Sha256: ce65878062c5131c7d3fa91bb802c6b30853676465cf9a758d07de863e1b40aa
Contents?: true
Size: 1.4 KB
Versions: 52
Compression:
Stored size: 1.4 KB
Contents
### exist ```ruby describe iam_role('my-iam-role') do it { should exist } end ``` ### be_allowed_action ```ruby describe iam_role('my-iam-role') do it { should be_allowed_action('ec2:DescribeInstances') } it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') } end ``` ### have_iam_policy ```ruby describe iam_role('my-iam-role') do it { should have_iam_policy('ReadOnlyAccess') } end ``` ### have_inline_policy ```ruby describe iam_role('my-iam-role') do it { should have_inline_policy('AllowS3BucketAccess') } it do should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC') { "Statement": [ { "Action": [ "s3:ListAllMyBuckets" ], "Effect": "Allow", "Resource": "arn:aws:s3:::*" }, { "Action": "s3:*", "Effect": "Allow", "Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"] } ] } DOC end end ``` You can test absence of inline policies. ```ruby describe iam_role('my-iam-role') do it { should_not have_inline_policy } end ``` ### advanced `iam_role` can use `Aws::IAM::Role` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Role.html). ```ruby describe iam_role('my-iam-role') do its('attached_policies.count') { should eq 5 } end ``` or ```ruby describe iam_role('my-iam-role') do its('resource.attached_policies.count') { should eq 5 } end ```
Version data entries
52 entries across 52 versions & 3 rubygems