lib/miam/client.rb in miam-0.2.2 vs lib/miam/client.rb in miam-0.2.3.beta

@@ -11,12 +11,12 @@
 
   def export(export_options = {})
     exported, group_users, instance_profile_roles = Miam::Exporter.export(@iam, @options)
 
     if block_given?
-      [:users, :groups, :roles, :instance_profiles].each do |type|
-        splitted = {:users => {}, :groups => {}, :roles => {}, :instance_profiles => {}}
+      [:users, :groups, :roles, :instance_profiles, :policies].each do |type|
+        splitted = {:users => {}, :groups => {}, :roles => {}, :instance_profiles => {}, :policies => {}}
 
         if export_options[:split_more]
           exported[type].sort_by {|k, v| k }.each do |name, attrs|
             more_splitted = splitted.dup
             more_splitted[type] = {}
@@ -56,14 +56,16 @@
 
   def walk(file)
     expected = load_file(file)
 
     actual, group_users, instance_profile_roles = Miam::Exporter.export(@iam, @options)
-    updated = walk_groups(expected[:groups], actual[:groups], actual[:users], group_users)
+    updated = pre_walk_managed_policies(expected[:policies], actual[:policies])
+    updated = walk_groups(expected[:groups], actual[:groups], actual[:users], group_users) || updated
     updated = walk_users(expected[:users], actual[:users], group_users) || updated
     updated = walk_instance_profiles(expected[:instance_profiles], actual[:instance_profiles], actual[:roles], instance_profile_roles) || updated
     updated = walk_roles(expected[:roles], actual[:roles], instance_profile_roles) || updated
+    updated = post_walk_managed_policies(actual[:policies]) || updated
 
     if @options[:dry_run]
       false
     else
       updated
@@ -436,11 +438,55 @@
     end
 
     updated
   end
 
+  def pre_walk_managed_policies(expected, actual)
+    updated = false
 
+    expected.each do |policy_name, expected_attrs|
+      actual_attrs = actual.delete(policy_name)
+
+      if actual_attrs
+        if expected_attrs[:path] != actual_attrs[:path]
+          log(:warn, "ManagedPolicy `#{policy_name}`: 'path' cannot be updated", :color => :yellow)
+        end
+
+        updated = walk_managed_policy(policy_name, expected_attrs[:document], actual_attrs[:document]) || updated
+      else
+        @driver.create_managed_policy(policy_name, expected_attrs)
+        updated = true
+      end
+    end
+
+    updated
+  end
+
+  def walk_managed_policy(policy_name, expected_document, actual_document)
+    updated = false
+    expected_document.sort_array!
+    actual_document.sort_array!
+
+    if expected_document != actual_document
+      @driver.update_managed_policy(policy_name, expected_document, actual_document)
+      updated = true
+    end
+
+    updated
+  end
+
+  def post_walk_managed_policies(actual)
+    updated = false
+
+    actual.each do |policy_name, actual_attrs|
+      @driver.delete_managed_policy(policy_name)
+      updated = true
+    end
+
+    updated
+  end
+
   def load_file(file)
     if file.kind_of?(String)
       open(file) do |f|
         exec_by_format(
           :ruby => proc { Miam::DSL.parse(f.read, file) },
@@ -492,10 +538,9 @@
 
           second_attrs[third_key] = third_value
         end
       end
     end
-
 
     normalized
   end
 end