miam 0.2.2.beta2 → 0.2.2.beta3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -0
- data/bin/miam +20 -19
- data/lib/miam.rb +2 -1
- data/lib/miam/client.rb +8 -2
- data/lib/miam/ext/hash_ext.rb +29 -0
- data/lib/miam/version.rb +1 -1
- data/spec/miam/hash_ext_spec.rb +39 -0
- data/spec/miam/ignore_login_profile_spec.rb +68 -0
- data/spec/miam/update_spec.rb +2 -2
- metadata +6 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d496d9a9aa4ed9b87d1204a9258cd38d91a7f6fb
|
4
|
+
data.tar.gz: 33fbbdd4f482125637ffb7f8b89d066b0eb2a49e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8b9ebdd9f3d954e859d5661e676c75546d92a1e33126d56cf0d3fa5f31cd0f43f00af87a3ed5416aa8faa67f1e4a021e87afcdf347cb39ffdeba6bfc83c62a81
|
7
|
+
data.tar.gz: 5bc040e86752fb87b19e25f56f834e39e97d848397358545ff629948db0a0730f99fb7b78f6e5ce80719a5851b5d6a2b23a7bd5f28fef06ba7cb9140078fa006
|
data/README.md
CHANGED
@@ -18,6 +18,8 @@ It defines the state of IAM using DSL, and updates IAM according to DSL.
|
|
18
18
|
* `>= 0.2.2`
|
19
19
|
* Improve update (show diff)
|
20
20
|
* Support Template
|
21
|
+
* Add `--ignore-login-profile` option
|
22
|
+
* Sort policy array
|
21
23
|
|
22
24
|
## Installation
|
23
25
|
|
@@ -67,6 +69,7 @@ Usage: miam [options]
|
|
67
69
|
--format=FORMAT
|
68
70
|
--export-concurrency N
|
69
71
|
--target REGEXP
|
72
|
+
--ignore-login-profile
|
70
73
|
--no-color
|
71
74
|
--no-progress
|
72
75
|
--debug
|
data/bin/miam
CHANGED
@@ -36,25 +36,26 @@ ARGV.options do |opt|
|
|
36
36
|
credentials_path = nil
|
37
37
|
format_passed = false
|
38
38
|
|
39
|
-
opt.on('-p', '--profile PROFILE_NAME') {|v| profile_name
|
40
|
-
opt.on('' , '--credentials-path PATH') {|v| credentials_path
|
41
|
-
opt.on('-k', '--access-key ACCESS_KEY') {|v| access_key
|
42
|
-
opt.on('-s', '--secret-key SECRET_KEY') {|v| secret_key
|
43
|
-
opt.on('-r', '--region REGION') {|v| region
|
44
|
-
opt.on('-a', '--apply') { mode
|
45
|
-
opt.on('-f', '--file FILE') {|v| file
|
46
|
-
opt.on('' , '--dry-run') { options[:dry_run]
|
47
|
-
opt.on('' , '--account-output FILE') {|v| options[:password_manager]
|
48
|
-
opt.on('-e', '--export') { mode
|
49
|
-
opt.on('-o', '--output FILE') {|v| output_file
|
50
|
-
opt.on('' , '--split') { split
|
51
|
-
opt.on('' , '--split-more') { split
|
52
|
-
opt.on('', '--format=FORMAT', [:ruby, :json]) {|v| format_passed = true; options[:format] = v
|
53
|
-
opt.on('' , '--export-concurrency N', Integer) {|v| options[:export_concurrency]
|
54
|
-
opt.on('' , '--target REGEXP') {|v| options[:target]
|
55
|
-
opt.on('' , '--
|
56
|
-
opt.on('' , '--no-
|
57
|
-
opt.on('' , '--
|
39
|
+
opt.on('-p', '--profile PROFILE_NAME') {|v| profile_name = v }
|
40
|
+
opt.on('' , '--credentials-path PATH') {|v| credentials_path = v }
|
41
|
+
opt.on('-k', '--access-key ACCESS_KEY') {|v| access_key = v }
|
42
|
+
opt.on('-s', '--secret-key SECRET_KEY') {|v| secret_key = v }
|
43
|
+
opt.on('-r', '--region REGION') {|v| region = v }
|
44
|
+
opt.on('-a', '--apply') { mode = :apply }
|
45
|
+
opt.on('-f', '--file FILE') {|v| file = v }
|
46
|
+
opt.on('' , '--dry-run') { options[:dry_run] = true }
|
47
|
+
opt.on('' , '--account-output FILE') {|v| options[:password_manager] = Miam::PasswordManager.new(v, options) }
|
48
|
+
opt.on('-e', '--export') { mode = :export }
|
49
|
+
opt.on('-o', '--output FILE') {|v| output_file = v }
|
50
|
+
opt.on('' , '--split') { split = true }
|
51
|
+
opt.on('' , '--split-more') { split = :more }
|
52
|
+
opt.on('', '--format=FORMAT', [:ruby, :json]) {|v| format_passed = true; options[:format] = v }
|
53
|
+
opt.on('' , '--export-concurrency N', Integer) {|v| options[:export_concurrency] = v }
|
54
|
+
opt.on('' , '--target REGEXP') {|v| options[:target] = Regexp.new(v) }
|
55
|
+
opt.on('' , '--ignore-login-profile') { options[:ignore_login_profile] = true }
|
56
|
+
opt.on('' , '--no-color') { options[:color] = false }
|
57
|
+
opt.on('' , '--no-progress') { options[:no_progress] = true }
|
58
|
+
opt.on('' , '--debug') { options[:debug] = true }
|
58
59
|
opt.parse!
|
59
60
|
|
60
61
|
aws_opts = {}
|
data/lib/miam.rb
CHANGED
@@ -13,6 +13,8 @@ require 'diffy'
|
|
13
13
|
require 'hashie'
|
14
14
|
|
15
15
|
module Miam; end
|
16
|
+
require 'miam/ext/string_ext'
|
17
|
+
require 'miam/ext/hash_ext'
|
16
18
|
require 'miam/logger'
|
17
19
|
require 'miam/template_helper'
|
18
20
|
require 'miam/client'
|
@@ -24,7 +26,6 @@ require 'miam/dsl/context/role'
|
|
24
26
|
require 'miam/dsl/context/user'
|
25
27
|
require 'miam/dsl/converter'
|
26
28
|
require 'miam/exporter'
|
27
|
-
require 'miam/ext/string_ext'
|
28
29
|
require 'miam/password_manager'
|
29
30
|
require 'miam/utils'
|
30
31
|
require 'miam/version'
|
data/lib/miam/client.rb
CHANGED
@@ -133,8 +133,12 @@ class Miam::Client
|
|
133
133
|
@driver.delete_login_profile(user_name)
|
134
134
|
updated = true
|
135
135
|
elsif expected_login_profile != actual_login_profile
|
136
|
-
@
|
137
|
-
|
136
|
+
if @options[:ignore_login_profile]
|
137
|
+
log(:warn, "User `#{user_name}`: difference of loging profile has been ignored: expected=#{expected_login_profile.inspect}, actual=#{actual_login_profile.inspect}", :color => :yellow)
|
138
|
+
else
|
139
|
+
@driver.update_login_profile(user_name, expected_login_profile, actual_login_profile)
|
140
|
+
updated = true
|
141
|
+
end
|
138
142
|
end
|
139
143
|
|
140
144
|
updated
|
@@ -398,6 +402,8 @@ class Miam::Client
|
|
398
402
|
|
399
403
|
def walk_policy(type, user_or_group_name, policy_name, expected_document, actual_document)
|
400
404
|
updated = false
|
405
|
+
expected_document.sort_array!
|
406
|
+
actual_document.sort_array!
|
401
407
|
|
402
408
|
if expected_document != actual_document
|
403
409
|
@driver.update_policy(type, user_or_group_name, policy_name, expected_document, actual_document)
|
@@ -0,0 +1,29 @@
|
|
1
|
+
class Hash
|
2
|
+
def sort_array!
|
3
|
+
keys.each do |key|
|
4
|
+
value = self[key]
|
5
|
+
self[key] = sort_array0(value)
|
6
|
+
end
|
7
|
+
|
8
|
+
self
|
9
|
+
end
|
10
|
+
|
11
|
+
private
|
12
|
+
|
13
|
+
def sort_array0(value)
|
14
|
+
case value
|
15
|
+
when Hash
|
16
|
+
new_value = {}
|
17
|
+
|
18
|
+
value.each do |k, v|
|
19
|
+
new_value[k] = sort_array0(v)
|
20
|
+
end
|
21
|
+
|
22
|
+
new_value
|
23
|
+
when Array
|
24
|
+
value.map {|v| sort_array0(v) }.sort_by(&:to_s)
|
25
|
+
else
|
26
|
+
value
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
data/lib/miam/version.rb
CHANGED
@@ -0,0 +1,39 @@
|
|
1
|
+
describe 'Hash#sort_array!' do
|
2
|
+
let(:hash) do
|
3
|
+
{:users=>
|
4
|
+
{"bob"=>
|
5
|
+
{:path=>"/devloper/",
|
6
|
+
:groups=>[],
|
7
|
+
:policies=>
|
8
|
+
{"S3"=>
|
9
|
+
{"Statement"=>
|
10
|
+
[{"Action"=>["s3:Put*", "s3:List*", "s3:Get*"],
|
11
|
+
"Effect"=>"Allow",
|
12
|
+
"Resource"=>"*"}]}},
|
13
|
+
:attached_managed_policies=>[
|
14
|
+
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess",
|
15
|
+
"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"],
|
16
|
+
:login_profile=>{:password_reset_required=>true}}}}
|
17
|
+
end
|
18
|
+
|
19
|
+
let(:expected_hash) do
|
20
|
+
{:users=>
|
21
|
+
{"bob"=>
|
22
|
+
{:path=>"/devloper/",
|
23
|
+
:groups=>[],
|
24
|
+
:policies=>
|
25
|
+
{"S3"=>
|
26
|
+
{"Statement"=>
|
27
|
+
[{"Action"=>["s3:Get*", "s3:List*", "s3:Put*"],
|
28
|
+
"Effect"=>"Allow",
|
29
|
+
"Resource"=>"*"}]}},
|
30
|
+
:attached_managed_policies=>[
|
31
|
+
"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
|
32
|
+
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"],
|
33
|
+
:login_profile=>{:password_reset_required=>true}}}}
|
34
|
+
end
|
35
|
+
|
36
|
+
subject { hash.sort_array! }
|
37
|
+
|
38
|
+
it { is_expected.to eq expected_hash }
|
39
|
+
end
|
@@ -0,0 +1,68 @@
|
|
1
|
+
describe 'ignore login profile' do
|
2
|
+
let(:dsl) do
|
3
|
+
<<-RUBY
|
4
|
+
user "bob", :path=>"/devloper/" do
|
5
|
+
login_profile :password_reset_required=>true
|
6
|
+
|
7
|
+
policy "S3" do
|
8
|
+
{"Statement"=>
|
9
|
+
[{"Action"=>
|
10
|
+
["s3:Get*",
|
11
|
+
"s3:List*"],
|
12
|
+
"Effect"=>"Allow",
|
13
|
+
"Resource"=>"*"}]}
|
14
|
+
end
|
15
|
+
end
|
16
|
+
RUBY
|
17
|
+
end
|
18
|
+
|
19
|
+
let(:update_dsl) do
|
20
|
+
<<-RUBY
|
21
|
+
user "bob", :path=>"/devloper/" do
|
22
|
+
login_profile :password_reset_required=>false
|
23
|
+
|
24
|
+
policy "S3" do
|
25
|
+
{"Statement"=>
|
26
|
+
[{"Action"=>
|
27
|
+
["s3:Get*",
|
28
|
+
"s3:List*",
|
29
|
+
"s3:Put*"],
|
30
|
+
"Effect"=>"Allow",
|
31
|
+
"Resource"=>"*"}]}
|
32
|
+
end
|
33
|
+
end
|
34
|
+
RUBY
|
35
|
+
end
|
36
|
+
|
37
|
+
let(:expected) do
|
38
|
+
{:users=>
|
39
|
+
{"bob"=>
|
40
|
+
{:path=>"/devloper/",
|
41
|
+
:groups=>[],
|
42
|
+
:policies=>
|
43
|
+
{"S3"=>
|
44
|
+
{"Statement"=>
|
45
|
+
[{"Action"=>["s3:Get*", "s3:List*", "s3:Put*"],
|
46
|
+
"Effect"=>"Allow",
|
47
|
+
"Resource"=>"*"}]}},
|
48
|
+
:attached_managed_policies=>[],
|
49
|
+
:login_profile=>{:password_reset_required=>true}}},
|
50
|
+
:groups=>{},
|
51
|
+
:roles=>{},
|
52
|
+
:instance_profiles=>{}}
|
53
|
+
end
|
54
|
+
|
55
|
+
before(:each) do
|
56
|
+
apply { dsl }
|
57
|
+
end
|
58
|
+
|
59
|
+
context 'when no change' do
|
60
|
+
subject { client(ignore_login_profile: true) }
|
61
|
+
|
62
|
+
it do
|
63
|
+
updated = apply(subject) { update_dsl }
|
64
|
+
expect(updated).to be_truthy
|
65
|
+
expect(export).to eq expected
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
data/spec/miam/update_spec.rb
CHANGED
@@ -225,9 +225,9 @@ describe 'update' do
|
|
225
225
|
it do
|
226
226
|
updated = apply(subject) { update_policy_dsl }
|
227
227
|
expect(updated).to be_truthy
|
228
|
-
expected[:users]["mary"][:policies]["S3"]["Statement"][0]["Action"] = ["s3:Get*", "s3:
|
228
|
+
expected[:users]["mary"][:policies]["S3"]["Statement"][0]["Action"] = ["s3:Get*", "s3:List*", "s3:Put*"]
|
229
229
|
expected[:groups]["SES"][:policies]["ses-policy"]["Statement"][0]["Action"] = "*"
|
230
|
-
expected[:roles]["my-role"][:policies]["role-policy"]["Statement"][0]["Action"] = ["s3:Get*", "s3:
|
230
|
+
expected[:roles]["my-role"][:policies]["role-policy"]["Statement"][0]["Action"] = ["s3:Get*", "s3:List*", "s3:Put*"]
|
231
231
|
expect(export).to eq expected
|
232
232
|
end
|
233
233
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: miam
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.2.
|
4
|
+
version: 0.2.2.beta3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Genki Sugawara
|
@@ -191,6 +191,7 @@ files:
|
|
191
191
|
- lib/miam/dsl/context/user.rb
|
192
192
|
- lib/miam/dsl/converter.rb
|
193
193
|
- lib/miam/exporter.rb
|
194
|
+
- lib/miam/ext/hash_ext.rb
|
194
195
|
- lib/miam/ext/string_ext.rb
|
195
196
|
- lib/miam/logger.rb
|
196
197
|
- lib/miam/password_manager.rb
|
@@ -201,6 +202,8 @@ files:
|
|
201
202
|
- spec/miam/attach_detach_policy_spec.rb
|
202
203
|
- spec/miam/create_spec.rb
|
203
204
|
- spec/miam/delete_spec.rb
|
205
|
+
- spec/miam/hash_ext_spec.rb
|
206
|
+
- spec/miam/ignore_login_profile_spec.rb
|
204
207
|
- spec/miam/rename_spec.rb
|
205
208
|
- spec/miam/update_spec.rb
|
206
209
|
- spec/spec_helper.rb
|
@@ -232,6 +235,8 @@ test_files:
|
|
232
235
|
- spec/miam/attach_detach_policy_spec.rb
|
233
236
|
- spec/miam/create_spec.rb
|
234
237
|
- spec/miam/delete_spec.rb
|
238
|
+
- spec/miam/hash_ext_spec.rb
|
239
|
+
- spec/miam/ignore_login_profile_spec.rb
|
235
240
|
- spec/miam/rename_spec.rb
|
236
241
|
- spec/miam/update_spec.rb
|
237
242
|
- spec/spec_helper.rb
|