RubyGems - mist_aws - Versions diffs - 0.1.0 - Mend

mist_aws 0.1.0

Files changed (17) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ecbfb2c243c78f6e0b31be95db7ba6f10abe271f
+  data.tar.gz: 8f10d71ae5f7c1ae0a29aec510bbeea1d8506c65
+SHA512:
+  metadata.gz: 7137a1ecf189cecbf4ee81b43a263ecf97db5798e4e096f3b319b9706357bca2e417f40eb6259ceac0ddc2d33696e3405a745757d7a6c5765263b01404ad20dc
+  data.tar.gz: 40ac0d83153c646e93cce36f9a23c223eccf373fa65f6c3f27011fdfc997de034a801589c1408abad43a260948bf5c87aa3ae01089b61cb22921b4eddcdcec78

data/.gitignore ADDED Viewed

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/.rspec ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --format documentation
2	+ --color

data/.travis.yml ADDED Viewed

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.1.2

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in mist_aws.gemspec
+gemspec

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Robert J. Berger
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,62 @@
+# MistAws
+Uses the [ruby aws-sdk v2](https://github.com/aws/aws-sdk-core-ruby) [Resource Interface](https://github.com/aws/aws-sdk-core-ruby#resource-interfaces) to create some use specific higher level functionality.
+> NOTE: Currently the only object implemented is IAM for creating / deleting instance roles
+## Installation
+### Install the Gem
+Add this line to your application's Gemfile:
+```ruby
+gem 'mist_aws'
+```
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install mist_aws
+### Generate Yard Docs
+    $ rake yard
+    $ open doc/index.html
+## Usage
+* Get the handle to the MistAws::Iam object
+    * Credentials will come from the `my_profile_name` profile in ~/.aws/credentials as per [Providing AWS Credentials in the AWS SDK for Ruby] (http://docs.aws.amazon.com/AWSSdkDocsRuby/latest/DeveloperGuide/prog-basics-creds.html#creds-explicit)
+```
+mist_aws = ::MistAws::Iam.new(profile_name: "my_profile_name", region: "us-east-1")
+```
+* Create an IAM Role
+    * role_policy_document is a JSON text file that is an [AWS IAM policy](http://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html)
+    * This method will create:
+        * [Role](http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Role.html)
+        * [Role Policy](http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/RolePolicy.html)
+        * [Instance profile](http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/InstanceProfile.html)
+        * Connect them all together
+    * Returns a [Role](http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Role.html) Resource instance
+```
+role = mist_aws.create_iam_role(role_name, role_policy_name, role_policy_document, instance_profile_name)
+```
+## Contributing
+I would be very interested in feedback on things that could be done
+better. Also would be interested in how to better do the rspec
+tests. I felt like there was WAY too much mocking. I did find it
+useful for finding bugs and broken assumptions though.
+1. Fork it ( https://github.com/[my-github-username]/mist_aws/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile ADDED Viewed

@@ -0,0 +1,15 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec
+require "yard"
+current_dir = File.dirname(__FILE__)
+YARD::Rake::YardocTask.new do |t|
+  t.files = ["#{current_dir}/**/*.rb"]
+  #t.options = ['--debug']
+end

data/lib/mist_aws.rb ADDED Viewed

@@ -0,0 +1,6 @@
+require "mist_aws/version"
+require "mist_aws/iam"
+module MistAws
+  # Your code goes here...
+end

data/lib/mist_aws/iam.rb ADDED Viewed

@@ -0,0 +1,186 @@
+require 'json'
+require 'inifile'
+require 'pp'
+require 'aws-sdk'
+require 'time'
+require 'tempfile'
+require 'pry'
+require 'logger'
+module MistAws
+  class Iam
+    # These are read-only accessor and are initializeds by initialize method
+    attr_reader   :profile_name
+    attr_reader   :credentials
+    attr_reader   :region
+    attr_reader   :logger
+    attr_reader   :handle
+    attr_reader   :iam_client
+    attr_reader   :iam
+    # Initializes all you need to access aws resources in a region
+    # You can create multiple instances to allow access to multiple regions in one program/recipe
+    #
+    # @param opts [Hash] the key/value pairs for the initializer
+    # @option opts [String] :profile_name ('default' or ENV['AWS_PROFILE']) profile name to use to get creds from ~/.aws/credentials.
+    # @option opts [String] :region (us-east-1 or ENV['AWS_REGION']) AWS Region to use
+    # @option opts [Logger] :logger (STDERR) A logger instance to use for logging
+    # @return [MistAws::Iam]
+    #
+    def initialize(opts={})
+      # Ruby 1.9 backwards compatability
+      opts = {profile_name: nil, region: nil, logger: ::Logger.new(STDERR)}.merge(opts)
+      opts.each do |key, value|
+        instance_variable_set "@#{key}", value
+      end
+      # Set by rspec tests that are testing methods called by initialize
+      return if ENV['RSPEC_IGNORE_INITIALIZE']
+      @region ||= ENV['AWS_REGION'] ? ENV['AWS_REGION'] : 'us-east-1'
+      # Note get_creds also resolves and sets @profile_name as well as
+      # fetching the appropriate credentials based on the value of
+      # profile_name and various Environment Variables
+      @credentials = get_creds(profile_name)
+      @iam_client = Aws::IAM::Client.new(credentials: @credentials, region: @region)
+      @iam = Aws::IAM::Resource.new(client: @iam_client)
+    end
+    # Returns the proper Aws credential object.
+    #
+    # @param profile_name [String] (nil) Name of profile
+    # @return [Aws::SharedCredentials | Aws::Credentials]
+    #
+    def get_creds(profile_name=nil)
+      unless profile_name
+        if ENV['AWS_PROFILE']
+          @profile_name = ENV['AWS_PROFILE']
+        else
+          if ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
+            return Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'])
+          else
+            @profile_name = 'default'
+          end
+        end
+      else
+        @profile_name = profile_name
+      end
+      begin
+        Aws::SharedCredentials.new(profile_name: @profile_name)
+      rescue StandardError => e
+        @logger.error e.inspect
+        raise e
+      end
+    end
+    # Check if a role exists
+    def role_exists?(role_name)
+      begin
+        iam_client.get_role role_name: role_name
+      rescue ::Aws::IAM::Errors::NoSuchEntity
+        return false
+      end
+      return true
+    end
+    # Check if an instance profile exists
+    def instance_profile_exists?(instance_profile_name)
+      instance_profile = iam.instance_profile(instance_profile_name)
+      case instance_profile.data_loaded?
+      when true
+        return instance_profile
+      else
+        return nil
+      end
+    end
+    # Check if there is a role_policy
+    def role_policy_exists?(role_name, policy_name)
+      begin
+        iam_client.get_role_policy(role_name: role_name, policy_name: policy_name)
+        exists = true
+      rescue Aws::IAM::Errors::NoSuchEntityException
+        logger.warn "No role_polcy: #{policy_name.inspect} for role: #{role_name.inspect}"
+        exists = false
+      end
+      exists
+    end
+    #
+    # Delete role, policy and instance_profile if they exist
+    #
+    def delete_iam_role(role_name, policy_name, instance_profile_name=nil)
+      unless role_exists? role_name
+        logger.warn "MistAws::Iam#delete_iam_role: No role: #{role_name.inspect}; Doing nothing"
+        return nil
+      end
+      role = iam.role role_name
+      # Removes the role from the instance_profiles
+      # Deletes the instance_profile
+      instance_profiles = role.instance_profiles
+      instance_profiles.each do | instance_profile |
+        instance_profile.remove_role role_name: role_name
+        instance_profile.delete
+      end
+      # Delete the role_policies associated with the role
+      role_policies = role.policies
+      role_policies.each do | role_policy |
+        role_policy.delete
+      end
+      # Delete the Role
+      role.delete
+      true
+    end
+    #
+    # Create an IAM role to be assigned to an ec2 instance
+    # Returns the Role object
+    #
+    # @param role_name [String] Name of the role to create
+    # @param policy_name [String]
+    def create_iam_role(role_name, policy_name, policy_document, instance_profile_name=nil)
+      result = role_exists? role_name
+      if result
+        logger.warn "MistAws::Iam#create_iam_role: Role: #{role_name.inspect} already exists; Doing nothing"
+        return nil
+      end
+      assume_role_policy = {
+        "Version" => "2012-10-17",
+        "Statement" => [
+          {"Effect" => "Allow",
+            "Principal" => {
+              "Service" => [
+                "ec2.amazonaws.com"
+              ]
+            },
+            "Action" => ["sts:AssumeRole"]
+          }
+        ]
+      }.to_json
+      # Create the role
+      role = iam.create_role(role_name: role_name, assume_role_policy_document: assume_role_policy)
+      # Create a policy object associated to the role and stuff the policy document into it
+      policy = Aws::IAM::RolePolicy.new(role_name: role_name, name: policy_name, client: iam_client)
+      policy.put(policy_document: policy_document)
+      # Create an instance_profile
+      instance_profile = iam.create_instance_profile(instance_profile_name: instance_profile_name)
+      instance_profile.add_role(role_name: role_name)
+      role
+    end
+  end
+end

data/lib/mist_aws/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module MistAws
+  VERSION = "0.1.0"
+end

data/mist_aws.gemspec ADDED Viewed

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'mist_aws/version'
+Gem::Specification.new do |spec|
+  spec.name          = "mist_aws"
+  spec.version       = MistAws::VERSION
+  spec.authors       = ["Robert J. Berger"]
+  spec.email         = ["rberger@mistsys.com"]
+  spec.summary       = %q{Wrapper around aws-sdk for higher level use}
+  spec.description   = %q{Wrapper around aws-sdk for higher level use. So far only supports IAM Role create/delete}
+  spec.homepage      = "https://github.com/mistsys/mist_aws"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.1.0"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "yard"
+  spec.add_dependency "aws-sdk", "~>2.0.1.pre"
+  spec.add_dependency "json"
+  spec.add_dependency "inifile"
+end

data/spec/mist_aws_live_spec.rb ADDED Viewed

@@ -0,0 +1,77 @@
+# These tests actually hit AWS and are not mocked
+require 'spec_helper'
+require 'json'
+include MistAws
+describe "Live tests on AWS (not mocked)" do
+  describe Iam do
+    PRE = "trsh"
+    let(:profile_name) { 'mistsys' }
+    let(:region) { 'us-east-1' }
+    let(:role_name) { "#{PRE}_my_role" }
+    let(:role_policy_name) { "#{PRE}_my_role_policy_name" }
+    let(:instance_profile_name) { "#{PRE}_my_instance_profile" }
+    let(:test_dir) { File.dirname(__FILE__) }
+    let(:role_policy_document_filename) { "#{test_dir}/policy_document.txt" }
+    let(:role_policy_document) { File.readlines(role_policy_document_filename).join("\n") }
+    let(:assume_role_policy)  {
+      {
+        "Version" => "2012-10-17",
+        "Statement" => [
+          {"Effect" => "Allow",
+            "Principal" => {
+              "Service" => [
+                "ec2.amazonaws.com"
+              ]
+            },
+            "Action" => ["sts:AssumeRole"]
+          }
+        ]
+      }.to_json
+    }
+    let(:test_credentials) { ::Aws::SharedCredentials.new(profile_name: profile_name) }
+    let(:test_iam_client) { ::Aws::IAM::Client.new(credentials: test_credentials, region: region) }
+    let(:test_iam) { ::Aws::IAM::Resource.new(client: test_iam_client) }
+    let(:mist_aws) { ::MistAws::Iam.new(profile_name: profile_name, region: region) }
+    describe '#create_iam_role' do
+      context 'when no role already exists' do
+        before(:each) do
+          allow(mist_aws.logger).to receive(:warn).with(/No role/)
+          mist_aws.delete_iam_role(role_name, role_policy_name, instance_profile_name)
+        end
+        after(:each) do
+          mist_aws.delete_iam_role(role_name, role_policy_name, instance_profile_name)
+        end
+        it 'creates a role' do
+          test_role = mist_aws.create_iam_role(role_name, role_policy_name, role_policy_document, instance_profile_name)
+          # test_role = test_iam.role role_name
+          expect(test_role.name).to eq role_name
+          expect(test_role.assume_role_policy_document).to include 'Statement'
+        end
+      end
+    end
+    context 'when a role already exists' do
+      before(:each) do
+        allow(mist_aws.logger).to receive(:warn).with(/already exists/)
+        mist_aws.create_iam_role(role_name, role_policy_name, role_policy_document, instance_profile_name)
+      end
+      after(:each) do
+        mist_aws.delete_iam_role(role_name, role_policy_name, instance_profile_name)
+      end
+      it 'returns falsy' do
+        expect(mist_aws.role_exists? role_name).to be_truthy
+        expect(mist_aws.create_iam_role(role_name, role_policy_name, role_policy_document, instance_profile_name)).to be_falsy
+      end
+    end
+  end
+end

data/spec/mist_aws_spec.rb ADDED Viewed

@@ -0,0 +1,231 @@
+# These should be purly mocked and not hit AWS
+require 'spec_helper'
+require 'json'
+include MistAws
+describe "Fully Mocked Tests" do
+  describe Iam do
+    it 'has a version number' do
+      expect(MistAws::VERSION).not_to be nil
+    end
+    let(:my_profile_name) { 'arg_specified_profile_name' }
+    let(:env_profile_name) { 'env_profile_name' }
+    let(:access_key_value) { 'access_key_value' }
+    let(:default_region) { 'us-east-1' }
+    let(:mist_aws) { ::MistAws::Iam.new }
+    let(:role_name) { "my_role" }
+    let(:role_policy_name) { "my_role_policy_name" }
+    let(:role_policy_document) { "my_role_policy_document" }
+    let(:instance_profile_name) { "my_instance_profile" }
+    let (:shared_credentials) { instance_double("::Aws::SharedCredentials") }
+    #let(:credentials) {object_double(::Aws::SharedCredentials.new(profile_name: 'default')) }
+    let(:iam_client) { object_double(::Aws::IAM::Client.new(credentials: shared_credentials, region: 'us-east-1')) }
+    let(:iam) { object_double(::Aws::IAM::Resource.new(client: iam_client)) }
+    let(:context) { object_double(::Seahorse::Client::RequestContext) }
+    let(:role_policy) { instance_double("Aws::IAM::RolePolicy", role_name: role_name, name: role_policy_name) }
+    let(:instance_profile) { instance_double("Aws::IAM::InstanceProfile",name: instance_profile_name) }
+    let(:assume_role_policy)  {
+      {
+        "Version" => "2012-10-17",
+        "Statement" => [
+          {"Effect" => "Allow",
+            "Principal" => {
+              "Service" => [
+                "ec2.amazonaws.com"
+              ]
+            },
+            "Action" => ["sts:AssumeRole"]
+          }
+        ]
+      }.to_json
+    }
+    let(:role) { object_double(::Aws::IAM::Role.new(name: role_name, client: iam_client)) }
+    before(:example, :run_global_before) do
+      ENV['AWS_PROFILE'] = ENV['AWS_REGION'] = ENV['AWS_ACCESS_KEY_ID'] = ENV['AWS_SECRET_ACCESS_KEY']= nil
+      allow_any_instance_of(::MistAws::Iam).to receive(:get_creds).and_return(shared_credentials)
+      allow(::Aws::IAM::Client).to receive(:new).with(credentials: shared_credentials, region: default_region).and_return(iam_client)
+      allow(::Aws::IAM::Resource).to receive(:new).with(client: iam_client).and_return(iam)
+    end
+    after(:example) do
+      ENV['RSPEC_IGNORE_INITIALIZE'] = nil
+    end
+    describe '#get_creds' do
+      before(:example) do
+        ENV['RSPEC_IGNORE_INITIALIZE'] = 'true'
+        ENV['AWS_PROFILE'] = ENV['AWS_REGION'] = ENV['AWS_ACCESS_KEY_ID'] = ENV['AWS_SECRET_ACCESS_KEY']= nil
+      end
+      context 'when all inputs are nil' do
+        it 'will fetch the default shared credential' do
+          expect(::Aws::SharedCredentials).to receive(:new).with(profile_name: 'default')
+          my_mist_aws = ::MistAws::Iam.new
+          my_mist_aws.get_creds
+        end
+      end
+      context 'profile is specified in arguments' do
+        it 'will fetch the profile specified by argument' do
+          expect(::Aws::SharedCredentials).to receive(:new).with(profile_name: my_profile_name)
+          mist_aws.get_creds(my_profile_name)
+        end
+        it 'will ignore ENV["AWS_PROFILE"]' do
+          ENV['AWS_PROFILE'] = 'invalid_profile_name'
+          expect(::Aws::SharedCredentials).to receive(:new).with(profile_name: my_profile_name)
+          mist_aws.get_creds(my_profile_name)
+        end
+        it 'will ignore ENV["AWS_ACCESS_KEY_ID"], ENV["AWS_SECRET_ACCESS_KEY"]' do
+          ENV['AWS_ACCESS_KEY_ID'] = ENV['AWS_SECRET_ACCESS_KEY'] = access_key_value
+          expect(::Aws::SharedCredentials).to receive(:new).with(profile_name: my_profile_name)
+          mist_aws.get_creds(my_profile_name)
+        end
+      end
+      context 'profile only specified in ENV["AWS_PROFILE"]' do
+        before(:example) do
+          ENV['AWS_PROFILE'] = env_profile_name
+          ENV['AWS_ACCESS_KEY_ID'] = ENV['AWS_SECRET_ACCESS_KEY'] = access_key_value
+        end
+        it 'will fetch the profile specified by ENV["AWS_PROFILE\`]' do
+          expect(::Aws::SharedCredentials).to receive(:new).with(profile_name: env_profile_name)
+          mist_aws.get_creds
+        end
+        context "only ENV['AWS_ACCESS_KEY_ID'] and ENV['AWS_SECRET_ACCESS_KEY'] are set" do
+          before(:example) do
+            ENV['AWS_PROFILE'] = nil
+          end
+          it 'will use Aws::Credentials and not Aws::SharedCredentials' do
+            expect(::Aws::SharedCredentials).not_to receive(:new)
+            expect(::Aws::Credentials).to receive(:new).with(access_key_value, access_key_value)
+            mist_aws.get_creds
+          end
+        end
+      end
+    end
+    describe '.initialize', :run_global_before do
+      context 'when all inputs are nil' do
+        before(:example) do
+          expect_any_instance_of(Iam).to receive(:get_creds).with(nil).and_return(shared_credentials)
+        end
+        it 'initializes an IAM Client' do
+          expect(Aws::IAM::Client).to receive(:new).with({credentials: shared_credentials, region: default_region})
+          Iam.new
+        end
+      end
+    end
+    describe '#role_exists?', :run_global_before do
+      it 'returns truthy when it exists' do
+        expect(iam_client).to receive(:get_role).with(role_name: role_name).and_return(role)
+        expect(mist_aws.role_exists?(role_name)).to be_truthy
+      end
+      it 'returns falsy when it does not exist' do
+        expect(iam_client).to receive(:get_role).with(role_name: role_name).and_raise(Aws::IAM::Errors::NoSuchEntity.new(context, 'foo'))
+        expect(mist_aws.role_exists?(role_name)).to be_falsy
+      end
+    end
+    describe '#instance_profile_exists?', :run_global_before do
+      it 'returns truthy when it exists' do
+        expect(iam).to receive(:instance_profile).with(instance_profile_name).and_return(instance_profile)
+        expect(instance_profile).to receive(:data_loaded?).and_return(true)
+        expect(mist_aws.instance_profile_exists?(instance_profile_name)).to be_truthy
+      end
+      it 'returns falsy when it does not exist' do
+        expect(iam).to receive(:instance_profile).with(instance_profile_name).and_return(instance_profile)
+        expect(instance_profile).to receive(:data_loaded?).and_return(false)
+        expect(mist_aws.instance_profile_exists?(instance_profile_name)).to be_falsy
+      end
+    end
+    describe '#role_policy_exists?', :run_global_before do
+      it 'returns truthy when it exists' do
+        expect(iam_client).to receive(:get_role_policy).with(role_name: role_name,  policy_name: role_policy_name).and_return(role_policy)
+        expect(mist_aws.role_policy_exists?(role_name, role_policy_name)).to be_truthy
+      end
+      it 'returns falsy when it does not exist' do
+        expect(mist_aws.logger).to receive(:warn).with(/No role/)
+        expect(iam_client).to receive(:get_role_policy).with(role_name: role_name, policy_name: role_policy_name).and_raise(Aws::IAM::Errors::NoSuchEntityException.new(context, 'foo'))
+        expect(mist_aws.role_policy_exists?(role_name, role_policy_name)).to be_falsy
+      end
+    end
+    describe '#create_iam_role', :run_global_before do
+      it 'creates an IAM role with a role policy and an instance_profile' do
+        expect_any_instance_of(::MistAws::Iam).to receive(:role_exists?).with(role_name).and_return(false)
+        expect(iam).to receive(:create_role).with(role_name: role_name, assume_role_policy_document: assume_role_policy).and_return(role)
+        expect(::Aws::IAM::RolePolicy).to receive(:new).with(role_name: role_name, name: role_policy_name, client: iam_client).and_return(role_policy)
+        expect(role_policy).to receive(:put).with(policy_document: role_policy_document)
+        expect(iam).to receive(:create_instance_profile).with(instance_profile_name: instance_profile_name).and_return(instance_profile)
+        expect(instance_profile).to receive(:add_role).with(role_name: role_name)
+        mist_aws.create_iam_role(role_name, role_policy_name, role_policy_document, instance_profile_name)
+      end
+    end
+    describe '#delete_iam_role', :run_global_before do
+      it 'Does nothing if there is no role' do
+        expect(mist_aws.logger).to receive(:warn).with(/No role/)
+        expect(iam_client).to receive(:get_role).with(role_name: role_name).and_raise(Aws::IAM::Errors::NoSuchEntity.new(context, 'foo'))
+        expect(mist_aws.delete_iam_role(role_name, role_policy_name, instance_profile_name)).to be_falsy
+      end
+      it 'Existing role, policy and instance_profile' do
+        expect(iam_client).to receive(:get_role).with(role_name: role_name).and_return(role)
+        expect(iam).to receive(:role).with(role_name).and_return(role)
+        # Get all the instance_profiles associated with the role
+        expect(role).to receive(:instance_profiles).and_return([instance_profile])
+        # Removes the role from the instance_profile
+        expect(instance_profile).to receive(:remove_role).with(role_name: role_name)
+        # Delete the instance_profile
+        expect(instance_profile).to receive(:delete)
+        # Get all role_policies associated with the role
+        expect(role).to receive(:policies).and_return([role_policy])
+        # Deletes the role_policy
+        expect(role_policy).to receive(:delete)
+        # Deletes the role
+        expect(role).to receive(:delete)
+        expect(mist_aws.delete_iam_role(role_name, role_policy_name, instance_profile_name)).to be_truthy
+      end
+    end
+  end
+end

data/spec/policy_document.txt ADDED Viewed

@@ -0,0 +1,71 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "appstream:Get*",
+        "autoscaling:Describe*",
+        "cloudformation:DescribeStacks",
+        "cloudformation:DescribeStackEvents",
+        "cloudformation:DescribeStackResource",
+        "cloudformation:DescribeStackResources",
+        "cloudformation:GetTemplate",
+        "cloudformation:List*",
+        "cloudfront:Get*",
+        "cloudfront:List*",
+        "cloudtrail:DescribeTrails",
+        "cloudtrail:GetTrailStatus",
+        "cloudwatch:Describe*",
+        "cloudwatch:Get*",
+        "cloudwatch:List*",
+        "directconnect:Describe*",
+        "dynamodb:GetItem",
+        "dynamodb:BatchGetItem",
+        "dynamodb:Query",
+        "dynamodb:Scan",
+        "dynamodb:DescribeTable",
+        "dynamodb:ListTables",
+        "ec2:Describe*",
+        "elasticache:Describe*",
+        "elasticbeanstalk:Check*",
+        "elasticbeanstalk:Describe*",
+        "elasticbeanstalk:List*",
+        "elasticbeanstalk:RequestEnvironmentInfo",
+        "elasticbeanstalk:RetrieveEnvironmentInfo",
+        "elasticloadbalancing:Describe*",
+        "elastictranscoder:Read*",
+        "elastictranscoder:List*",
+        "iam:List*",
+        "iam:Get*",
+        "kinesis:Describe*",
+        "kinesis:Get*",
+        "kinesis:List*",
+        "opsworks:Describe*",
+        "opsworks:Get*",
+        "route53:Get*",
+        "route53:List*",
+        "redshift:Describe*",
+        "redshift:ViewQueriesInConsole",
+        "rds:Describe*",
+        "rds:ListTagsForResource",
+        "s3:Get*",
+        "s3:List*",
+        "sdb:GetAttributes",
+        "sdb:List*",
+        "sdb:Select*",
+        "ses:Get*",
+        "ses:List*",
+        "sns:Get*",
+        "sns:List*",
+        "sqs:GetQueueAttributes",
+        "sqs:ListQueues",
+        "sqs:ReceiveMessage",
+        "storagegateway:List*",
+        "storagegateway:Describe*",
+        "trustedadvisor:Describe*"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,10 @@
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+require 'mist_aws'
+ENV['UNDER_RSPEC_TEST']="true"
+RSpec.configure do |config|
+  config.mock_with :rspec do |mocks|
+    mocks.verify_partial_doubles = true
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,177 @@
+--- !ruby/object:Gem::Specification
+name: mist_aws
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Robert J. Berger
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2014-10-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.1.pre
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.1.pre
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: inifile
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Wrapper around aws-sdk for higher level use. So far only supports IAM
+  Role create/delete
+email:
+- rberger@mistsys.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/mist_aws.rb
+- lib/mist_aws/iam.rb
+- lib/mist_aws/version.rb
+- mist_aws.gemspec
+- spec/mist_aws_live_spec.rb
+- spec/mist_aws_spec.rb
+- spec/policy_document.txt
+- spec/spec_helper.rb
+homepage: https://github.com/mistsys/mist_aws
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.2.2
+signing_key:
+specification_version: 4
+summary: Wrapper around aws-sdk for higher level use
+test_files:
+- spec/mist_aws_live_spec.rb
+- spec/mist_aws_spec.rb
+- spec/policy_document.txt
+- spec/spec_helper.rb
+has_rdoc: