Merge pull request #37 from k1LoW/add-type-iam_group

Add iam_group type
k1LoW · Sep 7, 2015 · 754549d · 754549d
2 parents 5e1b3f4 + 2e959b6
commit 754549d
Show file tree

Hide file tree

Showing 8 changed files with 132 additions and 2 deletions.
diff --git a/doc/resource_types.md b/doc/resource_types.md
@@ -14,6 +14,7 @@
 | [elb](#elb)
 | [lambda](#lambda)
 | [iam_user](#iam_user)
+| [iam_group](#iam_group)
 
 ## <a name="ec2">ec2</a>
 
@@ -280,3 +281,14 @@ IamUser resource type.
 ### belong_to_iam_group
 
 #### its(:path), its(:user_name), its(:user_id), its(:arn), its(:create_date), its(:password_last_used)
+## <a name="iam_group">iam_group</a>
+
+IamGroup resource type.
+
+### exist
+
+### have_iam_policy
+
+### have_iam_user
+
+#### its(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)
diff --git a/lib/awspec/generator/doc/type/iam_group.rb b/lib/awspec/generator/doc/type/iam_group.rb
@@ -0,0 +1,17 @@
+module Awspec::Generator
+  module Doc
+    module Type
+      class IamGroup < Base
+        def initialize
+          super
+          @type_name = 'IamGroup'
+          @type = Awspec::Type::IamGroup.new('my-iam-group')
+          @ret = @type.resource
+          @matchers = []
+          @ignore_matchers = []
+          @describes = []
+        end
+      end
+    end
+  end
+end
diff --git a/lib/awspec/generator/template.rb b/lib/awspec/generator/template.rb
@@ -30,7 +30,7 @@ def self.generate_stub
       path = 'lib/awspec/stub/' + @type.to_snake_case + '.rb'
       full_path = @root_path + path
       content = <<-"EOF"
-# Aws.config[:ec2]= {
+# Aws.config[:ec2] = {
 #   stub_responses: true
 # }
 EOF

diff --git a/lib/awspec/helper/finder/iam.rb b/lib/awspec/helper/finder/iam.rb
@@ -18,6 +18,23 @@ def find_iam_user(id)
         return users[0] if users.count == 1
       end
 
+      def find_iam_group(id)
+        groups = []
+        marker = nil
+        loop do
+          res = @iam_client.list_groups(
+            marker: marker
+          )
+          marker = res.marker
+          break if res.groups.empty?
+          res.groups.each do |group|
+            groups.push(group) if group.group_name == id || group.group_id == id
+          end
+          break unless marker
+        end
+        return groups[0] if groups.count == 1
+      end
+
       def select_iam_group_by_user_name(user_name)
         res = @iam_client.list_groups_for_user({
                                                  user_name: user_name
@@ -31,6 +48,13 @@ def select_iam_policy_by_user_name(user_name)
                                                       })
         res.attached_policies
       end
+
+      def select_iam_policy_by_group_name(group_name)
+        res = @iam_client.list_attached_group_policies({
+                                                         group_name: group_name
+                                                       })
+        res.attached_policies
+      end
     end
   end
 end
diff --git a/lib/awspec/helper/type.rb b/lib/awspec/helper/type.rb
@@ -4,7 +4,7 @@ module Type
       TYPES = %w(
         base ec2 rds rds_db_parameter_group security_group
         vpc s3 route53_hosted_zone auto_scaling_group subnet
-        route_table ebs elb lambda iam_user
+        route_table ebs elb lambda iam_user iam_group
       )
 
       TYPES.each do |type|

diff --git a/lib/awspec/stub/iam_group.rb b/lib/awspec/stub/iam_group.rb
@@ -0,0 +1,43 @@
+Aws.config[:iam] = {
+  stub_responses: {
+    list_groups: {
+      groups: [
+        path: '/',
+        group_name: 'my-iam-group',
+        group_id: 'GABCDEFGHI123455689',
+        arn: 'arn:aws:iam::123456789012:group/my-iam-group',
+        create_date: Time.local(2015)
+      ]
+    },
+    list_users: {
+      users: [
+        path: '/',
+        user_name: 'my-iam-user',
+        user_id: 'ABCDEFGHI1234556890',
+        arn: 'arn:aws:iam::123456789012:user/my-iam-user',
+        create_date: Time.local(2015)
+      ]
+    },
+    list_groups_for_user: {
+      groups: [
+        {
+          path: '/',
+          group_name: 'my-iam-group',
+          group_id: 'GABCDEFGHI123455689',
+          arn: 'arn:aws:iam::123456789012:group/my-iam-group',
+          create_date: Time.local(2015)
+        }
+      ]
+    },
+    list_attached_group_policies: {
+      attached_policies: [
+        {
+          policy_arn: 'arn:aws:iam::aws:policy/ReadOnlyAccess',
+          policy_name: 'ReadOnlyAccess'
+        }
+      ],
+      is_truncated: false,
+      maker: nil
+    }
+  }
+}
diff --git a/lib/awspec/type/iam_group.rb b/lib/awspec/type/iam_group.rb
@@ -0,0 +1,26 @@
+module Awspec::Type
+  class IamGroup < Base
+    def initialize(id)
+      super
+      @resource = find_iam_group(id)
+      @id = @resource[:group_id] if @resource
+    end
+
+    def has_iam_user?(user_id)
+      user = find_iam_user(user_id)
+      return false unless user
+      user_name = user[:user_name]
+      groups = select_iam_group_by_user_name(user_name)
+      groups.find do |group|
+        group.group_id == @id
+      end
+    end
+
+    def has_iam_policy?(policy_id)
+      policies = select_iam_policy_by_group_name(@resource[:group_name])
+      policies.find do |policy|
+        policy.policy_arn == policy_id || policy.policy_name == policy_id
+      end
+    end
+  end
+end
diff --git a/spec/type/iam_group_spec.rb b/spec/type/iam_group_spec.rb
@@ -0,0 +1,8 @@
+require 'spec_helper'
+Awspec::Stub.load 'iam_group'
+
+describe iam_group('my-iam-group') do
+  it { should exist }
+  it { should have_iam_user('my-iam-user') }
+  it { should have_iam_policy('ReadOnlyAccess') }
+end