RubyGems - miam - Versions diffs - 0.2.4.beta15 → 0.2.4.beta16 - Mend

miam 0.2.4.beta15 → 0.2.4.beta16

Files changed (9) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 328cabe832ba632a99fbc5bad953498ab6d85e83
-  data.tar.gz: 461015798e3b83bea5e1ab90d7ccc01fa5bc3fbf
+SHA256:
+  metadata.gz: 3064e06a5f31e8841828996c7669ba0ec6a9243b0480581d6f406722d64d002d
+  data.tar.gz: 03e24693e97410030cd8541a391972de9567d82d8cfa45a3f6d2f915c5c5cb7c
 SHA512:
-  metadata.gz: cbdca6578b266fb2525f261d87658c6fec29658c073001f1eeccd1367dd4c096961eb7f69c0456495e79f5377683a4c399599c88c617796d12f0ab5f33f11542
-  data.tar.gz: 552e9e6bb2f29361ac789bfe5a8d34fb369191fdcf5d90d6eb9aa3cc6eef719490da7a1425a5a5db996e5278a5c96b27853a71ef0d1c95c5c42eda418ba6956c
+  metadata.gz: 35398120cf54254e14b890bddefc62236e6051d78b82abbabddbe62c6286ba492de26250c94bd6e1197894ae1447dd70cf226880796144c82e064da724f912a9
+  data.tar.gz: 5c4399f1ab0ab49e85c7cb65e93f44d9895a616e5eb93e7e041f371b31f1ff06e4075929f262a14a70ac280d78d1e69fed2effb5a911f7c2d6650f90a657a1a3

data/lib/miam/client.rb CHANGED

@@ -255,12 +255,24 @@ class Miam::Client
       log(:warn, "Role `#{role_name}`: 'path' cannot be updated", :color => :yellow)
     end
-    updated = walk_assume_role_policy(role_name, expected_attrs[:assume_role_policy_document], actual_attrs[:assume_role_policy_document])
+    updated = walk_role_settings(role_name, {max_session_duration: expected_attrs[:max_session_duration]}, {max_session_duration: actual_attrs[:max_session_duration]})
+    updated = walk_assume_role_policy(role_name, expected_attrs[:assume_role_policy_document], actual_attrs[:assume_role_policy_document]) || updated
     updated = walk_role_instance_profiles(role_name, expected_attrs[:instance_profiles], actual_attrs[:instance_profiles]) || updated
     updated = walk_attached_managed_policies(:role, role_name, expected_attrs[:attached_managed_policies], actual_attrs[:attached_managed_policies]) || updated
     walk_policies(:role, role_name, expected_attrs[:policies], actual_attrs[:policies]) || updated
   end
+  def walk_role_settings(role_name, expected_settings, actual_settings)
+    updated = false
+    if expected_settings != actual_settings
+      @driver.update_role_settings(role_name, expected_settings, actual_settings)
+      updated = true
+    end
+    updated
+  end
   def walk_assume_role_policy(role_name, expected_assume_role_policy, actual_assume_role_policy)
     updated = false
     expected_assume_role_policy.sort_array!

data/lib/miam/driver.rb CHANGED

@@ -178,6 +178,7 @@ class Miam::Driver
       params = {
         :role_name => role_name,
         :assume_role_policy_document => encode_document(assume_role_policy_document),
+        :max_session_duration => attrs.fetch(:max_session_duration)
       }
       params[:path] = attrs[:path] if attrs[:path]
@@ -189,6 +190,7 @@ class Miam::Driver
       :assume_role_policy_document => assume_role_policy_document,
       :policies => {},
       :attached_managed_policies => [],
+      :max_session_duration => attrs.fetch(:max_session_duration),
     }
     new_role_attrs[:path] = attrs[:path] if attrs[:path]
@@ -237,6 +239,14 @@ class Miam::Driver
     end
   end
+  def update_role_settings(role_name, new_settings, old_settings)
+    log(:info, "Update Role `#{role_name}` > Settings", :color => :green)
+    log(:info, Miam::Utils.diff(old_settings, new_settings, :color => @options[:color]), :color => false)
+    unless_dry_run do
+      @iam.update_role(new_settings.merge(role_name: role_name))
+    end
+  end
   def update_assume_role_policy(role_name, policy_document, old_policy_document)
     log(:info, "Update Role `#{role_name}` > AssumeRolePolicy", :color => :green)
     log(:info, Miam::Utils.diff(old_policy_document, policy_document, :color => @options[:color]), :color => false)

data/lib/miam/dsl/context/role.rb CHANGED

@@ -4,7 +4,7 @@ class Miam::DSL::Context::Role
   def initialize(context, name, &block)
     @role_name = name
     @context = context.merge(:role_name => name)
-    @result = {:instance_profiles => [], :policies => {}, :attached_managed_policies => []}
+    @result = {:instance_profiles => [], :max_session_duration => 3600, :policies => {}, :attached_managed_policies => []}
     instance_eval(&block)
   end
@@ -22,6 +22,10 @@ class Miam::DSL::Context::Role
     @result[:instance_profiles].concat(profiles.map(&:to_s))
   end
+  def max_session_duration(duration)
+    @result[:max_session_duration] = duration
+  end
   def assume_role_policy_document
     if @result[:assume_role_policy_document]
       raise "Role `#{@role_name}` > AssumeRolePolicyDocument: already defined"

data/lib/miam/dsl/converter.rb CHANGED

@@ -95,6 +95,8 @@ end
 role #{role_name.inspect}, #{Miam::Utils.unbrace(role_options.inspect)} do
   #{output_role_instance_profiles(attrs[:instance_profiles])}
+  #{output_role_max_session_duration(attrs[:max_session_duration])}
   #{output_assume_role_policy_document(attrs[:assume_role_policy_document])}
   #{output_policies(attrs[:policies])}
@@ -122,6 +124,12 @@ end
     }.select {|i| i }.join("\n")
   end
+  def output_role_max_session_duration(max_session_duration)
+    <<-EOS.strip
+      max_session_duration #{max_session_duration}
+    EOS
+  end
   def output_assume_role_policy_document(assume_role_policy_document)
     assume_role_policy_document = assume_role_policy_document.pretty_inspect
     assume_role_policy_document.gsub!("\n", "\n    ").strip!

data/lib/miam/exporter.rb CHANGED

@@ -144,6 +144,8 @@ class Miam::Exporter
       instance_profiles = role.instance_profile_list.map {|i| i.instance_profile_name }
       policies = export_role_policies(role)
       attached_managed_policies = role.attached_managed_policies.map(&:policy_arn)
+      role_data = @iam.get_role(role_name: role_name).role
+      max_session_duration = role_data.max_session_duration
       @mutex.synchronize do
         instance_profiles.each do |instance_profile_name|
@@ -159,6 +161,7 @@ class Miam::Exporter
           :instance_profiles => instance_profiles,
           :policies => policies,
           :attached_managed_policies => attached_managed_policies,
+          :max_session_duration => max_session_duration,
         }
         progress

data/lib/miam/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Miam
-  VERSION = '0.2.4.beta15'
+  VERSION = '0.2.4.beta16'
 end

data/spec/miam/update_spec.rb CHANGED

@@ -122,6 +122,7 @@ describe 'update' do
               "Principal"=>{"Service"=>"ec2.amazonaws.com"},
               "Action"=>"sts:AssumeRole"}]},
          :instance_profiles=>["my-instance-profile"],
+         :max_session_duration=>3600,
          :attached_managed_policies=>[],
          :policies=>
           {"role-policy"=>
@@ -888,4 +889,89 @@ describe 'update' do
       expect(export).to eq expected
     end
   end
+  context 'when update role max_session_duration' do
+    let(:update_instance_profiles_dsl) do
+      <<-RUBY
+        user "bob", :path=>"/developer/" do
+          login_profile :password_reset_required=>true
+          groups(
+            "Admin",
+            "SES"
+          )
+          policy "S3" do
+            {"Statement"=>
+              [{"Action"=>
+                 ["s3:Get*",
+                  "s3:List*"],
+                "Effect"=>"Allow",
+                "Resource"=>"*"}]}
+          end
+        end
+        user "mary", :path=>"/staff/" do
+          policy "S3" do
+            {"Statement"=>
+              [{"Action"=>
+                 ["s3:Get*",
+                  "s3:List*"],
+                "Effect"=>"Allow",
+                "Resource"=>"*"}]}
+          end
+        end
+        group "Admin", :path=>"/admin/" do
+          policy "Admin" do
+            {"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}
+          end
+        end
+        group "SES", :path=>"/ses/" do
+          policy "ses-policy" do
+            {"Statement"=>
+              [{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
+          end
+        end
+        role "my-role", :path=>"/any/" do
+          instance_profiles(
+            "my-instance-profile"
+          )
+          max_session_policy 43200
+          assume_role_policy_document do
+            {"Version"=>"2012-10-17",
+             "Statement"=>
+              [{"Sid"=>"",
+                "Effect"=>"Allow",
+                "Principal"=>{"Service"=>"ec2.amazonaws.com"},
+                "Action"=>"sts:AssumeRole"}]}
+          end
+          policy "role-policy" do
+            {"Statement"=>
+              [{"Action"=>
+                 ["s3:Get*",
+                  "s3:List*"],
+                "Effect"=>"Allow",
+                "Resource"=>"*"}]}
+          end
+        end
+        instance_profile "my-instance-profile", :path=>"/profile/"
+      RUBY
+    end
+    subject { client }
+    it do
+      updated = apply(subject) { update_instance_profiles_dsl }
+      expect(updated).to be_truthy
+      expected[:roles]["my-role"][:max_session_duration] = 43200
+      expect(export).to eq expected
+    end
+  end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: miam
 version: !ruby/object:Gem::Version
-  version: 0.2.4.beta15
+  version: 0.2.4.beta16
 platform: ruby
 authors:
 - Genki Sugawara
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-01-22 00:00:00.000000000 Z
+date: 2018-04-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -251,7 +251,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 2.7.3
 signing_key:
 specification_version: 4
 summary: Miam is a tool to manage IAM.