => policy_name)
+      end
+
+      attrs[:groups].each do |group_name|
+        @iam.remove_user_from_group(:group_name => group_name, :user_name => user_name)
+      end
+
+      list_access_key_ids(user_name).each do |access_key_id|
+        @iam.delete_access_key(:user_name => user_name, :access_key_id => access_key_id)
+      end
+
+      list_signing_certificate_ids(user_name).each do |certificate_id|
+        @iam.delete_signing_certificate(:user_name => user_name, :certificate_id => certificate_id)
+      end
+
+      @iam.delete_user(:user_name => user_name)
+    end
+  end
+
+  def create_login_profile(user_name, attrs)
+    log_attrs = attrs.dup
+    log_attrs.delete(:password)
+
+    log(:info, "Update User `#{user_name}`", :color => :green)
+    log(:info, "  create login profile: #{log_attrs.inspect}", :color => :green)
+
+    unless_dry_run do
+      @iam.create_login_profile(attrs.merge(:user_name => user_name))
+    end
+  end
+
+  def delete_login_profile(user_name)
+    log(:info, "Update User `#{user_name}`", :color => :green)
+    log(:info, "  delete login profile", :color => :green)
+
+    unless_dry_run do
+      @iam.delete_login_profile(:user_name => user_name)
+    end
+  end
+
+  def update_login_profile(user_name, attrs)
+    log_attrs = attrs.dup
+    log_attrs.delete(:password)
+
+    log(:info, "Update User `#{user_name}`", :color => :green)
+    log(:info, "  update login profile: #{log_attrs.inspect}", :color => :green)
+
+    unless_dry_run do
+      @iam.update_login_profile(attrs.merge(:user_name => user_name))
+    end
+  end
+
+  def add_user_to_groups(user_name, group_names)
+    log(:info, "Update User `#{user_name}`", :color => :green)
+    log(:info, "  add groups=#{group_names.join(',')}", :color => :green)
+
+    unless_dry_run do
+      group_names.each do |group_name|
+        @iam.add_user_to_group(:group_name => group_name, :user_name => user_name)
+      end
+    end
+  end
+
+  def remove_user_from_groups(user_name, group_names)
+    log(:info, "Update User `#{user_name}`", :color => :green)
+    log(:info, "  remove groups=#{group_names.join(',')}", :color => :green)
+
+    unless_dry_run do
+      group_names.each do |group_name|
+        @iam.remove_user_from_group(:group_name => group_name, :user_name => user_name)
+      end
+    end
+  end
+
+  def create_group(group_name, attrs)
+    log(:info, "Create Group `#{group_name}`", :color => :cyan)
+
+    unless_dry_run do
+      params = {:group_name => group_name}
+      params[:path] = attrs[:path] if attrs[:path]
+      @iam.create_group(params)
+    end
+
+    new_group_attrs = {:policies => {}}
+    new_group_attrs[:path] = attrs[:path] if attrs[:path]
+    new_group_attrs
+  end
+
+  def delete_group(group_name, attrs, users_in_group)
+    log(:info, "Delete Group `#{group_name}`", :color => :red)
+
+    unless_dry_run do
+      attrs[:policies].keys.each do |policy_name|
+        @iam.delete_group_policy(:group_name => group_name, :policy_name => policy_name)
+      end
+
+      users_in_group.each do |user_name|
+        @iam.remove_user_from_group(:group_name => group_name, :user_name => user_name)
+      end
+
+      @iam.delete_group(:group_name => group_name)
+    end
+  end
+
+  def update_name(type, user_or_group_name, new_name)
+    log(:info, "Update #{Miam::Utils.camelize(type.to_s)} `#{user_or_group_name}`", :color => :green)
+    log(:info, "  set name=#{new_name}", :color => :green)
+    update_user_or_group(type, user_or_group_name, "new_#{type}_name".to_sym => new_name)
+  end
+
+  def update_path(type, user_or_group_name, new_path)
+    log(:info, "Update #{Miam::Utils.camelize(type.to_s)} `#{user_or_group_name}`", :color => :green)
+    log(:info, "  set path=#{new_path}", :color => :green)
+    update_user_or_group(type, user_or_group_name, :new_path => new_path)
+  end
+
+  def update_user_or_group(type, user_or_group_name, params)
+    unless_dry_run do
+      params["#{type}_name".to_sym] = user_or_group_name
+      @iam.send("update_#{type}", params)
+    end
+  end
+
+  def create_policy(type, user_or_group_name, policy_name, policy_document)
+    log(:info, "Create #{Miam::Utils.camelize(type.to_s)} `#{user_or_group_name}` > Policy `#{policy_name}`", :color => :cyan)
+    log(:info, "  #{policy_document.pretty_inspect.gsub("\n", "\n  ").strip}", :color => :cyan)
+    put_policy(type, user_or_group_name, policy_name, policy_document)
+  end
+
+  def update_policy(type, user_or_group_name, policy_name, policy_document)
+    log(:info, "Update #{Miam::Utils.camelize(type.to_s)} `#{user_or_group_name}` > Policy `#{policy_name}`", :color => :green)
+    log(:info, "  #{policy_document.pretty_inspect.gsub("\n", "\n  ").strip}", :color => :green)
+    put_policy(type, user_or_group_name, policy_name, policy_document)
+  end
+
+  def delete_policy(type, user_or_group_name, policy_name)
+    logmsg = "Delete #{Miam::Utils.camelize(type.to_s)} `#{user_or_group_name}` > Policy `#{policy_name}`"
+    log(:info, logmsg, :color => :red)
+
+    unless_dry_run do
+      params = {:policy_name => policy_name}
+      params["#{type}_name".to_sym] = user_or_group_name
+      @iam.send("delete_#{type}_policy", params)
+    end
+  end
+
+  def put_policy(type, user_or_group_name, policy_name, policy_document)
+    unless_dry_run do
+      params = {
+        :policy_name => policy_name,
+        :policy_document => encode_document(policy_document),
+      }
+
+      params["#{type}_name".to_sym] = user_or_group_name
+      @iam.send("put_#{type}_policy", params)
+    end
+  end
+
+  def list_access_key_ids(user_name)
+    @iam.list_access_keys(:user_name => user_name).map {|resp|
+      resp.access_key_metadata.map do |metadata|
+        metadata.access_key_id
+      end
+    }.flatten
+  end
+
+  def list_signing_certificate_ids(user_name)
+    @iam.list_signing_certificates(:user_name => user_name).map {|resp|
+      resp.certificates.map do |cert|
+        cert.certificate_id
+      end
+    }.flatten
+  end
+
+  private
+
+  def encode_document(policy_document)
+    if @options[:disable_form_json]
+      JSON.dump(policy_document)
+    else
+      encoded = JSON.pretty_generate(policy_document)
+
+      if Miam::Utils.bytesize(encoded) > MAX_POLICY_SIZE
+        encoded = JSON.pretty_generate(policy_document)
+        encoded = encoded.gsub(/^\s+/m, '').strip
+      end
+
+      if Miam::Utils.bytesize(encoded) > MAX_POLICY_SIZE
+        encoded = JSON.dump(policy_document)
+      end
+
+      encoded
+    end
+  end
+
+  def unless_dry_run
+    yield unless @options[:dry_run]
+  end
+end

data/lib/miam/dsl.rb

@@ -0,0 +1,9 @@
+class Miam::DSL
+  def self.convert(exported, options = {})
+    Miam::DSL::Converter.convert(exported, options)
+  end
+
+  def self.parse(dsl, path, options = {})
+    Miam::DSL::Context.eval(dsl, path, options).result
+  end
+end

data/lib/miam/dsl/context.rb

@@ -0,0 +1,52 @@
+class Miam::DSL::Context
+  def self.eval(dsl, path, options = {})
+    self.new(path, options) {
+      eval(dsl, binding, path)
+    }
+  end
+
+  attr_reader :result
+
+  def initialize(path, options = {}, &block)
+    @path = path
+    @options = options
+    @result = {:users => {}, :groups => {}}
+    instance_eval(&block)
+  end
+
+  private
+
+  def require(file)
+    iamfile = (file =~ %r|\A/|) ? file : File.expand_path(File.join(File.dirname(@path), file))
+
+    if File.exist?(iamfile)
+      instance_eval(File.read(iamfile), iamfile)
+    elsif File.exist?(iamfile + '.rb')
+      instance_eval(File.read(iamfile + '.rb'), iamfile + '.rb')
+    else
+      Kernel.require(file)
+    end
+  end
+
+  def user(name, user_options = {}, &block)
+    name = name.to_s
+
+    if @result[:users][name]
+      raise "User `#{name}` is already defined"
+    end
+
+    attrs = Miam::DSL::Context::User.new(name, &block).result
+    @result[:users][name] = user_options.merge(attrs)
+  end
+
+  def group(name, group_options = {}, &block)
+    name = name.to_s
+
+    if @result[:groups][name]
+      raise "Group `#{name}` is already defined"
+    end
+
+    attrs = Miam::DSL::Context::Group.new(name, &block).result
+    @result[:groups][name] = group_options.merge(attrs)
+  end
+end

data/lib/miam/dsl/context/group.rb

@@ -0,0 +1,27 @@
+class Miam::DSL::Context::Group
+  def initialize(name, &block)
+    @name = name
+    @result = {:policies => {}}
+    instance_eval(&block)
+  end
+
+  attr_reader :result
+
+  private
+
+  def policy(name)
+    name = name.to_s
+
+    if @result[:policies][name]
+      raise "Group `#{name}` > Policy `#{name}`: already defined"
+    end
+
+    policy_document = yield
+
+    unless policy_document.kind_of?(Hash)
+      raise "Group `#{name}` > Policy `#{name}`: wrong argument type #{policy_document.class} (expected Hash)"
+    end
+
+    @result[:policies][name] = policy_document
+  end
+end

data/lib/miam/dsl/context/user.rb

@@ -0,0 +1,35 @@
+class Miam::DSL::Context::User
+  def initialize(name, &block)
+    @name = name
+    @result = {:groups => [], :policies => {}}
+    instance_eval(&block)
+  end
+
+  attr_reader :result
+
+  private
+
+  def login_profile(value)
+    @result[:login_profile] = value
+  end
+
+  def groups(*grps)
+    @result[:groups].concat(grps.map {|i| i.to_s })
+  end
+
+  def policy(name)
+    name = name.to_s
+
+    if @result[:policies][name]
+      raise "User `#{name}` > Policy `#{name}`: already defined"
+    end
+
+    policy_document = yield
+
+    unless policy_document.kind_of?(Hash)
+      raise "User `#{name}` > Policy `#{name}`: wrong argument type #{policy_document.class} (expected Hash)"
+    end
+
+    @result[:policies][name] = policy_document
+  end
+end

data/lib/miam/dsl/converter.rb

@@ -0,0 +1,91 @@
+class Miam::DSL::Converter
+  def self.convert(exported, options = {})
+    self.new(exported, options).convert
+  end
+
+  def initialize(exported, options = {})
+    @exported = exported
+    @options = options
+  end
+
+  def convert
+    [
+      output_users(@exported[:users]),
+      output_groups(@exported[:groups]),
+    ].join("\n")
+  end
+
+  private
+
+  def output_users(users)
+    users.each.sort_by {|k, v| k }.map {|user_name, attrs|
+      output_user(user_name, attrs)
+    }.join("\n")
+  end
+
+  def output_user(user_name, attrs)
+    user_options = {:path => attrs[:path]}
+
+    <<-EOS
+user #{user_name.inspect}, #{Miam::Utils.unbrace(user_options.inspect)} do
+  #{output_login_profile(attrs[:login_profile])}
+
+  #{output_user_groups(attrs[:groups])}
+
+  #{output_policies(attrs[:policies])}
+end
+    EOS
+  end
+
+  def output_user_groups(groups)
+    if groups.empty?
+      groups = ['# no group']
+    else
+      groups = groups.map {|i| i.inspect }
+    end
+
+    groups = "\n    " + groups.join(",\n    ") + "\n  "
+    "groups(#{groups})"
+  end
+
+  def output_login_profile(login_profile)
+    if login_profile
+      "login_profile #{Miam::Utils.unbrace(login_profile.inspect)}"
+    else
+      '# login_profile :password_reset_required=>true'
+    end
+  end
+
+  def output_groups(groups)
+    groups.each.sort_by {|k, v| k }.map {|group_name, attrs|
+      output_group(group_name, attrs)
+    }.join("\n")
+  end
+
+  def output_group(group_name, attrs)
+    group_options = {:path => attrs[:path]}
+
+    <<-EOS
+group #{group_name.inspect}, #{Miam::Utils.unbrace(group_options.inspect)} do
+  #{output_policies(attrs[:policies])}
+end
+    EOS
+  end
+
+  def output_policies(policies)
+    policies.map {|policy_name, policy_document|
+      output_policy(policy_name, policy_document)
+    }.join("\n\n  ").strip
+  end
+
+  def output_policy(policy_name, policy_document)
+    policy_document = policy_document.pretty_inspect
+    policy_document.gsub!("\n", "\n    ").strip!
+
+    <<-EOS.strip
+  policy #{policy_name.inspect} do
+    #{policy_document}
+  end
+    EOS
+  end
+end