subiam 1.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (41) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +19 -0
  3. data/.rspec +4 -0
  4. data/Gemfile +4 -0
  5. data/LICENSE.txt +48 -0
  6. data/README.md +408 -0
  7. data/Rakefile +5 -0
  8. data/bin/subiam +189 -0
  9. data/lib/subiam/client.rb +565 -0
  10. data/lib/subiam/driver.rb +466 -0
  11. data/lib/subiam/dsl/context/group.rb +35 -0
  12. data/lib/subiam/dsl/context/managed_policy.rb +23 -0
  13. data/lib/subiam/dsl/context/role.rb +59 -0
  14. data/lib/subiam/dsl/context/user.rb +43 -0
  15. data/lib/subiam/dsl/context.rb +101 -0
  16. data/lib/subiam/dsl/converter.rb +202 -0
  17. data/lib/subiam/dsl/helper/arn.rb +22 -0
  18. data/lib/subiam/dsl.rb +9 -0
  19. data/lib/subiam/exporter.rb +278 -0
  20. data/lib/subiam/ext/array_ext.rb +13 -0
  21. data/lib/subiam/ext/hash_ext.rb +41 -0
  22. data/lib/subiam/ext/string_ext.rb +25 -0
  23. data/lib/subiam/logger.rb +27 -0
  24. data/lib/subiam/password_manager.rb +41 -0
  25. data/lib/subiam/template_helper.rb +20 -0
  26. data/lib/subiam/utils.rb +31 -0
  27. data/lib/subiam/version.rb +3 -0
  28. data/lib/subiam.rb +36 -0
  29. data/spec/spec_helper.rb +95 -0
  30. data/spec/subiam/attach_detach_policy_spec.rb +389 -0
  31. data/spec/subiam/create_spec.rb +271 -0
  32. data/spec/subiam/custom_managed_policy_spec.rb +232 -0
  33. data/spec/subiam/delete_spec.rb +549 -0
  34. data/spec/subiam/hash_ext_spec.rb +61 -0
  35. data/spec/subiam/ignore_login_profile_spec.rb +73 -0
  36. data/spec/subiam/rename_spec.rb +476 -0
  37. data/spec/subiam/style_spec.rb +189 -0
  38. data/spec/subiam/target_spec.rb +150 -0
  39. data/spec/subiam/update_spec.rb +911 -0
  40. data/subiam.gemspec +32 -0
  41. metadata +251 -0
data/spec/subiam/target_spec.rb ADDED
@@ -0,0 +1,150 @@
1
+ describe 'specify target' do
2
+ let(:dsl_another_prefix) do
3
+ <<-RUBY
4
+ target /.*/
5
+
6
+ user "another-prefix-bob", :path=>"/devloper/" do
7
+ login_profile :password_reset_required=>true
8
+
9
+ groups(
10
+ "another-prefix-Admin",
11
+ "another-prefix-SES"
12
+ )
13
+
14
+ policy "S3" do
15
+ {"Statement"=>
16
+ [{"Action"=>
17
+ ["s3:Get*",
18
+ "s3:List*"],
19
+ "Effect"=>"Allow",
20
+ "Resource"=>"*"}]}
21
+ end
22
+ end
23
+
24
+ user "another-prefix-mary", :path=>"/staff/" do
25
+ policy "S3" do
26
+ {"Statement"=>
27
+ [{"Action"=>
28
+ ["s3:Get*",
29
+ "s3:List*"],
30
+ "Effect"=>"Allow",
31
+ "Resource"=>"*"}]}
32
+ end
33
+ end
34
+
35
+ group "another-prefix-Admin", :path=>"/admin/" do
36
+ policy "Admin" do
37
+ {"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}
38
+ end
39
+ end
40
+
41
+ group "another-prefix-SES", :path=>"/ses/" do
42
+ policy "ses-policy" do
43
+ {"Statement"=>
44
+ [{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
45
+ end
46
+ end
47
+
48
+ role "another-prefix-my-role", :path=>"/any/" do
49
+ instance_profiles(
50
+ "another-prefix-my-instance-profile"
51
+ )
52
+
53
+ assume_role_policy_document do
54
+ {"Version"=>"2012-10-17",
55
+ "Statement"=>
56
+ [{"Sid"=>"",
57
+ "Effect"=>"Allow",
58
+ "Principal"=>{"Service"=>"ec2.amazonaws.com"},
59
+ "Action"=>"sts:AssumeRole"}]}
60
+ end
61
+
62
+ policy "role-policy" do
63
+ {"Statement"=>
64
+ [{"Action"=>
65
+ ["s3:Get*",
66
+ "s3:List*"],
67
+ "Effect"=>"Allow",
68
+ "Resource"=>"*"}]}
69
+ end
70
+ end
71
+
72
+ instance_profile "another-prefix-my-instance-profile", :path=>"/profile/"
73
+ RUBY
74
+ end
75
+
76
+ let(:expected) do
77
+ {:users=>
78
+ {"another-prefix-bob"=>
79
+ {:path=>"/devloper/",
80
+ :groups=>["another-prefix-Admin", "another-prefix-SES"],
81
+ :attached_managed_policies=>[],
82
+ :policies=>
83
+ {"S3"=>
84
+ {"Statement"=>
85
+ [{"Action"=>["s3:Get*", "s3:List*"],
86
+ "Effect"=>"Allow",
87
+ "Resource"=>"*"}]}},
88
+ :login_profile=>{:password_reset_required=>true}},
89
+ "another-prefix-mary"=>
90
+ {:path=>"/staff/",
91
+ :groups=>[],
92
+ :attached_managed_policies=>[],
93
+ :policies=>
94
+ {"S3"=>
95
+ {"Statement"=>
96
+ [{"Action"=>["s3:Get*", "s3:List*"],
97
+ "Effect"=>"Allow",
98
+ "Resource"=>"*"}]}}}},
99
+ :groups=>
100
+ {"another-prefix-Admin"=>
101
+ {:path=>"/admin/",
102
+ :attached_managed_policies=>[],
103
+ :policies=>
104
+ {"Admin"=>
105
+ {"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}}},
106
+ "another-prefix-SES"=>
107
+ {:path=>"/ses/",
108
+ :attached_managed_policies=>[],
109
+ :policies=>
110
+ {"ses-policy"=>
111
+ {"Statement"=>
112
+ [{"Effect"=>"Allow",
113
+ "Action"=>"ses:SendRawEmail",
114
+ "Resource"=>"*"}]}}}},
115
+ :policies=>{},
116
+ :roles=>
117
+ {"another-prefix-my-role"=>
118
+ {:path=>"/any/",
119
+ :assume_role_policy_document=>
120
+ {"Version"=>"2012-10-17",
121
+ "Statement"=>
122
+ [{"Sid"=>"",
123
+ "Effect"=>"Allow",
124
+ "Principal"=>{"Service"=>"ec2.amazonaws.com"},
125
+ "Action"=>"sts:AssumeRole"}]},
126
+ :instance_profiles=>["another-prefix-my-instance-profile"],
127
+ :attached_managed_policies=>[],
128
+ :policies=>
129
+ {"role-policy"=>
130
+ {"Statement"=>
131
+ [{"Action"=>["s3:Get*", "s3:List*"],
132
+ "Effect"=>"Allow",
133
+ "Resource"=>"*"}]}}}},
134
+ :instance_profiles=>{"another-prefix-my-instance-profile"=>{:path=>"/profile/"}}}
135
+ end
136
+
137
+ before(:each) do
138
+ apply { dsl_another_prefix }
139
+ end
140
+
141
+ context 'apply when empty dsl to exists environment' do
142
+ subject { client }
143
+
144
+ it 'should change nothing' do
145
+ updated = apply(subject) { 'target /^iam-test-/' }
146
+ expect(updated).to be_falsey
147
+ expect(export).to eq expected
148
+ end
149
+ end
150
+ end