miam 0.2.2.beta → 0.2.2.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fe963fe6fae509bed4854e4e671692fcc18c4107
-  data.tar.gz: 231af89b949cdddf357961cdf89e80958c4d5f41
+  metadata.gz: 02694ddfe3ad49f32f2105b74f6367f52cdf0eaa
+  data.tar.gz: 950a3109de9a191931aaadf6313b9628da4f943c
 SHA512:
-  metadata.gz: a83c3befa251be6948f7e44de4a29905661c65a251f7eb4198894ff3e84b62438809caf75179d9f8aaa79370a824b49e3e294e7bba6bf22066a1ffb8b0b322da
-  data.tar.gz: 3c527e428ab28af26051c578c9e526573ad381669480e118e43bc06ef8fb152a004d3f84f19b3c48382e803b91a2ec98143ae0adb6587485dc3866002aee1370
+  metadata.gz: 332e80bae95488ee96f9b269d120cb80d896ba7eec058419e5498f784c45cc40a5018f9a14c5c59d2995a2c326ac100d8c607690d23798e7a3114ca9ac62ddcf
+  data.tar.gz: c7f97f201ab25b1765e8dc8fa445110354c41546f8ad6c9a376a85b3e3fffc0e72b067967151eed40fab6fc9896266a3012cd1b8a0ff4af5beddcbdfb3d4aa02

data/.travis.yml

@@ -1,3 +1,4 @@
+sudo: false
 language: ruby
 rvm:
 - 2.0.0

data/README.md

@@ -6,7 +6,7 @@ It defines the state of IAM using DSL, and updates IAM according to DSL.
 
 [![Gem Version](https://badge.fury.io/rb/miam.svg)](http://badge.fury.io/rb/miam)
 [![Build Status](https://travis-ci.org/winebarrel/miam.svg?branch=master)](https://travis-ci.org/winebarrel/miam)
-[![Coverage Status](https://coveralls.io/repos/winebarrel/miam/badge.png?branch=master)](https://coveralls.io/r/winebarrel/miam?branch=master)
+[![Coverage Status](https://coveralls.io/repos/winebarrel/miam/badge.svg?branch=master&service=github)](https://coveralls.io/github/winebarrel/miam?branch=master)
 
 **Notice**
 
@@ -15,6 +15,9 @@ It defines the state of IAM using DSL, and updates IAM according to DSL.
 * `>= 0.2.1`
   * Support Managed Policy attach/detach
   * Support JSON format
+* `>= 0.2.2`
+  * Improve update (show diff)
+  * Support Template
 
 ## Installation
 
@@ -216,5 +219,71 @@ Apply `iam.json` to IAM (dry-run)
 No change
 ```
 
+## Use Template
+
+```ruby
+template "common-policy" do
+  policy "my-policy" do
+    {"Version"=>context.version,
+     "Statement"=>
+      [{"Action"=>
+         ["s3:Get*",
+          "s3:List*"],
+        "Effect"=>"Allow",
+        "Resource"=>"*"}]}
+  end
+end
+
+template "common-role-attrs" do
+  assume_role_policy_document do
+    {"Version"=>context.version,
+     "Statement"=>
+      [{"Sid"=>"",
+        "Effect"=>"Allow",
+        "Principal"=>{"Service"=>"ec2.amazonaws.com"},
+        "Action"=>"sts:AssumeRole"}]}
+  end
+end
+
+user "bob", :path => "/developer/" do
+  login_profile :password_reset_required=>true
+
+  groups(
+    "Admin"
+  )
+
+  include_template "common-policy", version: "2012-10-17"
+end
+
+user "mary", :path => "/staff/" do
+  # login_profile :password_reset_required=>true
+
+  groups(
+    # no group
+  )
+
+  context.version = "2012-10-17"
+  include_template "common-policy"
+
+  attached_managed_policies(
+    "arn:aws:iam::aws:policy/AdministratorAccess",
+    "arn:aws:iam::123456789012:policy/my_policy"
+  )
+end
+
+role "S3", :path => "/" do
+  instance_profiles(
+    "S3"
+  )
+
+  include_template "common-role-attrs"
+
+  policy "S3-role-policy" do
+    {"Version"=>"2012-10-17",
+     "Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}
+  end
+end
+```
+
 ## Similar tools
 * [Codenize.tools](http://codenize.tools/)

data/lib/miam.rb

@@ -10,9 +10,11 @@ require 'ruby-progressbar'
 require 'parallel'
 require 'term/ansicolor'
 require 'diffy'
+require 'hashie'
 
 module Miam; end
 require 'miam/logger'
+require 'miam/template_helper'
 require 'miam/client'
 require 'miam/driver'
 require 'miam/dsl'

data/lib/miam/dsl/context.rb

@@ -1,4 +1,6 @@
 class Miam::DSL::Context
+  include Miam::TemplateHelper
+
   def self.eval(dsl, path, options = {})
     self.new(path, options) {
       eval(dsl, binding, path)
@@ -11,9 +13,20 @@ class Miam::DSL::Context
     @path = path
     @options = options
     @result = {:users => {}, :groups => {}, :roles => {}, :instance_profiles => {}}
+
+    @context = Hashie::Mash.new(
+      :path => path,
+      :options => options,
+      :templates => {}
+    )
+
     instance_eval(&block)
   end
 
+  def template(name, &block)
+    @context.templates[name.to_s] = block
+  end
+
   private
 
   def require(file)
@@ -35,7 +48,7 @@ class Miam::DSL::Context
       raise "User `#{name}` is already defined"
     end
 
-    attrs = Miam::DSL::Context::User.new(name, &block).result
+    attrs = Miam::DSL::Context::User.new(@context, name, &block).result
     @result[:users][name] = user_options.merge(attrs)
   end
 
@@ -46,7 +59,7 @@ class Miam::DSL::Context
       raise "Group `#{name}` is already defined"
     end
 
-    attrs = Miam::DSL::Context::Group.new(name, &block).result
+    attrs = Miam::DSL::Context::Group.new(@context, name, &block).result
     @result[:groups][name] = group_options.merge(attrs)
   end
 
@@ -57,7 +70,7 @@ class Miam::DSL::Context
       raise "Role `#{name}` is already defined"
     end
 
-    attrs = Miam::DSL::Context::Role.new(name, &block).result
+    attrs = Miam::DSL::Context::Role.new(@context, name, &block).result
     @result[:roles][name] = role_options.merge(attrs)
   end
 

data/lib/miam/dsl/context/group.rb

@@ -1,6 +1,9 @@
 class Miam::DSL::Context::Group
-  def initialize(name, &block)
+  include Miam::TemplateHelper
+
+  def initialize(context, name, &block)
     @group_name = name
+    @context = context.merge(:group_name => name)
     @result = {:policies => {}, :attached_managed_policies => []}
     instance_eval(&block)
   end

data/lib/miam/dsl/context/role.rb

@@ -1,6 +1,9 @@
 class Miam::DSL::Context::Role
-  def initialize(name, &block)
+  include Miam::TemplateHelper
+
+  def initialize(context, name, &block)
     @role_name = name
+    @context = context.merge(:role_name => name)
     @result = {:instance_profiles => [], :policies => {}, :attached_managed_policies => []}
     instance_eval(&block)
   end

data/lib/miam/dsl/context/user.rb

@@ -1,6 +1,9 @@
 class Miam::DSL::Context::User
-  def initialize(name, &block)
+  include Miam::TemplateHelper
+
+  def initialize(context, name, &block)
     @user_name = name
+    @context = context.merge(:user_name => name)
     @result = {:groups => [], :policies => {}, :attached_managed_policies => []}
     instance_eval(&block)
   end

data/lib/miam/template_helper.rb

@@ -0,0 +1,20 @@
+module Miam
+  module TemplateHelper
+    def include_template(template_name, context = {})
+      tmplt = @context.templates[template_name.to_s]
+
+      unless tmplt
+        raise "Template `#{template_name}` is not defined"
+      end
+
+      context_orig = @context
+      @context = @context.merge(context)
+      instance_eval(&tmplt)
+      @context = context_orig
+    end
+
+    def context
+      @context
+    end
+  end
+end

data/lib/miam/version.rb

@@ -1,3 +1,3 @@
 module Miam
-  VERSION = '0.2.2.beta'
+  VERSION = '0.2.2.beta2'
 end

data/miam.gemspec

@@ -25,6 +25,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'parallel'
   spec.add_dependency 'term-ansicolor'
   spec.add_dependency 'diffy'
+  spec.add_dependency 'hashie'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec', '>= 3.0.0'

data/spec/miam/create_spec.rb

@@ -85,68 +85,171 @@ describe 'create' do
     context 'when apply' do
       subject { client }
 
+      let(:expected) do
+        {:users=>
+          {"bob"=>
+            {:path=>"/devloper/",
+             :groups=>["Admin", "SES"],
+             :attached_managed_policies=>[],
+             :policies=>
+              {"S3"=>
+                {"Statement"=>
+                  [{"Action"=>["s3:Get*", "s3:List*"],
+                    "Effect"=>"Allow",
+                    "Resource"=>"*"}]}},
+             :login_profile=>{:password_reset_required=>true}},
+           "mary"=>
+            {:path=>"/staff/",
+             :groups=>[],
+             :attached_managed_policies=>[],
+             :policies=>
+              {"S3"=>
+                {"Statement"=>
+                  [{"Action"=>["s3:Get*", "s3:List*"],
+                    "Effect"=>"Allow",
+                    "Resource"=>"*"}]}}}},
+         :groups=>
+          {"Admin"=>
+            {:path=>"/admin/",
+             :attached_managed_policies=>[],
+             :policies=>
+              {"Admin"=>
+                {"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}}},
+           "SES"=>
+            {:path=>"/ses/",
+             :attached_managed_policies=>[],
+             :policies=>
+              {"ses-policy"=>
+                {"Statement"=>
+                  [{"Effect"=>"Allow",
+                    "Action"=>"ses:SendRawEmail",
+                    "Resource"=>"*"}]}}}},
+         :roles=>
+          {"my-role"=>
+            {:path=>"/any/",
+             :assume_role_policy_document=>
+              {"Version"=>"2012-10-17",
+               "Statement"=>
+                [{"Sid"=>"",
+                  "Effect"=>"Allow",
+                  "Principal"=>{"Service"=>"ec2.amazonaws.com"},
+                  "Action"=>"sts:AssumeRole"}]},
+             :instance_profiles=>["my-instance-profile"],
+             :attached_managed_policies=>[],
+             :policies=>
+              {"role-policy"=>
+                {"Statement"=>
+                  [{"Action"=>["s3:Get*", "s3:List*"],
+                    "Effect"=>"Allow",
+                    "Resource"=>"*"}]}}}},
+         :instance_profiles=>{"my-instance-profile"=>{:path=>"/profile/"}}}
+      end
+
       it do
         updated = apply(subject) { dsl }
         expect(updated).to be_truthy
-        expect(export).to eq(
-          {:users=>
-            {"bob"=>
-              {:path=>"/devloper/",
-               :groups=>["Admin", "SES"],
-               :attached_managed_policies=>[],
-               :policies=>
-                {"S3"=>
-                  {"Statement"=>
-                    [{"Action"=>["s3:Get*", "s3:List*"],
-                      "Effect"=>"Allow",
-                      "Resource"=>"*"}]}},
-               :login_profile=>{:password_reset_required=>true}},
-             "mary"=>
-              {:path=>"/staff/",
-               :groups=>[],
-               :attached_managed_policies=>[],
-               :policies=>
-                {"S3"=>
-                  {"Statement"=>
-                    [{"Action"=>["s3:Get*", "s3:List*"],
-                      "Effect"=>"Allow",
-                      "Resource"=>"*"}]}}}},
-           :groups=>
-            {"Admin"=>
-              {:path=>"/admin/",
-               :attached_managed_policies=>[],
-               :policies=>
-                {"Admin"=>
-                  {"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}}},
-             "SES"=>
-              {:path=>"/ses/",
-               :attached_managed_policies=>[],
-               :policies=>
-                {"ses-policy"=>
-                  {"Statement"=>
-                    [{"Effect"=>"Allow",
-                      "Action"=>"ses:SendRawEmail",
-                      "Resource"=>"*"}]}}}},
-           :roles=>
-            {"my-role"=>
-              {:path=>"/any/",
-               :assume_role_policy_document=>
+        expect(export).to eq expected
+      end
+
+      context 'when using template' do
+        let(:dsl) do
+          <<-RUBY
+            template "bob" do
+              login_profile :password_reset_required=>true
+
+              groups(
+                "Admin",
+                "SES"
+              )
+
+              policy "S3" do
+                {"Statement"=>
+                  [{"Action"=>
+                     ["s3:Get*",
+                      "s3:List*"],
+                    "Effect"=>"Allow",
+                    "Resource"=>"*"}]}
+              end
+            end
+
+            template "mary" do
+              policy "S3" do
+                {"Statement"=>
+                  [{"Action"=>
+                     ["s3:Get*",
+                      "s3:List*"],
+                    "Effect"=>"Allow",
+                    "Resource"=>"*"}]}
+              end
+            end
+
+            user "bob", :path=>"/devloper/" do
+              include_template context.user_name
+            end
+
+            user "mary", :path=>"/staff/" do
+              include_template context.user_name
+            end
+
+            template "Admin" do
+              policy context.policy_name do
+                {"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}
+              end
+            end
+
+            template "SES" do
+              policy context.policy_name do
+                {"Statement"=>
+                  [{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
+              end
+            end
+
+            group "Admin", :path=>"/admin/" do
+              include_template context.group_name, policy_name: "Admin"
+            end
+
+            group "SES", :path=>"/ses/" do
+              context.policy_name = "ses-policy"
+              include_template context.group_name
+            end
+
+            template "my-role" do
+              instance_profiles(
+                "my-instance-profile"
+              )
+
+              assume_role_policy_document do
                 {"Version"=>"2012-10-17",
                  "Statement"=>
                   [{"Sid"=>"",
                     "Effect"=>"Allow",
                     "Principal"=>{"Service"=>"ec2.amazonaws.com"},
-                    "Action"=>"sts:AssumeRole"}]},
-               :instance_profiles=>["my-instance-profile"],
-               :attached_managed_policies=>[],
-               :policies=>
-                {"role-policy"=>
-                  {"Statement"=>
-                    [{"Action"=>["s3:Get*", "s3:List*"],
-                      "Effect"=>"Allow",
-                      "Resource"=>"*"}]}}}},
-           :instance_profiles=>{"my-instance-profile"=>{:path=>"/profile/"}}}
-        )
+                    "Action"=>"sts:AssumeRole"}]}
+              end
+
+              policy "role-policy" do
+                {"Statement"=>
+                  [{"Action"=>
+                     ["s3:Get*",
+                      "s3:List*"],
+                    "Effect"=>"Allow",
+                    "Resource"=>"*"}]}
+              end
+            end
+
+            role "my-role", :path=>"/any/" do
+              include_template context.role_name
+            end
+
+            instance_profile "my-instance-profile", :path=>"/profile/"
+          RUBY
+        end
+
+        it do
+          updated = apply(subject) { dsl }
+          expect(updated).to be_truthy
+          expect(export).to eq expected
+        end
       end
     end
 

metadata

@@ -1,153 +1,167 @@
 --- !ruby/object:Gem::Specification
 name: miam
 version: !ruby/object:Gem::Version
-  version: 0.2.2.beta
+  version: 0.2.2.beta2
 platform: ruby
 authors:
 - Genki Sugawara
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-11 00:00:00.000000000 Z
+date: 2015-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.42
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.42
 - !ruby/object:Gem::Dependency
   name: ruby-progressbar
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: term-ansicolor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: diffy
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: hashie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: rspec-instafail
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Miam is a tool to manage IAM. It defines the state of IAM using DSL,
@@ -159,9 +173,9 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -180,6 +194,7 @@ files:
 - lib/miam/ext/string_ext.rb
 - lib/miam/logger.rb
 - lib/miam/password_manager.rb
+- lib/miam/template_helper.rb
 - lib/miam/utils.rb
 - lib/miam/version.rb
 - miam.gemspec
@@ -199,17 +214,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>'
+  - - ">"
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14.1
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Miam is a tool to manage IAM.