Skip to content

Commit

Permalink
1. added support for attaching/detaching policies to/from roles
Browse files Browse the repository at this point in the history
2. list policies for roles
3. added corresponding unit tests
  • Loading branch information
chainone committed Aug 11, 2016
1 parent 6182dcc commit bb4460e
Show file tree
Hide file tree
Showing 3 changed files with 99 additions and 7 deletions.
4 changes: 3 additions & 1 deletion ram/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,9 @@ type RamClientInterface interface {
ListEnitiesForPolicy()
SetDefaultPolicyVersion()
ListPoliciesForGroup()
ListPoliciesForRole()
AttachPolicyToRole(attachPolicyRequest AttachPolicyToRoleRequest) (RamCommonResponse, error)
DetachPolicyFromRole(attachPolicyRequest AttachPolicyToRoleRequest) (RamCommonResponse, error)
ListPoliciesForRole(roleQuery RoleQueryRequest) (PolicyListResponse, error)

//TODO security apis
SetAccountAlias(accountAlias AccountAlias) (RamCommonResponse, error)
Expand Down
42 changes: 39 additions & 3 deletions ram/policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,11 @@ type AttachPolicyRequest struct {
UserName string
}

type AttachPolicyToRoleRequest struct {
PolicyRequest
RoleName string
}

func (client *RamClient) CreatePolicy(policyReq PolicyRequest) (PolicyResponse, error) {
var resp PolicyResponse
err := client.Invoke("CreatePolicy", policyReq, &resp)
Expand Down Expand Up @@ -152,8 +157,39 @@ func (client *RamClient) ListPoliciesForUser(userQuery UserQueryRequest) (Policy
return resp, nil
}

//TODO
func (client *RamClient) ListPoliciesForGroup() {}
//
//Role related
//
func (client *RamClient) AttachPolicyToRole(attachPolicyRequest AttachPolicyToRoleRequest) (RamCommonResponse, error) {
var resp RamCommonResponse
err := client.Invoke("AttachPolicyToRole", attachPolicyRequest, &resp)
if err != nil {
return RamCommonResponse{}, err
}
return resp, nil
}

func (client *RamClient) DetachPolicyFromRole(attachPolicyRequest AttachPolicyToRoleRequest) (RamCommonResponse, error) {
var resp RamCommonResponse
err := client.Invoke("DetachPolicyFromRole", attachPolicyRequest, &resp)
if err != nil {
return RamCommonResponse{}, err
}
return resp, nil
}

func (client *RamClient) ListPoliciesForRole(roleQuery RoleQueryRequest) (PolicyListResponse, error) {
var resp PolicyListResponse
err := client.Invoke("ListPoliciesForRole", roleQuery, &resp)
if err != nil {
return PolicyListResponse{}, err
}
return resp, nil
}

//
//Group related
//
//TODO
func (client *RamClient) ListPoliciesForRole() {}
//
func (client *RamClient) ListPoliciesForGroup() {}
60 changes: 57 additions & 3 deletions ram/policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,10 @@ import (
)

var (
policy_username string
policy_name string
policy_document = PolicyDocument{
policy_username string
policy_role_name string
policy_name string
policy_document = PolicyDocument{
Statement: []PolicyItem{
PolicyItem{
Action: "*",
Expand Down Expand Up @@ -112,6 +113,59 @@ func TestDetachPolicyFromUser(t *testing.T) {
t.Logf("pass DetachPolicyFromUser %++v", resp)
}

func TestAttachPolicyToRole(t *testing.T) {
client := NewTestClient()
resp, err := client.ListRoles()
if err != nil {
t.Errorf("Failed to ListRole %v", err)
return
}
policy_role_name = resp.Roles.Role[0].RoleName
attachPolicyRequest := AttachPolicyToRoleRequest{
PolicyRequest: PolicyRequest{
PolicyType: "Custom",
PolicyName: policy_name,
},
RoleName: policy_role_name,
}
attachResp, err := client.AttachPolicyToRole(attachPolicyRequest)
if err != nil {
t.Errorf("Failed to AttachPolicyToRole %v", err)
return
}
t.Logf("pass AttachPolicyToRole %++v", attachResp)
}

func TestListPoliciesForRole(t *testing.T) {
client := NewTestClient()
roleQuery := RoleQueryRequest{
RoleName: policy_role_name,
}
resp, err := client.ListPoliciesForRole(roleQuery)
if err != nil {
t.Errorf("Failed to ListPoliciesForRole %v", err)
return
}
t.Logf("pass ListPoliciesForRole %++v", resp)
}

func TestDetachPolicyFromRole(t *testing.T) {
client := NewTestClient()
detachPolicyRequest := AttachPolicyToRoleRequest{
PolicyRequest: PolicyRequest{
PolicyType: "Custom",
PolicyName: policy_name,
},
RoleName: policy_role_name,
}
resp, err := client.DetachPolicyFromRole(detachPolicyRequest)
if err != nil {
t.Errorf("Failed to DetachPolicyFromRole %++v", err)
return
}
t.Logf("pass DetachPolicyFromRole %++v", resp)
}

func TestDeletePolicy(t *testing.T) {
client := NewTestClient()
policyReq := policy_req
Expand Down

0 comments on commit bb4460e

Please sign in to comment.