miam 0.2.4.beta15 → 0.2.4.beta16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 328cabe832ba632a99fbc5bad953498ab6d85e83
4
- data.tar.gz: 461015798e3b83bea5e1ab90d7ccc01fa5bc3fbf
2
+ SHA256:
3
+ metadata.gz: 3064e06a5f31e8841828996c7669ba0ec6a9243b0480581d6f406722d64d002d
4
+ data.tar.gz: 03e24693e97410030cd8541a391972de9567d82d8cfa45a3f6d2f915c5c5cb7c
5
5
  SHA512:
6
- metadata.gz: cbdca6578b266fb2525f261d87658c6fec29658c073001f1eeccd1367dd4c096961eb7f69c0456495e79f5377683a4c399599c88c617796d12f0ab5f33f11542
7
- data.tar.gz: 552e9e6bb2f29361ac789bfe5a8d34fb369191fdcf5d90d6eb9aa3cc6eef719490da7a1425a5a5db996e5278a5c96b27853a71ef0d1c95c5c42eda418ba6956c
6
+ metadata.gz: 35398120cf54254e14b890bddefc62236e6051d78b82abbabddbe62c6286ba492de26250c94bd6e1197894ae1447dd70cf226880796144c82e064da724f912a9
7
+ data.tar.gz: 5c4399f1ab0ab49e85c7cb65e93f44d9895a616e5eb93e7e041f371b31f1ff06e4075929f262a14a70ac280d78d1e69fed2effb5a911f7c2d6650f90a657a1a3
@@ -255,12 +255,24 @@ class Miam::Client
255
255
  log(:warn, "Role `#{role_name}`: 'path' cannot be updated", :color => :yellow)
256
256
  end
257
257
 
258
- updated = walk_assume_role_policy(role_name, expected_attrs[:assume_role_policy_document], actual_attrs[:assume_role_policy_document])
258
+ updated = walk_role_settings(role_name, {max_session_duration: expected_attrs[:max_session_duration]}, {max_session_duration: actual_attrs[:max_session_duration]})
259
+ updated = walk_assume_role_policy(role_name, expected_attrs[:assume_role_policy_document], actual_attrs[:assume_role_policy_document]) || updated
259
260
  updated = walk_role_instance_profiles(role_name, expected_attrs[:instance_profiles], actual_attrs[:instance_profiles]) || updated
260
261
  updated = walk_attached_managed_policies(:role, role_name, expected_attrs[:attached_managed_policies], actual_attrs[:attached_managed_policies]) || updated
261
262
  walk_policies(:role, role_name, expected_attrs[:policies], actual_attrs[:policies]) || updated
262
263
  end
263
264
 
265
+ def walk_role_settings(role_name, expected_settings, actual_settings)
266
+ updated = false
267
+
268
+ if expected_settings != actual_settings
269
+ @driver.update_role_settings(role_name, expected_settings, actual_settings)
270
+ updated = true
271
+ end
272
+
273
+ updated
274
+ end
275
+
264
276
  def walk_assume_role_policy(role_name, expected_assume_role_policy, actual_assume_role_policy)
265
277
  updated = false
266
278
  expected_assume_role_policy.sort_array!
@@ -178,6 +178,7 @@ class Miam::Driver
178
178
  params = {
179
179
  :role_name => role_name,
180
180
  :assume_role_policy_document => encode_document(assume_role_policy_document),
181
+ :max_session_duration => attrs.fetch(:max_session_duration)
181
182
  }
182
183
 
183
184
  params[:path] = attrs[:path] if attrs[:path]
@@ -189,6 +190,7 @@ class Miam::Driver
189
190
  :assume_role_policy_document => assume_role_policy_document,
190
191
  :policies => {},
191
192
  :attached_managed_policies => [],
193
+ :max_session_duration => attrs.fetch(:max_session_duration),
192
194
  }
193
195
 
194
196
  new_role_attrs[:path] = attrs[:path] if attrs[:path]
@@ -237,6 +239,14 @@ class Miam::Driver
237
239
  end
238
240
  end
239
241
 
242
+ def update_role_settings(role_name, new_settings, old_settings)
243
+ log(:info, "Update Role `#{role_name}` > Settings", :color => :green)
244
+ log(:info, Miam::Utils.diff(old_settings, new_settings, :color => @options[:color]), :color => false)
245
+ unless_dry_run do
246
+ @iam.update_role(new_settings.merge(role_name: role_name))
247
+ end
248
+ end
249
+
240
250
  def update_assume_role_policy(role_name, policy_document, old_policy_document)
241
251
  log(:info, "Update Role `#{role_name}` > AssumeRolePolicy", :color => :green)
242
252
  log(:info, Miam::Utils.diff(old_policy_document, policy_document, :color => @options[:color]), :color => false)
@@ -4,7 +4,7 @@ class Miam::DSL::Context::Role
4
4
  def initialize(context, name, &block)
5
5
  @role_name = name
6
6
  @context = context.merge(:role_name => name)
7
- @result = {:instance_profiles => [], :policies => {}, :attached_managed_policies => []}
7
+ @result = {:instance_profiles => [], :max_session_duration => 3600, :policies => {}, :attached_managed_policies => []}
8
8
  instance_eval(&block)
9
9
  end
10
10
 
@@ -22,6 +22,10 @@ class Miam::DSL::Context::Role
22
22
  @result[:instance_profiles].concat(profiles.map(&:to_s))
23
23
  end
24
24
 
25
+ def max_session_duration(duration)
26
+ @result[:max_session_duration] = duration
27
+ end
28
+
25
29
  def assume_role_policy_document
26
30
  if @result[:assume_role_policy_document]
27
31
  raise "Role `#{@role_name}` > AssumeRolePolicyDocument: already defined"
@@ -95,6 +95,8 @@ end
95
95
  role #{role_name.inspect}, #{Miam::Utils.unbrace(role_options.inspect)} do
96
96
  #{output_role_instance_profiles(attrs[:instance_profiles])}
97
97
 
98
+ #{output_role_max_session_duration(attrs[:max_session_duration])}
99
+
98
100
  #{output_assume_role_policy_document(attrs[:assume_role_policy_document])}
99
101
 
100
102
  #{output_policies(attrs[:policies])}
@@ -122,6 +124,12 @@ end
122
124
  }.select {|i| i }.join("\n")
123
125
  end
124
126
 
127
+ def output_role_max_session_duration(max_session_duration)
128
+ <<-EOS.strip
129
+ max_session_duration #{max_session_duration}
130
+ EOS
131
+ end
132
+
125
133
  def output_assume_role_policy_document(assume_role_policy_document)
126
134
  assume_role_policy_document = assume_role_policy_document.pretty_inspect
127
135
  assume_role_policy_document.gsub!("\n", "\n ").strip!
@@ -144,6 +144,8 @@ class Miam::Exporter
144
144
  instance_profiles = role.instance_profile_list.map {|i| i.instance_profile_name }
145
145
  policies = export_role_policies(role)
146
146
  attached_managed_policies = role.attached_managed_policies.map(&:policy_arn)
147
+ role_data = @iam.get_role(role_name: role_name).role
148
+ max_session_duration = role_data.max_session_duration
147
149
 
148
150
  @mutex.synchronize do
149
151
  instance_profiles.each do |instance_profile_name|
@@ -159,6 +161,7 @@ class Miam::Exporter
159
161
  :instance_profiles => instance_profiles,
160
162
  :policies => policies,
161
163
  :attached_managed_policies => attached_managed_policies,
164
+ :max_session_duration => max_session_duration,
162
165
  }
163
166
 
164
167
  progress
@@ -1,3 +1,3 @@
1
1
  module Miam
2
- VERSION = '0.2.4.beta15'
2
+ VERSION = '0.2.4.beta16'
3
3
  end
@@ -122,6 +122,7 @@ describe 'update' do
122
122
  "Principal"=>{"Service"=>"ec2.amazonaws.com"},
123
123
  "Action"=>"sts:AssumeRole"}]},
124
124
  :instance_profiles=>["my-instance-profile"],
125
+ :max_session_duration=>3600,
125
126
  :attached_managed_policies=>[],
126
127
  :policies=>
127
128
  {"role-policy"=>
@@ -888,4 +889,89 @@ describe 'update' do
888
889
  expect(export).to eq expected
889
890
  end
890
891
  end
892
+
893
+ context 'when update role max_session_duration' do
894
+ let(:update_instance_profiles_dsl) do
895
+ <<-RUBY
896
+ user "bob", :path=>"/developer/" do
897
+ login_profile :password_reset_required=>true
898
+
899
+ groups(
900
+ "Admin",
901
+ "SES"
902
+ )
903
+
904
+ policy "S3" do
905
+ {"Statement"=>
906
+ [{"Action"=>
907
+ ["s3:Get*",
908
+ "s3:List*"],
909
+ "Effect"=>"Allow",
910
+ "Resource"=>"*"}]}
911
+ end
912
+ end
913
+
914
+ user "mary", :path=>"/staff/" do
915
+ policy "S3" do
916
+ {"Statement"=>
917
+ [{"Action"=>
918
+ ["s3:Get*",
919
+ "s3:List*"],
920
+ "Effect"=>"Allow",
921
+ "Resource"=>"*"}]}
922
+ end
923
+ end
924
+
925
+ group "Admin", :path=>"/admin/" do
926
+ policy "Admin" do
927
+ {"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}
928
+ end
929
+ end
930
+
931
+ group "SES", :path=>"/ses/" do
932
+ policy "ses-policy" do
933
+ {"Statement"=>
934
+ [{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
935
+ end
936
+ end
937
+
938
+ role "my-role", :path=>"/any/" do
939
+ instance_profiles(
940
+ "my-instance-profile"
941
+ )
942
+
943
+ max_session_policy 43200
944
+
945
+ assume_role_policy_document do
946
+ {"Version"=>"2012-10-17",
947
+ "Statement"=>
948
+ [{"Sid"=>"",
949
+ "Effect"=>"Allow",
950
+ "Principal"=>{"Service"=>"ec2.amazonaws.com"},
951
+ "Action"=>"sts:AssumeRole"}]}
952
+ end
953
+
954
+ policy "role-policy" do
955
+ {"Statement"=>
956
+ [{"Action"=>
957
+ ["s3:Get*",
958
+ "s3:List*"],
959
+ "Effect"=>"Allow",
960
+ "Resource"=>"*"}]}
961
+ end
962
+ end
963
+
964
+ instance_profile "my-instance-profile", :path=>"/profile/"
965
+ RUBY
966
+ end
967
+
968
+ subject { client }
969
+
970
+ it do
971
+ updated = apply(subject) { update_instance_profiles_dsl }
972
+ expect(updated).to be_truthy
973
+ expected[:roles]["my-role"][:max_session_duration] = 43200
974
+ expect(export).to eq expected
975
+ end
976
+ end
891
977
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: miam
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.4.beta15
4
+ version: 0.2.4.beta16
5
5
  platform: ruby
6
6
  authors:
7
7
  - Genki Sugawara
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-01-22 00:00:00.000000000 Z
11
+ date: 2018-04-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -251,7 +251,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
251
251
  version: 1.3.1
252
252
  requirements: []
253
253
  rubyforge_project:
254
- rubygems_version: 2.6.13
254
+ rubygems_version: 2.7.3
255
255
  signing_key:
256
256
  specification_version: 4
257
257
  summary: Miam is a tool to manage IAM.