mirror of
https://github.com/fog/fog-aws.git
synced 2022-11-09 13:50:52 -05:00
model managed policies
* list attached group/user policies * fix policy paging * default managed policy listing
This commit is contained in:
parent
e46e5c487b
commit
0cc4279333
21 changed files with 2332 additions and 66 deletions
5
Gemfile
5
Gemfile
|
@ -2,5 +2,8 @@ source 'https://rubygems.org'
|
|||
|
||||
# Specify your gem's dependencies in fog-aws.gemspec
|
||||
gemspec
|
||||
gem 'pry-nav', group: :test
|
||||
|
||||
group :test, :default do
|
||||
gem 'pry-nav'
|
||||
end
|
||||
gem "codeclimate-test-reporter", group: :test, require: nil
|
||||
|
|
|
@ -43,19 +43,22 @@ module Fog
|
|||
request :detach_group_policy
|
||||
request :detach_role_policy
|
||||
request :detach_user_policy
|
||||
request :get_account_summary
|
||||
request :get_account_password_policy
|
||||
request :get_account_summary
|
||||
request :get_group
|
||||
request :get_group_policy
|
||||
request :get_instance_profile
|
||||
request :get_role_policy
|
||||
request :get_login_profile
|
||||
request :get_server_certificate
|
||||
request :get_policy
|
||||
request :get_role
|
||||
request :get_role_policy
|
||||
request :get_server_certificate
|
||||
request :get_user
|
||||
request :get_user_policy
|
||||
request :list_access_keys
|
||||
request :list_account_aliases
|
||||
request :list_attached_group_policies
|
||||
request :list_attached_user_policies
|
||||
request :list_group_policies
|
||||
request :list_groups
|
||||
request :list_groups_for_user
|
||||
|
@ -63,8 +66,8 @@ module Fog
|
|||
request :list_instance_profiles_for_role
|
||||
request :list_mfa_devices
|
||||
request :list_policies
|
||||
request :list_roles
|
||||
request :list_role_policies
|
||||
request :list_roles
|
||||
request :list_server_certificates
|
||||
request :list_signing_certificates
|
||||
request :list_user_policies
|
||||
|
@ -89,6 +92,8 @@ module Fog
|
|||
collection :access_keys
|
||||
model :group
|
||||
collection :groups
|
||||
model :managed_policy
|
||||
collection :managed_policies
|
||||
model :policy
|
||||
collection :policies
|
||||
model :role
|
||||
|
@ -96,11 +101,15 @@ module Fog
|
|||
model :user
|
||||
collection :users
|
||||
|
||||
require 'fog/aws/iam/default_policies'
|
||||
|
||||
class Mock
|
||||
def self.data
|
||||
@data ||= Hash.new do |hash, key|
|
||||
owner_id = Fog::AWS::Mock.owner_id
|
||||
|
||||
hash[key] = {
|
||||
:owner_id => Fog::AWS::Mock.owner_id,
|
||||
:owner_id => owner_id,
|
||||
:server_certificates => {},
|
||||
:access_keys => [{
|
||||
"Status" => "Active",
|
||||
|
@ -111,29 +120,33 @@ module Fog
|
|||
:serial_number => 'R1234',
|
||||
:user_name => 'Bob'
|
||||
}],
|
||||
:markers => Hash.new { |mhash, mkey| mhash[mkey] = [] },
|
||||
:managed_policies => Fog::AWS::IAM::Mock.default_policies.inject({}) { |r,p| r.merge(p['Arn'] => p) },
|
||||
:users => Hash.new do |uhash, ukey|
|
||||
uhash[ukey] = {
|
||||
:user_id => Fog::AWS::Mock.key_id,
|
||||
:path => '/',
|
||||
:arn => "arn:aws:iam::#{Fog::AWS::Mock.owner_id}:user/#{ukey}",
|
||||
:access_keys => [],
|
||||
:arn => "arn:aws:iam::#{owner_id}:user/#{ukey}",
|
||||
:attached_policies => [],
|
||||
:created_at => Time.now,
|
||||
:policies => {}
|
||||
:path => '/',
|
||||
:policies => {},
|
||||
:user_id => Fog::AWS::Mock.key_id
|
||||
}
|
||||
end,
|
||||
:groups => Hash.new do |ghash, gkey|
|
||||
ghash[gkey] = {
|
||||
:group_id => Fog::AWS::Mock.key_id,
|
||||
:arn => "arn:aws:iam::#{Fog::AWS::Mock.owner_id}:group/#{gkey}",
|
||||
:members => [],
|
||||
:arn => "arn:aws:iam::#{owner_id}:group/#{gkey}",
|
||||
:attached_policies => [],
|
||||
:created_at => Time.now,
|
||||
:group_id => Fog::AWS::Mock.key_id,
|
||||
:members => [],
|
||||
:policies => {}
|
||||
}
|
||||
end,
|
||||
:roles => Hash.new do |rhash, rkey|
|
||||
rhash[rkey] = {
|
||||
:role_id => Fog::AWS::Mock.key_id,
|
||||
:arn => "arn:aws:iam:#{Fog::AWS::Mock.owner_id}:role/#{rkey}",
|
||||
:arn => "arn:aws:iam:#{owner_id}:role/#{rkey}",
|
||||
:create_date => Time.now,
|
||||
:assume_role_policy_document => {
|
||||
"Version" => "2012-10-17",
|
||||
|
@ -174,6 +187,10 @@ module Fog
|
|||
self.class.data[@aws_access_key_id]
|
||||
end
|
||||
|
||||
def account_id
|
||||
self.data[:owner_id]
|
||||
end
|
||||
|
||||
def reset_data
|
||||
self.class.data.delete(@aws_access_key_id)
|
||||
current_user
|
||||
|
|
1600
lib/fog/aws/iam/default_policies.rb
Normal file
1600
lib/fog/aws/iam/default_policies.rb
Normal file
File diff suppressed because it is too large
Load diff
54
lib/fog/aws/iam/paged_collection.rb
Normal file
54
lib/fog/aws/iam/paged_collection.rb
Normal file
|
@ -0,0 +1,54 @@
|
|||
module Fog
|
||||
module AWS
|
||||
class IAM
|
||||
class PagedCollection < Fog::Collection
|
||||
def self.inherited(klass)
|
||||
klass.send(:attribute, :truncated, :aliases => 'IsTruncated', :type => :boolean)
|
||||
klass.send(:attribute, :marker, :aliases => 'Marker')
|
||||
|
||||
super
|
||||
end
|
||||
|
||||
def each_entry(*args, &block)
|
||||
to_a.each(*args, &block)
|
||||
end
|
||||
|
||||
def each
|
||||
if !block_given?
|
||||
self
|
||||
else
|
||||
subset = dup.all
|
||||
|
||||
subset.each_entry { |f| yield f }
|
||||
|
||||
while subset.truncated
|
||||
subset.
|
||||
all(:marker => subset.marker, :limit => 1000).
|
||||
each_entry { |f| yield f }
|
||||
end
|
||||
|
||||
self
|
||||
end
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def page_params(options={})
|
||||
marker = options.fetch(:marker) { options.fetch('Marker') { self.marker } }
|
||||
limit = options.fetch(:limit) { options['MaxItems'] }
|
||||
params = {}
|
||||
|
||||
if marker && !marker.empty?
|
||||
params.merge!('Marker' => marker)
|
||||
end
|
||||
|
||||
if limit
|
||||
params.merge!('MaxItems' => limit)
|
||||
end
|
||||
|
||||
params
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -23,10 +23,41 @@ module Fog
|
|||
merge_attributes(:users => self.users + [user])
|
||||
end
|
||||
|
||||
def attach(policy_arn)
|
||||
def attach(policy_or_arn)
|
||||
requires :name
|
||||
|
||||
service.attach_group_policy(self.name, policy_arn)
|
||||
arn = if policy_or_arn.respond_to?(:arn)
|
||||
policy_or_arn.arn
|
||||
else
|
||||
policy_or_arn
|
||||
end
|
||||
|
||||
service.attach_group_policy(self.name, arn)
|
||||
end
|
||||
|
||||
def attached_policies
|
||||
requires :name
|
||||
|
||||
service.managed_policies(:group_name => self.name)
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :name
|
||||
|
||||
service.delete_group(self.name)
|
||||
true
|
||||
end
|
||||
|
||||
def detach(policy_or_arn)
|
||||
requires :name
|
||||
|
||||
arn = if policy_or_arn.respond_to?(:arn)
|
||||
policy_or_arn.arn
|
||||
else
|
||||
policy_or_arn
|
||||
end
|
||||
|
||||
service.detach_group_policy(self.name, arn)
|
||||
end
|
||||
|
||||
def save
|
||||
|
|
|
@ -1,19 +1,16 @@
|
|||
require 'fog/aws/models/iam/group'
|
||||
require 'fog/aws/iam/paged_collection'
|
||||
|
||||
module Fog
|
||||
module AWS
|
||||
class IAM
|
||||
class Groups < Fog::Collection
|
||||
class Groups < Fog::AWS::IAM::PagedCollection
|
||||
|
||||
attribute :truncated, :aliases => 'IsTruncated', :type => :boolean
|
||||
attribute :marker, :aliases => 'Marker'
|
||||
attribute :username
|
||||
|
||||
model Fog::AWS::IAM::Group
|
||||
|
||||
def all(options = {})
|
||||
merge_attributes(options)
|
||||
|
||||
data, records = if self.username
|
||||
response = service.list_groups_for_user(self.username, options)
|
||||
[response.body, response.body['GroupsForUser']]
|
||||
|
@ -36,23 +33,6 @@ module Fog
|
|||
rescue Fog::AWS::IAM::NotFound
|
||||
nil
|
||||
end
|
||||
|
||||
def each
|
||||
if !block_given?
|
||||
self
|
||||
else
|
||||
subset = dup.all
|
||||
|
||||
subset.each { |f| yield f }
|
||||
|
||||
while subset.truncated
|
||||
subset = subset.all('Marker' => subset.marker, 'MaxItems' => 1000)
|
||||
subset.each { |f| yield f }
|
||||
end
|
||||
|
||||
self
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
63
lib/fog/aws/models/iam/managed_policies.rb
Normal file
63
lib/fog/aws/models/iam/managed_policies.rb
Normal file
|
@ -0,0 +1,63 @@
|
|||
require 'fog/aws/models/iam/managed_policy'
|
||||
require 'fog/aws/iam/paged_collection'
|
||||
|
||||
module Fog
|
||||
module AWS
|
||||
class IAM
|
||||
class ManagedPolicies < Fog::AWS::IAM::PagedCollection
|
||||
|
||||
attribute :username
|
||||
attribute :group_name
|
||||
|
||||
model Fog::AWS::IAM::ManagedPolicy
|
||||
|
||||
def all(options={})
|
||||
data = if self.username
|
||||
all_by_user(self.username, options)
|
||||
elsif self.group_name
|
||||
all_by_group(self.group_name, options)
|
||||
else
|
||||
all_policies(options)
|
||||
end
|
||||
|
||||
load(data)
|
||||
end
|
||||
|
||||
def get(identity)
|
||||
response = service.get_policy(identity)
|
||||
|
||||
new(response.body['Policy'])
|
||||
rescue Fog::AWS::IAM::NotFound
|
||||
nil
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def all_by_user(username, options={})
|
||||
body = service.list_attached_user_policies(username, page_params(options)).body
|
||||
merge_attributes(body)
|
||||
|
||||
body['Policies'].map do |policy|
|
||||
service.get_policy(policy['PolicyArn']).body['Policy']
|
||||
end
|
||||
end
|
||||
|
||||
def all_by_group(group_name, options={})
|
||||
body = service.list_attached_group_policies(group_name, page_params(options)).body
|
||||
merge_attributes(body)
|
||||
|
||||
body['Policies'].map do |policy|
|
||||
service.get_policy(policy['PolicyArn']).body['Policy']
|
||||
end
|
||||
end
|
||||
|
||||
def all_policies(options={})
|
||||
body = service.list_policies(page_params(options)).body
|
||||
merge_attributes(body)
|
||||
|
||||
body['Policies']
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
31
lib/fog/aws/models/iam/managed_policy.rb
Normal file
31
lib/fog/aws/models/iam/managed_policy.rb
Normal file
|
@ -0,0 +1,31 @@
|
|||
module Fog
|
||||
module AWS
|
||||
class IAM
|
||||
class ManagedPolicy < Fog::Model
|
||||
identity :id, :aliases => 'PolicyId'
|
||||
|
||||
attribute :arn, :aliases => 'Arn'
|
||||
attribute :attachable, :aliases => 'IsAttachable', :type => :boolean
|
||||
attribute :attachments, :aliases => 'AttachmentCount', :type => :integer
|
||||
attribute :created_at, :aliases => 'CreateDate', :type => :time
|
||||
attribute :default_version, :aliases => 'DefaultVersionId'
|
||||
attribute :description, :aliases => 'Description'
|
||||
attribute :name, :aliases => 'PolicyName'
|
||||
attribute :path, :aliases => 'Path'
|
||||
attribute :updated_at, :aliases => 'UpdateDate', :type => :time
|
||||
|
||||
def attach(user_or_username)
|
||||
requires :arn
|
||||
|
||||
username = if user_or_username.respond_to?(:identity)
|
||||
user_or_username.identity
|
||||
else
|
||||
user_or_username
|
||||
end
|
||||
|
||||
service.attach_user_policy(username, self.arn)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,21 +1,23 @@
|
|||
require 'fog/aws/models/iam/policy'
|
||||
require 'fog/aws/iam/paged_collection'
|
||||
|
||||
module Fog
|
||||
module AWS
|
||||
class IAM
|
||||
class Policies < Fog::Collection
|
||||
class Policies < Fog::AWS::IAM::PagedCollection
|
||||
|
||||
model Fog::AWS::IAM::Policy
|
||||
|
||||
attribute :username
|
||||
attribute :group_name
|
||||
|
||||
def all
|
||||
def all(options={})
|
||||
requires_one :username, :group_name
|
||||
|
||||
policies = if self.username
|
||||
all_by_user(self.username)
|
||||
else
|
||||
all_by_group(self.group_name)
|
||||
all_by_user(self.username, options)
|
||||
else self.group_name
|
||||
all_by_group(self.group_name, options)
|
||||
end
|
||||
|
||||
load(policies) # data is an array of attribute hashes
|
||||
|
@ -24,13 +26,13 @@ module Fog
|
|||
def get(identity)
|
||||
requires_one :username, :group_name
|
||||
|
||||
data = if self.username
|
||||
response = if self.username
|
||||
service.get_user_policy(identity, self.username)
|
||||
else
|
||||
else self.group_name
|
||||
service.get_group_policy(identity, self.group_name)
|
||||
end.body['Policy']
|
||||
end
|
||||
|
||||
new(data)
|
||||
new(response.body['Policy'])
|
||||
rescue Fog::AWS::IAM::NotFound
|
||||
nil
|
||||
end
|
||||
|
@ -44,16 +46,18 @@ module Fog
|
|||
# AWS method get_user_policy and list_group_policies only returns an array of policy names, this is kind of useless,
|
||||
# that's why it has to loop through the list to get the details of each element. I don't like it because it makes this method slow
|
||||
|
||||
def all_by_group(group_name)
|
||||
response = service.list_group_policies(group_name)
|
||||
def all_by_group(group_name, options={})
|
||||
response = service.list_group_policies(group_name, page_params(options))
|
||||
merge_attributes(response.body)
|
||||
|
||||
response.body['PolicyNames'].map do |policy_name|
|
||||
service.get_group_policy(policy_name, group_name).body['Policy']
|
||||
end
|
||||
end
|
||||
|
||||
def all_by_user(username)
|
||||
response = service.list_user_policies(username)
|
||||
def all_by_user(username, options={})
|
||||
response = service.list_user_policies(username, page_params(options))
|
||||
merge_attributes(response.body)
|
||||
|
||||
response.body['PolicyNames'].map do |policy_name|
|
||||
service.get_user_policy(policy_name, username).body['Policy']
|
||||
|
|
|
@ -15,6 +15,36 @@ module Fog
|
|||
service.access_keys(:username => id)
|
||||
end
|
||||
|
||||
def attach(policy_or_arn)
|
||||
requires :identity
|
||||
|
||||
arn = if policy_or_arn.respond_to?(:arn)
|
||||
policy_or_arn.arn
|
||||
else
|
||||
policy_or_arn
|
||||
end
|
||||
|
||||
service.attach_user_policy(self.identity, arn)
|
||||
end
|
||||
|
||||
def detach(policy_or_arn)
|
||||
requires :identity
|
||||
|
||||
arn = if policy_or_arn.respond_to?(:arn)
|
||||
policy_or_arn.arn
|
||||
else
|
||||
policy_or_arn
|
||||
end
|
||||
|
||||
service.detach_user_policy(self.identity, arn)
|
||||
end
|
||||
|
||||
def attached_policies
|
||||
requires :identity
|
||||
|
||||
service.managed_policies(:username => self.identity)
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
|
||||
|
@ -23,13 +53,15 @@ module Fog
|
|||
end
|
||||
|
||||
def groups
|
||||
requires :identity
|
||||
|
||||
service.groups(:username => self.identity)
|
||||
end
|
||||
|
||||
def policies
|
||||
requires :id
|
||||
requires :identity
|
||||
|
||||
service.policies(:username => id)
|
||||
service.policies(:username => self.identity)
|
||||
end
|
||||
|
||||
def password=(password)
|
||||
|
|
|
@ -14,12 +14,25 @@ module Fog
|
|||
@response['Policies'] << policy
|
||||
end
|
||||
|
||||
def start_element(name, attrs = [])
|
||||
case name
|
||||
when 'member'
|
||||
@policy = {}
|
||||
end
|
||||
super
|
||||
end
|
||||
|
||||
def end_element(name)
|
||||
case name
|
||||
when 'RequestId', 'Marker'
|
||||
@response[name] = value
|
||||
when 'PolicyArn', 'PolicyName'
|
||||
@policy[name] = value
|
||||
when 'IsTruncated'
|
||||
@response[name] = (value == 'true')
|
||||
when 'member'
|
||||
finished_policy(@policy)
|
||||
@policy = {}
|
||||
end
|
||||
super
|
||||
end
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
module Fog
|
||||
module AWS
|
||||
module RegionMethods
|
||||
def validate_aws_region host, region
|
||||
def validate_aws_region(host, region)
|
||||
if host.end_with?('.amazonaws.com') && !['ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', 'eu-west-1', 'us-east-1', 'us-west-1', 'us-west-2', 'sa-east-1', 'us-gov-west-1', 'eu-central-1'].include?(region)
|
||||
raise ArgumentError, "Unknown region: #{region.inspect}"
|
||||
end
|
||||
|
|
|
@ -27,6 +27,32 @@ module Fog
|
|||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def attach_group_policy(group_name, policy_arn)
|
||||
if policy_arn.nil?
|
||||
raise Fog::AWS::IAM::ValidationError, "1 validation error detected: Value null at 'policyArn' failed to satisfy constraint: Member must not be null"
|
||||
end
|
||||
|
||||
managed_policy = self.data[:managed_policies][policy_arn]
|
||||
|
||||
unless managed_policy
|
||||
raise Fog::AWS::IAM::NotFound, "Policy #{policy_arn} does not exist."
|
||||
end
|
||||
|
||||
unless self.data[:groups].key?(group_name)
|
||||
raise Fog::AWS::IAM::NotFound.new("The group with name #{group_name} cannot be found.")
|
||||
end
|
||||
|
||||
group = self.data[:groups][group_name]
|
||||
group[:attached_policies] << policy_arn
|
||||
|
||||
Excon::Response.new.tap { |response|
|
||||
response.status = 200
|
||||
response.body = { "RequestId" => Fog::AWS::Mock.request_id }
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -27,6 +27,32 @@ module Fog
|
|||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def attach_user_policy(user_name, policy_arn)
|
||||
if policy_arn.nil?
|
||||
raise Fog::AWS::IAM::ValidationError, "1 validation error detected: Value null at 'policyArn' failed to satisfy constraint: Member must not be null"
|
||||
end
|
||||
|
||||
managed_policy = self.data[:managed_policies][policy_arn]
|
||||
|
||||
unless managed_policy
|
||||
raise Fog::AWS::IAM::NotFound, "Policy #{policy_arn} does not exist."
|
||||
end
|
||||
|
||||
unless self.data[:users].key?(user_name)
|
||||
raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
|
||||
end
|
||||
|
||||
user = self.data[:users][user_name]
|
||||
user[:attached_policies] << policy_arn
|
||||
|
||||
Excon::Response.new.tap { |response|
|
||||
response.status = 200
|
||||
response.body = { "RequestId" => Fog::AWS::Mock.request_id }
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -27,6 +27,32 @@ module Fog
|
|||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def detach_group_policy(group_name, policy_arn)
|
||||
if policy_arn.nil?
|
||||
raise Fog::AWS::IAM::ValidationError, "1 validation error detected: Value null at 'policyArn' failed to satisfy constraint: Member must not be null"
|
||||
end
|
||||
|
||||
managed_policy = self.data[:managed_policies][policy_arn]
|
||||
|
||||
unless managed_policy
|
||||
raise Fog::AWS::IAM::NotFound, "Policy #{policy_arn} does not exist."
|
||||
end
|
||||
|
||||
unless self.data[:groups].key?(group_name)
|
||||
raise Fog::AWS::IAM::NotFound.new("The group with name #{group_name} cannot be found.")
|
||||
end
|
||||
|
||||
group = self.data[:groups][group_name]
|
||||
group[:attached_policies].delete(policy_arn)
|
||||
|
||||
Excon::Response.new.tap { |response|
|
||||
response.status = 200
|
||||
response.body = { "RequestId" => Fog::AWS::Mock.request_id }
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -27,6 +27,32 @@ module Fog
|
|||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def detach_user_policy(user_name, policy_arn)
|
||||
if policy_arn.nil?
|
||||
raise Fog::AWS::IAM::ValidationError, "1 validation error detected: Value null at 'policyArn' failed to satisfy constraint: Member must not be null"
|
||||
end
|
||||
|
||||
managed_policy = self.data[:managed_policies][policy_arn]
|
||||
|
||||
unless managed_policy
|
||||
raise Fog::AWS::IAM::NotFound, "Policy #{policy_arn} does not exist."
|
||||
end
|
||||
|
||||
unless self.data[:users].key?(user_name)
|
||||
raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
|
||||
end
|
||||
|
||||
user = self.data[:users][user_name]
|
||||
user[:attached_policies].delete(policy_arn)
|
||||
|
||||
Excon::Response.new.tap { |response|
|
||||
response.status = 200
|
||||
response.body = { "RequestId" => Fog::AWS::Mock.request_id }
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
57
lib/fog/aws/requests/iam/get_policy.rb
Normal file
57
lib/fog/aws/requests/iam/get_policy.rb
Normal file
|
@ -0,0 +1,57 @@
|
|||
module Fog
|
||||
module AWS
|
||||
class IAM
|
||||
class Real
|
||||
require 'fog/aws/parsers/iam/single_policy'
|
||||
|
||||
# Get Policy
|
||||
#
|
||||
# ==== Parameters
|
||||
# * 'PolicyArn'<~String>: The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
|
||||
#
|
||||
# ==== Returns
|
||||
# * response<~Excon::Response>:
|
||||
# * body<~Hash>:
|
||||
# * Arn<~String> The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
|
||||
# * AttachmentCount<~Integer> The number of entities (users, groups, and roles) that the policy is attached to.
|
||||
# * CreateDate<~DateTime> The date and time, in ISO 8601 date-time format, when the policy was created.
|
||||
# * DefaultVersionId<~String> The identifier for the version of the policy that is set as the default version.
|
||||
# * Description<~String> A friendly description of the policy.
|
||||
# * IsAttachable<~Boolean> Specifies whether the policy can be attached to an IAM user, group, or role.
|
||||
# * Path<~String> The path to the policy.
|
||||
# * PolicyId<~String> The stable and unique string identifying the policy.
|
||||
# * PolicyName<~String> The friendly name (not ARN) identifying the policy.
|
||||
# * UpdateDate<~DateTime> The date and time, in ISO 8601 date-time format, when the policy was last updated.
|
||||
#
|
||||
# ==== See Also
|
||||
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
|
||||
#
|
||||
def get_policy(policy_arn)
|
||||
request({
|
||||
'Action' => 'GetPolicy',
|
||||
'PolicyArn' => policy_arn,
|
||||
:parser => Fog::Parsers::AWS::IAM::SinglePolicy.new
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def get_policy(policy_arn)
|
||||
managed_policy = self.data[:managed_policies][policy_arn]
|
||||
|
||||
unless managed_policy
|
||||
raise Fog::AWS::IAM::NotFound, "Policy #{policy_arn} does not exist."
|
||||
end
|
||||
|
||||
Excon::Response.new.tap do |response|
|
||||
response.body = {
|
||||
'Policy' => managed_policy,
|
||||
'RequestId' => Fog::AWS::Mock.request_id
|
||||
}
|
||||
response.status = 200
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
89
lib/fog/aws/requests/iam/list_attached_group_policies.rb
Normal file
89
lib/fog/aws/requests/iam/list_attached_group_policies.rb
Normal file
|
@ -0,0 +1,89 @@
|
|||
module Fog
|
||||
module AWS
|
||||
class IAM
|
||||
class Real
|
||||
require 'fog/aws/parsers/iam/list_managed_policies'
|
||||
|
||||
# Attaches a managed policy to a group
|
||||
#
|
||||
# ==== Parameters
|
||||
# * group_name<~String>: name of the group
|
||||
#
|
||||
# ==== Returns
|
||||
# * response<~Excon::Response>:
|
||||
# * body<~Hash>:
|
||||
# * 'RequestId'<~String> - Id of the request
|
||||
# * AttachedPolicies
|
||||
# * 'PolicyArn'<~String> - The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
|
||||
# * 'PolicName'<~String> - The friendly name of the attached policy.
|
||||
#
|
||||
# ==== See Also
|
||||
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html
|
||||
#
|
||||
def list_attached_group_policies(group_name, options={})
|
||||
request({
|
||||
'Action' => 'ListAttachedGroupPolicies',
|
||||
'GroupName' => group_name,
|
||||
:parser => Fog::Parsers::AWS::IAM::ListManagedPolicies.new
|
||||
}.merge(options))
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def list_attached_group_policies(group_name, options={})
|
||||
unless self.data[:groups].key?(group_name)
|
||||
raise Fog::AWS::IAM::NotFound.new("The group with name #{group_name} cannot be found.")
|
||||
end
|
||||
|
||||
limit = options['MaxItems']
|
||||
marker = options['Marker']
|
||||
group = self.data[:groups][group_name]
|
||||
|
||||
if limit
|
||||
if limit > 1_000
|
||||
raise Fog::AWS::IAM::Error.new(
|
||||
"ValidationError => 1 validation error detected: Value '#{limit}' at 'limit' failed to satisfy constraint: Member must have value less than or equal to 1000"
|
||||
)
|
||||
elsif limit < 1
|
||||
raise Fog::AWS::IAM::Error.new(
|
||||
"ValidationError => 1 validation error detected: Value '#{limit}' at 'limit' failed to satisfy constraint: Member must have value greater than or equal to 1"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
data_set = if marker
|
||||
self.data[:markers][marker] || []
|
||||
else
|
||||
group[:attached_policies].map { |arn|
|
||||
self.data[:managed_policies].fetch(arn)
|
||||
}.map { |mp|
|
||||
{ "PolicyName" => mp.fetch("PolicyName"), "PolicyArn" => mp.fetch("Arn") }
|
||||
}
|
||||
end
|
||||
|
||||
data = data_set.slice!(0, limit || 100)
|
||||
truncated = data_set.size > 0
|
||||
marker = truncated && Base64.encode64("metadata/l/#{account_id}/#{UUID.uuid}")
|
||||
|
||||
response = Excon::Response.new
|
||||
|
||||
body = {
|
||||
'Policies' => data,
|
||||
'IsTruncated' => truncated,
|
||||
'RequestId' => Fog::AWS::Mock.request_id
|
||||
}
|
||||
|
||||
if marker
|
||||
self.data[:markers][marker] = data_set
|
||||
body.merge!('Marker' => marker)
|
||||
end
|
||||
|
||||
response.body = body
|
||||
response.status = 200
|
||||
|
||||
response
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
89
lib/fog/aws/requests/iam/list_attached_user_policies.rb
Normal file
89
lib/fog/aws/requests/iam/list_attached_user_policies.rb
Normal file
|
@ -0,0 +1,89 @@
|
|||
module Fog
|
||||
module AWS
|
||||
class IAM
|
||||
class Real
|
||||
require 'fog/aws/parsers/iam/list_managed_policies'
|
||||
|
||||
# Attaches a managed policy to a user
|
||||
#
|
||||
# ==== Parameters
|
||||
# * user_name<~String>: name of the user
|
||||
#
|
||||
# ==== Returns
|
||||
# * response<~Excon::Response>:
|
||||
# * body<~Hash>:
|
||||
# * 'RequestId'<~String> - Id of the request
|
||||
# * AttachedPolicies
|
||||
# * 'PolicyArn'<~String> - The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
|
||||
# * 'PolicName'<~String> - The friendly name of the attached policy.
|
||||
#
|
||||
# ==== See Also
|
||||
# http://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html
|
||||
#
|
||||
def list_attached_user_policies(user_name, options={})
|
||||
request({
|
||||
'Action' => 'ListAttachedUserPolicies',
|
||||
'UserName' => user_name,
|
||||
:parser => Fog::Parsers::AWS::IAM::ListManagedPolicies.new
|
||||
}.merge(options))
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def list_attached_user_policies(user_name, options={})
|
||||
unless self.data[:users].key?(user_name)
|
||||
raise Fog::AWS::IAM::NotFound.new("The user with name #{user_name} cannot be found.")
|
||||
end
|
||||
|
||||
limit = options['MaxItems']
|
||||
marker = options['Marker']
|
||||
user = self.data[:users][user_name]
|
||||
|
||||
if limit
|
||||
if limit > 1_000
|
||||
raise Fog::AWS::IAM::Error.new(
|
||||
"ValidationError => 1 validation error detected: Value '#{limit}' at 'limit' failed to satisfy constraint: Member must have value less than or equal to 1000"
|
||||
)
|
||||
elsif limit < 1
|
||||
raise Fog::AWS::IAM::Error.new(
|
||||
"ValidationError => 1 validation error detected: Value '#{limit}' at 'limit' failed to satisfy constraint: Member must have value greater than or equal to 1"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
data_set = if marker
|
||||
self.data[:markers][marker] || []
|
||||
else
|
||||
user[:attached_policies].map { |arn|
|
||||
self.data[:managed_policies].fetch(arn)
|
||||
}.map { |mp|
|
||||
{ "PolicyName" => mp.fetch("PolicyName"), "PolicyArn" => mp.fetch("Arn") }
|
||||
}
|
||||
end
|
||||
|
||||
data = data_set.slice!(0, limit || 100)
|
||||
truncated = data_set.size > 0
|
||||
marker = truncated && Base64.encode64("metadata/l/#{account_id}/#{UUID.uuid}")
|
||||
|
||||
response = Excon::Response.new
|
||||
|
||||
body = {
|
||||
'Policies' => data,
|
||||
'IsTruncated' => truncated,
|
||||
'RequestId' => Fog::AWS::Mock.request_id
|
||||
}
|
||||
|
||||
if marker
|
||||
self.data[:markers][marker] = data_set
|
||||
body.merge!('Marker' => marker)
|
||||
end
|
||||
|
||||
response.body = body
|
||||
response.status = 200
|
||||
|
||||
response
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -41,7 +41,52 @@ module Fog
|
|||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def list_policies(options={})
|
||||
limit = options['MaxItems']
|
||||
marker = options['Marker']
|
||||
|
||||
if limit
|
||||
if limit > 1_000
|
||||
raise Fog::AWS::IAM::Error.new(
|
||||
"ValidationError => 1 validation error detected: Value '#{limit}' at 'limit' failed to satisfy constraint: Member must have value less than or equal to 1000"
|
||||
)
|
||||
elsif limit < 1
|
||||
raise Fog::AWS::IAM::Error.new(
|
||||
"ValidationError => 1 validation error detected: Value '#{limit}' at 'limit' failed to satisfy constraint: Member must have value greater than or equal to 1"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
data_set = if marker
|
||||
self.data[:markers][marker] || []
|
||||
else
|
||||
self.data[:managed_policies].values
|
||||
end
|
||||
|
||||
data = data_set.slice!(0, limit || 100)
|
||||
truncated = data_set.size > 0
|
||||
marker = truncated && Base64.encode64("metadata/l/#{account_id}/#{UUID.uuid}")
|
||||
|
||||
response = Excon::Response.new
|
||||
|
||||
body = {
|
||||
'Policies' => data,
|
||||
'IsTruncated' => truncated,
|
||||
'RequestId' => Fog::AWS::Mock.request_id
|
||||
}
|
||||
|
||||
if marker
|
||||
self.data[:markers][marker] = data_set
|
||||
body.merge!('Marker' => marker)
|
||||
end
|
||||
|
||||
response.body = body
|
||||
response.status = 200
|
||||
|
||||
response
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
54
tests/models/iam/managed_policies_tests.rb
Normal file
54
tests/models/iam/managed_policies_tests.rb
Normal file
|
@ -0,0 +1,54 @@
|
|||
Shindo.tests("Fog::Compute[:iam] | managed_policies", ['aws','iam']) do
|
||||
|
||||
iam = Fog::AWS[:iam]
|
||||
|
||||
tests('#all').succeeds do
|
||||
iam.managed_policies.size == 100
|
||||
end
|
||||
|
||||
tests('#each').succeeds do
|
||||
policies = []
|
||||
|
||||
iam.managed_policies.each { |policy| policies << policy }
|
||||
|
||||
policies.size > 100
|
||||
end
|
||||
|
||||
policy = iam.managed_policies.get("arn:aws:iam::aws:policy/IAMReadOnlyAccess")
|
||||
|
||||
tests("users") do
|
||||
user = iam.users.create(:id => uniq_id("fog-test-user"))
|
||||
|
||||
tests("#attach").succeeds do
|
||||
user.attach(policy)
|
||||
|
||||
user.attached_policies.map(&:identity) == [policy.identity]
|
||||
end
|
||||
|
||||
tests("#detach").succeeds do
|
||||
user.detach(policy)
|
||||
|
||||
user.attached_policies.map(&:identity) == []
|
||||
end
|
||||
|
||||
user.destroy
|
||||
end
|
||||
|
||||
tests("groups") do
|
||||
group = iam.groups.create(:name => uniq_id("fog-test-group"))
|
||||
|
||||
tests("#attach").succeeds do
|
||||
group.attach(policy)
|
||||
|
||||
group.attached_policies.map(&:identity) == [policy.identity]
|
||||
end
|
||||
|
||||
tests("#detach").succeeds do
|
||||
group.detach(policy)
|
||||
|
||||
group.attached_policies.map(&:identity) == []
|
||||
end
|
||||
|
||||
group.destroy
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue