From ae856e304f177980454d6cdd6226db1393336e3d Mon Sep 17 00:00:00 2001 From: Jack Thomas Date: Mon, 11 Jul 2016 13:24:53 +0100 Subject: [PATCH] Expanding IAM support Adding: * Create/Delete Policy Versions * Set Default Policy Version * Add Update Assume Role Policy --- lib/fog/aws/iam.rb | 4 ++ .../aws/requests/iam/create_policy_version.rb | 63 +++++++++++++++++++ .../aws/requests/iam/delete_policy_version.rb | 41 ++++++++++++ .../iam/set_default_policy_version.rb | 42 +++++++++++++ .../requests/iam/update_assume_role_policy.rb | 41 ++++++++++++ 5 files changed, 191 insertions(+) create mode 100644 lib/fog/aws/requests/iam/create_policy_version.rb create mode 100644 lib/fog/aws/requests/iam/delete_policy_version.rb create mode 100644 lib/fog/aws/requests/iam/set_default_policy_version.rb create mode 100644 lib/fog/aws/requests/iam/update_assume_role_policy.rb diff --git a/lib/fog/aws/iam.rb b/lib/fog/aws/iam.rb index 53528bcd7..6eba5e579 100644 --- a/lib/fog/aws/iam.rb +++ b/lib/fog/aws/iam.rb @@ -24,6 +24,7 @@ module Fog request :create_instance_profile request :create_login_profile request :create_policy + request :create_policy_version request :create_role request :create_user request :delete_access_key @@ -34,6 +35,7 @@ module Fog request :delete_instance_profile request :delete_login_profile request :delete_policy + request :delete_policy_version request :delete_role request :delete_role_policy request :delete_server_certificate @@ -78,10 +80,12 @@ module Fog request :put_user_policy request :remove_role_from_instance_profile request :remove_user_from_group + request :set_default_policy_version request :update_access_key request :update_group request :update_login_profile request :update_account_password_policy + request :update_assume_role_policy request :update_server_certificate request :update_signing_certificate request :update_user diff --git a/lib/fog/aws/requests/iam/create_policy_version.rb b/lib/fog/aws/requests/iam/create_policy_version.rb new file mode 100644 index 000000000..23edc2a10 --- /dev/null +++ b/lib/fog/aws/requests/iam/create_policy_version.rb @@ -0,0 +1,63 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/policy_version' + + # Creates a managed policy + # + # ==== Parameters + # * policy_arn<~String>: arn of the policy + # * policy_document<~Hash>: policy document, see: http://docs.amazonwebservices.com/IAM/latest/UserGuide/PoliciesOverview.html + # * set_as_default<~Boolean>: sets policy to default version + # + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # * 'PolicyVersion'<~Array>: + # * CreateDate<~DateTime> The date and time, in ISO 8601 date-time format, when the policy version was created. + # * Document<~String> The policy document. Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+ + # * IsDefaultVersion<~String> Specifies whether the policy version is set as the policy's default version. + # * VersionId<~String> The identifier for the policy version. + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicyVersion.html + # + def create_policy_version(policy_arn, policy_document, set_as_default=true) + request({ + 'Action' => 'CreatePolicyVersion', + 'PolicyArn' => policy_name, + 'PolicyDocument' => Fog::JSON.encode(policy_document), + 'SetAsDefault' => set_as_default, + :parser => Fog::Parsers::AWS::IAM::PolicyVersion.new + }.reject {|_, value| value.nil?}) + end + end + + class Mock + def create_policy_version(policy_arn, policy_document, set_as_default=true) + managed_policy_versions = self.data[:managed_policy_versions][policy_arn] + + unless managed_policy_versions + raise Fog::AWS::IAM::NotFound, "Policy #{policy_arn} version #{version_id} does not exist." + end + + version = managed_policy_versions[version_id] + + unless version + raise Fog::AWS::IAM::NotFound, "Policy #{policy_arn} version #{version_id} does not exist." + end + + Excon::Response.new.tap do |response| + response.body = { + 'PolicyVersion' => version, + 'RequestId' => Fog::AWS::Mock.request_id + } + response.status = 200 + end + end + end + + end + end +end diff --git a/lib/fog/aws/requests/iam/delete_policy_version.rb b/lib/fog/aws/requests/iam/delete_policy_version.rb new file mode 100644 index 000000000..bc5784a06 --- /dev/null +++ b/lib/fog/aws/requests/iam/delete_policy_version.rb @@ -0,0 +1,41 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/basic' + + # Deletes a manged policy + # + # ==== Parameters + # * policy_arn<~String>: arn of the policy + # * version_id<~String>: version of policy to delete + # + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html + # + def delete_policy(policy_arn, version_id) + request( + 'Action' => 'DeletePolicyVersion', + 'PolicyArn' => policy_arn, + 'VersionId' => version_id, + :parser => Fog::Parsers::AWS::IAM::Basic.new + ) + end + + class Mock + def delete_policy(policy_arn, version_id) + Excon::Response.new.tap do |response| + response.body = { 'RequestId' => Fog::AWS::Mock.request_id } + response.status = 200 + end + end + end + end + end + end +end diff --git a/lib/fog/aws/requests/iam/set_default_policy_version.rb b/lib/fog/aws/requests/iam/set_default_policy_version.rb new file mode 100644 index 000000000..86775f36c --- /dev/null +++ b/lib/fog/aws/requests/iam/set_default_policy_version.rb @@ -0,0 +1,42 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/basic' + + # Remove a user from a group + # + # ==== Parameters + # * policy_arn<~String>: arn of the policy + # * version_id<~String>: version of policy to delete + # + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # + # ==== See Also + # http://docs.amazonwebservices.com/IAM/latest/APIReference/API_SetDefaultPolicyVersion.html + # + def set_default_policy_version(policy_arn, version_id) + request( + 'Action' => 'SetDefaultPolicyVersion', + 'PolicyArn' => policy_arn, + 'VersionId' => version_id, + :parser => Fog::Parsers::AWS::IAM::Basic.new + ) + end + end + + class Mock + def set_default_policy_version(policy_arn, version_id) + Excon::Response.new.tap do |response| + response.body = { 'RequestId' => Fog::AWS::Mock.request_id } + response.status = 200 + end + end + end + + end + end +end diff --git a/lib/fog/aws/requests/iam/update_assume_role_policy.rb b/lib/fog/aws/requests/iam/update_assume_role_policy.rb new file mode 100644 index 000000000..54ae3c55c --- /dev/null +++ b/lib/fog/aws/requests/iam/update_assume_role_policy.rb @@ -0,0 +1,41 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/basic' + + # Creates a managed policy + # + # ==== Parameters + # * policy_document<~Hash>: policy document, see: http://docs.amazonwebservices.com/IAM/latest/UserGuide/PoliciesOverview.html + # * role_name<~String>: name of role to update + # + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html + # + def update_assume_role_policy(policy_document, role_name) + request({ + 'Action' => 'UpdateAssumeRolePolicy', + 'PolicyDocument' => Fog::JSON.encode(policy_document), + 'RoleName' => policy_name, + :parser => Fog::Parsers::AWS::IAM::Basic.new + }.reject {|_, value| value.nil?}) + end + + class Mock + def update_assume_role_policy(policy_document, role_name) + Excon::Response.new.tap do |response| + response.body = { 'RequestId' => Fog::AWS::Mock.request_id } + response.status = 200 + end + end + end + end + end + end +end