class Awscli::Iam::Policies
Public Class Methods
new(connection)
click to toggle source
# File lib/awscli/iam.rb, line 262 def initialize(connection) @conn = connection end
Public Instance Methods
add_policy_document(options)
click to toggle source
# File lib/awscli/iam.rb, line 288 def add_policy_document(options) document = options[:policy_document] policyname = options[:policy_name] #validate json document doc_path = File.expand_path(document) abort "Invalid file path: #{file_path}" unless File.exist?(doc_path) json_string = File.read(doc_path) abort "Invalid JSON format found in the document: #{document}" unless valid_json?(json_string) begin if options[:user_name] @conn.put_user_policy(options[:user_name], policyname, JSON.parse(json_string) #json parsed to hash ) puts "Added policy: #{policyname} to user: #{options[:user_name]}" elsif options[:group_name] @conn.put_group_policy(option[:group_name], policyname, JSON.parse(json_string) ) puts "Added policy: #{policyname} to group: #{options[:group_name]}" elsif options[:role_name] @conn.put_role_policy(options[:role_name], policyname, JSON.parse(json_string) ) end puts "Added Policy #{policyname} from #{document}" rescue Fog::AWS::IAM::NotFound puts "[Error]: #{$!}" rescue Fog::AWS::IAM::Error puts "[Error]: #{$!}" end # => Example Documents # iam.put_user_policy(username, 'UserKeyPolicy', { # 'Statement' => [ # 'Effect' => 'Allow', # 'Action' => 'iam:*AccessKey*', # 'Resource' => arn # ] # }) # iam.put_user_policy(username, 'UserS3Policy', { # 'Statement' => [ # { # 'Effect' => 'Allow', # 'Action' => ['s3:*'], # 'Resource' => [ # "arn:aws:s3:::#{bucket_name}", # "arn:aws:s3:::#{bucket_name}/*" # ] # }, { # 'Effect' => 'Deny', # 'Action' => ['s3:*'], # 'NotResource' => [ # "arn:aws:s3:::#{bucket_name}", # "arn:aws:s3:::#{bucket_name}/*" # ] # } # ] # }) end
delete_policy(options)
click to toggle source
# File lib/awscli/iam.rb, line 353 def delete_policy(options) if options[:user_name] @conn.delete_user_policy(options[:user_name], options[:policy_name]) elsif options[:group_name] @conn.delete_group_policy(options[:group_name], options[:policy_name]) elsif options[:role_name] @conn.delete_role_policy(options[:role_name], options[:policy_name]) end puts "Deleted Policy #{options[:policy_name]}" rescue Fog::AWS::IAM::NotFound puts "[Error]: #{$!}" rescue Fog::AWS::IAM::Error puts "[Error]: #{$!}" end
list(options)
click to toggle source
# File lib/awscli/iam.rb, line 266 def list(options) if options[:user_name] user = @conn.users.get(options[:user_name]) abort "[Error]: User not found #{user}" unless user user.policies.table elsif options[:group_name] begin grp_policies = @conn.list_group_policies(options[:group_name]).body['PolicyNames'].map { |p| { 'Policy' => p } } Formatador.display_table(grp_policies) rescue Fog::AWS::IAM::NotFound puts "[Error]: #{$!}" end elsif options[:role_name] begin role_policies = @conn.list_role_policies(options[:role_name]).body['PolicyNames'].map { |p| {'Policy' => p} } Formatador.display_table(role_policies) rescue Fog::AWS::IAM::NotFound puts "[Error]: #{$!}" end end end
valid_json?(json_string)
click to toggle source
# File lib/awscli/iam.rb, line 368 def valid_json?(json_string) JSON.parse(json_string) return true rescue JSON::ParserError return false end