miamtf 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 3d15ebda15963dc262d6102e00070c105f3e53ce941dd388ce423fc11545532c
+  data.tar.gz: 78a031aa1606b634c6c3f1157f25a2e2eb2da6536085c05f3d10cc3a0550fc89
+SHA512:
+  metadata.gz: 21656c8b81b784010d65e761c420b0549a8c0fdf0034558e5bcf7f74eb81251ae1c0d4b23c26bd191fbc792749c3eb285394e3700bf90d629f9b86bd1768c44a
+  data.tar.gz: c416c8e7aa5f301ebb6b95e673c6652bc97b6264eb1d5cecf0f65403d62c3e06adcf082a590a9ec2e5e49f5ee69498f9c742b8b2e0882a1e2a3d5877b0e80d7a

data/README.md

@@ -0,0 +1,43 @@
+# miamtf
+
+Miam syntax for Terraform
+
+## CAUTION
+
+This is a currently released as a PoC and is **NOT** tested enough.
+
+## Usage
+
+```console
+$ cat IAMfile
+role "AwesomeRole" do
+  policy "allow-something" do
+    {
+      Version: "2012-10-17",
+      Statement: [
+        # allow something
+      ]
+    }
+  end
+end
+$ miamtf > iam.tf.json
+```
+
+## Acknowledgement
+
+miamtf is highly inspired by [miam](https://github.com/codenize-tools/miam).
+
+## TODO
+
+- [ ] Tests
+- [ ] Documents
+- Resources
+  - [x] Role
+  - [x] Managed Policy
+  - [x] Instance Profile
+  - [ ] User
+  - [ ] Group
+
+## Contribution
+
+日本語で OK

data/bin/miamtf

@@ -0,0 +1,35 @@
+#!/usr/bin/env ruby
+$: << File.expand_path("#{File.dirname __FILE__}/../lib")
+require 'rubygems'
+require 'json'
+require 'optparse'
+require 'miamtf'
+
+opt = OptionParser.new
+
+Version = Miamtf::VERSION
+DEFAULT_FILENAME = 'IAMfile'
+files = [DEFAULT_FILENAME]
+output = nil
+
+ARGV.options do |opt|
+  opt.on('-f', '--file FILE') {|v| files = [v]}
+  opt.on('-w', '--write OUTPUT') do |v|
+    output = v
+    files = ARGV unless ARGV.empty?
+  end
+  opt.parse!
+end
+
+files.each do |file|
+  fullpath = File.expand_path(file)
+  rb_source = File.read(fullpath)
+  Dir.chdir(File.dirname(file)) do
+    json = JSON::pretty_generate(Miamtf::DSL::Context.eval(rb_source, fullpath).to_h)
+    if output.nil?
+      puts json
+    else
+      File.write(output, json)
+    end
+  end
+end

data/bin/miamtf-migrate

@@ -0,0 +1,44 @@
+#!/usr/bin/env ruby
+$: << File.expand_path("#{File.dirname __FILE__}/../lib")
+require 'rubygems'
+require 'json'
+require 'miamtf'
+
+Version = Miamtf::VERSION
+
+tf = JSON.parse(STDIN.read, symbolize_names: true)
+local = tf[:locals][:miamtf]
+
+# The feature to migrate is very adhoc and not well defined.
+roles = local[:roles]
+policies = local[:managed_policies]
+instance_profiles = local[:instance_profiles]
+
+moved_roles = roles.keys.map do |role_name|
+  <<~HCL
+  moved {
+    from = aws_iam_role.#{role_name}
+    to   = aws_iam_role.miamtf["#{role_name}"]
+  }
+  HCL
+end
+moved_policies = policies.keys.map do |policy_name|
+  <<~HCL
+  moved {
+    from = aws_iam_policy.#{policy_name}
+    to   = aws_iam_policy.miamtf["#{policy_name}"]
+  }
+  HCL
+end
+moved_instance_profiles = instance_profiles.keys.map do |instance_profile_name|
+  <<~HCL
+  moved {
+    from = aws_iam_instance_profile.#{instance_profile_name}
+    to   = aws_iam_instance_profile.miamtf["#{instance_profile_name}"]
+  }
+  HCL
+end
+
+content = (moved_roles + moved_policies + moved_instance_profiles).join("\n")
+
+STDOUT.puts content

data/lib/miamtf/aux.tf

@@ -0,0 +1,107 @@
+# This file is to be converted into JSON with hcl2json
+# hcl2json: https://github.com/tmccombs/hcl2json
+
+resource "aws_iam_role" "miamtf" {
+  for_each = local.miamtf.roles
+
+  # implicit
+  name = each.key
+
+  # required
+  assume_role_policy = jsonencode(each.value.assume_role_policy)
+
+  # optional
+  description           = each.value.description
+  force_detach_policies = each.value.force_detach_policies
+  max_session_duration  = each.value.max_session_duration
+  path                  = each.value.path
+  permissions_boundary  = each.value.permissions_boundary
+  tags                  = each.value.tags
+}
+
+resource "aws_iam_role_policy" "miamtf" {
+  for_each = {
+    for v in flatten([
+      for role_name, role in local.miamtf.roles : [
+        for policy_name, policy_document in role.inline_policies : {
+          role_name       = role_name
+          policy_name     = policy_name
+          policy_document = policy_document
+        }
+      ]
+    ]) : "${v.role_name}|${v.policy_name}" => v
+  }
+
+  # implicit
+  name = each.value.policy_name
+  role = each.value.role_name
+
+  # required
+  policy = jsonencode(each.value.policy_document)
+}
+
+resource "aws_iam_role_policies_exclusive" "miamtf" {
+  for_each = local.miamtf.roles
+
+  # implicit
+  role_name = each.key
+
+  # required
+  policy_names = keys(each.value.inline_policies)
+}
+
+resource "aws_iam_role_policy_attachment" "miamtf" {
+  for_each = {
+    for v in flatten([
+      for role_name, role in local.miamtf.roles : [
+        for policy_arn in role.managed_policy_arns : {
+          role_name  = role_name
+          policy_arn = policy_arn
+        }
+      ]
+    ]) : "${v.role_name}|${v.policy_arn}" => v
+  }
+
+  # implicit
+  role = each.value.role_name
+
+  # required
+  policy_arn = each.value.policy_arn
+}
+
+resource "aws_iam_role_policy_attachments_exclusive" "miamtf" {
+  for_each = local.miamtf.roles
+
+  # implicit
+  role_name = each.key
+
+  # required
+  policy_arns = each.value.managed_policy_arns
+}
+
+resource "aws_iam_policy" "miamtf" {
+  for_each = local.miamtf.managed_policies
+
+  # implicit
+  name = each.key
+
+  # required
+  policy = jsonencode(each.value.policy_document)
+
+  # optional
+  description = each.value.description
+  path        = each.value.path
+  tags        = each.value.tags
+}
+
+resource "aws_iam_instance_profile" "miamtf" {
+  for_each = local.miamtf.instance_profiles
+
+  # implicit
+  name = each.key
+  role = each.key
+
+  # optional
+  path = each.value.path
+  tags = each.value.tags
+}

data/lib/miamtf/aux.tf.json

@@ -0,0 +1,79 @@
+{
+    "resource": {
+        "aws_iam_instance_profile": {
+            "miamtf": [
+                {
+                    "for_each": "${local.miamtf.instance_profiles}",
+                    "name": "${each.key}",
+                    "path": "${each.value.path}",
+                    "role": "${each.key}",
+                    "tags": "${each.value.tags}"
+                }
+            ]
+        },
+        "aws_iam_policy": {
+            "miamtf": [
+                {
+                    "description": "${each.value.description}",
+                    "for_each": "${local.miamtf.managed_policies}",
+                    "name": "${each.key}",
+                    "path": "${each.value.path}",
+                    "policy": "${jsonencode(each.value.policy_document)}",
+                    "tags": "${each.value.tags}"
+                }
+            ]
+        },
+        "aws_iam_role": {
+            "miamtf": [
+                {
+                    "assume_role_policy": "${jsonencode(each.value.assume_role_policy)}",
+                    "description": "${each.value.description}",
+                    "for_each": "${local.miamtf.roles}",
+                    "force_detach_policies": "${each.value.force_detach_policies}",
+                    "max_session_duration": "${each.value.max_session_duration}",
+                    "name": "${each.key}",
+                    "path": "${each.value.path}",
+                    "permissions_boundary": "${each.value.permissions_boundary}",
+                    "tags": "${each.value.tags}"
+                }
+            ]
+        },
+        "aws_iam_role_policies_exclusive": {
+            "miamtf": [
+                {
+                    "for_each": "${local.miamtf.roles}",
+                    "policy_names": "${keys(each.value.inline_policies)}",
+                    "role_name": "${each.key}"
+                }
+            ]
+        },
+        "aws_iam_role_policy": {
+            "miamtf": [
+                {
+                    "for_each": "${{\n    for v in flatten([\n      for role_name, role in local.miamtf.roles : [\n        for policy_name, policy_document in role.inline_policies : {\n          role_name       = role_name\n          policy_name     = policy_name\n          policy_document = policy_document\n        }\n      ]\n    ]) : \"${v.role_name}|${v.policy_name}\" =\u003e v\n  }}",
+                    "name": "${each.value.policy_name}",
+                    "policy": "${jsonencode(each.value.policy_document)}",
+                    "role": "${each.value.role_name}"
+                }
+            ]
+        },
+        "aws_iam_role_policy_attachment": {
+            "miamtf": [
+                {
+                    "for_each": "${{\n    for v in flatten([\n      for role_name, role in local.miamtf.roles : [\n        for policy_arn in role.managed_policy_arns : {\n          role_name  = role_name\n          policy_arn = policy_arn\n        }\n      ]\n    ]) : \"${v.role_name}|${v.policy_arn}\" =\u003e v\n  }}",
+                    "policy_arn": "${each.value.policy_arn}",
+                    "role": "${each.value.role_name}"
+                }
+            ]
+        },
+        "aws_iam_role_policy_attachments_exclusive": {
+            "miamtf": [
+                {
+                    "for_each": "${local.miamtf.roles}",
+                    "policy_arns": "${each.value.managed_policy_arns}",
+                    "role_name": "${each.key}"
+                }
+            ]
+        }
+    }
+}

data/lib/miamtf/dsl/context/managed_policy.rb

@@ -0,0 +1,11 @@
+class Miamtf::DSL::Context::ManagedPolicy
+  def initialize(&block)
+    @policy = instance_eval(&block)
+  end
+
+  def to_h
+    {
+      policy_document: @policy,
+    }
+  end
+end

data/lib/miamtf/dsl/context/role.rb

@@ -0,0 +1,43 @@
+class Miamtf::DSL::Context::Role
+  def initialize(&block)
+    @assume_role_policy_document = nil
+    @max_session_duration = nil
+    @attached_managed_policies = []
+    @policies = {}
+    @tags = {}
+    instance_eval(&block)
+  end
+
+  def to_h
+    {
+      assume_role_policy: @assume_role_policy_document,
+      inline_policies: @policies,
+      managed_policy_arns: @attached_managed_policies,
+      max_session_duration: @max_session_duration,
+      tags: @tags,
+    }
+  end
+
+  private
+  def assume_role_policy_document
+    @assume_role_policy_document = yield
+  end
+
+  def max_session_duration(duration)
+    @max_session_duration = duration
+  end
+
+  def attached_managed_policies(*policies)
+    @attached_managed_policies.concat(policies.map(&:to_s))
+  end
+
+  def policy(name)
+    name = name.to_s
+
+    @policies[name] = yield
+  end
+
+  def tags(tags)
+    @tags = tags
+  end
+end

data/lib/miamtf/dsl/context.rb

@@ -0,0 +1,75 @@
+class Miamtf::DSL::Context
+  def self.eval(source, path)
+    self.new(path) do
+      eval(source, binding, path)
+    end
+  end
+
+  def initialize(path, &block)
+    @path = path
+    @roles = {}
+    @policies = {}
+    @instance_profiles = {}
+
+    instance_eval(&block)
+  end
+
+  def to_h
+    aux_tf = JSON.load_file(
+      File.join(File.dirname(__FILE__), '../aux.tf.json')
+    )
+
+    model = Miamtf::Model::Root.new(
+      roles: @roles,
+      managed_policies: @policies,
+      instance_profiles: @instance_profiles,
+    )
+    locals = {
+      miamtf: model.to_h
+    }
+
+    aux_tf.merge(locals: locals)
+  end
+
+  private
+
+  def require(file)
+    original_path = File.expand_path(file, File.dirname(@path))
+    candidates = [
+      original_path,
+      original_path + ".rb",
+    ]
+    path = candidates.find {|path| File.exist?(path) }
+    if path
+      instance_eval(File.read(path), path)
+    else
+      Kernel.require(file)
+    end
+  end
+
+  def role(name, **role_options, &block)
+    name = name.to_s
+
+    role = Role.new(&block)
+    @roles[name] = Miamtf::Model::Role::new(
+      role_options.merge(role.to_h)
+    )
+  end
+
+  def instance_profile(name, **instance_profile_options)
+    name = name.to_s
+
+    @instance_profiles[name] = Miamtf::Model::InstanceProfile.new(
+      instance_profile_options
+    )
+  end
+
+  def managed_policy(name, **policy_options, &block)
+    name = name.to_s
+
+    managed_policy = ManagedPolicy.new(&block)
+    @policies[name] = Miamtf::Model::ManagedPolicy.new(
+      policy_options.merge(managed_policy.to_h)
+    )
+  end
+end

data/lib/miamtf/dsl.rb

@@ -0,0 +1 @@
+module Miamtf::DSL; end

data/lib/miamtf/model.rb

@@ -0,0 +1,50 @@
+module Miamtf::Model
+  Root = Struct.new(
+    :roles, # map<string(role name), role: Role>
+    :managed_policies, # map<string(policy name), ManagedPolicy>
+    :instance_profiles, # map<string(profile name), InstanceProfile>
+
+    keyword_init: true
+  ) do
+    def to_h
+      {
+        roles: roles.transform_values(&:to_h),
+        managed_policies: managed_policies.transform_values(&:to_h),
+        instance_profiles: instance_profiles.transform_values(&:to_h),
+      }
+    end
+  end
+  Role = Struct.new(
+    # required
+    :assume_role_policy, # object(policy document to be converted to JSON)
+    # optional
+    :description, # string
+    :force_detach_policies, # boolean
+    :max_session_duration, # integer
+    :path, # string
+    :permissions_boundary, # string(ARN)
+    :tags, # map<string(name), string(value)>
+    # virtual
+    :inline_policies, # map<string(policy name), object(policy document to be converted to JSON)>
+    :managed_policy_arns, # list<string(ARN)>
+
+    keyword_init: true
+  )
+  ManagedPolicy = Struct.new(
+    # required
+    :policy_document, # object(policy document to be converted to JSON)
+    # optional
+    :description, # string
+    :path, # string
+    :tags, # map<string(name), string(value)>
+
+    keyword_init: true
+  )
+  InstanceProfile = Struct.new(
+    # optional
+    :path, # string
+    :tags, # map<string(name), string(value)>
+
+    keyword_init: true
+  )
+end

data/lib/miamtf/version.rb

@@ -0,0 +1,3 @@
+module Miamtf
+  VERSION = "0.2.0"
+end

data/lib/miamtf.rb

@@ -0,0 +1,7 @@
+module Miamtf; end
+require "miamtf/version"
+require "miamtf/model"
+require "miamtf/dsl"
+require "miamtf/dsl/context"
+require "miamtf/dsl/context/role"
+require "miamtf/dsl/context/managed_policy"

data/miamtf.gemspec

@@ -0,0 +1,18 @@
+require_relative "lib/miamtf/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = 'miamtf'
+  spec.version       = Miamtf::VERSION
+  spec.authors       = ['Hidekazu Kobayashi']
+  spec.email         = ['kobahide789@gmail.com']
+  spec.summary       = 'Miam syntax for Terraform'
+  spec.homepage      = 'https://github.com/KOBA789/miamtf'
+  spec.license       = 'MIT'
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{\A(?:test|spec|features)/}) }
+  end
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+end

metadata

@@ -0,0 +1,58 @@
+--- !ruby/object:Gem::Specification
+name: miamtf
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Hidekazu Kobayashi
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2025-04-11 00:00:00.000000000 Z
+dependencies: []
+description: 
+email:
+- kobahide789@gmail.com
+executables:
+- miamtf
+- miamtf-migrate
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- bin/miamtf
+- bin/miamtf-migrate
+- lib/miamtf.rb
+- lib/miamtf/aux.tf
+- lib/miamtf/aux.tf.json
+- lib/miamtf/dsl.rb
+- lib/miamtf/dsl/context.rb
+- lib/miamtf/dsl/context/managed_policy.rb
+- lib/miamtf/dsl/context/role.rb
+- lib/miamtf/model.rb
+- lib/miamtf/version.rb
+- miamtf.gemspec
+homepage: https://github.com/KOBA789/miamtf
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.6
+signing_key: 
+specification_version: 4
+summary: Miam syntax for Terraform
+test_files: []