miam 0.2.2.beta2 → 0.2.2.beta3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -0
  3. data/bin/miam +20 -19
  4. data/lib/miam.rb +2 -1
  5. data/lib/miam/client.rb +8 -2
  6. data/lib/miam/ext/hash_ext.rb +29 -0
  7. data/lib/miam/version.rb +1 -1
  8. data/spec/miam/hash_ext_spec.rb +39 -0
  9. data/spec/miam/ignore_login_profile_spec.rb +68 -0
  10. data/spec/miam/update_spec.rb +2 -2
  11. metadata +6 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 02694ddfe3ad49f32f2105b74f6367f52cdf0eaa
4
- data.tar.gz: 950a3109de9a191931aaadf6313b9628da4f943c
3
+ metadata.gz: d496d9a9aa4ed9b87d1204a9258cd38d91a7f6fb
4
+ data.tar.gz: 33fbbdd4f482125637ffb7f8b89d066b0eb2a49e
5
5
  SHA512:
6
- metadata.gz: 332e80bae95488ee96f9b269d120cb80d896ba7eec058419e5498f784c45cc40a5018f9a14c5c59d2995a2c326ac100d8c607690d23798e7a3114ca9ac62ddcf
7
- data.tar.gz: c7f97f201ab25b1765e8dc8fa445110354c41546f8ad6c9a376a85b3e3fffc0e72b067967151eed40fab6fc9896266a3012cd1b8a0ff4af5beddcbdfb3d4aa02
6
+ metadata.gz: 8b9ebdd9f3d954e859d5661e676c75546d92a1e33126d56cf0d3fa5f31cd0f43f00af87a3ed5416aa8faa67f1e4a021e87afcdf347cb39ffdeba6bfc83c62a81
7
+ data.tar.gz: 5bc040e86752fb87b19e25f56f834e39e97d848397358545ff629948db0a0730f99fb7b78f6e5ce80719a5851b5d6a2b23a7bd5f28fef06ba7cb9140078fa006
data/README.md CHANGED
@@ -18,6 +18,8 @@ It defines the state of IAM using DSL, and updates IAM according to DSL.
18
18
  * `>= 0.2.2`
19
19
  * Improve update (show diff)
20
20
  * Support Template
21
+ * Add `--ignore-login-profile` option
22
+ * Sort policy array
21
23
 
22
24
  ## Installation
23
25
 
@@ -67,6 +69,7 @@ Usage: miam [options]
67
69
  --format=FORMAT
68
70
  --export-concurrency N
69
71
  --target REGEXP
72
+ --ignore-login-profile
70
73
  --no-color
71
74
  --no-progress
72
75
  --debug
data/bin/miam CHANGED
@@ -36,25 +36,26 @@ ARGV.options do |opt|
36
36
  credentials_path = nil
37
37
  format_passed = false
38
38
 
39
- opt.on('-p', '--profile PROFILE_NAME') {|v| profile_name = v }
40
- opt.on('' , '--credentials-path PATH') {|v| credentials_path = v }
41
- opt.on('-k', '--access-key ACCESS_KEY') {|v| access_key = v }
42
- opt.on('-s', '--secret-key SECRET_KEY') {|v| secret_key = v }
43
- opt.on('-r', '--region REGION') {|v| region = v }
44
- opt.on('-a', '--apply') { mode = :apply }
45
- opt.on('-f', '--file FILE') {|v| file = v }
46
- opt.on('' , '--dry-run') { options[:dry_run] = true }
47
- opt.on('' , '--account-output FILE') {|v| options[:password_manager] = Miam::PasswordManager.new(v, options) }
48
- opt.on('-e', '--export') { mode = :export }
49
- opt.on('-o', '--output FILE') {|v| output_file = v }
50
- opt.on('' , '--split') { split = true }
51
- opt.on('' , '--split-more') { split = :more }
52
- opt.on('', '--format=FORMAT', [:ruby, :json]) {|v| format_passed = true; options[:format] = v }
53
- opt.on('' , '--export-concurrency N', Integer) {|v| options[:export_concurrency] = v }
54
- opt.on('' , '--target REGEXP') {|v| options[:target] = Regexp.new(v) }
55
- opt.on('' , '--no-color') { options[:color] = false }
56
- opt.on('' , '--no-progress') { options[:no_progress] = true }
57
- opt.on('' , '--debug') { options[:debug] = true }
39
+ opt.on('-p', '--profile PROFILE_NAME') {|v| profile_name = v }
40
+ opt.on('' , '--credentials-path PATH') {|v| credentials_path = v }
41
+ opt.on('-k', '--access-key ACCESS_KEY') {|v| access_key = v }
42
+ opt.on('-s', '--secret-key SECRET_KEY') {|v| secret_key = v }
43
+ opt.on('-r', '--region REGION') {|v| region = v }
44
+ opt.on('-a', '--apply') { mode = :apply }
45
+ opt.on('-f', '--file FILE') {|v| file = v }
46
+ opt.on('' , '--dry-run') { options[:dry_run] = true }
47
+ opt.on('' , '--account-output FILE') {|v| options[:password_manager] = Miam::PasswordManager.new(v, options) }
48
+ opt.on('-e', '--export') { mode = :export }
49
+ opt.on('-o', '--output FILE') {|v| output_file = v }
50
+ opt.on('' , '--split') { split = true }
51
+ opt.on('' , '--split-more') { split = :more }
52
+ opt.on('', '--format=FORMAT', [:ruby, :json]) {|v| format_passed = true; options[:format] = v }
53
+ opt.on('' , '--export-concurrency N', Integer) {|v| options[:export_concurrency] = v }
54
+ opt.on('' , '--target REGEXP') {|v| options[:target] = Regexp.new(v) }
55
+ opt.on('' , '--ignore-login-profile') { options[:ignore_login_profile] = true }
56
+ opt.on('' , '--no-color') { options[:color] = false }
57
+ opt.on('' , '--no-progress') { options[:no_progress] = true }
58
+ opt.on('' , '--debug') { options[:debug] = true }
58
59
  opt.parse!
59
60
 
60
61
  aws_opts = {}
data/lib/miam.rb CHANGED
@@ -13,6 +13,8 @@ require 'diffy'
13
13
  require 'hashie'
14
14
 
15
15
  module Miam; end
16
+ require 'miam/ext/string_ext'
17
+ require 'miam/ext/hash_ext'
16
18
  require 'miam/logger'
17
19
  require 'miam/template_helper'
18
20
  require 'miam/client'
@@ -24,7 +26,6 @@ require 'miam/dsl/context/role'
24
26
  require 'miam/dsl/context/user'
25
27
  require 'miam/dsl/converter'
26
28
  require 'miam/exporter'
27
- require 'miam/ext/string_ext'
28
29
  require 'miam/password_manager'
29
30
  require 'miam/utils'
30
31
  require 'miam/version'
data/lib/miam/client.rb CHANGED
@@ -133,8 +133,12 @@ class Miam::Client
133
133
  @driver.delete_login_profile(user_name)
134
134
  updated = true
135
135
  elsif expected_login_profile != actual_login_profile
136
- @driver.update_login_profile(user_name, expected_login_profile, actual_login_profile)
137
- updated = true
136
+ if @options[:ignore_login_profile]
137
+ log(:warn, "User `#{user_name}`: difference of loging profile has been ignored: expected=#{expected_login_profile.inspect}, actual=#{actual_login_profile.inspect}", :color => :yellow)
138
+ else
139
+ @driver.update_login_profile(user_name, expected_login_profile, actual_login_profile)
140
+ updated = true
141
+ end
138
142
  end
139
143
 
140
144
  updated
@@ -398,6 +402,8 @@ class Miam::Client
398
402
 
399
403
  def walk_policy(type, user_or_group_name, policy_name, expected_document, actual_document)
400
404
  updated = false
405
+ expected_document.sort_array!
406
+ actual_document.sort_array!
401
407
 
402
408
  if expected_document != actual_document
403
409
  @driver.update_policy(type, user_or_group_name, policy_name, expected_document, actual_document)
data/lib/miam/ext/hash_ext.rb ADDED
@@ -0,0 +1,29 @@
1
+ class Hash
2
+ def sort_array!
3
+ keys.each do |key|
4
+ value = self[key]
5
+ self[key] = sort_array0(value)
6
+ end
7
+
8
+ self
9
+ end
10
+
11
+ private
12
+
13
+ def sort_array0(value)
14
+ case value
15
+ when Hash
16
+ new_value = {}
17
+
18
+ value.each do |k, v|
19
+ new_value[k] = sort_array0(v)
20
+ end
21
+
22
+ new_value
23
+ when Array
24
+ value.map {|v| sort_array0(v) }.sort_by(&:to_s)
25
+ else
26
+ value
27
+ end
28
+ end
29
+ end
data/lib/miam/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Miam
2
- VERSION = '0.2.2.beta2'
2
+ VERSION = '0.2.2.beta3'
3
3
  end
data/spec/miam/hash_ext_spec.rb ADDED
@@ -0,0 +1,39 @@
1
+ describe 'Hash#sort_array!' do
2
+ let(:hash) do
3
+ {:users=>
4
+ {"bob"=>
5
+ {:path=>"/devloper/",
6
+ :groups=>[],
7
+ :policies=>
8
+ {"S3"=>
9
+ {"Statement"=>
10
+ [{"Action"=>["s3:Put*", "s3:List*", "s3:Get*"],
11
+ "Effect"=>"Allow",
12
+ "Resource"=>"*"}]}},
13
+ :attached_managed_policies=>[
14
+ "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess",
15
+ "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"],
16
+ :login_profile=>{:password_reset_required=>true}}}}
17
+ end
18
+
19
+ let(:expected_hash) do
20
+ {:users=>
21
+ {"bob"=>
22
+ {:path=>"/devloper/",
23
+ :groups=>[],
24
+ :policies=>
25
+ {"S3"=>
26
+ {"Statement"=>
27
+ [{"Action"=>["s3:Get*", "s3:List*", "s3:Put*"],
28
+ "Effect"=>"Allow",
29
+ "Resource"=>"*"}]}},
30
+ :attached_managed_policies=>[
31
+ "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
32
+ "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"],
33
+ :login_profile=>{:password_reset_required=>true}}}}
34
+ end
35
+
36
+ subject { hash.sort_array! }
37
+
38
+ it { is_expected.to eq expected_hash }
39
+ end
data/spec/miam/ignore_login_profile_spec.rb ADDED
@@ -0,0 +1,68 @@
1
+ describe 'ignore login profile' do
2
+ let(:dsl) do
3
+ <<-RUBY
4
+ user "bob", :path=>"/devloper/" do
5
+ login_profile :password_reset_required=>true
6
+
7
+ policy "S3" do
8
+ {"Statement"=>
9
+ [{"Action"=>
10
+ ["s3:Get*",
11
+ "s3:List*"],
12
+ "Effect"=>"Allow",
13
+ "Resource"=>"*"}]}
14
+ end
15
+ end
16
+ RUBY
17
+ end
18
+
19
+ let(:update_dsl) do
20
+ <<-RUBY
21
+ user "bob", :path=>"/devloper/" do
22
+ login_profile :password_reset_required=>false
23
+
24
+ policy "S3" do
25
+ {"Statement"=>
26
+ [{"Action"=>
27
+ ["s3:Get*",
28
+ "s3:List*",
29
+ "s3:Put*"],
30
+ "Effect"=>"Allow",
31
+ "Resource"=>"*"}]}
32
+ end
33
+ end
34
+ RUBY
35
+ end
36
+
37
+ let(:expected) do
38
+ {:users=>
39
+ {"bob"=>
40
+ {:path=>"/devloper/",
41
+ :groups=>[],
42
+ :policies=>
43
+ {"S3"=>
44
+ {"Statement"=>
45
+ [{"Action"=>["s3:Get*", "s3:List*", "s3:Put*"],
46
+ "Effect"=>"Allow",
47
+ "Resource"=>"*"}]}},
48
+ :attached_managed_policies=>[],
49
+ :login_profile=>{:password_reset_required=>true}}},
50
+ :groups=>{},
51
+ :roles=>{},
52
+ :instance_profiles=>{}}
53
+ end
54
+
55
+ before(:each) do
56
+ apply { dsl }
57
+ end
58
+
59
+ context 'when no change' do
60
+ subject { client(ignore_login_profile: true) }
61
+
62
+ it do
63
+ updated = apply(subject) { update_dsl }
64
+ expect(updated).to be_truthy
65
+ expect(export).to eq expected
66
+ end
67
+ end
68
+ end
data/spec/miam/update_spec.rb CHANGED
@@ -225,9 +225,9 @@ describe 'update' do
225
225
  it do
226
226
  updated = apply(subject) { update_policy_dsl }
227
227
  expect(updated).to be_truthy
228
- expected[:users]["mary"][:policies]["S3"]["Statement"][0]["Action"] = ["s3:Get*", "s3:Put*", "s3:List*"]
228
+ expected[:users]["mary"][:policies]["S3"]["Statement"][0]["Action"] = ["s3:Get*", "s3:List*", "s3:Put*"]
229
229
  expected[:groups]["SES"][:policies]["ses-policy"]["Statement"][0]["Action"] = "*"
230
- expected[:roles]["my-role"][:policies]["role-policy"]["Statement"][0]["Action"] = ["s3:Get*", "s3:Put*", "s3:List*"]
230
+ expected[:roles]["my-role"][:policies]["role-policy"]["Statement"][0]["Action"] = ["s3:Get*", "s3:List*", "s3:Put*"]
231
231
  expect(export).to eq expected
232
232
  end
233
233
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: miam
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2.beta2
4
+ version: 0.2.2.beta3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Genki Sugawara
@@ -191,6 +191,7 @@ files:
191
191
  - lib/miam/dsl/context/user.rb
192
192
  - lib/miam/dsl/converter.rb
193
193
  - lib/miam/exporter.rb
194
+ - lib/miam/ext/hash_ext.rb
194
195
  - lib/miam/ext/string_ext.rb
195
196
  - lib/miam/logger.rb
196
197
  - lib/miam/password_manager.rb
@@ -201,6 +202,8 @@ files:
201
202
  - spec/miam/attach_detach_policy_spec.rb
202
203
  - spec/miam/create_spec.rb
203
204
  - spec/miam/delete_spec.rb
205
+ - spec/miam/hash_ext_spec.rb
206
+ - spec/miam/ignore_login_profile_spec.rb
204
207
  - spec/miam/rename_spec.rb
205
208
  - spec/miam/update_spec.rb
206
209
  - spec/spec_helper.rb
@@ -232,6 +235,8 @@ test_files:
232
235
  - spec/miam/attach_detach_policy_spec.rb
233
236
  - spec/miam/create_spec.rb
234
237
  - spec/miam/delete_spec.rb
238
+ - spec/miam/hash_ext_spec.rb
239
+ - spec/miam/ignore_login_profile_spec.rb
235
240
  - spec/miam/rename_spec.rb
236
241
  - spec/miam/update_spec.rb
237
242
  - spec/spec_helper.rb