RubyGems - miam - Versions diffs - 0.2.4.beta15 → 0.2.4.beta16 - Mend

miam 0.2.4.beta15 → 0.2.4.beta16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 328cabe832ba632a99fbc5bad953498ab6d85e83
-  data.tar.gz: 461015798e3b83bea5e1ab90d7ccc01fa5bc3fbf
+SHA256:
+  metadata.gz: 3064e06a5f31e8841828996c7669ba0ec6a9243b0480581d6f406722d64d002d
+  data.tar.gz: 03e24693e97410030cd8541a391972de9567d82d8cfa45a3f6d2f915c5c5cb7c
 SHA512:
-  metadata.gz: cbdca6578b266fb2525f261d87658c6fec29658c073001f1eeccd1367dd4c096961eb7f69c0456495e79f5377683a4c399599c88c617796d12f0ab5f33f11542
-  data.tar.gz: 552e9e6bb2f29361ac789bfe5a8d34fb369191fdcf5d90d6eb9aa3cc6eef719490da7a1425a5a5db996e5278a5c96b27853a71ef0d1c95c5c42eda418ba6956c
+  metadata.gz: 35398120cf54254e14b890bddefc62236e6051d78b82abbabddbe62c6286ba492de26250c94bd6e1197894ae1447dd70cf226880796144c82e064da724f912a9
+  data.tar.gz: 5c4399f1ab0ab49e85c7cb65e93f44d9895a616e5eb93e7e041f371b31f1ff06e4075929f262a14a70ac280d78d1e69fed2effb5a911f7c2d6650f90a657a1a3

data/lib/miam/client.rb CHANGED

@@ -255,12 +255,24 @@ class Miam::Client
       log(:warn, "Role `#{role_name}`: 'path' cannot be updated", :color => :yellow)
     end
-    updated = walk_assume_role_policy(role_name, expected_attrs[:assume_role_policy_document], actual_attrs[:assume_role_policy_document])
+    updated = walk_role_settings(role_name, {max_session_duration: expected_attrs[:max_session_duration]}, {max_session_duration: actual_attrs[:max_session_duration]})
+    updated = walk_assume_role_policy(role_name, expected_attrs[:assume_role_policy_document], actual_attrs[:assume_role_policy_document]) || updated
     updated = walk_role_instance_profiles(role_name, expected_attrs[:instance_profiles], actual_attrs[:instance_profiles]) || updated
     updated = walk_attached_managed_policies(:role, role_name, expected_attrs[:attached_managed_policies], actual_attrs[:attached_managed_policies]) || updated
     walk_policies(:role, role_name, expected_attrs[:policies], actual_attrs[:policies]) || updated
   end
+  def walk_role_settings(role_name, expected_settings, actual_settings)
+    updated = false
+    if expected_settings != actual_settings
+      @driver.update_role_settings(role_name, expected_settings, actual_settings)
+      updated = true
+    end
+    updated
+  end
   def walk_assume_role_policy(role_name, expected_assume_role_policy, actual_assume_role_policy)
     updated = false
     expected_assume_role_policy.sort_array!

data/lib/miam/driver.rb CHANGED

@@ -178,6 +178,7 @@ class Miam::Driver
       params = {
         :role_name => role_name,
         :assume_role_policy_document => encode_document(assume_role_policy_document),
+        :max_session_duration => attrs.fetch(:max_session_duration)
       }
       params[:path] = attrs[:path] if attrs[:path]
@@ -189,6 +190,7 @@ class Miam::Driver
       :assume_role_policy_document => assume_role_policy_document,
       :policies => {},
       :attached_managed_policies => [],
+      :max_session_duration => attrs.fetch(:max_session_duration),
     }
     new_role_attrs[:path] = attrs[:path] if attrs[:path]
@@ -237,6 +239,14 @@ class Miam::Driver
     end
   end
+  def update_role_settings(role_name, new_settings, old_settings)
+    log(:info, "Update Role `#{role_name}` > Settings", :color => :green)
+    log(:info, Miam::Utils.diff(old_settings, new_settings, :color => @options[:color]), :color => false)
+    unless_dry_run do
+      @iam.update_role(new_settings.merge(role_name: role_name))
+    end
+  end
   def update_assume_role_policy(role_name, policy_document, old_policy_document)
     log(:info, "Update Role `#{role_name}` > AssumeRolePolicy", :color => :green)
     log(:info, Miam::Utils.diff(old_policy_document, policy_document, :color => @options[:color]), :color => false)

data/lib/miam/dsl/context/role.rb CHANGED

@@ -4,7 +4,7 @@ class Miam::DSL::Context::Role
   def initialize(context, name, &block)
     @role_name = name
     @context = context.merge(:role_name => name)
-    @result = {:instance_profiles => [], :policies => {}, :attached_managed_policies => []}
+    @result = {:instance_profiles => [], :max_session_duration => 3600, :policies => {}, :attached_managed_policies => []}
     instance_eval(&block)
   end
@@ -22,6 +22,10 @@ class Miam::DSL::Context::Role
     @result[:instance_profiles].concat(profiles.map(&:to_s))
   end
+  def max_session_duration(duration)
+    @result[:max_session_duration] = duration
+  end
   def assume_role_policy_document
     if @result[:assume_role_policy_document]
       raise "Role `#{@role_name}` > AssumeRolePolicyDocument: already defined"

data/lib/miam/dsl/converter.rb CHANGED

@@ -95,6 +95,8 @@ end
 role #{role_name.inspect}, #{Miam::Utils.unbrace(role_options.inspect)} do
   #{output_role_instance_profiles(attrs[:instance_profiles])}
+  #{output_role_max_session_duration(attrs[:max_session_duration])}
   #{output_assume_role_policy_document(attrs[:assume_role_policy_document])}
   #{output_policies(attrs[:policies])}
@@ -122,6 +124,12 @@ end
     }.select {|i| i }.join("\n")
   end
+  def output_role_max_session_duration(max_session_duration)
+    <<-EOS.strip
+      max_session_duration #{max_session_duration}
+    EOS
+  end
   def output_assume_role_policy_document(assume_role_policy_document)
     assume_role_policy_document = assume_role_policy_document.pretty_inspect
     assume_role_policy_document.gsub!("\n", "\n    ").strip!

data/lib/miam/exporter.rb CHANGED

@@ -144,6 +144,8 @@ class Miam::Exporter
       instance_profiles = role.instance_profile_list.map {|i| i.instance_profile_name }
       policies = export_role_policies(role)
       attached_managed_policies = role.attached_managed_policies.map(&:policy_arn)
+      role_data = @iam.get_role(role_name: role_name).role
+      max_session_duration = role_data.max_session_duration
       @mutex.synchronize do
         instance_profiles.each do |instance_profile_name|
@@ -159,6 +161,7 @@ class Miam::Exporter
           :instance_profiles => instance_profiles,
           :policies => policies,
           :attached_managed_policies => attached_managed_policies,
+          :max_session_duration => max_session_duration,
         }
         progress

data/lib/miam/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Miam
-  VERSION = '0.2.4.beta15'
+  VERSION = '0.2.4.beta16'
 end

data/spec/miam/update_spec.rb CHANGED

@@ -122,6 +122,7 @@ describe 'update' do
               "Principal"=>{"Service"=>"ec2.amazonaws.com"},
               "Action"=>"sts:AssumeRole"}]},
          :instance_profiles=>["my-instance-profile"],
+         :max_session_duration=>3600,
          :attached_managed_policies=>[],
          :policies=>
           {"role-policy"=>
@@ -888,4 +889,89 @@ describe 'update' do
       expect(export).to eq expected
     end
   end
+  context 'when update role max_session_duration' do
+    let(:update_instance_profiles_dsl) do
+      <<-RUBY
+        user "bob", :path=>"/developer/" do
+          login_profile :password_reset_required=>true
+          groups(
+            "Admin",
+            "SES"
+          )
+          policy "S3" do
+            {"Statement"=>
+              [{"Action"=>
+                 ["s3:Get*",
+                  "s3:List*"],
+                "Effect"=>"Allow",
+                "Resource"=>"*"}]}
+          end
+        end
+        user "mary", :path=>"/staff/" do
+          policy "S3" do
+            {"Statement"=>
+              [{"Action"=>
+                 ["s3:Get*",
+                  "s3:List*"],
+                "Effect"=>"Allow",
+                "Resource"=>"*"}]}
+          end
+        end
+        group "Admin", :path=>"/admin/" do
+          policy "Admin" do
+            {"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}
+          end
+        end
+        group "SES", :path=>"/ses/" do
+          policy "ses-policy" do
+            {"Statement"=>
+              [{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
+          end
+        end
+        role "my-role", :path=>"/any/" do
+          instance_profiles(
+            "my-instance-profile"
+          )
+          max_session_policy 43200
+          assume_role_policy_document do
+            {"Version"=>"2012-10-17",
+             "Statement"=>
+              [{"Sid"=>"",
+                "Effect"=>"Allow",
+                "Principal"=>{"Service"=>"ec2.amazonaws.com"},
+                "Action"=>"sts:AssumeRole"}]}
+          end
+          policy "role-policy" do
+            {"Statement"=>
+              [{"Action"=>
+                 ["s3:Get*",
+                  "s3:List*"],
+                "Effect"=>"Allow",
+                "Resource"=>"*"}]}
+          end
+        end
+        instance_profile "my-instance-profile", :path=>"/profile/"
+      RUBY
+    end
+    subject { client }
+    it do
+      updated = apply(subject) { update_instance_profiles_dsl }
+      expect(updated).to be_truthy
+      expected[:roles]["my-role"][:max_session_duration] = 43200
+      expect(export).to eq expected
+    end
+  end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: miam
 version: !ruby/object:Gem::Version
-  version: 0.2.4.beta15
+  version: 0.2.4.beta16
 platform: ruby
 authors:
 - Genki Sugawara
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-01-22 00:00:00.000000000 Z
+date: 2018-04-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -251,7 +251,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 2.7.3
 signing_key:
 specification_version: 4
 summary: Miam is a tool to manage IAM.