Merge pull request #274 from MrPrimate/iam

Expanding IAM support

lib/fog/aws/iam.rb

@@ -24,6 +24,7 @@ module Fog
       request :create_instance_profile
       request :create_login_profile
       request :create_policy
+      request :create_policy_version
       request :create_role
       request :create_user
       request :delete_access_key
@@ -34,6 +35,7 @@ module Fog
       request :delete_instance_profile
       request :delete_login_profile
       request :delete_policy
+      request :delete_policy_version
       request :delete_role
       request :delete_role_policy
       request :delete_server_certificate
@@ -59,6 +61,7 @@ module Fog
       request :list_access_keys
       request :list_account_aliases
       request :list_attached_group_policies
+      request :list_attached_role_policies
       request :list_attached_user_policies
       request :list_group_policies
       request :list_groups
@@ -67,6 +70,7 @@ module Fog
       request :list_instance_profiles_for_role
       request :list_mfa_devices
       request :list_policies
+      request :list_policy_versions
       request :list_role_policies
       request :list_roles
       request :list_server_certificates
@@ -78,10 +82,12 @@ module Fog
       request :put_user_policy
       request :remove_role_from_instance_profile
       request :remove_user_from_group
+      request :set_default_policy_version
       request :update_access_key
       request :update_group
       request :update_login_profile
       request :update_account_password_policy
+      request :update_assume_role_policy
       request :update_server_certificate
       request :update_signing_certificate
       request :update_user

lib/fog/aws/parsers/iam/list_policy_versions.rb

@@ -0,0 +1,64 @@
+module Fog
+  module Parsers
+    module AWS
+      module IAM
+        class ListPolicyVersions < Fog::Parsers::Base
+          def reset
+            super
+            @stack = []
+            @response = { 'Versions' => [], 'Marker' => '', 'IsTruncated' => false }
+          end
+
+          def start_element(name,attrs = [])
+            case name
+            when 'Versions'
+              @stack << name
+            when 'member'
+              if @stack.last == 'Versions'
+                @version = {}
+              end
+            end
+            super
+          end
+
+          def end_element(name)
+            case name
+            when 'member'
+              @response['Versions'] << @version
+              @version = {}
+            when 'IsTruncated'
+              response[name] = (value == 'true')
+            when 'Marker', 'RequestId'
+              @response[name] = value
+            end
+            super
+          end
+          
+          def end_element(name)
+            case name
+            when 'VersionId'
+              @version[name] = value
+            when 'CreateDate'
+              @version[name] = Time.parse(value)
+            when 'IsDefaultVersion'
+              @version[name] = (value == 'true')
+            when 'Versions'
+              if @stack.last == 'Versions'
+                @stack.pop
+              end
+            when 'member'
+              if @stack.last == 'Versions'
+                finished_version(@version)
+                @version = nil
+              end
+            end
+          end
+          
+          def finished_version(version)
+            @response['Versions'] << version
+          end
+        end
+      end
+    end
+  end
+end

lib/fog/aws/requests/iam/create_policy_version.rb

@@ -0,0 +1,63 @@
+module Fog
+  module AWS
+    class IAM
+      class Real
+        require 'fog/aws/parsers/iam/policy_version'
+
+        # Creates a managed policy
+        #
+        # ==== Parameters
+        # * policy_arn<~String>: arn of the policy
+        # * policy_document<~Hash>: policy document, see: http://docs.amazonwebservices.com/IAM/latest/UserGuide/PoliciesOverview.html
+        # * set_as_default<~Boolean>: sets policy to default version
+        #
+        # ==== Returns
+        # * response<~Excon::Response>:
+        #   * body<~Hash>:
+        #     * 'RequestId'<~String> - Id of the request
+        #     * 'PolicyVersion'<~Array>:
+        #       * CreateDate<~DateTime> The date and time, in ISO 8601 date-time format, when the policy version was created.
+        #       * Document<~String> The policy document. Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+
+        #       * IsDefaultVersion<~String> Specifies whether the policy version is set as the policy's default version.
+        #       * VersionId<~String> The identifier for the policy version.
+        # ==== See Also
+        # http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicyVersion.html
+        #
+        def create_policy_version(policy_arn, policy_document, set_as_default=true)
+          request({
+            'Action'          => 'CreatePolicyVersion',
+            'PolicyArn'       => policy_arn,
+            'PolicyDocument'  => Fog::JSON.encode(policy_document),
+            'SetAsDefault'    => set_as_default,
+            :parser           => Fog::Parsers::AWS::IAM::PolicyVersion.new
+          }.reject {|_, value| value.nil?})
+        end
+      end
+
+      class Mock
+        def create_policy_version(policy_arn, policy_document, set_as_default=true)
+          managed_policy_versions = self.data[:managed_policy_versions][policy_arn]
+
+          unless managed_policy_versions
+            raise Fog::AWS::IAM::NotFound, "Policy #{policy_arn} version #{version_id} does not exist."
+          end
+
+          version = managed_policy_versions[version_id]
+
+          unless version
+            raise Fog::AWS::IAM::NotFound, "Policy #{policy_arn} version #{version_id} does not exist."
+          end
+
+          Excon::Response.new.tap do |response|
+            response.body = {
+              'PolicyVersion' => version,
+              'RequestId'     => Fog::AWS::Mock.request_id
+            }
+            response.status = 200
+          end
+        end
+      end
+      
+    end
+  end
+end

lib/fog/aws/requests/iam/delete_policy_version.rb

@@ -0,0 +1,41 @@
+module Fog
+  module AWS
+    class IAM
+      class Real
+        require 'fog/aws/parsers/iam/basic'
+
+        # Deletes a manged policy
+        #
+        # ==== Parameters
+        # * policy_arn<~String>: arn of the policy
+        # * version_id<~String>: version of policy to delete
+        #
+        # ==== Returns
+        # * response<~Excon::Response>:
+        #   * body<~Hash>:
+        #     * 'RequestId'<~String> - Id of the request
+        #
+        # ==== See Also
+        # http://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html
+        #
+        def delete_policy_version(policy_arn, version_id)
+          request(
+            'Action'          => 'DeletePolicyVersion',
+            'PolicyArn'       => policy_arn,
+            'VersionId'       => version_id,
+            :parser           => Fog::Parsers::AWS::IAM::Basic.new
+          )
+        end
+        
+        class Mock
+          def delete_policy_version(policy_arn, version_id)
+            Excon::Response.new.tap do |response|
+              response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
+              response.status = 200
+            end
+          end
+        end
+      end
+    end
+  end
+end

lib/fog/aws/requests/iam/list_attached_role_policies.rb

@@ -0,0 +1,89 @@
+module Fog
+  module AWS
+    class IAM
+      class Real
+        require 'fog/aws/parsers/iam/list_managed_policies'
+
+        # Lists managed role policies
+        #
+        # ==== Parameters
+        # * role_name<~String>: name of the role
+        #
+        # ==== Returns
+        # * response<~Excon::Response>:
+        #   * body<~Hash>:
+        #     * 'RequestId'<~String> - Id of the request
+        #     * AttachedPolicies
+        #       * 'PolicyArn'<~String> - The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
+        #       * 'PolicName'<~String> - The friendly name of the attached policy.
+        #
+        # ==== See Also
+        # https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html
+        #
+        def list_attached_role_policies(role_name, options={})
+          request({
+            'Action'   => 'ListAttachedRolePolicies',
+            'RoleName' => role_name,
+            :parser    => Fog::Parsers::AWS::IAM::ListManagedPolicies.new
+          }.merge(options))
+        end
+      end
+
+      class Mock
+        def list_attached_role_policies(role_name, options={})
+          unless self.data[:roles].key?(role_name)
+            raise Fog::AWS::IAM::NotFound.new("The role with name #{role_name} cannot be found.")
+          end
+
+          limit  = options['MaxItems']
+          marker = options['Marker']
+          role   = self.data[:roles][role_name]
+
+          if limit
+            if limit > 1_000
+              raise Fog::AWS::IAM::Error.new(
+                "ValidationError => 1 validation error detected: Value '#{limit}' at 'limit' failed to satisfy constraint: Member must have value less than or equal to 1000"
+              )
+            elsif limit <  1
+              raise Fog::AWS::IAM::Error.new(
+                "ValidationError => 1 validation error detected: Value '#{limit}' at 'limit' failed to satisfy constraint: Member must have value greater than or equal to 1"
+              )
+            end
+          end
+
+          data_set = if marker
+                       self.data[:markers][marker] || []
+                     else
+                       role[:attached_policies].map { |arn|
+                         self.data[:managed_policies].fetch(arn)
+                       }.map { |mp|
+                         { "PolicyName" => mp.fetch("PolicyName"), "PolicyArn" => mp.fetch("Arn") }
+                       }
+                     end
+
+          data = data_set.slice!(0, limit || 100)
+          truncated = data_set.size > 0
+          marker = truncated && Base64.encode64("metadata/l/#{account_id}/#{UUID.uuid}")
+
+          response = Excon::Response.new
+
+          body = {
+            'Policies'    => data,
+            'IsTruncated' => truncated,
+            'RequestId'   => Fog::AWS::Mock.request_id
+          }
+
+          if marker
+            self.data[:markers][marker] = data_set
+            body.merge!('Marker' => marker)
+          end
+
+          response.body = body
+          response.status = 200
+
+          response
+        end
+      end
+    end
+  end
+end

lib/fog/aws/requests/iam/list_policy_versions.rb

@@ -0,0 +1,84 @@
+module Fog
+  module AWS
+    class IAM
+      class Real
+        require 'fog/aws/parsers/iam/list_policy_versions'
+
+        # Lists policy versions
+        #
+        # ==== Parameters
+        # * options <~Hash>: options that filter the result set
+        #   * Marker <~String>
+        #   * MaxItems <~Integer>
+        #   * PolicyArn <~String>
+        # ==== Returns
+        # * response<~Excon::Response>:
+        #   * body<~Hash>:
+        #     * 'RequestId'<~String> - Id of the request
+        #     * 'IsTruncated'<~Boolean>
+        #     * 'Marker'<~String>
+        #     * 'Versions'<~Array>:
+        #       * CreateDate
+        #       * IsDefaultVersion
+        #       * VersionId
+        # ==== See Also
+        # http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
+        #
+        def list_policy_versions(policy_arn, options={})
+          request({
+            'Action'          => 'ListPolicyVersions',
+            'PolicyArn'       => policy_arn,
+            :parser           => Fog::Parsers::AWS::IAM::ListPolicyVersions.new
+          }.merge(options))
+        end
+      end
+
+      class Mock
+        def list_policy_versions(policy_arn, options={})
+          limit  = options['MaxItems']
+          marker = options['Marker']
+
+          if limit
+            if limit > 1_000
+              raise Fog::AWS::IAM::Error.new(
+                "ValidationError => 1 validation error detected: Value '#{limit}' at 'limit' failed to satisfy constraint: Member must have value less than or equal to 1000"
+              )
+            elsif limit <  1
+              raise Fog::AWS::IAM::Error.new(
+                "ValidationError => 1 validation error detected: Value '#{limit}' at 'limit' failed to satisfy constraint: Member must have value greater than or equal to 1"
+              )
+            end
+          end
+
+          data_set = if marker
+                       self.data[:markers][marker] || []
+                     else
+                       self.data[:policy_versions].values
+                     end
+
+          data = data_set.slice!(0, limit || 100)
+          truncated = data_set.size > 0
+          marker = truncated && Base64.encode64("metadata/l/#{account_id}/#{UUID.uuid}")
+
+          response = Excon::Response.new
+
+          body = {
+            'Versions'    => data,
+            'IsTruncated' => truncated,
+            'RequestId'   => Fog::AWS::Mock.request_id
+          }
+
+          if marker
+            self.data[:markers][marker] = data_set
+            body.merge!('Marker' => marker)
+          end
+
+          response.body = body
+          response.status = 200
+
+          response
+        end
+      end
+    end
+  end
+end

lib/fog/aws/requests/iam/set_default_policy_version.rb

@@ -0,0 +1,42 @@
+module Fog
+  module AWS
+    class IAM
+      class Real
+        require 'fog/aws/parsers/iam/basic'
+
+        # Remove a user from a group
+        #
+        # ==== Parameters
+        # * policy_arn<~String>: arn of the policy
+        # * version_id<~String>: version of policy to delete
+        #
+        # ==== Returns
+        # * response<~Excon::Response>:
+        #   * body<~Hash>:
+        #     * 'RequestId'<~String> - Id of the request
+        #
+        # ==== See Also
+        # http://docs.amazonwebservices.com/IAM/latest/APIReference/API_SetDefaultPolicyVersion.html
+        #
+        def set_default_policy_version(policy_arn, version_id)
+          request(
+            'Action'    => 'SetDefaultPolicyVersion',
+            'PolicyArn' => policy_arn,
+            'VersionId' => version_id,
+            :parser     => Fog::Parsers::AWS::IAM::Basic.new
+          )
+        end
+      end
+      
+      class Mock
+        def set_default_policy_version(policy_arn, version_id)
+          Excon::Response.new.tap do |response|
+            response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
+            response.status = 200
+          end
+        end
+      end
+
+    end
+  end
+end

lib/fog/aws/requests/iam/update_assume_role_policy.rb

@@ -0,0 +1,41 @@
+module Fog
+  module AWS
+    class IAM
+      class Real
+        require 'fog/aws/parsers/iam/basic'
+
+        # Creates a managed policy
+        #
+        # ==== Parameters
+        # * policy_document<~Hash>: policy document, see: http://docs.amazonwebservices.com/IAM/latest/UserGuide/PoliciesOverview.html
+        # * role_name<~String>: name of role to update
+        #
+        # ==== Returns
+        # * response<~Excon::Response>:
+        #   * body<~Hash>:
+        #     * 'RequestId'<~String> - Id of the request
+        #
+        # ==== See Also
+        # http://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html
+        #
+        def update_assume_role_policy(policy_document, role_name)
+          request({
+            'Action'          => 'UpdateAssumeRolePolicy',
+            'PolicyDocument'  => Fog::JSON.encode(policy_document),
+            'RoleName'        => role_name,
+            :parser           => Fog::Parsers::AWS::IAM::Basic.new
+          }.reject {|_, value| value.nil?})
+        end
+        
+        class Mock
+          def update_assume_role_policy(policy_document, role_name)
+            Excon::Response.new.tap do |response|
+              response.body = { 'RequestId' => Fog::AWS::Mock.request_id }
+              response.status = 200
+            end
+          end
+        end
+      end
+    end
+  end
+end

tests/requests/iam/managed_policy_tests.rb

@@ -32,6 +32,16 @@ Shindo.tests('AWS::IAM | managed policy requests', ['aws']) do
       'IsTruncated' => Fog::Boolean      
     }
 
+    attached_policy_format = {
+        'PolicyArn' => String,
+        'PolicyName' => String
+    }
+
+    list_managed_policies_format = {
+        'RequestId' => String,
+        'AttachedPolicies' => [attached_policy_format]
+    }
+
     tests("#create_policy('fog_policy')").formats(create_policy_format) do
       body = Fog::AWS[:iam].create_policy('fog_policy', @policy, '/fog/').body
       puts body.inspect
@@ -52,15 +62,22 @@ Shindo.tests('AWS::IAM | managed policy requests', ['aws']) do
       Fog::AWS[:iam].attach_user_policy('fog_policy_test_user', @policy_arn).body
     end
 
+    tests("#list_attach_user_policies()").formats(list_managed_policies_format) do
+      Fog::AWS[:iam].list_attached_user_policies('fog_policy_test_user').body
+    end
+
     tests("#detach_user_policy()").formats(AWS::IAM::Formats::BASIC) do
       Fog::AWS[:iam].detach_user_policy('fog_policy_test_user', @policy_arn).body
     end
 
-
     tests("#attach_group_policy()").formats(AWS::IAM::Formats::BASIC) do
       Fog::AWS[:iam].attach_group_policy('fog_policy_test_group', @policy_arn).body
     end
 
+    tests("#list_attach_group_policies()").formats(fog_policy_test_group) do
+      Fog::AWS[:iam].list_attached_group_policies('fog_policy_test_group').body
+    end
+
     tests("#detach_group_policy()").formats(AWS::IAM::Formats::BASIC) do
       Fog::AWS[:iam].detach_group_policy('fog_policy_test_group', @policy_arn).body
     end
@@ -69,6 +86,10 @@ Shindo.tests('AWS::IAM | managed policy requests', ['aws']) do
       Fog::AWS[:iam].attach_role_policy('fog_policy_test_role', @policy_arn).body
     end
 
+    tests("#list_attach_role_policies()").formats(fog_policy_test_group) do
+      Fog::AWS[:iam].attach_role_policies('fog_policy_test_role').body
+    end
+
     tests("#detach_role_policy()").formats(AWS::IAM::Formats::BASIC) do
       Fog::AWS[:iam].detach_role_policy('fog_policy_test_role', @policy_arn).body
     end

tests/requests/iam/versioned_managed_policy_tests.rb

@@ -0,0 +1,114 @@
+Shindo.tests('AWS::IAM | versioned managed policy requests', ['aws']) do
+
+  pending if Fog.mocking?
+
+  tests('success') do
+    @policy = {'Version' => '2012-10-17', "Statement" => [{"Effect" => "Deny", "Action" => "*", "Resource" => "*"}]}
+    @policy_v2 = {'Version' => '2012-10-17', "Statement" => [{"Effect" => "Allow", "Action" => "*", "Resource" => "*"}]}
+
+    @policy_format = {
+      'Arn'        => String,
+      'AttachmentCount' => Integer,
+      'Description' => String,
+      'DefaultVersionId' => String,
+      'IsAttachable' => Fog::Boolean,
+      'Path'       => String,
+      'PolicyId'     => String,
+      'PolicyName'   => String,
+      'CreateDate' => Time,
+      'UpdateDate' => Time
+    }
+
+    create_policy_format = {
+      'RequestId' => String,
+      'Policy' => @policy_format
+    }
+
+    list_policies_format = {
+      'RequestId' => String,
+      'Policies' => [@policy_format],
+      'Marker' => String,
+      'IsTruncated' => Fog::Boolean      
+    }
+
+    versioned_policy_format = {
+        'CreateDate' => Time,
+        'Document' => Hash,
+        'IsDefaultVersion' => Fog::Boolean,
+        'Description' => String
+    }
+
+    create_versioned_policy_format = {
+      'RequestId' => String,
+      'PolicyVersion' => [versioned_policy_format]
+    }
+
+    policy_verions_format = {
+        'CreateDate' => Time,
+        'IsDefaultVersion' => Fog::Boolean,
+        'VersionId' => String
+    }
+
+    list_policy_versions_format = {
+      'RequestId' => String,
+      'Versions' => [policy_verions_format],
+      'Marker' => String,
+      'IsTruncated' => Fog::Boolean      
+    }
+
+    tests("#create_policy('fog_policy')").formats(create_policy_format) do
+      body = Fog::AWS[:iam].create_policy('fog_policy', @policy, '/fog/').body
+      puts body.inspect
+      @policy_arn = body['Policy']['Arn']
+      body
+    end
+
+    tests("#list_policies('fog_policy')").formats(list_policies_format) do
+      body = Fog::AWS[:iam].list_policies('PathPrefix' => '/fog/').body
+      tests('length 1').returns(1) do
+        body['Policies'].length
+      end
+      body
+    end
+
+    tests("#create_versioned_policy('fog_policy')").formats(create_versioned_policy_format) do
+      body = Fog::AWS[:iam].create_versioned_policy(@policy_arn, @policy_v2, true).body
+      puts body.inspect
+      @policy_version_document = body['PolicyVersion']['Document']
+      body
+    end
+
+    tests("#list_policy_versions('fog_policy')").formats(list_policy_versions_format) do
+      body = Fog::AWS[:iam].list_policy_versions(@policy_arn).body
+      tests('length 2').returns(2) do
+        body['Versions'].length
+      end
+      body
+    end
+
+    tests("#set_default_policy_version('fog_policy')").formats(AWS::IAM::Formats::BASIC) do
+      body = Fog::AWS[:iam].set_default_policy_version(@policy_arn, 'v1').body
+      tests('length 2').returns(2) do
+        body['Versions'].length
+      end
+      body
+    end
+
+    tests("#delete_versioned_policy('fog_policy')").formats(AWS::IAM::Formats::BASIC) do
+      body = Fog::AWS[:iam].delete_policy(@policy_arn, 'v2').body
+      puts body.inspect
+      @policy_version_document = body['PolicyVersion']['Document']
+      body
+    end
+
+    tests("#delete_policy('fog_policy')").formats(AWS::IAM::Formats::BASIC) do
+      Fog::AWS[:iam].delete_policy(@policy_arn).body
+    end
+   
+  end
+
+  tests('failure') do
+    test('failing conditions')
+  end
+
+end