miam 0.2.2.beta2 → 0.2.2.beta3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -0
  3. data/bin/miam +20 -19
  4. data/lib/miam.rb +2 -1
  5. data/lib/miam/client.rb +8 -2
  6. data/lib/miam/ext/hash_ext.rb +29 -0
  7. data/lib/miam/version.rb +1 -1
  8. data/spec/miam/hash_ext_spec.rb +39 -0
  9. data/spec/miam/ignore_login_profile_spec.rb +68 -0
  10. data/spec/miam/update_spec.rb +2 -2
  11. metadata +6 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 02694ddfe3ad49f32f2105b74f6367f52cdf0eaa
4
- data.tar.gz: 950a3109de9a191931aaadf6313b9628da4f943c
3
+ metadata.gz: d496d9a9aa4ed9b87d1204a9258cd38d91a7f6fb
4
+ data.tar.gz: 33fbbdd4f482125637ffb7f8b89d066b0eb2a49e
5
5
  SHA512:
6
- metadata.gz: 332e80bae95488ee96f9b269d120cb80d896ba7eec058419e5498f784c45cc40a5018f9a14c5c59d2995a2c326ac100d8c607690d23798e7a3114ca9ac62ddcf
7
- data.tar.gz: c7f97f201ab25b1765e8dc8fa445110354c41546f8ad6c9a376a85b3e3fffc0e72b067967151eed40fab6fc9896266a3012cd1b8a0ff4af5beddcbdfb3d4aa02
6
+ metadata.gz: 8b9ebdd9f3d954e859d5661e676c75546d92a1e33126d56cf0d3fa5f31cd0f43f00af87a3ed5416aa8faa67f1e4a021e87afcdf347cb39ffdeba6bfc83c62a81
7
+ data.tar.gz: 5bc040e86752fb87b19e25f56f834e39e97d848397358545ff629948db0a0730f99fb7b78f6e5ce80719a5851b5d6a2b23a7bd5f28fef06ba7cb9140078fa006
data/README.md CHANGED
@@ -18,6 +18,8 @@ It defines the state of IAM using DSL, and updates IAM according to DSL.
18
18
  * `>= 0.2.2`
19
19
  * Improve update (show diff)
20
20
  * Support Template
21
+ * Add `--ignore-login-profile` option
22
+ * Sort policy array
21
23
 
22
24
  ## Installation
23
25
 
@@ -67,6 +69,7 @@ Usage: miam [options]
67
69
  --format=FORMAT
68
70
  --export-concurrency N
69
71
  --target REGEXP
72
+ --ignore-login-profile
70
73
  --no-color
71
74
  --no-progress
72
75
  --debug
data/bin/miam CHANGED
@@ -36,25 +36,26 @@ ARGV.options do |opt|
36
36
  credentials_path = nil
37
37
  format_passed = false
38
38
 
39
- opt.on('-p', '--profile PROFILE_NAME') {|v| profile_name = v }
40
- opt.on('' , '--credentials-path PATH') {|v| credentials_path = v }
41
- opt.on('-k', '--access-key ACCESS_KEY') {|v| access_key = v }
42
- opt.on('-s', '--secret-key SECRET_KEY') {|v| secret_key = v }
43
- opt.on('-r', '--region REGION') {|v| region = v }
44
- opt.on('-a', '--apply') { mode = :apply }
45
- opt.on('-f', '--file FILE') {|v| file = v }
46
- opt.on('' , '--dry-run') { options[:dry_run] = true }
47
- opt.on('' , '--account-output FILE') {|v| options[:password_manager] = Miam::PasswordManager.new(v, options) }
48
- opt.on('-e', '--export') { mode = :export }
49
- opt.on('-o', '--output FILE') {|v| output_file = v }
50
- opt.on('' , '--split') { split = true }
51
- opt.on('' , '--split-more') { split = :more }
52
- opt.on('', '--format=FORMAT', [:ruby, :json]) {|v| format_passed = true; options[:format] = v }
53
- opt.on('' , '--export-concurrency N', Integer) {|v| options[:export_concurrency] = v }
54
- opt.on('' , '--target REGEXP') {|v| options[:target] = Regexp.new(v) }
55
- opt.on('' , '--no-color') { options[:color] = false }
56
- opt.on('' , '--no-progress') { options[:no_progress] = true }
57
- opt.on('' , '--debug') { options[:debug] = true }
39
+ opt.on('-p', '--profile PROFILE_NAME') {|v| profile_name = v }
40
+ opt.on('' , '--credentials-path PATH') {|v| credentials_path = v }
41
+ opt.on('-k', '--access-key ACCESS_KEY') {|v| access_key = v }
42
+ opt.on('-s', '--secret-key SECRET_KEY') {|v| secret_key = v }
43
+ opt.on('-r', '--region REGION') {|v| region = v }
44
+ opt.on('-a', '--apply') { mode = :apply }
45
+ opt.on('-f', '--file FILE') {|v| file = v }
46
+ opt.on('' , '--dry-run') { options[:dry_run] = true }
47
+ opt.on('' , '--account-output FILE') {|v| options[:password_manager] = Miam::PasswordManager.new(v, options) }
48
+ opt.on('-e', '--export') { mode = :export }
49
+ opt.on('-o', '--output FILE') {|v| output_file = v }
50
+ opt.on('' , '--split') { split = true }
51
+ opt.on('' , '--split-more') { split = :more }
52
+ opt.on('', '--format=FORMAT', [:ruby, :json]) {|v| format_passed = true; options[:format] = v }
53
+ opt.on('' , '--export-concurrency N', Integer) {|v| options[:export_concurrency] = v }
54
+ opt.on('' , '--target REGEXP') {|v| options[:target] = Regexp.new(v) }
55
+ opt.on('' , '--ignore-login-profile') { options[:ignore_login_profile] = true }
56
+ opt.on('' , '--no-color') { options[:color] = false }
57
+ opt.on('' , '--no-progress') { options[:no_progress] = true }
58
+ opt.on('' , '--debug') { options[:debug] = true }
58
59
  opt.parse!
59
60
 
60
61
  aws_opts = {}
data/lib/miam.rb CHANGED
@@ -13,6 +13,8 @@ require 'diffy'
13
13
  require 'hashie'
14
14
 
15
15
  module Miam; end
16
+ require 'miam/ext/string_ext'
17
+ require 'miam/ext/hash_ext'
16
18
  require 'miam/logger'
17
19
  require 'miam/template_helper'
18
20
  require 'miam/client'
@@ -24,7 +26,6 @@ require 'miam/dsl/context/role'
24
26
  require 'miam/dsl/context/user'
25
27
  require 'miam/dsl/converter'
26
28
  require 'miam/exporter'
27
- require 'miam/ext/string_ext'
28
29
  require 'miam/password_manager'
29
30
  require 'miam/utils'
30
31
  require 'miam/version'
data/lib/miam/client.rb CHANGED
@@ -133,8 +133,12 @@ class Miam::Client
133
133
  @driver.delete_login_profile(user_name)
134
134
  updated = true
135
135
  elsif expected_login_profile != actual_login_profile
136
- @driver.update_login_profile(user_name, expected_login_profile, actual_login_profile)
137
- updated = true
136
+ if @options[:ignore_login_profile]
137
+ log(:warn, "User `#{user_name}`: difference of loging profile has been ignored: expected=#{expected_login_profile.inspect}, actual=#{actual_login_profile.inspect}", :color => :yellow)
138
+ else
139
+ @driver.update_login_profile(user_name, expected_login_profile, actual_login_profile)
140
+ updated = true
141
+ end
138
142
  end
139
143
 
140
144
  updated
@@ -398,6 +402,8 @@ class Miam::Client
398
402
 
399
403
  def walk_policy(type, user_or_group_name, policy_name, expected_document, actual_document)
400
404
  updated = false
405
+ expected_document.sort_array!
406
+ actual_document.sort_array!
401
407
 
402
408
  if expected_document != actual_document
403
409
  @driver.update_policy(type, user_or_group_name, policy_name, expected_document, actual_document)
data/lib/miam/ext/hash_ext.rb ADDED
@@ -0,0 +1,29 @@
1
+ class Hash
2
+ def sort_array!
3
+ keys.each do |key|
4
+ value = self[key]
5
+ self[key] = sort_array0(value)
6
+ end
7
+
8
+ self
9
+ end
10
+
11
+ private
12
+
13
+ def sort_array0(value)
14
+ case value
15
+ when Hash
16
+ new_value = {}
17
+
18
+ value.each do |k, v|
19
+ new_value[k] = sort_array0(v)
20
+ end
21
+
22
+ new_value
23
+ when Array
24
+ value.map {|v| sort_array0(v) }.sort_by(&:to_s)
25
+ else
26
+ value
27
+ end
28
+ end
29
+ end
data/lib/miam/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Miam
2
- VERSION = '0.2.2.beta2'
2
+ VERSION = '0.2.2.beta3'
3
3
  end
data/spec/miam/hash_ext_spec.rb ADDED
@@ -0,0 +1,39 @@
1
+ describe 'Hash#sort_array!' do
2
+ let(:hash) do
3
+ {:users=>
4
+ {"bob"=>
5
+ {:path=>"/devloper/",
6
+ :groups=>[],
7
+ :policies=>
8
+ {"S3"=>
9
+ {"Statement"=>
10
+ [{"Action"=>["s3:Put*", "s3:List*", "s3:Get*"],
11
+ "Effect"=>"Allow",
12
+ "Resource"=>"*"}]}},
13
+ :attached_managed_policies=>[
14
+ "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess",
15
+ "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"],
16
+ :login_profile=>{:password_reset_required=>true}}}}
17
+ end
18
+
19
+ let(:expected_hash) do
20
+ {:users=>
21
+ {"bob"=>
22
+ {:path=>"/devloper/",
23
+ :groups=>[],
24
+ :policies=>
25
+ {"S3"=>
26
+ {"Statement"=>
27
+ [{"Action"=>["s3:Get*", "s3:List*", "s3:Put*"],
28
+ "Effect"=>"Allow",
29
+ "Resource"=>"*"}]}},
30
+ :attached_managed_policies=>[
31
+ "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
32
+ "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"],
33
+ :login_profile=>{:password_reset_required=>true}}}}
34
+ end
35
+
36
+ subject { hash.sort_array! }
37
+
38
+ it { is_expected.to eq expected_hash }
39
+ end
data/spec/miam/ignore_login_profile_spec.rb ADDED
@@ -0,0 +1,68 @@
1
+ describe 'ignore login profile' do
2
+ let(:dsl) do
3
+ <<-RUBY
4
+ user "bob", :path=>"/devloper/" do
5
+ login_profile :password_reset_required=>true
6
+
7
+ policy "S3" do
8
+ {"Statement"=>
9
+ [{"Action"=>
10
+ ["s3:Get*",
11
+ "s3:List*"],
12
+ "Effect"=>"Allow",
13
+ "Resource"=>"*"}]}
14
+ end
15
+ end
16
+ RUBY
17
+ end
18
+
19
+ let(:update_dsl) do
20
+ <<-RUBY
21
+ user "bob", :path=>"/devloper/" do
22
+ login_profile :password_reset_required=>false
23
+
24
+ policy "S3" do
25
+ {"Statement"=>
26
+ [{"Action"=>
27
+ ["s3:Get*",
28
+ "s3:List*",
29
+ "s3:Put*"],
30
+ "Effect"=>"Allow",
31
+ "Resource"=>"*"}]}
32
+ end
33
+ end
34
+ RUBY
35
+ end
36
+
37
+ let(:expected) do
38
+ {:users=>
39
+ {"bob"=>
40
+ {:path=>"/devloper/",
41
+ :groups=>[],
42
+ :policies=>
43
+ {"S3"=>
44
+ {"Statement"=>
45
+ [{"Action"=>["s3:Get*", "s3:List*", "s3:Put*"],
46
+ "Effect"=>"Allow",
47
+ "Resource"=>"*"}]}},
48
+ :attached_managed_policies=>[],
49
+ :login_profile=>{:password_reset_required=>true}}},
50
+ :groups=>{},
51
+ :roles=>{},
52
+ :instance_profiles=>{}}
53
+ end
54
+
55
+ before(:each) do
56
+ apply { dsl }
57
+ end
58
+
59
+ context 'when no change' do
60
+ subject { client(ignore_login_profile: true) }
61
+
62
+ it do
63
+ updated = apply(subject) { update_dsl }
64
+ expect(updated).to be_truthy
65
+ expect(export).to eq expected
66
+ end
67
+ end
68
+ end
data/spec/miam/update_spec.rb CHANGED
@@ -225,9 +225,9 @@ describe 'update' do
225
225
  it do
226
226
  updated = apply(subject) { update_policy_dsl }
227
227
  expect(updated).to be_truthy
228
- expected[:users]["mary"][:policies]["S3"]["Statement"][0]["Action"] = ["s3:Get*", "s3:Put*", "s3:List*"]
228
+ expected[:users]["mary"][:policies]["S3"]["Statement"][0]["Action"] = ["s3:Get*", "s3:List*", "s3:Put*"]
229
229
  expected[:groups]["SES"][:policies]["ses-policy"]["Statement"][0]["Action"] = "*"
230
- expected[:roles]["my-role"][:policies]["role-policy"]["Statement"][0]["Action"] = ["s3:Get*", "s3:Put*", "s3:List*"]
230
+ expected[:roles]["my-role"][:policies]["role-policy"]["Statement"][0]["Action"] = ["s3:Get*", "s3:List*", "s3:Put*"]
231
231
  expect(export).to eq expected
232
232
  end
233
233
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: miam
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2.beta2
4
+ version: 0.2.2.beta3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Genki Sugawara
@@ -191,6 +191,7 @@ files:
191
191
  - lib/miam/dsl/context/user.rb
192
192
  - lib/miam/dsl/converter.rb
193
193
  - lib/miam/exporter.rb
194
+ - lib/miam/ext/hash_ext.rb
194
195
  - lib/miam/ext/string_ext.rb
195
196
  - lib/miam/logger.rb
196
197
  - lib/miam/password_manager.rb
@@ -201,6 +202,8 @@ files:
201
202
  - spec/miam/attach_detach_policy_spec.rb
202
203
  - spec/miam/create_spec.rb
203
204
  - spec/miam/delete_spec.rb
205
+ - spec/miam/hash_ext_spec.rb
206
+ - spec/miam/ignore_login_profile_spec.rb
204
207
  - spec/miam/rename_spec.rb
205
208
  - spec/miam/update_spec.rb
206
209
  - spec/spec_helper.rb
@@ -232,6 +235,8 @@ test_files:
232
235
  - spec/miam/attach_detach_policy_spec.rb
233
236
  - spec/miam/create_spec.rb
234
237
  - spec/miam/delete_spec.rb
238
+ - spec/miam/hash_ext_spec.rb
239
+ - spec/miam/ignore_login_profile_spec.rb
235
240
  - spec/miam/rename_spec.rb
236
241
  - spec/miam/update_spec.rb
237
242
  - spec/spec_helper.rb