opsicle 2.12.5 → 2.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/opsicle +12 -0
- data/lib/opsicle/commands.rb +1 -0
- data/lib/opsicle/commands/permit.rb +46 -0
- data/lib/opsicle/version.rb +1 -1
- data/spec/opsicle/commands/permit_spec.rb +77 -0
- metadata +6 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a36db447ea80f6febf407297e2c5f0ff1a5b1cbfce7505267b37613f9bf88e26
|
4
|
+
data.tar.gz: a4f5d806d60c28c0dd68d0ee833e0cc410d9b5fe1b6c9b118d4a4f73ab1b5f65
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2d4f6da95579f2b12eef319b58cb36f9af1cea7e31e9b071f9831e5b8f6e1b6625bfd5e9255780e759c38a645b5c15be646f78900311c9b1cc587a2d9c45085b
|
7
|
+
data.tar.gz: cda0b830e5f20b58be8b987e24bd9aad11f7f5deb6317a9a93b74ea944fad3f78be1789c8ec435445f3ae18fe29d8517360932445ade9a384fef00a7406baa0e
|
data/bin/opsicle
CHANGED
@@ -291,4 +291,16 @@ command 'user-profile-info' do |c|
|
|
291
291
|
end
|
292
292
|
end
|
293
293
|
|
294
|
+
desc 'Add ssh and sudo permissions for current user or specified users'
|
295
|
+
arg_name '<environment>'
|
296
|
+
command 'permit' do |c|
|
297
|
+
c.flag [:u, :user], :desc => 'User name or ssh username to update.', :type => String, :multiple => true
|
298
|
+
c.switch [:a, :all_stacks], :desc => "Set permissions on all stacks.", :default_value => false
|
299
|
+
|
300
|
+
c.action do |global_options, options, args|
|
301
|
+
raise ArgumentError, "Environment is required" unless (environment = args.first)
|
302
|
+
Opsicle::Permit.new(environment).execute(options)
|
303
|
+
end
|
304
|
+
end
|
305
|
+
|
294
306
|
exit run(ARGV)
|
data/lib/opsicle/commands.rb
CHANGED
@@ -12,6 +12,7 @@ require "opsicle/commands/legacy_credential_converter"
|
|
12
12
|
require "opsicle/commands/list"
|
13
13
|
require "opsicle/commands/list_instances"
|
14
14
|
require "opsicle/commands/move_eip"
|
15
|
+
require "opsicle/commands/permit"
|
15
16
|
require "opsicle/commands/ssh"
|
16
17
|
require "opsicle/commands/ssh_clean_keys"
|
17
18
|
require "opsicle/commands/ssh_key"
|
@@ -0,0 +1,46 @@
|
|
1
|
+
module Opsicle
|
2
|
+
class Permit
|
3
|
+
def initialize(environment)
|
4
|
+
@client = Client.new(environment)
|
5
|
+
end
|
6
|
+
|
7
|
+
def execute(options={})
|
8
|
+
stack_ids = options[:all_stacks] ? all_stack_ids : [current_stack_id]
|
9
|
+
stack_ids.each do |stack_id|
|
10
|
+
iam_user_arns(options[:user]).each do |arn|
|
11
|
+
set_permission(arn, stack_id)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def all_stack_ids
|
17
|
+
@client.api_call(:describe_stacks)[:stacks].map{ |stack| stack[:stack_id] }
|
18
|
+
end
|
19
|
+
|
20
|
+
def current_stack_id
|
21
|
+
@client.config.opsworks_config[:stack_id]
|
22
|
+
end
|
23
|
+
|
24
|
+
def iam_user_arns(user_names)
|
25
|
+
if user_names && !user_names.empty?
|
26
|
+
user_names.map do |user_name|
|
27
|
+
profile = profiles.detect{ |profile| profile[:name] == user_name || profile[:ssh_username] == user_name}
|
28
|
+
raise ArgumentError, "User #{user_name} not found" unless profile
|
29
|
+
profile[:iam_user_arn]
|
30
|
+
end
|
31
|
+
else
|
32
|
+
[UserProfile.new(@client).arn]
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def set_permission(arn, stack_id)
|
37
|
+
@client.api_call(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: arn , stack_id: stack_id } )
|
38
|
+
end
|
39
|
+
private :set_permission
|
40
|
+
|
41
|
+
def profiles
|
42
|
+
@profiles ||= @client.api_call(:describe_user_profiles)[:user_profiles]
|
43
|
+
end
|
44
|
+
private :profiles
|
45
|
+
end
|
46
|
+
end
|
data/lib/opsicle/version.rb
CHANGED
@@ -0,0 +1,77 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
require "opsicle"
|
3
|
+
|
4
|
+
|
5
|
+
module Opsicle
|
6
|
+
describe Permit do
|
7
|
+
let(:client) { double(config: double(opsworks_config: { stack_id: '1234' })) }
|
8
|
+
subject { Permit.new('derp')}
|
9
|
+
let(:describe_user_profiles) {
|
10
|
+
{ user_profiles: [
|
11
|
+
{name: "herp.derp", ssh_username: "herpderp", iam_user_arn: '8675309'},
|
12
|
+
{name: "doop.derp", ssh_username: "doopderp", iam_user_arn: '8675342'},
|
13
|
+
{name: "billy.mays", ssh_username: "billymays", iam_user_arn: '8675338'},
|
14
|
+
{name: "brent.favor", ssh_username: "brentfavor", iam_user_arn: '4'}
|
15
|
+
]
|
16
|
+
}
|
17
|
+
}
|
18
|
+
|
19
|
+
before do
|
20
|
+
allow_any_instance_of(UserProfile).to receive(:arn).and_return('8675309')
|
21
|
+
allow(client).to receive(:api_call).with(:describe_stacks).and_return({ stacks: [{ stack_id: '1234' }, { stack_id: '5678' }] })
|
22
|
+
allow(client).to receive(:api_call).with(:describe_user_profiles).and_return(describe_user_profiles)
|
23
|
+
allow(Client).to receive(:new).with("derp").and_return(client)
|
24
|
+
end
|
25
|
+
|
26
|
+
context '#execute' do
|
27
|
+
it 'calls set_permission for current_user on current stack by default' do
|
28
|
+
expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '1234' })
|
29
|
+
subject.execute({})
|
30
|
+
end
|
31
|
+
|
32
|
+
it 'calls set_permission for current user for all stacks with all_stacks option' do
|
33
|
+
expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '1234' })
|
34
|
+
expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '5678' })
|
35
|
+
subject.execute({all_stacks: true})
|
36
|
+
end
|
37
|
+
|
38
|
+
it 'calls set_permission for selected users for current stack' do
|
39
|
+
expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675342' , stack_id: '1234' })
|
40
|
+
expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '4' , stack_id: '1234' })
|
41
|
+
subject.execute(user: ['doop.derp', 'brentfavor'])
|
42
|
+
end
|
43
|
+
|
44
|
+
it 'calls set_permission for selected users for all stacks' do
|
45
|
+
expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '1234' })
|
46
|
+
expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675338' , stack_id: '1234' })
|
47
|
+
expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675309' , stack_id: '5678' })
|
48
|
+
expect(client).to receive(:api_call).with(:set_permission, { allow_ssh: true, allow_sudo: true, iam_user_arn: '8675338' , stack_id: '5678' })
|
49
|
+
subject.execute(user: ['herp.derp', 'billy.mays'], all_stacks: true)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
context '#iam_user_arns' do
|
54
|
+
it 'finds a user arn by name' do
|
55
|
+
expect(subject.iam_user_arns(['billy.mays', 'doop.derp'])).to eq(['8675338', '8675342'])
|
56
|
+
end
|
57
|
+
|
58
|
+
it 'finds a user arn by ssh_username' do
|
59
|
+
expect(subject.iam_user_arns(['brentfavor', 'herp.derp'])).to eq(['4', '8675309'])
|
60
|
+
end
|
61
|
+
|
62
|
+
it 'finds by a mix of name and ssh_username' do
|
63
|
+
expect(subject.iam_user_arns(['brentfavor', 'doop.derp'])).to eq(['4', '8675342'])
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'should thow exception if user is not found' do
|
67
|
+
expect{subject.iam_user_arns(['bobby.jones'])}.to raise_error(ArgumentError, /bobby.jones/)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
context '#all_stack_ids' do
|
72
|
+
it 'maps stack ids from describe_stacks' do
|
73
|
+
expect(subject.all_stack_ids).to eq(['1234','5678'])
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: opsicle
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.13.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andy Fleener
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2019-
|
12
|
+
date: 2019-03-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aws-sdk
|
@@ -204,6 +204,7 @@ files:
|
|
204
204
|
- lib/opsicle/commands/list.rb
|
205
205
|
- lib/opsicle/commands/list_instances.rb
|
206
206
|
- lib/opsicle/commands/move_eip.rb
|
207
|
+
- lib/opsicle/commands/permit.rb
|
207
208
|
- lib/opsicle/commands/ssh.rb
|
208
209
|
- lib/opsicle/commands/ssh_clean_keys.rb
|
209
210
|
- lib/opsicle/commands/ssh_key.rb
|
@@ -253,6 +254,7 @@ files:
|
|
253
254
|
- spec/opsicle/commands/list_instances_spec.rb
|
254
255
|
- spec/opsicle/commands/list_spec.rb
|
255
256
|
- spec/opsicle/commands/move_eip_spec.rb
|
257
|
+
- spec/opsicle/commands/permit_spec.rb
|
256
258
|
- spec/opsicle/commands/ssh_key_spec.rb
|
257
259
|
- spec/opsicle/commands/ssh_spec.rb
|
258
260
|
- spec/opsicle/commands/stop_instance_spec.rb
|
@@ -297,7 +299,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
297
299
|
version: '0'
|
298
300
|
requirements: []
|
299
301
|
rubyforge_project:
|
300
|
-
rubygems_version: 2.7.
|
302
|
+
rubygems_version: 2.7.9
|
301
303
|
signing_key:
|
302
304
|
specification_version: 4
|
303
305
|
summary: An opsworks specific abstraction on top of the aws sdk
|
@@ -331,6 +333,7 @@ test_files:
|
|
331
333
|
- spec/opsicle/commands/list_instances_spec.rb
|
332
334
|
- spec/opsicle/commands/execute_recipes_spec.rb
|
333
335
|
- spec/opsicle/commands/ssh_spec.rb
|
336
|
+
- spec/opsicle/commands/permit_spec.rb
|
334
337
|
- spec/opsicle/commands/user_profile_info_spec.rb
|
335
338
|
- spec/opsicle/instances_spec.rb
|
336
339
|
- spec/opsicle/errors_spec.rb
|