opsicle 2.12.5 → 2.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d4b66a5b078018b67348b894fe8274491719348c5d24d3672ddaebdbd667d2e
-  data.tar.gz: c6928a8a60d29c02924287bba794a3c0f75767916610020d905119d8abb4b65e
+  metadata.gz: a36db447ea80f6febf407297e2c5f0ff1a5b1cbfce7505267b37613f9bf88e26
+  data.tar.gz: a4f5d806d60c28c0dd68d0ee833e0cc410d9b5fe1b6c9b118d4a4f73ab1b5f65
 SHA512:
-  metadata.gz: 71647e38b87fa0077864cc3f255e2edf1ee9c9be3a0a59f59d66bd2d1c7e3169d76a7a0f2c43a17836b8de6278ef554144fd8067c10d446d30e84835ac15a493
-  data.tar.gz: 5229246562d67aa4405589eb00fedecb72e0f94c3bf8274bc8bbd45e9e1e7190a812aa7c1765f2aebff6c81c53e20a740abdd077cfc27faf75cb0b700d572c9e
+  metadata.gz: 2d4f6da95579f2b12eef319b58cb36f9af1cea7e31e9b071f9831e5b8f6e1b6625bfd5e9255780e759c38a645b5c15be646f78900311c9b1cc587a2d9c45085b
+  data.tar.gz: cda0b830e5f20b58be8b987e24bd9aad11f7f5deb6317a9a93b74ea944fad3f78be1789c8ec435445f3ae18fe29d8517360932445ade9a384fef00a7406baa0e

data/bin/opsicle

@@ -291,4 +291,16 @@ command 'user-profile-info' do |c|
   end
 end
 
+desc 'Add ssh and sudo permissions for current user or specified users'
+arg_name '<environment>'
+command 'permit' do |c|
+  c.flag [:u, :user], :desc => 'User name or ssh username to update.', :type => String, :multiple => true
+  c.switch [:a, :all_stacks], :desc => "Set permissions on all stacks.", :default_value => false
+
+  c.action do |global_options, options, args|
+    raise ArgumentError, "Environment is required" unless (environment = args.first)
+    Opsicle::Permit.new(environment).execute(options)
+  end
+end
+
 exit run(ARGV)

data/lib/opsicle/commands.rb

@@ -12,6 +12,7 @@ require "opsicle/commands/legacy_credential_converter"
 require "opsicle/commands/list"
 require "opsicle/commands/list_instances"
 require "opsicle/commands/move_eip"
+require "opsicle/commands/permit"
 require "opsicle/commands/ssh"
 require "opsicle/commands/ssh_clean_keys"
 require "opsicle/commands/ssh_key"

data/lib/opsicle/commands/permit.rb

@@ -0,0 +1,46 @@
+module Opsicle
+  class Permit
+    def initialize(environment)
+      @client = Client.new(environment)
+    end
+
+    def execute(options={})
+      stack_ids = options[:all_stacks] ? all_stack_ids : [current_stack_id]
+      stack_ids.each do |stack_id|
+        iam_user_arns(options[:user]).each do |arn|
+          set_permission(arn, stack_id)
+        end
+      end
+    end
+
+    def all_stack_ids
+      @client.api_call(:describe_stacks)[:stacks].map{ |stack| stack[:stack_id] }
+    end
+
+    def current_stack_id
+      @client.config.opsworks_config[:stack_id]
+    end
+
+    def iam_user_arns(user_names)
+      if user_names && !user_names.empty?
+        user_names.map do |user_name|
+          profile = profiles.detect{ |profile| profile[:name] == user_name || profile[:ssh_username] == user_name}
+          raise ArgumentError, "User #{user_name} not found" unless profile
+          profile[:iam_user_arn]
+        end
+      else
+        [UserProfile.new(@client).arn]
+      end
+    end
+
+    def set_permission(arn, stack_id)
+      @client.api_call(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: arn , stack_id: stack_id } )
+    end
+    private :set_permission
+
+    def profiles
+      @profiles ||= @client.api_call(:describe_user_profiles)[:user_profiles]
+    end
+    private :profiles
+  end
+end

data/lib/opsicle/version.rb

@@ -1,3 +1,3 @@
 module Opsicle
-  VERSION = "2.12.5"
+  VERSION = "2.13.0"
 end

data/spec/opsicle/commands/permit_spec.rb

@@ -0,0 +1,77 @@
+require "spec_helper"
+require "opsicle"
+
+
+module Opsicle
+  describe Permit do
+    let(:client) { double(config: double(opsworks_config: { stack_id: '1234' })) }
+    subject { Permit.new('derp')}
+    let(:describe_user_profiles) {
+      { user_profiles: [
+          {name: "herp.derp", ssh_username: "herpderp", iam_user_arn: '8675309'},
+          {name: "doop.derp", ssh_username: "doopderp", iam_user_arn: '8675342'},
+          {name: "billy.mays", ssh_username: "billymays", iam_user_arn: '8675338'},
+          {name: "brent.favor", ssh_username: "brentfavor", iam_user_arn: '4'}
+        ]
+      }
+    }
+
+    before do
+      allow_any_instance_of(UserProfile).to receive(:arn).and_return('8675309')
+      allow(client).to receive(:api_call).with(:describe_stacks).and_return({ stacks: [{ stack_id: '1234' }, { stack_id: '5678' }] })
+      allow(client).to receive(:api_call).with(:describe_user_profiles).and_return(describe_user_profiles)
+      allow(Client).to receive(:new).with("derp").and_return(client)
+    end
+
+    context '#execute' do
+      it 'calls set_permission for current_user on current stack by default' do
+        expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '1234' })
+        subject.execute({})
+      end
+
+      it 'calls set_permission for current user for all stacks with all_stacks option' do
+        expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '1234' })
+        expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '5678' })
+        subject.execute({all_stacks: true})
+      end
+
+      it 'calls set_permission for selected users for current stack' do
+        expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675342' , stack_id: '1234' })
+        expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '4' , stack_id: '1234' })
+        subject.execute(user: ['doop.derp', 'brentfavor'])
+      end
+
+      it 'calls set_permission for selected users for all stacks' do
+        expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '1234' })
+        expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675338' , stack_id: '1234' })
+        expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '5678' })
+        expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675338' , stack_id: '5678' })
+        subject.execute(user: ['herp.derp', 'billy.mays'], all_stacks: true)
+      end
+    end
+
+    context '#iam_user_arns' do
+      it 'finds a user arn by name' do
+        expect(subject.iam_user_arns(['billy.mays', 'doop.derp'])).to eq(['8675338', '8675342'])
+      end
+
+      it 'finds a user arn by ssh_username' do
+        expect(subject.iam_user_arns(['brentfavor', 'herp.derp'])).to eq(['4', '8675309'])
+      end
+
+      it 'finds by a mix of name and ssh_username' do
+        expect(subject.iam_user_arns(['brentfavor', 'doop.derp'])).to eq(['4', '8675342'])
+      end
+
+      it 'should thow exception if user is not found' do
+        expect{subject.iam_user_arns(['bobby.jones'])}.to raise_error(ArgumentError, /bobby.jones/)
+      end
+    end
+
+    context '#all_stack_ids' do
+      it 'maps stack ids from describe_stacks' do
+        expect(subject.all_stack_ids).to eq(['1234','5678'])
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: opsicle
 version: !ruby/object:Gem::Version
-  version: 2.12.5
+  version: 2.13.0
 platform: ruby
 authors:
 - Andy Fleener
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-18 00:00:00.000000000 Z
+date: 2019-03-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -204,6 +204,7 @@ files:
 - lib/opsicle/commands/list.rb
 - lib/opsicle/commands/list_instances.rb
 - lib/opsicle/commands/move_eip.rb
+- lib/opsicle/commands/permit.rb
 - lib/opsicle/commands/ssh.rb
 - lib/opsicle/commands/ssh_clean_keys.rb
 - lib/opsicle/commands/ssh_key.rb
@@ -253,6 +254,7 @@ files:
 - spec/opsicle/commands/list_instances_spec.rb
 - spec/opsicle/commands/list_spec.rb
 - spec/opsicle/commands/move_eip_spec.rb
+- spec/opsicle/commands/permit_spec.rb
 - spec/opsicle/commands/ssh_key_spec.rb
 - spec/opsicle/commands/ssh_spec.rb
 - spec/opsicle/commands/stop_instance_spec.rb
@@ -297,7 +299,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.8
+rubygems_version: 2.7.9
 signing_key: 
 specification_version: 4
 summary: An opsworks specific abstraction on top of the aws sdk
@@ -331,6 +333,7 @@ test_files:
 - spec/opsicle/commands/list_instances_spec.rb
 - spec/opsicle/commands/execute_recipes_spec.rb
 - spec/opsicle/commands/ssh_spec.rb
+- spec/opsicle/commands/permit_spec.rb
 - spec/opsicle/commands/user_profile_info_spec.rb
 - spec/opsicle/instances_spec.rb
 - spec/opsicle/errors_spec.rb