diff --git a/doc/resource_types.md b/doc/resource_types.md
index 13f5cca29..983e54cc0 100644
--- a/doc/resource_types.md
+++ b/doc/resource_types.md
@@ -14,6 +14,7 @@
| [elb](#elb)
| [lambda](#lambda)
| [iam_user](#iam_user)
+| [iam_group](#iam_group)
## ec2
@@ -280,3 +281,14 @@ IamUser resource type.
### belong_to_iam_group
#### its(:path), its(:user_name), its(:user_id), its(:arn), its(:create_date), its(:password_last_used)
+## iam_group
+
+IamGroup resource type.
+
+### exist
+
+### have_iam_policy
+
+### have_iam_user
+
+#### its(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)
diff --git a/lib/awspec/generator/doc/type/iam_group.rb b/lib/awspec/generator/doc/type/iam_group.rb
new file mode 100644
index 000000000..954f62bf7
--- /dev/null
+++ b/lib/awspec/generator/doc/type/iam_group.rb
@@ -0,0 +1,17 @@
+module Awspec::Generator
+ module Doc
+ module Type
+ class IamGroup < Base
+ def initialize
+ super
+ @type_name = 'IamGroup'
+ @type = Awspec::Type::IamGroup.new('my-iam-group')
+ @ret = @type.resource
+ @matchers = []
+ @ignore_matchers = []
+ @describes = []
+ end
+ end
+ end
+ end
+end
diff --git a/lib/awspec/generator/template.rb b/lib/awspec/generator/template.rb
index a5902cd93..eb13cd10e 100644
--- a/lib/awspec/generator/template.rb
+++ b/lib/awspec/generator/template.rb
@@ -30,7 +30,7 @@ def self.generate_stub
path = 'lib/awspec/stub/' + @type.to_snake_case + '.rb'
full_path = @root_path + path
content = <<-"EOF"
-# Aws.config[:ec2]= {
+# Aws.config[:ec2] = {
# stub_responses: true
# }
EOF
diff --git a/lib/awspec/helper/finder/iam.rb b/lib/awspec/helper/finder/iam.rb
index 4f7ec97dd..34199e650 100644
--- a/lib/awspec/helper/finder/iam.rb
+++ b/lib/awspec/helper/finder/iam.rb
@@ -18,6 +18,23 @@ def find_iam_user(id)
return users[0] if users.count == 1
end
+ def find_iam_group(id)
+ groups = []
+ marker = nil
+ loop do
+ res = @iam_client.list_groups(
+ marker: marker
+ )
+ marker = res.marker
+ break if res.groups.empty?
+ res.groups.each do |group|
+ groups.push(group) if group.group_name == id || group.group_id == id
+ end
+ break unless marker
+ end
+ return groups[0] if groups.count == 1
+ end
+
def select_iam_group_by_user_name(user_name)
res = @iam_client.list_groups_for_user({
user_name: user_name
@@ -31,6 +48,13 @@ def select_iam_policy_by_user_name(user_name)
})
res.attached_policies
end
+
+ def select_iam_policy_by_group_name(group_name)
+ res = @iam_client.list_attached_group_policies({
+ group_name: group_name
+ })
+ res.attached_policies
+ end
end
end
end
diff --git a/lib/awspec/helper/type.rb b/lib/awspec/helper/type.rb
index 32fa35b37..85e110526 100644
--- a/lib/awspec/helper/type.rb
+++ b/lib/awspec/helper/type.rb
@@ -4,7 +4,7 @@ module Type
TYPES = %w(
base ec2 rds rds_db_parameter_group security_group
vpc s3 route53_hosted_zone auto_scaling_group subnet
- route_table ebs elb lambda iam_user
+ route_table ebs elb lambda iam_user iam_group
)
TYPES.each do |type|
diff --git a/lib/awspec/stub/iam_group.rb b/lib/awspec/stub/iam_group.rb
new file mode 100644
index 000000000..e892c569f
--- /dev/null
+++ b/lib/awspec/stub/iam_group.rb
@@ -0,0 +1,43 @@
+Aws.config[:iam] = {
+ stub_responses: {
+ list_groups: {
+ groups: [
+ path: '/',
+ group_name: 'my-iam-group',
+ group_id: 'GABCDEFGHI123455689',
+ arn: 'arn:aws:iam::123456789012:group/my-iam-group',
+ create_date: Time.local(2015)
+ ]
+ },
+ list_users: {
+ users: [
+ path: '/',
+ user_name: 'my-iam-user',
+ user_id: 'ABCDEFGHI1234556890',
+ arn: 'arn:aws:iam::123456789012:user/my-iam-user',
+ create_date: Time.local(2015)
+ ]
+ },
+ list_groups_for_user: {
+ groups: [
+ {
+ path: '/',
+ group_name: 'my-iam-group',
+ group_id: 'GABCDEFGHI123455689',
+ arn: 'arn:aws:iam::123456789012:group/my-iam-group',
+ create_date: Time.local(2015)
+ }
+ ]
+ },
+ list_attached_group_policies: {
+ attached_policies: [
+ {
+ policy_arn: 'arn:aws:iam::aws:policy/ReadOnlyAccess',
+ policy_name: 'ReadOnlyAccess'
+ }
+ ],
+ is_truncated: false,
+ maker: nil
+ }
+ }
+}
diff --git a/lib/awspec/type/iam_group.rb b/lib/awspec/type/iam_group.rb
new file mode 100644
index 000000000..271bc5d2a
--- /dev/null
+++ b/lib/awspec/type/iam_group.rb
@@ -0,0 +1,26 @@
+module Awspec::Type
+ class IamGroup < Base
+ def initialize(id)
+ super
+ @resource = find_iam_group(id)
+ @id = @resource[:group_id] if @resource
+ end
+
+ def has_iam_user?(user_id)
+ user = find_iam_user(user_id)
+ return false unless user
+ user_name = user[:user_name]
+ groups = select_iam_group_by_user_name(user_name)
+ groups.find do |group|
+ group.group_id == @id
+ end
+ end
+
+ def has_iam_policy?(policy_id)
+ policies = select_iam_policy_by_group_name(@resource[:group_name])
+ policies.find do |policy|
+ policy.policy_arn == policy_id || policy.policy_name == policy_id
+ end
+ end
+ end
+end
diff --git a/spec/type/iam_group_spec.rb b/spec/type/iam_group_spec.rb
new file mode 100644
index 000000000..4cb5ede1c
--- /dev/null
+++ b/spec/type/iam_group_spec.rb
@@ -0,0 +1,8 @@
+require 'spec_helper'
+Awspec::Stub.load 'iam_group'
+
+describe iam_group('my-iam-group') do
+ it { should exist }
+ it { should have_iam_user('my-iam-user') }
+ it { should have_iam_policy('ReadOnlyAccess') }
+end