miam 0.2.4.beta15 → 0.2.4.beta16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/miam/client.rb +13 -1
- data/lib/miam/driver.rb +10 -0
- data/lib/miam/dsl/context/role.rb +5 -1
- data/lib/miam/dsl/converter.rb +8 -0
- data/lib/miam/exporter.rb +3 -0
- data/lib/miam/version.rb +1 -1
- data/spec/miam/update_spec.rb +86 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 3064e06a5f31e8841828996c7669ba0ec6a9243b0480581d6f406722d64d002d
|
4
|
+
data.tar.gz: 03e24693e97410030cd8541a391972de9567d82d8cfa45a3f6d2f915c5c5cb7c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 35398120cf54254e14b890bddefc62236e6051d78b82abbabddbe62c6286ba492de26250c94bd6e1197894ae1447dd70cf226880796144c82e064da724f912a9
|
7
|
+
data.tar.gz: 5c4399f1ab0ab49e85c7cb65e93f44d9895a616e5eb93e7e041f371b31f1ff06e4075929f262a14a70ac280d78d1e69fed2effb5a911f7c2d6650f90a657a1a3
|
data/lib/miam/client.rb
CHANGED
@@ -255,12 +255,24 @@ class Miam::Client
|
|
255
255
|
log(:warn, "Role `#{role_name}`: 'path' cannot be updated", :color => :yellow)
|
256
256
|
end
|
257
257
|
|
258
|
-
updated =
|
258
|
+
updated = walk_role_settings(role_name, {max_session_duration: expected_attrs[:max_session_duration]}, {max_session_duration: actual_attrs[:max_session_duration]})
|
259
|
+
updated = walk_assume_role_policy(role_name, expected_attrs[:assume_role_policy_document], actual_attrs[:assume_role_policy_document]) || updated
|
259
260
|
updated = walk_role_instance_profiles(role_name, expected_attrs[:instance_profiles], actual_attrs[:instance_profiles]) || updated
|
260
261
|
updated = walk_attached_managed_policies(:role, role_name, expected_attrs[:attached_managed_policies], actual_attrs[:attached_managed_policies]) || updated
|
261
262
|
walk_policies(:role, role_name, expected_attrs[:policies], actual_attrs[:policies]) || updated
|
262
263
|
end
|
263
264
|
|
265
|
+
def walk_role_settings(role_name, expected_settings, actual_settings)
|
266
|
+
updated = false
|
267
|
+
|
268
|
+
if expected_settings != actual_settings
|
269
|
+
@driver.update_role_settings(role_name, expected_settings, actual_settings)
|
270
|
+
updated = true
|
271
|
+
end
|
272
|
+
|
273
|
+
updated
|
274
|
+
end
|
275
|
+
|
264
276
|
def walk_assume_role_policy(role_name, expected_assume_role_policy, actual_assume_role_policy)
|
265
277
|
updated = false
|
266
278
|
expected_assume_role_policy.sort_array!
|
data/lib/miam/driver.rb
CHANGED
@@ -178,6 +178,7 @@ class Miam::Driver
|
|
178
178
|
params = {
|
179
179
|
:role_name => role_name,
|
180
180
|
:assume_role_policy_document => encode_document(assume_role_policy_document),
|
181
|
+
:max_session_duration => attrs.fetch(:max_session_duration)
|
181
182
|
}
|
182
183
|
|
183
184
|
params[:path] = attrs[:path] if attrs[:path]
|
@@ -189,6 +190,7 @@ class Miam::Driver
|
|
189
190
|
:assume_role_policy_document => assume_role_policy_document,
|
190
191
|
:policies => {},
|
191
192
|
:attached_managed_policies => [],
|
193
|
+
:max_session_duration => attrs.fetch(:max_session_duration),
|
192
194
|
}
|
193
195
|
|
194
196
|
new_role_attrs[:path] = attrs[:path] if attrs[:path]
|
@@ -237,6 +239,14 @@ class Miam::Driver
|
|
237
239
|
end
|
238
240
|
end
|
239
241
|
|
242
|
+
def update_role_settings(role_name, new_settings, old_settings)
|
243
|
+
log(:info, "Update Role `#{role_name}` > Settings", :color => :green)
|
244
|
+
log(:info, Miam::Utils.diff(old_settings, new_settings, :color => @options[:color]), :color => false)
|
245
|
+
unless_dry_run do
|
246
|
+
@iam.update_role(new_settings.merge(role_name: role_name))
|
247
|
+
end
|
248
|
+
end
|
249
|
+
|
240
250
|
def update_assume_role_policy(role_name, policy_document, old_policy_document)
|
241
251
|
log(:info, "Update Role `#{role_name}` > AssumeRolePolicy", :color => :green)
|
242
252
|
log(:info, Miam::Utils.diff(old_policy_document, policy_document, :color => @options[:color]), :color => false)
|
@@ -4,7 +4,7 @@ class Miam::DSL::Context::Role
|
|
4
4
|
def initialize(context, name, &block)
|
5
5
|
@role_name = name
|
6
6
|
@context = context.merge(:role_name => name)
|
7
|
-
@result = {:instance_profiles => [], :policies => {}, :attached_managed_policies => []}
|
7
|
+
@result = {:instance_profiles => [], :max_session_duration => 3600, :policies => {}, :attached_managed_policies => []}
|
8
8
|
instance_eval(&block)
|
9
9
|
end
|
10
10
|
|
@@ -22,6 +22,10 @@ class Miam::DSL::Context::Role
|
|
22
22
|
@result[:instance_profiles].concat(profiles.map(&:to_s))
|
23
23
|
end
|
24
24
|
|
25
|
+
def max_session_duration(duration)
|
26
|
+
@result[:max_session_duration] = duration
|
27
|
+
end
|
28
|
+
|
25
29
|
def assume_role_policy_document
|
26
30
|
if @result[:assume_role_policy_document]
|
27
31
|
raise "Role `#{@role_name}` > AssumeRolePolicyDocument: already defined"
|
data/lib/miam/dsl/converter.rb
CHANGED
@@ -95,6 +95,8 @@ end
|
|
95
95
|
role #{role_name.inspect}, #{Miam::Utils.unbrace(role_options.inspect)} do
|
96
96
|
#{output_role_instance_profiles(attrs[:instance_profiles])}
|
97
97
|
|
98
|
+
#{output_role_max_session_duration(attrs[:max_session_duration])}
|
99
|
+
|
98
100
|
#{output_assume_role_policy_document(attrs[:assume_role_policy_document])}
|
99
101
|
|
100
102
|
#{output_policies(attrs[:policies])}
|
@@ -122,6 +124,12 @@ end
|
|
122
124
|
}.select {|i| i }.join("\n")
|
123
125
|
end
|
124
126
|
|
127
|
+
def output_role_max_session_duration(max_session_duration)
|
128
|
+
<<-EOS.strip
|
129
|
+
max_session_duration #{max_session_duration}
|
130
|
+
EOS
|
131
|
+
end
|
132
|
+
|
125
133
|
def output_assume_role_policy_document(assume_role_policy_document)
|
126
134
|
assume_role_policy_document = assume_role_policy_document.pretty_inspect
|
127
135
|
assume_role_policy_document.gsub!("\n", "\n ").strip!
|
data/lib/miam/exporter.rb
CHANGED
@@ -144,6 +144,8 @@ class Miam::Exporter
|
|
144
144
|
instance_profiles = role.instance_profile_list.map {|i| i.instance_profile_name }
|
145
145
|
policies = export_role_policies(role)
|
146
146
|
attached_managed_policies = role.attached_managed_policies.map(&:policy_arn)
|
147
|
+
role_data = @iam.get_role(role_name: role_name).role
|
148
|
+
max_session_duration = role_data.max_session_duration
|
147
149
|
|
148
150
|
@mutex.synchronize do
|
149
151
|
instance_profiles.each do |instance_profile_name|
|
@@ -159,6 +161,7 @@ class Miam::Exporter
|
|
159
161
|
:instance_profiles => instance_profiles,
|
160
162
|
:policies => policies,
|
161
163
|
:attached_managed_policies => attached_managed_policies,
|
164
|
+
:max_session_duration => max_session_duration,
|
162
165
|
}
|
163
166
|
|
164
167
|
progress
|
data/lib/miam/version.rb
CHANGED
data/spec/miam/update_spec.rb
CHANGED
@@ -122,6 +122,7 @@ describe 'update' do
|
|
122
122
|
"Principal"=>{"Service"=>"ec2.amazonaws.com"},
|
123
123
|
"Action"=>"sts:AssumeRole"}]},
|
124
124
|
:instance_profiles=>["my-instance-profile"],
|
125
|
+
:max_session_duration=>3600,
|
125
126
|
:attached_managed_policies=>[],
|
126
127
|
:policies=>
|
127
128
|
{"role-policy"=>
|
@@ -888,4 +889,89 @@ describe 'update' do
|
|
888
889
|
expect(export).to eq expected
|
889
890
|
end
|
890
891
|
end
|
892
|
+
|
893
|
+
context 'when update role max_session_duration' do
|
894
|
+
let(:update_instance_profiles_dsl) do
|
895
|
+
<<-RUBY
|
896
|
+
user "bob", :path=>"/developer/" do
|
897
|
+
login_profile :password_reset_required=>true
|
898
|
+
|
899
|
+
groups(
|
900
|
+
"Admin",
|
901
|
+
"SES"
|
902
|
+
)
|
903
|
+
|
904
|
+
policy "S3" do
|
905
|
+
{"Statement"=>
|
906
|
+
[{"Action"=>
|
907
|
+
["s3:Get*",
|
908
|
+
"s3:List*"],
|
909
|
+
"Effect"=>"Allow",
|
910
|
+
"Resource"=>"*"}]}
|
911
|
+
end
|
912
|
+
end
|
913
|
+
|
914
|
+
user "mary", :path=>"/staff/" do
|
915
|
+
policy "S3" do
|
916
|
+
{"Statement"=>
|
917
|
+
[{"Action"=>
|
918
|
+
["s3:Get*",
|
919
|
+
"s3:List*"],
|
920
|
+
"Effect"=>"Allow",
|
921
|
+
"Resource"=>"*"}]}
|
922
|
+
end
|
923
|
+
end
|
924
|
+
|
925
|
+
group "Admin", :path=>"/admin/" do
|
926
|
+
policy "Admin" do
|
927
|
+
{"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}
|
928
|
+
end
|
929
|
+
end
|
930
|
+
|
931
|
+
group "SES", :path=>"/ses/" do
|
932
|
+
policy "ses-policy" do
|
933
|
+
{"Statement"=>
|
934
|
+
[{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
|
935
|
+
end
|
936
|
+
end
|
937
|
+
|
938
|
+
role "my-role", :path=>"/any/" do
|
939
|
+
instance_profiles(
|
940
|
+
"my-instance-profile"
|
941
|
+
)
|
942
|
+
|
943
|
+
max_session_policy 43200
|
944
|
+
|
945
|
+
assume_role_policy_document do
|
946
|
+
{"Version"=>"2012-10-17",
|
947
|
+
"Statement"=>
|
948
|
+
[{"Sid"=>"",
|
949
|
+
"Effect"=>"Allow",
|
950
|
+
"Principal"=>{"Service"=>"ec2.amazonaws.com"},
|
951
|
+
"Action"=>"sts:AssumeRole"}]}
|
952
|
+
end
|
953
|
+
|
954
|
+
policy "role-policy" do
|
955
|
+
{"Statement"=>
|
956
|
+
[{"Action"=>
|
957
|
+
["s3:Get*",
|
958
|
+
"s3:List*"],
|
959
|
+
"Effect"=>"Allow",
|
960
|
+
"Resource"=>"*"}]}
|
961
|
+
end
|
962
|
+
end
|
963
|
+
|
964
|
+
instance_profile "my-instance-profile", :path=>"/profile/"
|
965
|
+
RUBY
|
966
|
+
end
|
967
|
+
|
968
|
+
subject { client }
|
969
|
+
|
970
|
+
it do
|
971
|
+
updated = apply(subject) { update_instance_profiles_dsl }
|
972
|
+
expect(updated).to be_truthy
|
973
|
+
expected[:roles]["my-role"][:max_session_duration] = 43200
|
974
|
+
expect(export).to eq expected
|
975
|
+
end
|
976
|
+
end
|
891
977
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: miam
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.4.
|
4
|
+
version: 0.2.4.beta16
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Genki Sugawara
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-04-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -251,7 +251,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
251
251
|
version: 1.3.1
|
252
252
|
requirements: []
|
253
253
|
rubyforge_project:
|
254
|
-
rubygems_version: 2.
|
254
|
+
rubygems_version: 2.7.3
|
255
255
|
signing_key:
|
256
256
|
specification_version: 4
|
257
257
|
summary: Miam is a tool to manage IAM.
|