Class: Awscli::Iam::Policies

Inherits:
Object
  • Object
show all
Defined in:
lib/awscli/iam.rb

Instance Method Summary collapse

Constructor Details

#initialize(connection) ⇒ Policies

Returns a new instance of Policies.



262
263
264
 
# File 'lib/awscli/iam.rb', line 262

def initialize(connection)
  @conn = connection
end

Instance Method Details

#add_policy_document(options) ⇒ Object 



288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
 
# File 'lib/awscli/iam.rb', line 288

def add_policy_document(options)
  document = options[:policy_document]
  policyname = options[:policy_name]
  #validate json document
  doc_path = File.expand_path(document)
  abort "Invalid file path: #{file_path}" unless File.exist?(doc_path)
  json_string = File.read(doc_path)
  abort "Invalid JSON format found in the document: #{document}" unless valid_json?(json_string)
  begin
    if options[:user_name]
      @conn.put_user_policy(options[:user_name],
        policyname,
        JSON.parse(json_string)   #json parsed to hash
      )
      puts "Added policy: #{policyname} to user: #{options[:user_name]}"
    elsif options[:group_name]
      @conn.put_group_policy(option[:group_name],
        policyname,
        JSON.parse(json_string)
      )
      puts "Added policy: #{policyname} to group: #{options[:group_name]}"
    elsif options[:role_name]
      @conn.put_role_policy(options[:role_name],
        policyname,
        JSON.parse(json_string)
      )
    end
    puts "Added Policy #{policyname} from #{document}"
  rescue Fog::AWS::IAM::NotFound
    puts "[Error]: #{$!}"
  rescue Fog::AWS::IAM::Error
    puts "[Error]: #{$!}"
  end

  # => Example Documents

  # iam.put_user_policy(username, 'UserKeyPolicy', {
  #   'Statement' => [
  #     'Effect' => 'Allow',
  #     'Action' => 'iam:*AccessKey*',
  #     'Resource' => arn
  #   ]
  # })

  # iam.put_user_policy(username, 'UserS3Policy', {
  #   'Statement' => [
  #     {
  #       'Effect' => 'Allow',
  #       'Action' => ['s3:*'],
  #       'Resource' => [
  #         "arn:aws:s3:::#{bucket_name}",
  #         "arn:aws:s3:::#{bucket_name}/*"
  #       ]
  #     }, {
  #       'Effect' => 'Deny',
  #       'Action' => ['s3:*'],
  #       'NotResource' => [
  #         "arn:aws:s3:::#{bucket_name}",
  #         "arn:aws:s3:::#{bucket_name}/*"
  #       ]
  #     }
  #   ]
  # })
end

#delete_policy(options) ⇒ Object 



353
354
355
356
357
358
359
360
361
362
363
364
365
366
 
# File 'lib/awscli/iam.rb', line 353

def delete_policy(options)
  if options[:user_name]
    @conn.delete_user_policy(options[:user_name], options[:policy_name])
  elsif options[:group_name]
    @conn.delete_group_policy(options[:group_name], options[:policy_name])
  elsif options[:role_name]
    @conn.delete_role_policy(options[:role_name], options[:policy_name])
  end
  puts "Deleted Policy #{options[:policy_name]}"
rescue Fog::AWS::IAM::NotFound
  puts "[Error]: #{$!}"
rescue Fog::AWS::IAM::Error
  puts "[Error]: #{$!}"
end

#list(options) ⇒ Object 



266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
 
# File 'lib/awscli/iam.rb', line 266

def list(options)
  if options[:user_name]
    user = @conn.users.get(options[:user_name])
    abort "[Error]: User not found #{user}" unless user
    user.policies.table
  elsif options[:group_name]
    begin
      grp_policies = @conn.list_group_policies(options[:group_name]).body['PolicyNames'].map { |p| { 'Policy' => p } }
      Formatador.display_table(grp_policies)
    rescue Fog::AWS::IAM::NotFound
      puts "[Error]: #{$!}"
    end
  elsif options[:role_name]
    begin
      role_policies = @conn.list_role_policies(options[:role_name]).body['PolicyNames'].map { |p| {'Policy' => p} }
      Formatador.display_table(role_policies)
    rescue Fog::AWS::IAM::NotFound
      puts "[Error]: #{$!}"
    end
  end
end

#valid_json?(json_string) ⇒ Boolean

Returns:

  • (Boolean) 


368
369
370
371
372
373
 
# File 'lib/awscli/iam.rb', line 368

def valid_json?(json_string)
  JSON.parse(json_string)
  return true
rescue JSON::ParserError
  return false
end