opsworks-cli 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 24ea648dce531f41a4ff17b6d4cb9ab1991f708a
-  data.tar.gz: 4b897b4a05110a1de06a9196da2ac84d8a9fc62a
+  metadata.gz: 85301da60371b32e479e3b0c3abd91386e876ead
+  data.tar.gz: 0a07cd8ab46d60e96a647173d3020532d66fd17b
 SHA512:
-  metadata.gz: 899b768a457184a2e69014c9de72e385fa35601a7c4229c6df828793624532d8002967a7c3a9a0386fe9aa1fc5bf6f6f0c3db011180b53da6613692a1c7faa75
-  data.tar.gz: fbbe850475cfa8625531a78ce76df586255f85fa41cebab7ee94cccda743da2ae074e0794dcdc57abe7b7e82838becbda8f72d2f9e64fc6bf3d564f72dd3e367
+  metadata.gz: 8c07bc9aa8f89556fae70ba033e52bb43fd72fd7ec9f171c584c96a2c3a09115a791b5e00f7f31539b415610aac2cd802ba4b2f8519289980d861a7bf8c7e7b6
+  data.tar.gz: 97e160e494f5a2ecc9a5045a0f76097bf6cb83eab694ca05e3a6e7a6eb7203e8de4ffdde8f6410f95102977fd04ebf855e809344f25991d85bbd984c7fca76cc

data/README.md

@@ -50,4 +50,6 @@ Commands:
 
 MIT License, see [LICENSE](LICENSE.md) for details.
 
-Copyright (c) 2014 [Aptible](https://www.aptible.com), Frank Macreery, and contributors.
+Copyright (c) 2014 [Aptible](https://www.aptible.com) and contributors.
+
+[<img src="https://s.gravatar.com/avatar/f7790b867ae619ae0496460aa28c5861?s=60" style="border-radius: 50%;" alt="@fancyremarker" />](https://github.com/fancyremarker)

data/lib/opsworks/cli/agent.rb

@@ -8,6 +8,8 @@ require_relative 'subcommands/update'
 require_relative 'subcommands/exec'
 require_relative 'subcommands/deploy'
 require_relative 'subcommands/status'
+require_relative 'subcommands/allow'
+require_relative 'subcommands/lockdown'
 
 module OpsWorks
   module CLI
@@ -18,6 +20,8 @@ module OpsWorks
       include Subcommands::Exec
       include Subcommands::Deploy
       include Subcommands::Status
+      include Subcommands::Allow
+      include Subcommands::Lockdown
 
       desc 'version', 'Print OpsWorks CLI version'
       def version

data/lib/opsworks/cli/subcommands/allow.rb

@@ -0,0 +1,32 @@
+require 'opsworks/permission'
+
+module OpsWorks
+  module CLI
+    module Subcommands
+      module Allow
+        # rubocop:disable MethodLength
+        # rubocop:disable CyclomaticComplexity
+        def self.included(thor)
+          thor.class_eval do
+            desc 'allow USER [--stack STACK]', 'Allow an IAM user on a stack'
+            option :stack, type: :array
+            option :ssh, type: :boolean, default: true
+            option :sudo, type: :boolean, default: true
+            def allow(user)
+              fetch_keychain_credentials unless env_credentials?
+              stacks = parse_stacks(options.merge(active: true))
+              stacks.each do |stack|
+                permission = stack.find_permission_by_user(user)
+                next unless permission
+                say "Updating permissions on #{stack.name}..."
+                permission.update(ssh: options[:ssh], sudo: options[:sudo])
+              end
+            end
+          end
+        end
+        # rubocop:enable CyclomaticComplexity
+        # rubocop:enable MethodLength
+      end
+    end
+  end
+end

data/lib/opsworks/cli/subcommands/deploy.rb

@@ -8,7 +8,7 @@ module OpsWorks
         # rubocop:disable CyclomaticComplexity
         def self.included(thor)
           thor.class_eval do
-            desc 'deploy [--stack STACK] APP', 'Deploy an OpsWorks app'
+            desc 'deploy APP [--stack STACK]', 'Deploy an OpsWorks app'
             option :stack, type: :array
             def deploy(name)
               fetch_keychain_credentials unless env_credentials?

data/lib/opsworks/cli/subcommands/exec.rb

@@ -8,7 +8,7 @@ module OpsWorks
         # rubocop:disable CyclomaticComplexity
         def self.included(thor)
           thor.class_eval do
-            desc 'exec [--stack STACK] RECIPE', 'Execute a Chef recipe'
+            desc 'exec RECIPE [--stack STACK]', 'Execute a Chef recipe'
             option :stack, type: :array
             def exec(recipe)
               fetch_keychain_credentials unless env_credentials?

data/lib/opsworks/cli/subcommands/lockdown.rb

@@ -0,0 +1,30 @@
+require 'opsworks/permission'
+
+module OpsWorks
+  module CLI
+    module Subcommands
+      module Lockdown
+        # rubocop:disable MethodLength
+        # rubocop:disable CyclomaticComplexity
+        def self.included(thor)
+          thor.class_eval do
+            desc 'lockdown [--stack STACK]', 'Remove all stack permissions'
+            option :stack, type: :array
+            def lockdown
+              fetch_keychain_credentials unless env_credentials?
+              stacks = parse_stacks(options.merge(active: true))
+              stacks.each do |stack|
+                say "Locking down #{stack.name}..."
+                stack.permissions.each do |permission|
+                  permission.update(ssh: false, sudo: false)
+                end
+              end
+            end
+          end
+        end
+        # rubocop:enable CyclomaticComplexity
+        # rubocop:enable MethodLength
+      end
+    end
+  end
+end

data/lib/opsworks/cli/subcommands/status.rb

@@ -9,7 +9,7 @@ module OpsWorks
             include Helpers::Keychain
             include Helpers::Options
 
-            desc 'status [--stack STACK] APP',
+            desc 'status APP [--stack STACK]',
                  'Display the most recent deployment of an app'
             option :stack, type: :array
             def status(name)

data/lib/opsworks/cli/version.rb

@@ -1,5 +1,5 @@
 module OpsWorks
   module CLI
-    VERSION = '0.2.1'
+    VERSION = '0.2.2'
   end
 end

data/lib/opsworks/permission.rb

@@ -0,0 +1,45 @@
+require 'opsworks/resource'
+
+module OpsWorks
+  class Permission < Resource
+    attr_accessor :id, :stack_id, :iam_user_arn, :ssh, :sudo
+
+    def self.from_collection_response(response)
+      response.data[:permissions].map do |hash|
+        new(
+          id: hash[:permission_id],
+          stack_id: hash[:stack_id],
+          iam_user_arn: hash[:iam_user_arn],
+          sudo: hash[:allow_sudo],
+          ssh: hash[:allow_ssh]
+        )
+      end
+    end
+
+    def user
+      iam_user_arn.gsub(/^.*user\//, '')
+    end
+
+    def ssh?
+      ssh
+    end
+
+    def sudo?
+      sudo
+    end
+
+    def update(options = {})
+      options[:ssh] = ssh if options[:ssh].nil?
+      options[:sudo] = sudo if options[:sudo].nil?
+
+      self.class.client.set_permission(
+        stack_id: stack_id,
+        iam_user_arn: iam_user_arn,
+        allow_ssh: options[:ssh],
+        allow_sudo: options[:sudo]
+      )
+      self.ssh = options[:ssh]
+      self.sudo = options[:sudo]
+    end
+  end
+end

data/lib/opsworks/stack.rb

@@ -1,6 +1,7 @@
 require 'opsworks/resource'
 require 'opsworks/app'
 require 'opsworks/instance'
+require 'opsworks/permission'
 
 module OpsWorks
   class Stack < Resource
@@ -24,6 +25,14 @@ module OpsWorks
       @apps ||= initialize_apps
     end
 
+    def permissions
+      @permissions ||= initialize_permissions
+    end
+
+    def find_permission_by_user(name)
+      permissions.find { |permission| permission.user == name }
+    end
+
     def find_app_by_name(name)
       apps.find { |app| app.name == name }
     end
@@ -62,6 +71,12 @@ module OpsWorks
       App.from_collection_response(response)
     end
 
+    def initialize_permissions
+      return [] unless id
+      response = self.class.client.describe_permissions(stack_id: id)
+      Permission.from_collection_response(response)
+    end
+
     def initialize_instances
       return [] unless id
       response = self.class.client.describe_instances(stack_id: id)

data/spec/fabricators/opsworks/permission_fabricator.rb

@@ -0,0 +1,7 @@
+Fabricator(:permission, from: OpsWorks::Permission) do
+  id { SecureRandom.uuid }
+  stack_id { SecureRandom.uuid }
+  iam_user_arn { Fabricate.sequence(:iam) { |i| "iam::#{i}:user/bob" } }
+  ssh true
+  sudo true
+end

data/spec/opsworks/cli/subcommands/allow_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe OpsWorks::CLI::Agent do
+  describe '#allow' do
+    let(:permissions) { 2.times.map { Fabricate(:permission) } }
+    let(:user) { permissions[0].user }
+    let(:stacks) do
+      2.times.map do |i|
+        Fabricate(:stack).tap do |stack|
+          allow(stack).to receive(:find_permission_by_user) { permissions[i] }
+        end
+      end
+    end
+
+    before { allow(subject).to receive(:say) }
+    before { allow(OpsWorks::Stack).to receive(:all) { stacks } }
+    before { allow(OpsWorks::Stack).to receive(:active) { stacks } }
+
+    it 'should update all matching permissions' do
+      expect(permissions[0]).to receive(:update)
+      expect(permissions[1]).to receive(:update)
+      subject.allow(user)
+    end
+
+    it 'should optionally run on a subset of stacks' do
+      expect(permissions[0]).to receive(:update)
+      expect(permissions[1]).not_to receive(:update)
+
+      allow(subject).to receive(:options) { { stack: [stacks[0].name] } }
+      subject.allow(user)
+    end
+
+    it 'should accept :ssh and :sudo options' do
+      expect(permissions[0]).to receive(:update).with(ssh: true, sudo: false)
+
+      allow(subject).to receive(:options) do
+        { stack: [stacks[0].name], ssh: true, sudo: false }
+      end
+      subject.allow(user)
+    end
+  end
+end

data/spec/opsworks/cli/subcommands/lockdown_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+describe OpsWorks::CLI::Agent do
+  describe '#lockdown' do
+    let(:permissions) { 2.times.map { Fabricate(:permission) } }
+    let(:user) { permissions[0].user }
+    let(:stack) do
+      Fabricate(:stack).tap do |stack|
+        allow(stack).to receive(:permissions) { permissions }
+      end
+    end
+
+    before { allow(subject).to receive(:say) }
+    before { allow(OpsWorks::Stack).to receive(:all) { [stack] } }
+    before { allow(OpsWorks::Stack).to receive(:active) { [stack] } }
+
+    it 'should lock down all stacks' do
+      expect(permissions[0]).to receive(:update).with(ssh: false, sudo: false)
+      expect(permissions[1]).to receive(:update).with(ssh: false, sudo: false)
+      subject.lockdown
+    end
+
+    it 'should optionally run on a subset of stacks' do
+      expect(permissions[0]).to receive(:update).with(ssh: false, sudo: false)
+      expect(permissions[1]).to receive(:update).with(ssh: false, sudo: false)
+
+      allow(subject).to receive(:options) { { stacks: [stack.name] } }
+      subject.lockdown
+    end
+  end
+end

metadata

@@ -1,139 +1,139 @@
 --- !ruby/object:Gem::Specification
 name: opsworks-cli
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Frank Macreery
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-08 00:00:00.000000000 Z
+date: 2014-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: aws-sdk
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: aws-keychain-util
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.5'
 - !ruby/object:Gem::Dependency
   name: aptible-tasks
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
   name: fabrication
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: OpsWorks CLI
@@ -144,9 +144,9 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Gemfile
 - LICENSE.md
 - README.md
@@ -157,22 +157,28 @@ files:
 - lib/opsworks/cli/agent.rb
 - lib/opsworks/cli/helpers/keychain.rb
 - lib/opsworks/cli/helpers/options.rb
+- lib/opsworks/cli/subcommands/allow.rb
 - lib/opsworks/cli/subcommands/deploy.rb
 - lib/opsworks/cli/subcommands/exec.rb
+- lib/opsworks/cli/subcommands/lockdown.rb
 - lib/opsworks/cli/subcommands/status.rb
 - lib/opsworks/cli/subcommands/update.rb
 - lib/opsworks/cli/version.rb
 - lib/opsworks/deployment.rb
 - lib/opsworks/instance.rb
+- lib/opsworks/permission.rb
 - lib/opsworks/resource.rb
 - lib/opsworks/stack.rb
 - opsworks-cli.gemspec
 - spec/fabricators/opsworks/app_fabricator.rb
 - spec/fabricators/opsworks/deployment_fabricator.rb
+- spec/fabricators/opsworks/permission_fabricator.rb
 - spec/fabricators/opsworks/stack_fabricator.rb
 - spec/opsworks/cli/agent_spec.rb
+- spec/opsworks/cli/subcommands/allow_spec.rb
 - spec/opsworks/cli/subcommands/deploy_spec.rb
 - spec/opsworks/cli/subcommands/exec_spec.rb
+- spec/opsworks/cli/subcommands/lockdown_spec.rb
 - spec/opsworks/cli/subcommands/update_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/aptible/opsworks-cli
@@ -185,12 +191,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
@@ -202,9 +208,12 @@ summary: Alternative CLI for Amazon OpsWorks
 test_files:
 - spec/fabricators/opsworks/app_fabricator.rb
 - spec/fabricators/opsworks/deployment_fabricator.rb
+- spec/fabricators/opsworks/permission_fabricator.rb
 - spec/fabricators/opsworks/stack_fabricator.rb
 - spec/opsworks/cli/agent_spec.rb
+- spec/opsworks/cli/subcommands/allow_spec.rb
 - spec/opsworks/cli/subcommands/deploy_spec.rb
 - spec/opsworks/cli/subcommands/exec_spec.rb
+- spec/opsworks/cli/subcommands/lockdown_spec.rb
 - spec/opsworks/cli/subcommands/update_spec.rb
 - spec/spec_helper.rb