kotovalexarian-likes-github/fog--fog-aws
1
0
Fork 0
mirror of https://github.com/fog/fog-aws.git synced 2022-11-09 13:50:52 -05:00
Code Releases Activity

Merge pull request #60 from fcheung/iam_attach_policy

Browse source 
Support for IAM managed policies
This commit is contained in:
Wesley Beary 2015-02-23 16:43:17 -06:00
commit 072a3e9cef
16 changed files with 529 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/fog/aws/iam.rb
View file

@ -17,11 +17,15 @@ module Fog
request_path 'fog/aws/requests/iam'
request :add_user_to_group
request :add_role_to_instance_profile
request :attach_group_policy
request :attach_role_policy
request :attach_user_policy
request :create_access_key
request :create_account_alias
request :create_group
request :create_instance_profile
request :create_login_profile
request :create_policy
request :create_role
request :create_user
request :delete_access_key
@ -31,12 +35,16 @@ module Fog
request :delete_group_policy
request :delete_instance_profile
request :delete_login_profile
request :delete_policy
request :delete_role
request :delete_role_policy
request :delete_server_certificate
request :delete_signing_certificate
request :delete_user
request :delete_user_policy
request :detach_group_policy
request :detach_role_policy
request :detach_user_policy
request :get_account_summary
request :get_account_password_policy
request :get_group
@ -56,6 +64,7 @@ module Fog
request :list_instance_profiles
request :list_instance_profiles_for_role
request :list_mfa_devices
request :list_policies
request :list_roles
request :list_role_policies
request :list_server_certificates

BIN
lib/fog/aws/parsers/.DS_Store vendored Normal file
View file

Binary file not shown.

29
lib/fog/aws/parsers/iam/list_managed_policies.rb Normal file
View file

@ -0,0 +1,29 @@
module Fog
module Parsers
module AWS
module IAM
require 'fog/aws/parsers/iam/policy_parser'
class ListManagedPolicies < Fog::Parsers::AWS::IAM::PolicyParser
def reset
super
@response = { 'Policies' => [] , 'Marker' => '', 'IsTruncated' => false}
end
def finished_policy(policy)
@response['Policies'] << policy
end
def end_element(name)
case name
when 'RequestId', 'Marker'
@response[name] = value
when 'IsTruncated'
@response[name] = (value == 'true')
end
super
end
end
end
end
end
end

57
lib/fog/aws/parsers/iam/policy_parser.rb Normal file
View file

@ -0,0 +1,57 @@
module Fog
module Parsers
module AWS
module IAM
class PolicyParser < Fog::Parsers::Base
def reset
@policy = fresh_policy
@stack = []
end
def start_element(name,attrs = [])
case name
when 'Policies'
@stack << name
when 'Policy'
@role =fresh_policy
when 'member'
if @stack.last == 'Policies'
@role = fresh_policy
end
end
super
end
def fresh_policy
{'AttachmentCount' => 0, 'Description' => ''}
end
def end_element(name)
case name
when 'Arn', 'DefaultVersionId', 'Description', 'Path', 'PolicyName', 'PolicyId'
@policy[name] = value
when 'CreateDate', 'UpdateDate'
@policy[name] = Time.parse(value)
when 'IsAttachable'
@policy[name] = (value == 'true')
when 'AttachmentCount'
@policy[name] = value.to_i
when 'Policy'
finished_policy(@policy)
@policy = nil
when 'Policies'
if @stack.last == 'Policies'
@stack.pop
end
when 'member'
if @stack.last == 'Policies'
finished_policy(@policy)
@policy = nil
end
end
end
end
end
end
end
end

27
lib/fog/aws/parsers/iam/single_policy.rb Normal file
View file

@ -0,0 +1,27 @@
module Fog
module Parsers
module AWS
module IAM
require 'fog/aws/parsers/iam/policy_parser'
class SinglePolicy < Fog::Parsers::AWS::IAM::PolicyParser
def reset
super
@response = { 'Policy' => {} }
end
def finished_policy(policy)
@response['Policy'] = policy
end
def end_element(name)
case name
when 'RequestId'
@response[name] = value
end
super
end
end
end
end
end
end

BIN
lib/fog/aws/requests/.DS_Store vendored Normal file
View file

Binary file not shown.

32
lib/fog/aws/requests/iam/attach_group_policy.rb Normal file
View file

@ -0,0 +1,32 @@
module Fog
module AWS
class IAM
class Real
require 'fog/aws/parsers/iam/basic'
# Attaches a managed policy to a group
#
# ==== Parameters
# * group_name<~String>: name of the group
# * policy_arn<~String>: arn of the managed policy
#
# ==== Returns
# * response<~Excon::Response>:
# * body<~Hash>:
# * 'RequestId'<~String> - Id of the request
#
# ==== See Also
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html
#
def attach_group_policy(group_name, policy_arn)
request(
'Action' => 'AttachGroupPolicy',
'GroupName' => group_name,
'PolicyArn' => policy_arn,
:parser => Fog::Parsers::AWS::IAM::Basic.new
)
end
end
end
end
end

32
lib/fog/aws/requests/iam/attach_role_policy.rb Normal file
View file

@ -0,0 +1,32 @@
module Fog
module AWS
class IAM
class Real
require 'fog/aws/parsers/iam/basic'
# Attaches a managed policy to a role
#
# ==== Parameters
# * role_name<~String>: name of the role
# * policy_arn<~String>: arn of the managed policy
#
# ==== Returns
# * response<~Excon::Response>:
# * body<~Hash>:
# * 'RequestId'<~String> - Id of the request
#
# ==== See Also
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html
#
def attach_role_policy(role_name, policy_arn)
request(
'Action' => 'AttachRolePolicy',
'RoleName' => role_name,
'PolicyArn' => policy_arn,
:parser => Fog::Parsers::AWS::IAM::Basic.new
)
end
end
end
end
end

32
lib/fog/aws/requests/iam/attach_user_policy.rb Normal file
View file

@ -0,0 +1,32 @@
module Fog
module AWS
class IAM
class Real
require 'fog/aws/parsers/iam/basic'
# Attaches a managed policy to a user
#
# ==== Parameters
# * user_name<~String>: name of the user
# * policy_arn<~String>: arn of the managed policy
#
# ==== Returns
# * response<~Excon::Response>:
# * body<~Hash>:
# * 'RequestId'<~String> - Id of the request
#
# ==== See Also
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html
#
def attach_user_policy(user_name, policy_arn)
request(
'Action' => 'AttachUserPolicy',
'UserName' => user_name,
'PolicyArn' => policy_arn,
:parser => Fog::Parsers::AWS::IAM::Basic.new
)
end
end
end
end
end

47
lib/fog/aws/requests/iam/create_policy.rb Normal file
View file

@ -0,0 +1,47 @@
module Fog
module AWS
class IAM
class Real
require 'fog/aws/parsers/iam/single_policy'
# Creates a managed policy
#
# ==== Parameters
# * policy_name<~String>: name of policy document
# * policy_document<~Hash>: policy document, see: http://docs.amazonwebservices.com/IAM/latest/UserGuide/PoliciesOverview.html
# * path <~String>: path of the policy
# * description <~String>: description for the policy
# ==== Returns
# * response<~Excon::Response>:
# * body<~Hash>:
# * 'RequestId'<~String> - Id of the request
# * 'Policy'<~Hash>:
# * Arn
# * AttachmentCount
# * CreateDate
# * DefaultVersionId
# * Description
# * IsAttachable
# * Path
# * PolicyId
# * PolicyName
# * UpdateDate
# ==== See Also
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
#
def create_policy(policy_name, policy_document, path=nil, description=nil)
request({
'Action' => 'CreatePolicy',
'PolicyName' => policy_name,
'PolicyDocument' => Fog::JSON.encode(policy_document),
'Path' => path,
'Description' => description,
:parser => Fog::Parsers::AWS::IAM::SinglePolicy.new
}.reject {|_, value| value.nil?})
end
end
end
end
end

30
lib/fog/aws/requests/iam/delete_policy.rb Normal file
View file

@ -0,0 +1,30 @@
module Fog
module AWS
class IAM
class Real
require 'fog/aws/parsers/iam/basic'
# Deletes a manged policy
#
# ==== Parameters
# * policy_arn<~String>: arn of the policy
#
# ==== Returns
# * response<~Excon::Response>:
# * body<~Hash>:
# * 'RequestId'<~String> - Id of the request
#
# ==== See Also
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html
#
def delete_policy(policy_arn)
request(
'Action' => 'DeletePolicy',
'PolicyArn' => policy_arn,
:parser => Fog::Parsers::AWS::IAM::Basic.new
)
end
end
end
end
end

32
lib/fog/aws/requests/iam/detach_group_policy.rb Normal file
View file

@ -0,0 +1,32 @@
module Fog
module AWS
class IAM
class Real
require 'fog/aws/parsers/iam/basic'
# Detaches a managed policy from a group
#
# ==== Parameters
# * group_name<~String>: name of the group
# * policy_arn<~String>: arn of the managed policy
#
# ==== Returns
# * response<~Excon::Response>:
# * body<~Hash>:
# * 'RequestId'<~String> - Id of the request
#
# ==== See Also
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html
#
def detach_group_policy(group_name, policy_arn)
request(
'Action' => 'DetachGroupPolicy',
'GroupName' => group_name,
'PolicyArn' => policy_arn,
:parser => Fog::Parsers::AWS::IAM::Basic.new
)
end
end
end
end
end

32
lib/fog/aws/requests/iam/detach_role_policy.rb Normal file
View file

@ -0,0 +1,32 @@
module Fog
module AWS
class IAM
class Real
require 'fog/aws/parsers/iam/basic'
# Detaches a managed policy from a role
#
# ==== Parameters
# * role_name<~String>: name of the role
# * policy_arn<~String>: arn of the managed policy
#
# ==== Returns
# * response<~Excon::Response>:
# * body<~Hash>:
# * 'RequestId'<~String> - Id of the request
#
# ==== See Also
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
#
def detach_role_policy(role_name, policy_arn)
request(
'Action' => 'DetachRolePolicy',
'RoleName' => role_name,
'PolicyArn' => policy_arn,
:parser => Fog::Parsers::AWS::IAM::Basic.new
)
end
end
end
end
end

32
lib/fog/aws/requests/iam/detach_user_policy.rb Normal file
View file

@ -0,0 +1,32 @@
module Fog
module AWS
class IAM
class Real
require 'fog/aws/parsers/iam/basic'
# Detaches a managed policy to a user
#
# ==== Parameters
# * user_name<~String>: name of the user
# * policy_arn<~String>: arn of the managed policy
#
# ==== Returns
# * response<~Excon::Response>:
# * body<~Hash>:
# * 'RequestId'<~String> - Id of the request
#
# ==== See Also
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
#
def detach_user_policy(user_name, policy_arn)
request(
'Action' => 'DetachUserPolicy',
'UserName' => user_name,
'PolicyArn' => policy_arn,
:parser => Fog::Parsers::AWS::IAM::Basic.new
)
end
end
end
end
end

47
lib/fog/aws/requests/iam/list_policies.rb Normal file
View file

@ -0,0 +1,47 @@
module Fog
module AWS
class IAM
class Real
require 'fog/aws/parsers/iam/list_managed_policies'
# Lists managed policies
#
# ==== Parameters
# * options <~Hash>: options that filter the result set
# * Marker <~String>
# * MaxItems <~Integer>
# * OnlyAttached <~Boolean>
# * PathPrefix <~String>
# * Scope <~String>
# ==== Returns
# * response<~Excon::Response>:
# * body<~Hash>:
# * 'RequestId'<~String> - Id of the request
# * 'IsTruncated'<~Boolean>
# * 'Marker'<~String>
# * 'Policies'<~Array>:
# * Arn
# * AttachmentCount
# * CreateDate
# * DefaultVersionId
# * Description
# * IsAttachable
# * Path
# * PolicyId
# * PolicyName
# * UpdateDate
# ==== See Also
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html
#
def list_policies(options={})
request({
'Action' => 'ListPolicies',
:parser => Fog::Parsers::AWS::IAM::ListManagedPolicies.new
}.merge(options))
end
end
end
end
end

91
tests/requests/iam/managed_policy_tests.rb Normal file
View file

@ -0,0 +1,91 @@
Shindo.tests('AWS::IAM | managed policy requests', ['aws']) do
pending if Fog.mocking?
Fog::AWS[:iam].create_group('fog_policy_test_group')
Fog::AWS[:iam].create_user('fog_policy_test_user')
Fog::AWS[:iam].create_role('fog_policy_test_role', Fog::AWS::IAM::EC2_ASSUME_ROLE_POLICY)
tests('success') do
@policy = {'Version' => '2012-10-17', "Statement" => [{"Effect" => "Deny", "Action" => "*", "Resource" => "*"}]}
@policy_format = {
'Arn' => String,
'AttachmentCount' => Integer,
'Description' => String,
'DefaultVersionId' => String,
'IsAttachable' => Fog::Boolean,
'Path' => String,
'PolicyId' => String,
'PolicyName' => String,
'CreateDate' => Time,
'UpdateDate' => Time
}
create_policy_format = {
'RequestId' => String,
'Policy' => @policy_format
}
list_policies_format = {
'RequestId' => String,
'Policies' => [@policy_format],
'Marker' => String,
'IsTruncated' => Fog::Boolean
}
tests("#create_policy('fog_policy')").formats(create_policy_format) do
body = Fog::AWS[:iam].create_policy('fog_policy', @policy, '/fog/').body
puts body.inspect
@policy_arn = body['Policy']['Arn']
body
end
tests("#list_policies()").formats(list_policies_format) do
body = Fog::AWS[:iam].list_policies('PathPrefix' => '/fog/').body
tests('length 1').returns(1) do
body['Policies'].length
end
body
end
tests("#attach_user_policy()").formats(AWS::IAM::Formats::BASIC) do
Fog::AWS[:iam].attach_user_policy('fog_policy_test_user', @policy_arn).body
end
tests("#detach_user_policy()").formats(AWS::IAM::Formats::BASIC) do
Fog::AWS[:iam].detach_user_policy('fog_policy_test_user', @policy_arn).body
end
tests("#attach_group_policy()").formats(AWS::IAM::Formats::BASIC) do
Fog::AWS[:iam].attach_group_policy('fog_policy_test_group', @policy_arn).body
end
tests("#detach_group_policy()").formats(AWS::IAM::Formats::BASIC) do
Fog::AWS[:iam].detach_group_policy('fog_policy_test_group', @policy_arn).body
end
tests("#attach_role_policy()").formats(AWS::IAM::Formats::BASIC) do
Fog::AWS[:iam].attach_role_policy('fog_policy_test_role', @policy_arn).body
end
tests("#detach_role_policy()").formats(AWS::IAM::Formats::BASIC) do
Fog::AWS[:iam].detach_role_policy('fog_policy_test_role', @policy_arn).body
end
tests("#delete_policy()").formats(AWS::IAM::Formats::BASIC) do
Fog::AWS[:iam].delete_policy(@policy_arn).body
end
end
tests('failure') do
test('failing conditions')
end
Fog::AWS[:iam].delete_group('fog_policy_test_group')
Fog::AWS[:iam].delete_user('fog_policy_test_user')
Fog::AWS[:iam].delete_role('fog_policy_test_role')
end