spec/miam/rename_spec.rb in miam-0.1.0 vs spec/miam/rename_spec.rb in miam-0.1.1
- old
+ new
@@ -40,10 +40,36 @@
policy "ses-policy" do
{"Statement"=>
[{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
end
end
+
+ role "my-role", :path=>"/any/" do
+ instance_profiles(
+ "my-instance-profile"
+ )
+
+ assume_role_policy_document do
+ {"Version"=>"2012-10-17",
+ "Statement"=>
+ [{"Sid"=>"",
+ "Effect"=>"Allow",
+ "Principal"=>{"Service"=>"ec2.amazonaws.com"},
+ "Action"=>"sts:AssumeRole"}]}
+ end
+
+ policy "role-policy" do
+ {"Statement"=>
+ [{"Action"=>
+ ["s3:Get*",
+ "s3:List*"],
+ "Effect"=>"Allow",
+ "Resource"=>"*"}]}
+ end
+ end
+
+ instance_profile "my-instance-profile", :path=>"/profile/"
RUBY
end
let(:expected) do
{:users=>
@@ -77,11 +103,29 @@
:policies=>
{"ses-policy"=>
{"Statement"=>
[{"Effect"=>"Allow",
"Action"=>"ses:SendRawEmail",
- "Resource"=>"*"}]}}}}}
+ "Resource"=>"*"}]}}}},
+ :roles=>
+ {"my-role"=>
+ {:path=>"/any/",
+ :assume_role_policy_document=>
+ {"Version"=>"2012-10-17",
+ "Statement"=>
+ [{"Sid"=>"",
+ "Effect"=>"Allow",
+ "Principal"=>{"Service"=>"ec2.amazonaws.com"},
+ "Action"=>"sts:AssumeRole"}]},
+ :instance_profiles=>["my-instance-profile"],
+ :policies=>
+ {"role-policy"=>
+ {"Statement"=>
+ [{"Action"=>["s3:Get*", "s3:List*"],
+ "Effect"=>"Allow",
+ "Resource"=>"*"}]}}}},
+ :instance_profiles=>{"my-instance-profile"=>{:path=>"/profile/"}}}
end
before(:each) do
apply { dsl }
end
@@ -128,10 +172,36 @@
policy "ses-policy" do
{"Statement"=>
[{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
end
end
+
+ role "my-role", :path=>"/any/" do
+ instance_profiles(
+ "my-instance-profile"
+ )
+
+ assume_role_policy_document do
+ {"Version"=>"2012-10-17",
+ "Statement"=>
+ [{"Sid"=>"",
+ "Effect"=>"Allow",
+ "Principal"=>{"Service"=>"ec2.amazonaws.com"},
+ "Action"=>"sts:AssumeRole"}]}
+ end
+
+ policy "role-policy" do
+ {"Statement"=>
+ [{"Action"=>
+ ["s3:Get*",
+ "s3:List*"],
+ "Effect"=>"Allow",
+ "Resource"=>"*"}]}
+ end
+ end
+
+ instance_profile "my-instance-profile", :path=>"/profile/"
RUBY
end
subject { client }
@@ -185,10 +255,36 @@
policy "ses-policy" do
{"Statement"=>
[{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
end
end
+
+ role "my-role", :path=>"/any/" do
+ instance_profiles(
+ "my-instance-profile"
+ )
+
+ assume_role_policy_document do
+ {"Version"=>"2012-10-17",
+ "Statement"=>
+ [{"Sid"=>"",
+ "Effect"=>"Allow",
+ "Principal"=>{"Service"=>"ec2.amazonaws.com"},
+ "Action"=>"sts:AssumeRole"}]}
+ end
+
+ policy "role-policy" do
+ {"Statement"=>
+ [{"Action"=>
+ ["s3:Get*",
+ "s3:List*"],
+ "Effect"=>"Allow",
+ "Resource"=>"*"}]}
+ end
+ end
+
+ instance_profile "my-instance-profile", :path=>"/profile/"
RUBY
end
subject { client }
@@ -243,10 +339,36 @@
policy "ses-policy" do
{"Statement"=>
[{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
end
end
+
+ role "my-role", :path=>"/any/" do
+ instance_profiles(
+ "my-instance-profile"
+ )
+
+ assume_role_policy_document do
+ {"Version"=>"2012-10-17",
+ "Statement"=>
+ [{"Sid"=>"",
+ "Effect"=>"Allow",
+ "Principal"=>{"Service"=>"ec2.amazonaws.com"},
+ "Action"=>"sts:AssumeRole"}]}
+ end
+
+ policy "role-policy" do
+ {"Statement"=>
+ [{"Action"=>
+ ["s3:Get*",
+ "s3:List*"],
+ "Effect"=>"Allow",
+ "Resource"=>"*"}]}
+ end
+ end
+
+ instance_profile "my-instance-profile", :path=>"/profile/"
RUBY
end
subject { client }
@@ -254,9 +376,94 @@
updated = apply(subject) { rename_without_renamed_from_dsl }
expect(updated).to be_truthy
expected[:users]["bob"][:groups] = ["Admin", "SES2"]
expected[:users]["bob2"] = expected[:users].delete("bob")
expected[:groups]["SES2"] = expected[:groups].delete("SES")
+ expect(export).to eq expected
+ end
+ end
+
+ context 'when rename role and instance_profile' do
+ let(:rename_role_and_instance_profile_dsl) do
+ <<-RUBY
+ user "bob", :path=>"/devloper/" do
+ login_profile :password_reset_required=>true
+
+ groups(
+ "Admin",
+ "SES"
+ )
+
+ policy "S3" do
+ {"Statement"=>
+ [{"Action"=>
+ ["s3:Get*",
+ "s3:List*"],
+ "Effect"=>"Allow",
+ "Resource"=>"*"}]}
+ end
+ end
+
+ user "mary", :path=>"/staff/" do
+ policy "S3" do
+ {"Statement"=>
+ [{"Action"=>
+ ["s3:Get*",
+ "s3:List*"],
+ "Effect"=>"Allow",
+ "Resource"=>"*"}]}
+ end
+ end
+
+ group "Admin", :path=>"/admin/" do
+ policy "Admin" do
+ {"Statement"=>[{"Effect"=>"Allow", "Action"=>"*", "Resource"=>"*"}]}
+ end
+ end
+
+ group "SES", :path=>"/ses/" do
+ policy "ses-policy" do
+ {"Statement"=>
+ [{"Effect"=>"Allow", "Action"=>"ses:SendRawEmail", "Resource"=>"*"}]}
+ end
+ end
+
+ role "my-role2", :path=>"/any/" do
+ instance_profiles(
+ "my-instance-profile2"
+ )
+
+ assume_role_policy_document do
+ {"Version"=>"2012-10-17",
+ "Statement"=>
+ [{"Sid"=>"",
+ "Effect"=>"Allow",
+ "Principal"=>{"Service"=>"ec2.amazonaws.com"},
+ "Action"=>"sts:AssumeRole"}]}
+ end
+
+ policy "role-policy" do
+ {"Statement"=>
+ [{"Action"=>
+ ["s3:Get*",
+ "s3:List*"],
+ "Effect"=>"Allow",
+ "Resource"=>"*"}]}
+ end
+ end
+
+ instance_profile "my-instance-profile2", :path=>"/profile/"
+ RUBY
+ end
+
+ subject { client }
+
+ it do
+ updated = apply(subject) { rename_role_and_instance_profile_dsl }
+ expect(updated).to be_truthy
+ expected[:roles]["my-role"][:instance_profiles] = ["my-instance-profile2"]
+ expected[:roles]["my-role2"] = expected[:roles].delete("my-role")
+ expected[:instance_profiles]["my-instance-profile2"] = expected[:instance_profiles].delete("my-instance-profile")
expect(export).to eq expected
end
end
end