Skip to content

Commit

Permalink
Merge pull request #35 from kamatama41/multiple-excludes-or-targets
Browse files Browse the repository at this point in the history 
Multiple excludes or targets
  • Loading branch information
@winebarrel
winebarrel authored Jan 22, 2018
2 parents 4cdf45a + ac83ae3 commit 6158a59
Show file tree
Hide file tree
Showing 13 changed files with 465 additions and 42 deletions.
4 changes: 2 additions & 2 deletions bin/miam
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,8 @@ ARGV.options do |opt|
opt.on('' , '--split-more') { split = :more }
opt.on('', '--format=FORMAT', [:ruby, :json]) {|v| format_passed = true; options[:format] = v }
opt.on('' , '--export-concurrency N', Integer) {|v| options[:export_concurrency] = v }
opt.on('' , '--target REGEXP') {|v| options[:target] = Regexp.new(v) }
opt.on('' , '--exclude REGEXP') {|v| options[:exclude] = Regexp.new(v) }
opt.on('' , '--target REGEXP') {|v| (options[:target] ||= []) << Regexp.new(v) }
opt.on('' , '--exclude REGEXP') {|v| (options[:exclude] ||= []) << Regexp.new(v) }
opt.on('' , '--ignore-login-profile') { options[:ignore_login_profile] = true }
opt.on('' , '--no-color') { options[:color] = false }
opt.on('' , '--no-progress') { options[:no_progress] = true }
Expand Down
4 changes: 2 additions & 2 deletions lib/miam/client.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -527,11 +527,11 @@ def target_matched?(name)
result = true

if @options[:exclude]
result &&= name !~ @options[:exclude]
result &&= @options[:exclude].all? {|r| name !~ r}
end

if @options[:target]
result &&= name =~ @options[:target]
result &&= @options[:target].any? {|r| name =~ r}
end

result
Expand Down
4 changes: 2 additions & 2 deletions lib/miam/dsl/converter.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,11 +196,11 @@ def target_matched?(name)
result = true

if @options[:exclude]
result &&= name !~ @options[:exclude]
result &&= @options[:exclude].all? {|r| name !~ r}
end

if @options[:target]
result &&= name =~ @options[:target]
result &&= @options[:target].any? {|r| name =~ r}
end

result
Expand Down
8 changes: 4 additions & 4 deletions spec/miam/attach_detach_policy_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
describe 'attach/detach policy' do
let(:dsl) do
<<-RUBY
user "bob", :path=>"/devloper/" do
user "bob", :path=>"/developer/" do
login_profile :password_reset_required=>true
groups(
Expand Down Expand Up @@ -94,7 +94,7 @@
let(:expected) do
{:users=>
{"bob"=>
{:path=>"/devloper/",
{:path=>"/developer/",
:groups=>["Admin", "SES"],
:attached_managed_policies=>[
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"],
Expand Down Expand Up @@ -174,7 +174,7 @@
context 'when attach policy' do
let(:update_policy_dsl) do
<<-RUBY
user "bob", :path=>"/devloper/" do
user "bob", :path=>"/developer/" do
login_profile :password_reset_required=>true
groups(
Expand Down Expand Up @@ -282,7 +282,7 @@
context 'when detach policy' do
let(:update_policy_dsl) do
<<-RUBY
user "bob", :path=>"/devloper/" do
user "bob", :path=>"/developer/" do
login_profile :password_reset_required=>true
groups(
Expand Down
6 changes: 3 additions & 3 deletions spec/miam/create_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
context 'when create user and group' do
let(:dsl) do
<<-RUBY
user "bob", :path=>"/devloper/" do
user "bob", :path=>"/developer/" do
login_profile :password_reset_required=>true
groups(
Expand Down Expand Up @@ -88,7 +88,7 @@
let(:expected) do
{:users=>
{"bob"=>
{:path=>"/devloper/",
{:path=>"/developer/",
:groups=>["Admin", "SES"],
:attached_managed_policies=>[],
:policies=>
Expand Down Expand Up @@ -184,7 +184,7 @@
end
end
user "bob", :path=>"/devloper/" do
user "bob", :path=>"/developer/" do
include_template context.user_name
end
Expand Down
12 changes: 6 additions & 6 deletions spec/miam/delete_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
describe 'delete' do
let(:dsl) do
<<-RUBY
user "bob", :path=>"/devloper/" do
user "bob", :path=>"/developer/" do
login_profile :password_reset_required=>true
groups(
Expand Down Expand Up @@ -74,7 +74,7 @@
let(:expected) do
{:users=>
{"bob"=>
{:path=>"/devloper/",
{:path=>"/developer/",
:groups=>["Admin", "SES"],
:attached_managed_policies=>[],
:policies=>
Expand Down Expand Up @@ -139,7 +139,7 @@
context 'when delete group' do
let(:delete_group_dsl) do
<<-RUBY
user "bob", :path=>"/devloper/" do
user "bob", :path=>"/developer/" do
login_profile :password_reset_required=>true
groups(
Expand Down Expand Up @@ -351,7 +351,7 @@
context 'when delete instance_profile' do
let(:delete_instance_profiles_dsl) do
<<-RUBY
user "bob", :path=>"/devloper/" do
user "bob", :path=>"/developer/" do
login_profile :password_reset_required=>true
groups(
Expand Down Expand Up @@ -432,7 +432,7 @@
context 'when delete role' do
let(:delete_role_dsl) do
<<-RUBY
user "bob", :path=>"/devloper/" do
user "bob", :path=>"/developer/" do
login_profile :password_reset_required=>true
groups(
Expand Down Expand Up @@ -491,7 +491,7 @@
context 'when delete role and instance_profile' do
let(:delete_role_and_instance_profile_dsl) do
<<-RUBY
user "bob", :path=>"/devloper/" do
user "bob", :path=>"/developer/" do
login_profile :password_reset_required=>true
groups(
Expand Down
237 changes: 237 additions & 0 deletions spec/miam/exclude_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,237 @@
describe 'exclude option' do
let(:dsl) do
<<-RUBY
user "bob", :path=>"/developer/" do
login_profile :password_reset_required=>true
groups(
"Admin",
"SES"
)
policy "S3" do
{"Statement"=>
[{"Action"=>
["s3:Get*",
"s3:List*"],
"Effect"=>"Allow",
"Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
user "mary", :path=>"/staff/" do
policy "S3" do
{"Statement"=>
[{"Action"=>
["s3:Get*",
"s3:List*"],
"Effect"=>"Allow",
"Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
group "Admin", :path=>"/admin/" do
policy "Admin" do
{"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
group "SES", :path=>"/ses/" do
policy "ses-policy" do
{"Statement"=>
[{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
role "my-role", :path=>"/any/" do
instance_profiles(
"my-instance-profile"
)
assume_role_policy_document do
{"Version"=>"2012-10-17",
"Statement"=>
[{"Sid"=>"",
"Effect"=>"Allow",
"Principal"=>{"Service"=>"ec2.amazonaws.com"},
"Action"=>"sts:AssumeRole"}]}
end
policy "role-policy" do
{"Statement"=>
[{"Action"=>
["s3:Get*",
"s3:List*"],
"Effect"=>"Allow",
"Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
instance_profile "my-instance-profile", :path=>"/profile/"
RUBY
end

before(:each) do
apply { dsl }
end

context 'when exclude a user' do
let(:exclude_bob) do
<<-RUBY
user "mary", :path=>"/staff/" do
policy "S3" do
{"Statement"=>
[{"Action"=>
["s3:Get*",
"s3:List*"],
"Effect"=>"Allow",
"Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
group "Admin", :path=>"/admin/" do
policy "Admin" do
{"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
group "SES", :path=>"/ses/" do
policy "ses-policy" do
{"Statement"=>
[{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
role "my-role", :path=>"/any/" do
instance_profiles(
"my-instance-profile"
)
assume_role_policy_document do
{"Version"=>"2012-10-17",
"Statement"=>
[{"Sid"=>"",
"Effect"=>"Allow",
"Principal"=>{"Service"=>"ec2.amazonaws.com"},
"Action"=>"sts:AssumeRole"}]}
end
policy "role-policy" do
{"Statement"=>
[{"Action"=>
["s3:Get*",
"s3:List*"],
"Effect"=>"Allow",
"Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
instance_profile "my-instance-profile", :path=>"/profile/"
RUBY
end

subject { client(exclude: [/bob/]) }

it do
updated = apply(subject) { exclude_bob }
expect(updated).to be_falsey
end
end

context 'when exclude a group, a role and an instance profile' do
let(:exclude_admin_and_my) do
<<-RUBY
user "bob", :path=>"/developer/" do
login_profile :password_reset_required=>true
groups(
"Admin",
"SES"
)
policy "S3" do
{"Statement"=>
[{"Action"=>
["s3:Get*",
"s3:List*"],
"Effect"=>"Allow",
"Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
user "mary", :path=>"/staff/" do
policy "S3" do
{"Statement"=>
[{"Action"=>
["s3:Get*",
"s3:List*"],
"Effect"=>"Allow",
"Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
group "SES", :path=>"/ses/" do
policy "ses-policy" do
{"Statement"=>
[{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
end
attached_managed_policies(
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess"
)
end
RUBY
end

subject { client(exclude: [/Admin/, /^my-/]) }

it do
updated = apply(subject) { exclude_admin_and_my }
expect(updated).to be_falsey
end
end
end
Loading

0 comments on commit 6158a59

Please sign in to comment.