Module: Awspec::Helper::Finder::Iam

Included in:

Awspec::Helper::Finder

Defined in:

lib/awspec/helper/finder/iam.rb

Instance Method Summary

• #select_all_attached_policies ⇒ Object
• #select_all_iam_groups ⇒ Object
• #select_all_iam_users ⇒ Object
• #select_attached_entities(policy_id) ⇒ Object
• #select_attached_groups(policy_id) ⇒ Object
• #select_attached_roles(policy_id) ⇒ Object
• #select_attached_users(policy_id) ⇒ Object
• #select_iam_group_by_user_name(user_name) ⇒ Object
• #select_iam_policy_by_group_name(group_name) ⇒ Object
• #select_iam_policy_by_role_name(role_name) ⇒ Object
• #select_iam_policy_by_user_name(user_name) ⇒ Object
• #select_inine_policy_by_group_name(group_name) ⇒ Object
• #select_inine_policy_by_user_name(user_name) ⇒ Object
• #select_policy_evaluation_results(policy_arn, action_name, resource_arn = nil) ⇒ Object

Instance Method Details

#select_all_attached_policies ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 74

def select_all_attached_policies
  selected = []
  res = iam_client.list_policies

  loop do
    selected += res.policies.select { |p| p.attachment_count > 0 }
    (res.next_page? && res = res.next_page) || break
  end

  selected
end

#select_all_iam_groups ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 112

def select_all_iam_groups
  iam_client.list_groups.map do |responce|
    responce.groups
  end.flatten
end

#select_all_iam_users ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 106

def select_all_iam_users
  iam_client.list_users.map do |responce|
    responce.users
  end.flatten
end

#select_attached_entities(policy_id) ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 86

def select_attached_entities(policy_id)
  policy = find_iam_policy(policy_id)
  iam_client.list_entities_for_policy(policy_arn: policy[:arn])
end

#select_attached_groups(policy_id) ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 96

def select_attached_groups(policy_id)
  entities = select_attached_entities(policy_id)
  entities.policy_groups
end

#select_attached_roles(policy_id) ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 101

def select_attached_roles(policy_id)
  entities = select_attached_entities(policy_id)
  entities.policy_roles
end

#select_attached_users(policy_id) ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 91

def select_attached_users(policy_id)
  entities = select_attached_entities(policy_id)
  entities.policy_users
end

#select_iam_group_by_user_name(user_name) ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 32

def select_iam_group_by_user_name(user_name)
  res = iam_client.list_groups_for_user({
                                          user_name: user_name
                                        })
  res.groups
end

#select_iam_policy_by_group_name(group_name) ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 46

def select_iam_policy_by_group_name(group_name)
  res = iam_client.list_attached_group_policies({
                                                  group_name: group_name
                                                })
  res.attached_policies
end

#select_iam_policy_by_role_name(role_name) ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 53

def select_iam_policy_by_role_name(role_name)
  res = iam_client.list_attached_role_policies({
                                                 role_name: role_name
                                               })
  res.attached_policies
end

#select_iam_policy_by_user_name(user_name) ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 39

def select_iam_policy_by_user_name(user_name)
  res = iam_client.list_attached_user_policies({
                                                 user_name: user_name
                                               })
  res.attached_policies
end

#select_inine_policy_by_group_name(group_name) ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 67

def select_inine_policy_by_group_name(group_name)
  res = iam_client.list_group_policies({
                                         group_name: group_name
                                       })
  res.policy_names
end

#select_inine_policy_by_user_name(user_name) ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 60

def select_inine_policy_by_user_name(user_name)
  res = iam_client.list_user_policies({
                                        user_name: user_name
                                      })
  res.policy_names
end

#select_policy_evaluation_results(policy_arn, action_name, resource_arn = nil) ⇒ Object

# File 'lib/awspec/helper/finder/iam.rb', line 22

def select_policy_evaluation_results(policy_arn, action_name, resource_arn = nil)
  options = {
    policy_source_arn: policy_arn,
    action_names: [action_name]
  }
  options[:resource_arns] = [resource_arn] if resource_arn
  res = iam_client.simulate_principal_policy(options)
  res.evaluation_results
end