class Awscli::Iam::Policies

Public Class Methods

new(connection) click to toggle source
# File lib/awscli/iam.rb, line 262
def initialize(connection)
  @conn = connection
end

Public Instance Methods

add_policy_document(options) click to toggle source
# File lib/awscli/iam.rb, line 288
def add_policy_document(options)
  document = options[:policy_document]
  policyname = options[:policy_name]
  #validate json document
  doc_path = File.expand_path(document)
  abort "Invalid file path: #{file_path}" unless File.exist?(doc_path)
  json_string = File.read(doc_path)
  abort "Invalid JSON format found in the document: #{document}" unless valid_json?(json_string)
  begin
    if options[:user_name]
      @conn.put_user_policy(options[:user_name],
        policyname,
        JSON.parse(json_string)   #json parsed to hash
      )
      puts "Added policy: #{policyname} to user: #{options[:user_name]}"
    elsif options[:group_name]
      @conn.put_group_policy(option[:group_name],
        policyname,
        JSON.parse(json_string)
      )
      puts "Added policy: #{policyname} to group: #{options[:group_name]}"
    elsif options[:role_name]
      @conn.put_role_policy(options[:role_name],
        policyname,
        JSON.parse(json_string)
      )
    end
    puts "Added Policy #{policyname} from #{document}"
  rescue Fog::AWS::IAM::NotFound
    puts "[Error]: #{$!}"
  rescue Fog::AWS::IAM::Error
    puts "[Error]: #{$!}"
  end

  # => Example Documents

  # iam.put_user_policy(username, 'UserKeyPolicy', {
  #   'Statement' => [
  #     'Effect' => 'Allow',
  #     'Action' => 'iam:*AccessKey*',
  #     'Resource' => arn
  #   ]
  # })

  # iam.put_user_policy(username, 'UserS3Policy', {
  #   'Statement' => [
  #     {
  #       'Effect' => 'Allow',
  #       'Action' => ['s3:*'],
  #       'Resource' => [
  #         "arn:aws:s3:::#{bucket_name}",
  #         "arn:aws:s3:::#{bucket_name}/*"
  #       ]
  #     }, {
  #       'Effect' => 'Deny',
  #       'Action' => ['s3:*'],
  #       'NotResource' => [
  #         "arn:aws:s3:::#{bucket_name}",
  #         "arn:aws:s3:::#{bucket_name}/*"
  #       ]
  #     }
  #   ]
  # })
end
delete_policy(options) click to toggle source
# File lib/awscli/iam.rb, line 353
def delete_policy(options)
  if options[:user_name]
    @conn.delete_user_policy(options[:user_name], options[:policy_name])
  elsif options[:group_name]
    @conn.delete_group_policy(options[:group_name], options[:policy_name])
  elsif options[:role_name]
    @conn.delete_role_policy(options[:role_name], options[:policy_name])
  end
  puts "Deleted Policy #{options[:policy_name]}"
rescue Fog::AWS::IAM::NotFound
  puts "[Error]: #{$!}"
rescue Fog::AWS::IAM::Error
  puts "[Error]: #{$!}"
end
list(options) click to toggle source
# File lib/awscli/iam.rb, line 266
def list(options)
  if options[:user_name]
    user = @conn.users.get(options[:user_name])
    abort "[Error]: User not found #{user}" unless user
    user.policies.table
  elsif options[:group_name]
    begin
      grp_policies = @conn.list_group_policies(options[:group_name]).body['PolicyNames'].map { |p| { 'Policy' => p } }
      Formatador.display_table(grp_policies)
    rescue Fog::AWS::IAM::NotFound
      puts "[Error]: #{$!}"
    end
  elsif options[:role_name]
    begin
      role_policies = @conn.list_role_policies(options[:role_name]).body['PolicyNames'].map { |p| {'Policy' => p} }
      Formatador.display_table(role_policies)
    rescue Fog::AWS::IAM::NotFound
      puts "[Error]: #{$!}"
    end
  end
end
valid_json?(json_string) click to toggle source
# File lib/awscli/iam.rb, line 368
def valid_json?(json_string)
  JSON.parse(json_string)
  return true
rescue JSON::ParserError
  return false
end