practice_terraforming 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +86 -73
- data/lib/practice_terraforming/cli.rb +5 -0
- data/lib/practice_terraforming/resource/iam_user_policy_attachment.rb +78 -0
- data/lib/practice_terraforming/template/tf/iam_user_policy_attachment.erb +7 -0
- data/lib/practice_terraforming/version.rb +1 -1
- data/lib/practice_terraforming.rb +1 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b42585c37ce1598af09698143df455795bca85f1
|
4
|
+
data.tar.gz: 49986467336da38ef6b73b87083e21ef5509704c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fef6df2db079223937804390f0e8907234b4a704d58d38a706f2a78a45bf3265ecfe0fc76e01a05866ececfafd116500db1c7498dc8cbda5182331bd8d834d52
|
7
|
+
data.tar.gz: 0c92d2943898a7b4c4ca3cf7cb81fe6f5abac565eccc85a5eb583dc0f101723fb395a8d3d8f7b215a0e63e6ce0c2aa8b88b8e6bd4a3250e75c2da07c1d0ba0b2
|
data/README.md
CHANGED
@@ -2,11 +2,13 @@
|
|
2
2
|
|
3
3
|
# PracticeTerraforming
|
4
4
|
|
5
|
-
|
5
|
+
## Description
|
6
|
+
|
7
|
+
This is just for practice! There's not `IAMRolePolicyAttachment`, `IAMUserPolicyAttachment` and `IAMGroupPolicyAttachment` in the original repo. So, I implemented them and also sent pull requests. This repo is used to check before sending those pull requests.
|
6
8
|
|
7
9
|
## Installation
|
8
10
|
|
9
|
-
Add this line to your application's Gemfile:
|
11
|
+
Add this line to your application's Gemfile (https://rubygems.org/gems/practice_terraforming):
|
10
12
|
|
11
13
|
```ruby
|
12
14
|
gem 'practice_terraforming'
|
@@ -32,7 +34,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
32
34
|
|
33
35
|
## Contributing
|
34
36
|
|
35
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
37
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/nakamasato/practice_terraforming. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
36
38
|
|
37
39
|
## License
|
38
40
|
|
@@ -40,7 +42,7 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
40
42
|
|
41
43
|
## Code of Conduct
|
42
44
|
|
43
|
-
Everyone interacting in the PracticeTerraforming project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/
|
45
|
+
Everyone interacting in the PracticeTerraforming project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/nakamasato/practice_terraforming/blob/master/CODE_OF_CONDUCT.md).
|
44
46
|
|
45
47
|
# How I created this
|
46
48
|
|
@@ -104,46 +106,46 @@ Wrote dependencies with `spec.add_dependency` and `spec.add_development_dependen
|
|
104
106
|
|
105
107
|
## Create Resource
|
106
108
|
|
107
|
-
|
109
|
+
`. generate templates with `script/generate`
|
108
110
|
|
109
|
-
```
|
110
|
-
script/generate iam_policy_attachment
|
111
|
-
==> Generate iam_policy_attachment.rb
|
112
|
-
==> Generate iam_policy_attachment_spec.rb
|
113
|
-
==> Generate iam_policy_attachment.erb
|
111
|
+
```
|
112
|
+
script/generate iam_policy_attachment
|
113
|
+
==> Generate iam_policy_attachment.rb
|
114
|
+
==> Generate iam_policy_attachment_spec.rb
|
115
|
+
==> Generate iam_policy_attachment.erb
|
114
116
|
|
115
|
-
Add below code by hand.
|
117
|
+
Add below code by hand.
|
116
118
|
|
117
|
-
lib/practice_terraforming.rb:
|
119
|
+
lib/practice_terraforming.rb:
|
118
120
|
|
119
|
-
|
121
|
+
require "practice_terraforming/resource/iam_policy_attachment"
|
120
122
|
|
121
|
-
lib/practice_terraforming/cli.rb:
|
123
|
+
lib/practice_terraforming/cli.rb:
|
122
124
|
|
123
|
-
|
124
|
-
|
125
|
+
module PracticeTerraforming
|
126
|
+
class CLI < Thor
|
125
127
|
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
128
|
+
# Subcommand name should be acronym.
|
129
|
+
desc "iam_policy_attachment", "Iam Policy Attachment"
|
130
|
+
def iam_policy_attachment
|
131
|
+
execute(PracticeTerraforming::Resource::IamPolicyAttachment, options)
|
132
|
+
end
|
131
133
|
|
132
|
-
spec/lib/practice_terraforming/cli_spec.rb:
|
134
|
+
spec/lib/practice_terraforming/cli_spec.rb:
|
133
135
|
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
136
|
+
module PracticeTerraforming
|
137
|
+
describe CLI do
|
138
|
+
context "resources" do
|
139
|
+
describe "iam_policy_attachment" do
|
140
|
+
let(:klass) { PracticeTerraforming::Resource::IamPolicyAttachment }
|
141
|
+
let(:command) { :iam_policy_attachment }
|
140
142
|
|
141
|
-
|
142
|
-
|
143
|
-
```
|
143
|
+
it_behaves_like "CLI examples"
|
144
|
+
end
|
145
|
+
```
|
144
146
|
|
145
147
|
1. As the message says, add those codes.
|
146
|
-
|
148
|
+
1. `lib/practice_terraforming/resource/iam_policy_attachment.rb`: Change Aws client and write logic in `tfstate` method
|
147
149
|
|
148
150
|
Use aws-sdk-<resource> to get the input data and write the logic to generate tf/tfstate file.
|
149
151
|
1. tf -> only need to update the template file, which appears in the next step
|
@@ -153,7 +155,7 @@ spec/lib/practice_terraforming/cli_spec.rb:
|
|
153
155
|
- <api method name, e.g. entities_for_policy> -> get the resource info with aws-sdk
|
154
156
|
- other -> make a list of resources to be used in `tfstate` method
|
155
157
|
|
156
|
-
|
158
|
+
1. `lib/practice_terraforming/template/tf/iam_policy_attachment.erb`: Update the erb based on the corresponding terraform resource.
|
157
159
|
|
158
160
|
```
|
159
161
|
<% iam_policy_attachments.each do |policy_attachment| -%>
|
@@ -168,53 +170,53 @@ spec/lib/practice_terraforming/cli_spec.rb:
|
|
168
170
|
<% end -%>
|
169
171
|
```
|
170
172
|
|
171
|
-
|
173
|
+
1. `spec/lib/practice_terraforming/resource/iam_policy_attachment_spec.rb`: Change Aws client and write test for tf and tfstate
|
172
174
|
|
173
175
|
Test Perspective:
|
174
176
|
1. Create aws sdk result using stub.
|
175
177
|
2. Use the module to generate tf/tfstate.
|
176
178
|
3. Compare expected one and generated one.
|
177
|
-
```
|
178
|
-
irb(main):007:0> client.list_policies.policies[0]
|
179
|
-
=> #<struct Aws::IAM::Types::Policy policy_name="test-policy", policy_id="ABCDEFG", arn="arn:aws:iam::123456789:policy/test-policy", path="/", default_version_id="v1", attachment_count=1, permissions_boundary_usage_count=0, is_attachable=true, description=nil, create_date=2019-01-01 00:00:00 UTC, update_date=2019-01-02 00:00:00 UTC>
|
180
|
-
client.list_entities_for_policy(policy_arn: "arn:aws:iam::351540792571:policy/ai-suggest-batch-user-policy")
|
181
|
-
irb(main):008:0> client.list_entities_for_policy(policy_arn: "arn:aws:iam::123456789:policy/test-policy")
|
182
|
-
=> #<struct Aws::IAM::Types::ListEntitiesForPolicyResponse policy_groups=[#<struct Aws::IAM::Types::PolicyGroup group_name="test-group", group_id="ABCDEFG">], policy_users=[], policy_roles=[], is_truncated=false, marker=nil>
|
183
|
-
```
|
184
179
|
|
185
|
-
|
186
|
-
|
187
|
-
|
180
|
+
```
|
181
|
+
irb(main):007:0> client.list_policies.policies[0]
|
182
|
+
=> #<struct Aws::IAM::Types::Policy policy_name="test-policy", policy_id="ABCDEFG", arn="arn:aws:iam::123456789:policy/test-policy", path="/", default_version_id="v1", attachment_count=1, permissions_boundary_usage_count=0, is_attachable=true, description=nil, create_date=2019-01-01 00:00:00 UTC, update_date=2019-01-02 00:00:00 UTC>
|
183
|
+
irb(main):008:0> client.list_entities_for_policy(policy_arn: "arn:aws:iam::123456789:policy/test-policy")
|
184
|
+
=> #<struct Aws::IAM::Types::ListEntitiesForPolicyResponse policy_groups=[#<struct Aws::IAM::Types::PolicyGroup group_name="test-group", group_id="ABCDEFG">], policy_users=[], policy_roles=[], is_truncated=false, marker=nil>
|
185
|
+
```
|
186
|
+
|
187
|
+
```
|
188
|
+
let(:policies) do
|
189
|
+
[
|
190
|
+
{
|
191
|
+
policy_name: "test-policy",
|
192
|
+
policy_id: "ABCDEFG",
|
193
|
+
arn: "arn:aws:iam::123456789:policy/test-policy",
|
194
|
+
path: "/",
|
195
|
+
default_version_id: "v1",
|
196
|
+
attachment_count: 1,
|
197
|
+
is_attachable: true,
|
198
|
+
create_date: Time.parse("2019-01-01 00:00:00 UTC"),
|
199
|
+
update_date: Time.parse("2019-01-02 00:00:00 UTC"),
|
200
|
+
description: nil,
|
201
|
+
}
|
202
|
+
]
|
203
|
+
end
|
204
|
+
|
205
|
+
let(:entities_for_policy) do
|
188
206
|
{
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
let(:entities_for_policy) do
|
204
|
-
{
|
205
|
-
policy_groups: [
|
206
|
-
{ group_name: "test-group", group_id: "ABCDEFG" },
|
207
|
-
],
|
208
|
-
policy_users: [],
|
209
|
-
policy_roles: [],
|
210
|
-
}
|
211
|
-
end
|
212
|
-
|
213
|
-
before do
|
214
|
-
client.stub_responses(:list_policies, policies: policies)
|
215
|
-
client.stub_responses(:list_entities_for_policy, [entities_for_policy])
|
216
|
-
end
|
217
|
-
```
|
207
|
+
policy_groups: [
|
208
|
+
{ group_name: "test-group", group_id: "ABCDEFG" },
|
209
|
+
],
|
210
|
+
policy_users: [],
|
211
|
+
policy_roles: [],
|
212
|
+
}
|
213
|
+
end
|
214
|
+
|
215
|
+
before do
|
216
|
+
client.stub_responses(:list_policies, policies: policies)
|
217
|
+
client.stub_responses(:list_entities_for_policy, [entities_for_policy])
|
218
|
+
end
|
219
|
+
```
|
218
220
|
|
219
221
|
## Install on local
|
220
222
|
|
@@ -245,7 +247,10 @@ Done installing documentation for practice_terraforming after 0 seconds
|
|
245
247
|
practice_terraforming
|
246
248
|
Commands:
|
247
249
|
practice_terraforming help [COMMAND] # Describe available commands or one specific command
|
250
|
+
practice_terraforming iampa # Iam Policy Attachment
|
248
251
|
practice_terraforming iamr # Iam Role
|
252
|
+
practice_terraforming iamrpa # Iam Role Policy Attachment
|
253
|
+
practice_terraforming iamupa # Iam User Policy Attachment
|
249
254
|
practice_terraforming s3 # S3
|
250
255
|
|
251
256
|
Options:
|
@@ -257,3 +262,11 @@ Options:
|
|
257
262
|
[--assume=ASSUME] # Role ARN to assume
|
258
263
|
[--use-bundled-cert], [--no-use-bundled-cert] # Use the bundled CA certificate from AWS SDK
|
259
264
|
```
|
265
|
+
|
266
|
+
## Table for aws-sdk and terraforming
|
267
|
+
|
268
|
+
|terraforming resource|aws-sdk|
|
269
|
+
|---|---|
|
270
|
+
|IAMRolePolicyAttachment|`list_roles` and `list_attached_role_policies` for all extracted roles |
|
271
|
+
|IAMGroupPolicyAttachment|`list_users` and `list_attached_user_policies` for all extracted users|
|
272
|
+
|IAMGroupPolicyAttachment|`list_groups` and `list_attached_group_policies` for all extracted groups|
|
@@ -33,6 +33,11 @@ module PracticeTerraforming
|
|
33
33
|
execute(PracticeTerraforming::Resource::IamRolePolicyAttachment, options)
|
34
34
|
end
|
35
35
|
|
36
|
+
desc "iamupa", "Iam User Policy Attachment"
|
37
|
+
def iamupa
|
38
|
+
execute(PracticeTerraforming::Resource::IAMUserPolicyAttachment, options)
|
39
|
+
end
|
40
|
+
|
36
41
|
private
|
37
42
|
|
38
43
|
def configure_aws(options)
|
@@ -0,0 +1,78 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module PracticeTerraforming
|
4
|
+
module Resource
|
5
|
+
class IAMUserPolicyAttachment
|
6
|
+
include PracticeTerraforming::Util
|
7
|
+
|
8
|
+
# TODO: Select appropriate Client class from here:
|
9
|
+
# http://docs.aws.amazon.com/sdkforruby/api/index.html
|
10
|
+
def self.tf(client: Aws::IAM::Client.new)
|
11
|
+
self.new(client).tf
|
12
|
+
end
|
13
|
+
|
14
|
+
# TODO: Select appropriate Client class from here:
|
15
|
+
# http://docs.aws.amazon.com/sdkforruby/api/index.html
|
16
|
+
def self.tfstate(client: Aws::IAM::Client.new)
|
17
|
+
self.new(client).tfstate
|
18
|
+
end
|
19
|
+
|
20
|
+
def initialize(client)
|
21
|
+
@client = client
|
22
|
+
end
|
23
|
+
|
24
|
+
def tf
|
25
|
+
apply_template(@client, "tf/iam_user_policy_attachment")
|
26
|
+
end
|
27
|
+
|
28
|
+
def tfstate
|
29
|
+
iam_user_policy_attachments.inject({}) do |resources, user_policy_attachment|
|
30
|
+
attributes = {
|
31
|
+
"id" => user_policy_attachment[:name],
|
32
|
+
"policy_arn" => user_policy_attachment[:policy_arn],
|
33
|
+
"user" => user_policy_attachment[:user]
|
34
|
+
}
|
35
|
+
resources["aws_iam_user_policy_attachment.#{module_name_of(user_policy_attachment)}"] = {
|
36
|
+
"type" => "aws_iam_user_policy_attachment",
|
37
|
+
"primary" => {
|
38
|
+
"id" => user_policy_attachment[:name],
|
39
|
+
"attributes" => attributes
|
40
|
+
}
|
41
|
+
}
|
42
|
+
|
43
|
+
resources
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
private
|
48
|
+
|
49
|
+
def attachment_name_from(user, policy)
|
50
|
+
"#{user.user_name}-#{policy.policy_name}-attachment"
|
51
|
+
end
|
52
|
+
|
53
|
+
def iam_users
|
54
|
+
@client.list_users.map(&:users).flatten
|
55
|
+
end
|
56
|
+
|
57
|
+
def policies_attached_to(user)
|
58
|
+
@client.list_attached_user_policies(user_name: user.user_name).attached_policies
|
59
|
+
end
|
60
|
+
|
61
|
+
def iam_user_policy_attachments
|
62
|
+
iam_users.map do |user|
|
63
|
+
policies_attached_to(user).map do |policy|
|
64
|
+
{
|
65
|
+
user: user.user_name,
|
66
|
+
policy_arn: policy.policy_arn,
|
67
|
+
name: attachment_name_from(user, policy)
|
68
|
+
}
|
69
|
+
end
|
70
|
+
end.flatten
|
71
|
+
end
|
72
|
+
|
73
|
+
def module_name_of(user_policy_attachment)
|
74
|
+
normalize_module_name(user_policy_attachment[:name])
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
@@ -0,0 +1,7 @@
|
|
1
|
+
<% iam_user_policy_attachments.each do |user_policy_attachment| -%>
|
2
|
+
resource "aws_iam_user_policy_attachment" "<%= module_name_of(user_policy_attachment) %>" {
|
3
|
+
policy_arn = "<%= user_policy_attachment[:policy_arn] %>"
|
4
|
+
user = "<%= user_policy_attachment[:user] %>"
|
5
|
+
}
|
6
|
+
|
7
|
+
<% end -%>
|
@@ -12,5 +12,6 @@ require 'practice_terraforming/version'
|
|
12
12
|
require "practice_terraforming/cli"
|
13
13
|
require "practice_terraforming/resource/iam_role"
|
14
14
|
require "practice_terraforming/resource/iam_role_policy_attachment"
|
15
|
+
require "practice_terraforming/resource/iam_user_policy_attachment"
|
15
16
|
require "practice_terraforming/resource/iam_policy_attachment"
|
16
17
|
require "practice_terraforming/resource/s3"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: practice_terraforming
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- masatonaka
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-12-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-iam
|
@@ -161,10 +161,12 @@ files:
|
|
161
161
|
- lib/practice_terraforming/resource/iam_policy_attachment.rb
|
162
162
|
- lib/practice_terraforming/resource/iam_role.rb
|
163
163
|
- lib/practice_terraforming/resource/iam_role_policy_attachment.rb
|
164
|
+
- lib/practice_terraforming/resource/iam_user_policy_attachment.rb
|
164
165
|
- lib/practice_terraforming/resource/s3.rb
|
165
166
|
- lib/practice_terraforming/template/tf/iam_policy_attachment.erb
|
166
167
|
- lib/practice_terraforming/template/tf/iam_role.erb
|
167
168
|
- lib/practice_terraforming/template/tf/iam_role_policy_attachment.erb
|
169
|
+
- lib/practice_terraforming/template/tf/iam_user_policy_attachment.erb
|
168
170
|
- lib/practice_terraforming/template/tf/s3.erb
|
169
171
|
- lib/practice_terraforming/util.rb
|
170
172
|
- lib/practice_terraforming/version.rb
|