subiam 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +19 -0
  3. data/.rspec +4 -0
  4. data/Gemfile +4 -0
  5. data/LICENSE.txt +48 -0
  6. data/README.md +408 -0
  7. data/Rakefile +5 -0
  8. data/bin/subiam +189 -0
  9. data/lib/subiam/client.rb +565 -0
  10. data/lib/subiam/driver.rb +466 -0
  11. data/lib/subiam/dsl/context/group.rb +35 -0
  12. data/lib/subiam/dsl/context/managed_policy.rb +23 -0
  13. data/lib/subiam/dsl/context/role.rb +59 -0
  14. data/lib/subiam/dsl/context/user.rb +43 -0
  15. data/lib/subiam/dsl/context.rb +101 -0
  16. data/lib/subiam/dsl/converter.rb +202 -0
  17. data/lib/subiam/dsl/helper/arn.rb +22 -0
  18. data/lib/subiam/dsl.rb +9 -0
  19. data/lib/subiam/exporter.rb +278 -0
  20. data/lib/subiam/ext/array_ext.rb +13 -0
  21. data/lib/subiam/ext/hash_ext.rb +41 -0
  22. data/lib/subiam/ext/string_ext.rb +25 -0
  23. data/lib/subiam/logger.rb +27 -0
  24. data/lib/subiam/password_manager.rb +41 -0
  25. data/lib/subiam/template_helper.rb +20 -0
  26. data/lib/subiam/utils.rb +31 -0
  27. data/lib/subiam/version.rb +3 -0
  28. data/lib/subiam.rb +36 -0
  29. data/spec/spec_helper.rb +95 -0
  30. data/spec/subiam/attach_detach_policy_spec.rb +389 -0
  31. data/spec/subiam/create_spec.rb +271 -0
  32. data/spec/subiam/custom_managed_policy_spec.rb +232 -0
  33. data/spec/subiam/delete_spec.rb +549 -0
  34. data/spec/subiam/hash_ext_spec.rb +61 -0
  35. data/spec/subiam/ignore_login_profile_spec.rb +73 -0
  36. data/spec/subiam/rename_spec.rb +476 -0
  37. data/spec/subiam/style_spec.rb +189 -0
  38. data/spec/subiam/target_spec.rb +150 -0
  39. data/spec/subiam/update_spec.rb +911 -0
  40. data/subiam.gemspec +32 -0
  41. metadata +251 -0
data/spec/subiam/target_spec.rb ADDED
@@ -0,0 +1,150 @@
1
+ describe 'specify target' do
2
+ let(:dsl_another_prefix) do
3
+ <<-RUBY
4
+ target /.*/
5
+
6
+ user "another-prefix-bob", :path=>"/devloper/" do
7
+ login_profile :password_reset_required=>true
8
+
9
+ groups(
10
+ "another-prefix-Admin",
11
+ "another-prefix-SES"
12
+ )
13
+
14
+ policy "S3" do
15
+ {"Statement"=>
16
+ [{"Action"=>
17
+ ["s3:Get*",
18
+ "s3:List*"],
19
+ "Effect"=>"Allow",
20
+ "Resource"=>"*"}]}
21
+ end
22
+ end
23
+
24
+ user "another-prefix-mary", :path=>"/staff/" do
25
+ policy "S3" do
26
+ {"Statement"=>
27
+ [{"Action"=>
28
+ ["s3:Get*",
29
+ "s3:List*"],
30
+ "Effect"=>"Allow",
31
+ "Resource"=>"*"}]}
32
+ end
33
+ end
34
+
35
+ group "another-prefix-Admin", :path=>"/admin/" do
36
+ policy "Admin" do
37
+ {"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}
38
+ end
39
+ end
40
+
41
+ group "another-prefix-SES", :path=>"/ses/" do
42
+ policy "ses-policy" do
43
+ {"Statement"=>
44
+ [{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
45
+ end
46
+ end
47
+
48
+ role "another-prefix-my-role", :path=>"/any/" do
49
+ instance_profiles(
50
+ "another-prefix-my-instance-profile"
51
+ )
52
+
53
+ assume_role_policy_document do
54
+ {"Version"=>"2012-10-17",
55
+ "Statement"=>
56
+ [{"Sid"=>"",
57
+ "Effect"=>"Allow",
58
+ "Principal"=>{"Service"=>"ec2.amazonaws.com"},
59
+ "Action"=>"sts:AssumeRole"}]}
60
+ end
61
+
62
+ policy "role-policy" do
63
+ {"Statement"=>
64
+ [{"Action"=>
65
+ ["s3:Get*",
66
+ "s3:List*"],
67
+ "Effect"=>"Allow",
68
+ "Resource"=>"*"}]}
69
+ end
70
+ end
71
+
72
+ instance_profile "another-prefix-my-instance-profile", :path=>"/profile/"
73
+ RUBY
74
+ end
75
+
76
+ let(:expected) do
77
+ {:users=>
78
+ {"another-prefix-bob"=>
79
+ {:path=>"/devloper/",
80
+ :groups=>["another-prefix-Admin", "another-prefix-SES"],
81
+ :attached_managed_policies=>[],
82
+ :policies=>
83
+ {"S3"=>
84
+ {"Statement"=>
85
+ [{"Action"=>["s3:Get*", "s3:List*"],
86
+ "Effect"=>"Allow",
87
+ "Resource"=>"*"}]}},
88
+ :login_profile=>{:password_reset_required=>true}},
89
+ "another-prefix-mary"=>
90
+ {:path=>"/staff/",
91
+ :groups=>[],
92
+ :attached_managed_policies=>[],
93
+ :policies=>
94
+ {"S3"=>
95
+ {"Statement"=>
96
+ [{"Action"=>["s3:Get*", "s3:List*"],
97
+ "Effect"=>"Allow",
98
+ "Resource"=>"*"}]}}}},
99
+ :groups=>
100
+ {"another-prefix-Admin"=>
101
+ {:path=>"/admin/",
102
+ :attached_managed_policies=>[],
103
+ :policies=>
104
+ {"Admin"=>
105
+ {"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}}},
106
+ "another-prefix-SES"=>
107
+ {:path=>"/ses/",
108
+ :attached_managed_policies=>[],
109
+ :policies=>
110
+ {"ses-policy"=>
111
+ {"Statement"=>
112
+ [{"Effect"=>"Allow",
113
+ "Action"=>"ses:SendRawEmail",
114
+ "Resource"=>"*"}]}}}},
115
+ :policies=>{},
116
+ :roles=>
117
+ {"another-prefix-my-role"=>
118
+ {:path=>"/any/",
119
+ :assume_role_policy_document=>
120
+ {"Version"=>"2012-10-17",
121
+ "Statement"=>
122
+ [{"Sid"=>"",
123
+ "Effect"=>"Allow",
124
+ "Principal"=>{"Service"=>"ec2.amazonaws.com"},
125
+ "Action"=>"sts:AssumeRole"}]},
126
+ :instance_profiles=>["another-prefix-my-instance-profile"],
127
+ :attached_managed_policies=>[],
128
+ :policies=>
129
+ {"role-policy"=>
130
+ {"Statement"=>
131
+ [{"Action"=>["s3:Get*", "s3:List*"],
132
+ "Effect"=>"Allow",
133
+ "Resource"=>"*"}]}}}},
134
+ :instance_profiles=>{"another-prefix-my-instance-profile"=>{:path=>"/profile/"}}}
135
+ end
136
+
137
+ before(:each) do
138
+ apply { dsl_another_prefix }
139
+ end
140
+
141
+ context 'apply when empty dsl to exists environment' do
142
+ subject { client }
143
+
144
+ it 'should change nothing' do
145
+ updated = apply(subject) { 'target /^iam-test-/' }
146
+ expect(updated).to be_falsey
147
+ expect(export).to eq expected
148
+ end
149
+ end
150
+ end