diff --git a/lib/fog/aws/iam.rb b/lib/fog/aws/iam.rb index aacac68497..788ee40b7a 100644 --- a/lib/fog/aws/iam.rb +++ b/lib/fog/aws/iam.rb @@ -17,11 +17,15 @@ class ValidationError < Fog::AWS::IAM::Error; end request_path 'fog/aws/requests/iam' request :add_user_to_group request :add_role_to_instance_profile + request :attach_group_policy + request :attach_role_policy + request :attach_user_policy request :create_access_key request :create_account_alias request :create_group request :create_instance_profile request :create_login_profile + request :create_policy request :create_role request :create_user request :delete_access_key @@ -31,12 +35,16 @@ class ValidationError < Fog::AWS::IAM::Error; end request :delete_group_policy request :delete_instance_profile request :delete_login_profile + request :delete_policy request :delete_role request :delete_role_policy request :delete_server_certificate request :delete_signing_certificate request :delete_user request :delete_user_policy + request :detach_group_policy + request :detach_role_policy + request :detach_user_policy request :get_account_summary request :get_account_password_policy request :get_group @@ -56,6 +64,7 @@ class ValidationError < Fog::AWS::IAM::Error; end request :list_instance_profiles request :list_instance_profiles_for_role request :list_mfa_devices + request :list_policies request :list_roles request :list_role_policies request :list_server_certificates diff --git a/lib/fog/aws/parsers/.DS_Store b/lib/fog/aws/parsers/.DS_Store new file mode 100644 index 0000000000..a625054663 Binary files /dev/null and b/lib/fog/aws/parsers/.DS_Store differ diff --git a/lib/fog/aws/parsers/iam/list_managed_policies.rb b/lib/fog/aws/parsers/iam/list_managed_policies.rb new file mode 100644 index 0000000000..92583c559d --- /dev/null +++ b/lib/fog/aws/parsers/iam/list_managed_policies.rb @@ -0,0 +1,29 @@ +module Fog + module Parsers + module AWS + module IAM + require 'fog/aws/parsers/iam/policy_parser' + class ListManagedPolicies < Fog::Parsers::AWS::IAM::PolicyParser + def reset + super + @response = { 'Policies' => [] , 'Marker' => '', 'IsTruncated' => false} + end + + def finished_policy(policy) + @response['Policies'] << policy + end + + def end_element(name) + case name + when 'RequestId', 'Marker' + @response[name] = value + when 'IsTruncated' + @response[name] = (value == 'true') + end + super + end + end + end + end + end +end diff --git a/lib/fog/aws/parsers/iam/policy_parser.rb b/lib/fog/aws/parsers/iam/policy_parser.rb new file mode 100644 index 0000000000..5af18f9728 --- /dev/null +++ b/lib/fog/aws/parsers/iam/policy_parser.rb @@ -0,0 +1,57 @@ +module Fog + module Parsers + module AWS + module IAM + class PolicyParser < Fog::Parsers::Base + def reset + @policy = fresh_policy + @stack = [] + end + + def start_element(name,attrs = []) + case name + when 'Policies' + @stack << name + when 'Policy' + @role =fresh_policy + when 'member' + if @stack.last == 'Policies' + @role = fresh_policy + end + end + super + end + + def fresh_policy + {'AttachmentCount' => 0, 'Description' => ''} + end + + def end_element(name) + case name + when 'Arn', 'DefaultVersionId', 'Description', 'Path', 'PolicyName', 'PolicyId' + @policy[name] = value + when 'CreateDate', 'UpdateDate' + @policy[name] = Time.parse(value) + when 'IsAttachable' + @policy[name] = (value == 'true') + when 'AttachmentCount' + @policy[name] = value.to_i + when 'Policy' + finished_policy(@policy) + @policy = nil + when 'Policies' + if @stack.last == 'Policies' + @stack.pop + end + when 'member' + if @stack.last == 'Policies' + finished_policy(@policy) + @policy = nil + end + end + end + end + end + end + end +end diff --git a/lib/fog/aws/parsers/iam/single_policy.rb b/lib/fog/aws/parsers/iam/single_policy.rb new file mode 100644 index 0000000000..db2b99ce64 --- /dev/null +++ b/lib/fog/aws/parsers/iam/single_policy.rb @@ -0,0 +1,27 @@ +module Fog + module Parsers + module AWS + module IAM + require 'fog/aws/parsers/iam/policy_parser' + class SinglePolicy < Fog::Parsers::AWS::IAM::PolicyParser + def reset + super + @response = { 'Policy' => {} } + end + + def finished_policy(policy) + @response['Policy'] = policy + end + + def end_element(name) + case name + when 'RequestId' + @response[name] = value + end + super + end + end + end + end + end +end diff --git a/lib/fog/aws/requests/.DS_Store b/lib/fog/aws/requests/.DS_Store new file mode 100644 index 0000000000..c9834ff246 Binary files /dev/null and b/lib/fog/aws/requests/.DS_Store differ diff --git a/lib/fog/aws/requests/iam/attach_group_policy.rb b/lib/fog/aws/requests/iam/attach_group_policy.rb new file mode 100644 index 0000000000..e57b949644 --- /dev/null +++ b/lib/fog/aws/requests/iam/attach_group_policy.rb @@ -0,0 +1,32 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/basic' + + # Attaches a managed policy to a group + # + # ==== Parameters + # * group_name<~String>: name of the group + # * policy_arn<~String>: arn of the managed policy + # + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html + # + def attach_group_policy(group_name, policy_arn) + request( + 'Action' => 'AttachGroupPolicy', + 'GroupName' => group_name, + 'PolicyArn' => policy_arn, + :parser => Fog::Parsers::AWS::IAM::Basic.new + ) + end + end + end + end +end diff --git a/lib/fog/aws/requests/iam/attach_role_policy.rb b/lib/fog/aws/requests/iam/attach_role_policy.rb new file mode 100644 index 0000000000..1004f804be --- /dev/null +++ b/lib/fog/aws/requests/iam/attach_role_policy.rb @@ -0,0 +1,32 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/basic' + + # Attaches a managed policy to a role + # + # ==== Parameters + # * role_name<~String>: name of the role + # * policy_arn<~String>: arn of the managed policy + # + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html + # + def attach_role_policy(role_name, policy_arn) + request( + 'Action' => 'AttachRolePolicy', + 'RoleName' => role_name, + 'PolicyArn' => policy_arn, + :parser => Fog::Parsers::AWS::IAM::Basic.new + ) + end + end + end + end +end diff --git a/lib/fog/aws/requests/iam/attach_user_policy.rb b/lib/fog/aws/requests/iam/attach_user_policy.rb new file mode 100644 index 0000000000..8b4aaca876 --- /dev/null +++ b/lib/fog/aws/requests/iam/attach_user_policy.rb @@ -0,0 +1,32 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/basic' + + # Attaches a managed policy to a user + # + # ==== Parameters + # * user_name<~String>: name of the user + # * policy_arn<~String>: arn of the managed policy + # + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html + # + def attach_user_policy(user_name, policy_arn) + request( + 'Action' => 'AttachUserPolicy', + 'UserName' => user_name, + 'PolicyArn' => policy_arn, + :parser => Fog::Parsers::AWS::IAM::Basic.new + ) + end + end + end + end +end diff --git a/lib/fog/aws/requests/iam/create_policy.rb b/lib/fog/aws/requests/iam/create_policy.rb new file mode 100644 index 0000000000..ebcdd6607f --- /dev/null +++ b/lib/fog/aws/requests/iam/create_policy.rb @@ -0,0 +1,47 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/single_policy' + + # Creates a managed policy + # + # ==== Parameters + # * policy_name<~String>: name of policy document + # * policy_document<~Hash>: policy document, see: http://docs.amazonwebservices.com/IAM/latest/UserGuide/PoliciesOverview.html + # * path <~String>: path of the policy + # * description <~String>: description for the policy + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # * 'Policy'<~Hash>: + # * Arn + # * AttachmentCount + # * CreateDate + # * DefaultVersionId + # * Description + # * IsAttachable + # * Path + # * PolicyId + # * PolicyName + # * UpdateDate + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html + # + def create_policy(policy_name, policy_document, path=nil, description=nil) + request({ + 'Action' => 'CreatePolicy', + 'PolicyName' => policy_name, + 'PolicyDocument' => Fog::JSON.encode(policy_document), + 'Path' => path, + 'Description' => description, + :parser => Fog::Parsers::AWS::IAM::SinglePolicy.new + }.reject {|_, value| value.nil?}) + end + end + + + end + end +end diff --git a/lib/fog/aws/requests/iam/delete_policy.rb b/lib/fog/aws/requests/iam/delete_policy.rb new file mode 100644 index 0000000000..ea421608ce --- /dev/null +++ b/lib/fog/aws/requests/iam/delete_policy.rb @@ -0,0 +1,30 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/basic' + + # Deletes a manged policy + # + # ==== Parameters + # * policy_arn<~String>: arn of the policy + # + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html + # + def delete_policy(policy_arn) + request( + 'Action' => 'DeletePolicy', + 'PolicyArn' => policy_arn, + :parser => Fog::Parsers::AWS::IAM::Basic.new + ) + end + end + end + end +end diff --git a/lib/fog/aws/requests/iam/detach_group_policy.rb b/lib/fog/aws/requests/iam/detach_group_policy.rb new file mode 100644 index 0000000000..fe8a1ab7ea --- /dev/null +++ b/lib/fog/aws/requests/iam/detach_group_policy.rb @@ -0,0 +1,32 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/basic' + + # Detaches a managed policy from a group + # + # ==== Parameters + # * group_name<~String>: name of the group + # * policy_arn<~String>: arn of the managed policy + # + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html + # + def detach_group_policy(group_name, policy_arn) + request( + 'Action' => 'DetachGroupPolicy', + 'GroupName' => group_name, + 'PolicyArn' => policy_arn, + :parser => Fog::Parsers::AWS::IAM::Basic.new + ) + end + end + end + end +end diff --git a/lib/fog/aws/requests/iam/detach_role_policy.rb b/lib/fog/aws/requests/iam/detach_role_policy.rb new file mode 100644 index 0000000000..38f4033e07 --- /dev/null +++ b/lib/fog/aws/requests/iam/detach_role_policy.rb @@ -0,0 +1,32 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/basic' + + # Detaches a managed policy from a role + # + # ==== Parameters + # * role_name<~String>: name of the role + # * policy_arn<~String>: arn of the managed policy + # + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html + # + def detach_role_policy(role_name, policy_arn) + request( + 'Action' => 'DetachRolePolicy', + 'RoleName' => role_name, + 'PolicyArn' => policy_arn, + :parser => Fog::Parsers::AWS::IAM::Basic.new + ) + end + end + end + end +end diff --git a/lib/fog/aws/requests/iam/detach_user_policy.rb b/lib/fog/aws/requests/iam/detach_user_policy.rb new file mode 100644 index 0000000000..1747c9c1e2 --- /dev/null +++ b/lib/fog/aws/requests/iam/detach_user_policy.rb @@ -0,0 +1,32 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/basic' + + # Detaches a managed policy to a user + # + # ==== Parameters + # * user_name<~String>: name of the user + # * policy_arn<~String>: arn of the managed policy + # + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html + # + def detach_user_policy(user_name, policy_arn) + request( + 'Action' => 'DetachUserPolicy', + 'UserName' => user_name, + 'PolicyArn' => policy_arn, + :parser => Fog::Parsers::AWS::IAM::Basic.new + ) + end + end + end + end +end diff --git a/lib/fog/aws/requests/iam/list_policies.rb b/lib/fog/aws/requests/iam/list_policies.rb new file mode 100644 index 0000000000..ece3a17853 --- /dev/null +++ b/lib/fog/aws/requests/iam/list_policies.rb @@ -0,0 +1,47 @@ +module Fog + module AWS + class IAM + class Real + require 'fog/aws/parsers/iam/list_managed_policies' + + # Lists managed policies + # + # ==== Parameters + # * options <~Hash>: options that filter the result set + # * Marker <~String> + # * MaxItems <~Integer> + # * OnlyAttached <~Boolean> + # * PathPrefix <~String> + # * Scope <~String> + # ==== Returns + # * response<~Excon::Response>: + # * body<~Hash>: + # * 'RequestId'<~String> - Id of the request + # * 'IsTruncated'<~Boolean> + # * 'Marker'<~String> + # * 'Policies'<~Array>: + # * Arn + # * AttachmentCount + # * CreateDate + # * DefaultVersionId + # * Description + # * IsAttachable + # * Path + # * PolicyId + # * PolicyName + # * UpdateDate + # ==== See Also + # http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html + # + def list_policies(options={}) + request({ + 'Action' => 'ListPolicies', + :parser => Fog::Parsers::AWS::IAM::ListManagedPolicies.new + }.merge(options)) + end + end + + + end + end +end diff --git a/tests/requests/iam/managed_policy_tests.rb b/tests/requests/iam/managed_policy_tests.rb new file mode 100644 index 0000000000..313efdfd89 --- /dev/null +++ b/tests/requests/iam/managed_policy_tests.rb @@ -0,0 +1,91 @@ +Shindo.tests('AWS::IAM | managed policy requests', ['aws']) do + + pending if Fog.mocking? + Fog::AWS[:iam].create_group('fog_policy_test_group') + Fog::AWS[:iam].create_user('fog_policy_test_user') + Fog::AWS[:iam].create_role('fog_policy_test_role', Fog::AWS::IAM::EC2_ASSUME_ROLE_POLICY) + + tests('success') do + @policy = {'Version' => '2012-10-17', "Statement" => [{"Effect" => "Deny", "Action" => "*", "Resource" => "*"}]} + @policy_format = { + 'Arn' => String, + 'AttachmentCount' => Integer, + 'Description' => String, + 'DefaultVersionId' => String, + 'IsAttachable' => Fog::Boolean, + 'Path' => String, + 'PolicyId' => String, + 'PolicyName' => String, + 'CreateDate' => Time, + 'UpdateDate' => Time + } + + create_policy_format = { + 'RequestId' => String, + 'Policy' => @policy_format + } + + list_policies_format = { + 'RequestId' => String, + 'Policies' => [@policy_format], + 'Marker' => String, + 'IsTruncated' => Fog::Boolean + } + + tests("#create_policy('fog_policy')").formats(create_policy_format) do + body = Fog::AWS[:iam].create_policy('fog_policy', @policy, '/fog/').body + puts body.inspect + @policy_arn = body['Policy']['Arn'] + body + end + + tests("#list_policies()").formats(list_policies_format) do + body = Fog::AWS[:iam].list_policies('PathPrefix' => '/fog/').body + tests('length 1').returns(1) do + body['Policies'].length + end + body + end + + + tests("#attach_user_policy()").formats(AWS::IAM::Formats::BASIC) do + Fog::AWS[:iam].attach_user_policy('fog_policy_test_user', @policy_arn).body + end + + tests("#detach_user_policy()").formats(AWS::IAM::Formats::BASIC) do + Fog::AWS[:iam].detach_user_policy('fog_policy_test_user', @policy_arn).body + end + + + tests("#attach_group_policy()").formats(AWS::IAM::Formats::BASIC) do + Fog::AWS[:iam].attach_group_policy('fog_policy_test_group', @policy_arn).body + end + + tests("#detach_group_policy()").formats(AWS::IAM::Formats::BASIC) do + Fog::AWS[:iam].detach_group_policy('fog_policy_test_group', @policy_arn).body + end + + tests("#attach_role_policy()").formats(AWS::IAM::Formats::BASIC) do + Fog::AWS[:iam].attach_role_policy('fog_policy_test_role', @policy_arn).body + end + + tests("#detach_role_policy()").formats(AWS::IAM::Formats::BASIC) do + Fog::AWS[:iam].detach_role_policy('fog_policy_test_role', @policy_arn).body + end + + tests("#delete_policy()").formats(AWS::IAM::Formats::BASIC) do + Fog::AWS[:iam].delete_policy(@policy_arn).body + end + + end + + tests('failure') do + test('failing conditions') + end + + Fog::AWS[:iam].delete_group('fog_policy_test_group') + Fog::AWS[:iam].delete_user('fog_policy_test_user') + Fog::AWS[:iam].delete_role('fog_policy_test_role') + + +end