opsicle 2.12.5 → 2.13.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0d4b66a5b078018b67348b894fe8274491719348c5d24d3672ddaebdbd667d2e
4
- data.tar.gz: c6928a8a60d29c02924287bba794a3c0f75767916610020d905119d8abb4b65e
3
+ metadata.gz: a36db447ea80f6febf407297e2c5f0ff1a5b1cbfce7505267b37613f9bf88e26
4
+ data.tar.gz: a4f5d806d60c28c0dd68d0ee833e0cc410d9b5fe1b6c9b118d4a4f73ab1b5f65
5
5
  SHA512:
6
- metadata.gz: 71647e38b87fa0077864cc3f255e2edf1ee9c9be3a0a59f59d66bd2d1c7e3169d76a7a0f2c43a17836b8de6278ef554144fd8067c10d446d30e84835ac15a493
7
- data.tar.gz: 5229246562d67aa4405589eb00fedecb72e0f94c3bf8274bc8bbd45e9e1e7190a812aa7c1765f2aebff6c81c53e20a740abdd077cfc27faf75cb0b700d572c9e
6
+ metadata.gz: 2d4f6da95579f2b12eef319b58cb36f9af1cea7e31e9b071f9831e5b8f6e1b6625bfd5e9255780e759c38a645b5c15be646f78900311c9b1cc587a2d9c45085b
7
+ data.tar.gz: cda0b830e5f20b58be8b987e24bd9aad11f7f5deb6317a9a93b74ea944fad3f78be1789c8ec435445f3ae18fe29d8517360932445ade9a384fef00a7406baa0e
data/bin/opsicle CHANGED
@@ -291,4 +291,16 @@ command 'user-profile-info' do |c|
291
291
  end
292
292
  end
293
293
 
294
+ desc 'Add ssh and sudo permissions for current user or specified users'
295
+ arg_name '<environment>'
296
+ command 'permit' do |c|
297
+ c.flag [:u, :user], :desc => 'User name or ssh username to update.', :type => String, :multiple => true
298
+ c.switch [:a, :all_stacks], :desc => "Set permissions on all stacks.", :default_value => false
299
+
300
+ c.action do |global_options, options, args|
301
+ raise ArgumentError, "Environment is required" unless (environment = args.first)
302
+ Opsicle::Permit.new(environment).execute(options)
303
+ end
304
+ end
305
+
294
306
  exit run(ARGV)
@@ -12,6 +12,7 @@ require "opsicle/commands/legacy_credential_converter"
12
12
  require "opsicle/commands/list"
13
13
  require "opsicle/commands/list_instances"
14
14
  require "opsicle/commands/move_eip"
15
+ require "opsicle/commands/permit"
15
16
  require "opsicle/commands/ssh"
16
17
  require "opsicle/commands/ssh_clean_keys"
17
18
  require "opsicle/commands/ssh_key"
@@ -0,0 +1,46 @@
1
+ module Opsicle
2
+ class Permit
3
+ def initialize(environment)
4
+ @client = Client.new(environment)
5
+ end
6
+
7
+ def execute(options={})
8
+ stack_ids = options[:all_stacks] ? all_stack_ids : [current_stack_id]
9
+ stack_ids.each do |stack_id|
10
+ iam_user_arns(options[:user]).each do |arn|
11
+ set_permission(arn, stack_id)
12
+ end
13
+ end
14
+ end
15
+
16
+ def all_stack_ids
17
+ @client.api_call(:describe_stacks)[:stacks].map{ |stack| stack[:stack_id] }
18
+ end
19
+
20
+ def current_stack_id
21
+ @client.config.opsworks_config[:stack_id]
22
+ end
23
+
24
+ def iam_user_arns(user_names)
25
+ if user_names && !user_names.empty?
26
+ user_names.map do |user_name|
27
+ profile = profiles.detect{ |profile| profile[:name] == user_name || profile[:ssh_username] == user_name}
28
+ raise ArgumentError, "User #{user_name} not found" unless profile
29
+ profile[:iam_user_arn]
30
+ end
31
+ else
32
+ [UserProfile.new(@client).arn]
33
+ end
34
+ end
35
+
36
+ def set_permission(arn, stack_id)
37
+ @client.api_call(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: arn , stack_id: stack_id } )
38
+ end
39
+ private :set_permission
40
+
41
+ def profiles
42
+ @profiles ||= @client.api_call(:describe_user_profiles)[:user_profiles]
43
+ end
44
+ private :profiles
45
+ end
46
+ end
@@ -1,3 +1,3 @@
1
1
  module Opsicle
2
- VERSION = "2.12.5"
2
+ VERSION = "2.13.0"
3
3
  end
@@ -0,0 +1,77 @@
1
+ require "spec_helper"
2
+ require "opsicle"
3
+
4
+
5
+ module Opsicle
6
+ describe Permit do
7
+ let(:client) { double(config: double(opsworks_config: { stack_id: '1234' })) }
8
+ subject { Permit.new('derp')}
9
+ let(:describe_user_profiles) {
10
+ { user_profiles: [
11
+ {name: "herp.derp", ssh_username: "herpderp", iam_user_arn: '8675309'},
12
+ {name: "doop.derp", ssh_username: "doopderp", iam_user_arn: '8675342'},
13
+ {name: "billy.mays", ssh_username: "billymays", iam_user_arn: '8675338'},
14
+ {name: "brent.favor", ssh_username: "brentfavor", iam_user_arn: '4'}
15
+ ]
16
+ }
17
+ }
18
+
19
+ before do
20
+ allow_any_instance_of(UserProfile).to receive(:arn).and_return('8675309')
21
+ allow(client).to receive(:api_call).with(:describe_stacks).and_return({ stacks: [{ stack_id: '1234' }, { stack_id: '5678' }] })
22
+ allow(client).to receive(:api_call).with(:describe_user_profiles).and_return(describe_user_profiles)
23
+ allow(Client).to receive(:new).with("derp").and_return(client)
24
+ end
25
+
26
+ context '#execute' do
27
+ it 'calls set_permission for current_user on current stack by default' do
28
+ expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '1234' })
29
+ subject.execute({})
30
+ end
31
+
32
+ it 'calls set_permission for current user for all stacks with all_stacks option' do
33
+ expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '1234' })
34
+ expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '5678' })
35
+ subject.execute({all_stacks: true})
36
+ end
37
+
38
+ it 'calls set_permission for selected users for current stack' do
39
+ expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675342' , stack_id: '1234' })
40
+ expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '4' , stack_id: '1234' })
41
+ subject.execute(user: ['doop.derp', 'brentfavor'])
42
+ end
43
+
44
+ it 'calls set_permission for selected users for all stacks' do
45
+ expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '1234' })
46
+ expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675338' , stack_id: '1234' })
47
+ expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '5678' })
48
+ expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675338' , stack_id: '5678' })
49
+ subject.execute(user: ['herp.derp', 'billy.mays'], all_stacks: true)
50
+ end
51
+ end
52
+
53
+ context '#iam_user_arns' do
54
+ it 'finds a user arn by name' do
55
+ expect(subject.iam_user_arns(['billy.mays', 'doop.derp'])).to eq(['8675338', '8675342'])
56
+ end
57
+
58
+ it 'finds a user arn by ssh_username' do
59
+ expect(subject.iam_user_arns(['brentfavor', 'herp.derp'])).to eq(['4', '8675309'])
60
+ end
61
+
62
+ it 'finds by a mix of name and ssh_username' do
63
+ expect(subject.iam_user_arns(['brentfavor', 'doop.derp'])).to eq(['4', '8675342'])
64
+ end
65
+
66
+ it 'should thow exception if user is not found' do
67
+ expect{subject.iam_user_arns(['bobby.jones'])}.to raise_error(ArgumentError, /bobby.jones/)
68
+ end
69
+ end
70
+
71
+ context '#all_stack_ids' do
72
+ it 'maps stack ids from describe_stacks' do
73
+ expect(subject.all_stack_ids).to eq(['1234','5678'])
74
+ end
75
+ end
76
+ end
77
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: opsicle
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.12.5
4
+ version: 2.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andy Fleener
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2019-01-18 00:00:00.000000000 Z
12
+ date: 2019-03-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk
@@ -204,6 +204,7 @@ files:
204
204
  - lib/opsicle/commands/list.rb
205
205
  - lib/opsicle/commands/list_instances.rb
206
206
  - lib/opsicle/commands/move_eip.rb
207
+ - lib/opsicle/commands/permit.rb
207
208
  - lib/opsicle/commands/ssh.rb
208
209
  - lib/opsicle/commands/ssh_clean_keys.rb
209
210
  - lib/opsicle/commands/ssh_key.rb
@@ -253,6 +254,7 @@ files:
253
254
  - spec/opsicle/commands/list_instances_spec.rb
254
255
  - spec/opsicle/commands/list_spec.rb
255
256
  - spec/opsicle/commands/move_eip_spec.rb
257
+ - spec/opsicle/commands/permit_spec.rb
256
258
  - spec/opsicle/commands/ssh_key_spec.rb
257
259
  - spec/opsicle/commands/ssh_spec.rb
258
260
  - spec/opsicle/commands/stop_instance_spec.rb
@@ -297,7 +299,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
297
299
  version: '0'
298
300
  requirements: []
299
301
  rubyforge_project:
300
- rubygems_version: 2.7.8
302
+ rubygems_version: 2.7.9
301
303
  signing_key:
302
304
  specification_version: 4
303
305
  summary: An opsworks specific abstraction on top of the aws sdk
@@ -331,6 +333,7 @@ test_files:
331
333
  - spec/opsicle/commands/list_instances_spec.rb
332
334
  - spec/opsicle/commands/execute_recipes_spec.rb
333
335
  - spec/opsicle/commands/ssh_spec.rb
336
+ - spec/opsicle/commands/permit_spec.rb
334
337
  - spec/opsicle/commands/user_profile_info_spec.rb
335
338
  - spec/opsicle/instances_spec.rb
336
339
  - spec/opsicle/errors_spec.rb