-
Notifications
You must be signed in to change notification settings - Fork 9
/
alicloud_ram_policies.rb
110 lines (93 loc) · 3.25 KB
/
alicloud_ram_policies.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
require 'alicloud_backend'
class AliCloudRamPolicies < AliCloudResourceBase
name 'alicloud_ram_policies'
desc 'Verifies settings for a collection of AliCloud RAM Policies.'
example <<-EXAMPLE
describe alicloud_ram_policies do
it { should exist }
end
EXAMPLE
attr_reader :table
FilterTable.create
.register_column(:policy_names, field: :policy_name)
.register_column(:default_versions, field: :default_version)
.register_column(:attachment_counts, field: :attachment_count)
.register_column(:attached_groups, field: :attached_groups)
.register_column(:attached_roles, field: :attached_roles)
.register_column(:attached_users, field: :attached_users)
.install_filter_methods_on_resource(self, :table)
def initialize(opts = {})
opts = { type: opts } if opts.is_a?(String)
super(opts)
validate_parameters(allow: %i(only_attached type), required: %i(region))
@type = opts[:type]
opts[:type] = 'System' unless opts[:type]
@table = fetch_data(opts)
return unless @type.nil?
opts[:type] = 'Custom'
@table += fetch_data(opts)
end
def fetch_data(opts)
ram_policy_rows = []
loop do
response = list_policies(opts)
return [] if !response || response.empty?
response['Policies']['Policy'].map do |policy|
next if opts[:only_attached] && (policy['AttachmentCount']).zero?
row = { policy_name: policy['PolicyName'],
default_version: policy['DefaultVersion'],
attachment_count: policy['AttachmentCount'] }
if (policy['AttachmentCount']).positive?
attached_entities = get_attached_entities(opts.merge({ policy_name: policy['PolicyName'] }))
row[:attached_groups] = attached_entities['Groups']['Group'].map { |x| x['GroupName'] }
row[:attached_roles] = attached_entities['Roles']['Role'].map { |x| x['RoleName'] }
row[:attached_users] = attached_entities['Users']['User'].map { |x| x['UserName'] }
else
row[:attached_groups] = []
row[:attached_roles] = []
row[:attached_users] = []
end
ram_policy_rows += [row]
end
break unless response['IsTruncated']
opts[:marker] = response['Marker']
end
opts.delete(:marker)
ram_policy_rows
end
def list_policies(opts)
filters = { RegionId: opts[:region] }
filters['PolicyType'] = opts[:type]
filters['Marker'] = opts[:marker] if opts[:marker]
catch_alicloud_errors do
resp = @alicloud.ram_client.request(
action: 'ListPolicies',
params: filters,
opts: {
method: 'POST',
},
)
return resp
end
end
def get_attached_entities(opts)
filters = { RegionId: opts[:region], PolicyName: opts[:policy_name] }
filters['PolicyType'] = opts[:type] || 'System'
catch_alicloud_errors do
resp = @alicloud.ram_client.request(
action: 'ListEntitiesForPolicy',
params: filters,
opts: {
method: 'POST',
},
)
return resp
end
end
def exists?
end
def to_s
"AliCloud RAM Policies (#{@type.nil? ? 'All' : @type})"
end
end