added IAM role policy crud

This commit is contained in:
Adrian Cole 2013-02-24 23:37:19 -08:00
parent 1c17f59073
commit c22699a2b2
21 changed files with 1057 additions and 8 deletions

View File

@ -0,0 +1,32 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.aws.iam.features;
import org.jclouds.iam.features.RolePolicyApiLiveTest;
import org.testng.annotations.Test;
/**
* @author Adrian Cole
*/
@Test(groups = "live", testName = "AWSRolePolicyApiLiveTest")
public class AWSRolePolicyApiLiveTest extends RolePolicyApiLiveTest {
public AWSRolePolicyApiLiveTest() {
provider = "aws-iam";
}
}

View File

@ -18,8 +18,11 @@
*/ */
package org.jclouds.iam; package org.jclouds.iam;
import javax.ws.rs.FormParam;
import org.jclouds.iam.domain.User; import org.jclouds.iam.domain.User;
import org.jclouds.iam.features.RoleApi; import org.jclouds.iam.features.RoleApi;
import org.jclouds.iam.features.RolePolicyApi;
import org.jclouds.iam.features.UserApi; import org.jclouds.iam.features.UserApi;
import org.jclouds.rest.annotations.Delegate; import org.jclouds.rest.annotations.Delegate;
@ -27,9 +30,7 @@ import org.jclouds.rest.annotations.Delegate;
* Provides access to Amazon IAM via the Query API * Provides access to Amazon IAM via the Query API
* <p/> * <p/>
* *
* @see <a * @see <a href="http://docs.amazonwebservices.com/IAM/latest/APIReference" />
* href="http://docs.amazonwebservices.com/IAM/latest/APIReference"
* />
* @author Adrian Cole * @author Adrian Cole
*/ */
public interface IAMApi { public interface IAMApi {
@ -49,4 +50,10 @@ public interface IAMApi {
*/ */
@Delegate @Delegate
RoleApi getRoleApi(); RoleApi getRoleApi();
/**
* Provides synchronous access to Role Policy features.
*/
@Delegate
RolePolicyApi getPolicyApiForRole(@FormParam("RoleName") String roleName);
} }

View File

@ -19,12 +19,14 @@
package org.jclouds.iam; package org.jclouds.iam;
import javax.inject.Named; import javax.inject.Named;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST; import javax.ws.rs.POST;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import org.jclouds.aws.filters.FormSigner; import org.jclouds.aws.filters.FormSigner;
import org.jclouds.iam.domain.User; import org.jclouds.iam.domain.User;
import org.jclouds.iam.features.RoleAsyncApi; import org.jclouds.iam.features.RoleAsyncApi;
import org.jclouds.iam.features.RolePolicyAsyncApi;
import org.jclouds.iam.features.UserAsyncApi; import org.jclouds.iam.features.UserAsyncApi;
import org.jclouds.iam.xml.UserHandler; import org.jclouds.iam.xml.UserHandler;
import org.jclouds.rest.annotations.Delegate; import org.jclouds.rest.annotations.Delegate;
@ -39,9 +41,7 @@ import com.google.common.util.concurrent.ListenableFuture;
* Provides access to Amazon IAM via the Query API * Provides access to Amazon IAM via the Query API
* <p/> * <p/>
* *
* @see <a * @see <a href="http://docs.amazonwebservices.com/IAM/latest/APIReference" />
* href="http://docs.amazonwebservices.com/IAM/latest/APIReference"
* />
* @author Adrian Cole * @author Adrian Cole
*/ */
@RequestFilters(FormSigner.class) @RequestFilters(FormSigner.class)
@ -69,4 +69,10 @@ public interface IAMAsyncApi {
*/ */
@Delegate @Delegate
RoleAsyncApi getRoleApi(); RoleAsyncApi getRoleApi();
/**
* Provides asynchronous access to Role Policy features.
*/
@Delegate
RolePolicyAsyncApi getPolicyApiForRole(@FormParam("RoleName") String roleName);
} }

View File

@ -27,6 +27,8 @@ import org.jclouds.iam.IAMApi;
import org.jclouds.iam.IAMAsyncApi; import org.jclouds.iam.IAMAsyncApi;
import org.jclouds.iam.features.RoleApi; import org.jclouds.iam.features.RoleApi;
import org.jclouds.iam.features.RoleAsyncApi; import org.jclouds.iam.features.RoleAsyncApi;
import org.jclouds.iam.features.RolePolicyApi;
import org.jclouds.iam.features.RolePolicyAsyncApi;
import org.jclouds.iam.features.UserApi; import org.jclouds.iam.features.UserApi;
import org.jclouds.iam.features.UserAsyncApi; import org.jclouds.iam.features.UserAsyncApi;
import org.jclouds.rest.ConfiguresRestClient; import org.jclouds.rest.ConfiguresRestClient;
@ -43,6 +45,7 @@ public class IAMRestClientModule extends FormSigningRestClientModule<IAMApi, IAM
public static final Map<Class<?>, Class<?>> DELEGATE_MAP = ImmutableMap.<Class<?>, Class<?>> builder()// public static final Map<Class<?>, Class<?>> DELEGATE_MAP = ImmutableMap.<Class<?>, Class<?>> builder()//
.put(UserApi.class, UserAsyncApi.class) .put(UserApi.class, UserAsyncApi.class)
.put(RoleApi.class, RoleAsyncApi.class) .put(RoleApi.class, RoleAsyncApi.class)
.put(RolePolicyApi.class, RolePolicyAsyncApi.class)
.build(); .build();
public IAMRestClientModule() { public IAMRestClientModule() {

View File

@ -0,0 +1,130 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.iam.domain;
import static com.google.common.base.Objects.equal;
import static com.google.common.base.Objects.toStringHelper;
import static com.google.common.base.Preconditions.checkNotNull;
import com.google.common.base.Objects;
/**
* @see <a href="http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html" />
*
* @author Adrian Cole
*/
public final class Policy {
private final String owner;
private final String name;
private final String document;
private Policy(String owner, String name, String document) {
this.name = checkNotNull(name, "name");
this.owner = checkNotNull(owner, "owner for %s", owner);
this.document = checkNotNull(document, "document for %s", owner);
}
/**
* The group, user, or role the policy is associated with.
*/
public String getOwner() {
return owner;
}
/**
* friendly name ex. {@code Developers}
*/
public String getName() {
return name;
}
/**
* The policy document.
*/
public String getDocument() {
return document;
}
@Override
public int hashCode() {
return Objects.hashCode(owner, name);
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null || getClass() != obj.getClass())
return false;
Policy that = Policy.class.cast(obj);
return equal(this.owner, that.owner) && equal(this.name, that.name);
}
@Override
public String toString() {
return toStringHelper(this).add("owner", owner).add("name", name).add("document", document).toString();
}
public static Builder builder() {
return new Builder();
}
public Builder toBuilder() {
return builder().from(this);
}
public static class Builder {
private String owner;
private String name;
private String document;
/**
* @see Policy#getOwner()
*/
public Builder owner(String owner) {
this.owner = owner;
return this;
}
/**
* @see Policy#getName()
*/
public Builder name(String name) {
this.name = name;
return this;
}
/**
* @see Policy#getDocument()
*/
public Builder document(String document) {
this.document = document;
return this;
}
public Policy build() {
return new Policy(owner, name, document);
}
public Builder from(Policy in) {
return owner(in.owner).name(in.name).document(in.document);
}
}
}

View File

@ -0,0 +1,76 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.iam.features;
import org.jclouds.collect.IterableWithMarker;
import org.jclouds.collect.PagedIterable;
import org.jclouds.iam.domain.Policy;
import org.jclouds.javax.annotation.Nullable;
/**
* @author Adrian Cole
*/
public interface PolicyApi {
/**
* Adds (or updates) a policy document.
*
* @param name
* Name of the policy document.
* @param document
* The policy document.
*/
void create(String name, String document);
/**
* returns all policy names in order.
*/
PagedIterable<String> list();
/**
* retrieves up to 100 policy names in order.
*/
IterableWithMarker<String> listFirstPage();
/**
* retrieves up to 100 policy names in order, starting at {@code marker}
*
* @param marker
* starting point to resume the list
*/
IterableWithMarker<String> listAt(String marker);
/**
* Retrieves the specified policy document.
*
* @param name
* Name of the policy to get information about.
* @return null if not found
*/
@Nullable
Policy get(String name);
/**
* Deletes the specified policy.
*
* @param name
* Name of the policy to delete
*/
void delete(String name);
}

View File

@ -0,0 +1,29 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.iam.features;
/**
* @see RolePolicyAsyncApi
*
* @author Adrian Cole
*/
public interface RolePolicyApi extends PolicyApi {
}

View File

@ -0,0 +1,113 @@
/**
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.iam.features;
import javax.inject.Named;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import org.jclouds.Fallbacks.NullOnNotFoundOr404;
import org.jclouds.Fallbacks.VoidOnNotFoundOr404;
import org.jclouds.aws.filters.FormSigner;
import org.jclouds.collect.IterableWithMarker;
import org.jclouds.collect.PagedIterable;
import org.jclouds.iam.domain.Policy;
import org.jclouds.iam.functions.PoliciesToPagedIterable.RolePoliciesToPagedIterable;
import org.jclouds.iam.xml.ListPoliciesResultHandler;
import org.jclouds.iam.xml.PolicyHandler;
import org.jclouds.rest.annotations.Fallback;
import org.jclouds.rest.annotations.FormParams;
import org.jclouds.rest.annotations.RequestFilters;
import org.jclouds.rest.annotations.Transform;
import org.jclouds.rest.annotations.VirtualHost;
import org.jclouds.rest.annotations.XMLResponseParser;
import com.google.common.util.concurrent.ListenableFuture;
/**
* Provides access to Amazon IAM via the Query API
* <p/>
*
* @see <a href="http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html" />
* @author Adrian Cole
*/
@RequestFilters(FormSigner.class)
@VirtualHost
public interface RolePolicyAsyncApi {
/**
* @see RolePolicyApi#create
*/
@Named("PutRolePolicy")
@POST
@Path("/")
@FormParams(keys = "Action", values = "PutRolePolicy")
ListenableFuture<Void> create(@FormParam("PolicyName") String name, @FormParam("PolicyDocument") String document);
/**
* @see RolePolicyApi#list()
*/
@Named("ListRolePolicies")
@POST
@Path("/")
@FormParams(keys = "Action", values = "ListRolePolicies")
@XMLResponseParser(ListPoliciesResultHandler.class)
@Transform(RolePoliciesToPagedIterable.class)
ListenableFuture<PagedIterable<String>> list();
/**
* @see RolePolicyApi#listFirstPage
*/
@Named("ListRolePolicies")
@POST
@Path("/")
@FormParams(keys = "Action", values = "ListRolePolicies")
@XMLResponseParser(ListPoliciesResultHandler.class)
ListenableFuture<IterableWithMarker<String>> listFirstPage();
/**
* @see RolePolicyApi#listAt(String)
*/
@Named("ListRolePolicies")
@POST
@Path("/")
@FormParams(keys = "Action", values = "ListRolePolicies")
@XMLResponseParser(ListPoliciesResultHandler.class)
ListenableFuture<IterableWithMarker<String>> listAt(@FormParam("Marker") String marker);
/**
* @see RolePolicyApi#get()
*/
@Named("GetRolePolicy")
@POST
@Path("/")
@XMLResponseParser(PolicyHandler.class)
@FormParams(keys = "Action", values = "GetRolePolicy")
@Fallback(NullOnNotFoundOr404.class)
ListenableFuture<Policy> get(@FormParam("PolicyName") String name);
/**
* @see RolePolicyApi#delete()
*/
@Named("DeleteRolePolicy")
@POST
@Path("/")
@FormParams(keys = "Action", values = "DeleteRolePolicy")
@Fallback(VoidOnNotFoundOr404.class)
ListenableFuture<Void> delete(@FormParam("PolicyName") String name);
}

View File

@ -0,0 +1,70 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.iam.functions;
import static com.google.common.base.Preconditions.checkNotNull;
import javax.inject.Inject;
import org.jclouds.collect.IterableWithMarker;
import org.jclouds.collect.internal.Arg0ToPagedIterable;
import org.jclouds.iam.IAMApi;
import org.jclouds.iam.features.PolicyApi;
import com.google.common.annotations.Beta;
import com.google.common.base.Function;
import com.google.common.base.Optional;
/**
* @author Adrian Cole
*/
@Beta
public class PoliciesToPagedIterable {
public static class RolePoliciesToPagedIterable extends Arg0ToPagedIterable.FromCaller<String, RolePoliciesToPagedIterable> {
private final IAMApi api;
@Inject
protected RolePoliciesToPagedIterable(IAMApi api) {
this.api = checkNotNull(api, "api");
}
@Override
protected Function<Object, IterableWithMarker<String>> markerToNextForArg0(Optional<Object> roleName) {
return new ListPoliciesAtMarker(api.getPolicyApiForRole(roleName.get().toString()));
}
}
private static class ListPoliciesAtMarker implements Function<Object, IterableWithMarker<String>> {
private final PolicyApi api;
@Inject
protected ListPoliciesAtMarker(PolicyApi api) {
this.api = checkNotNull(api, "api");
}
public IterableWithMarker<String> apply(Object input) {
return api.listAt(input.toString());
}
public String toString() {
return "listPoliciesAtMarker()";
}
}
}

View File

@ -0,0 +1,77 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.iam.xml;
import static org.jclouds.util.SaxUtils.currentOrNull;
import static org.jclouds.util.SaxUtils.equalsOrSuffix;
import org.jclouds.collect.IterableWithMarker;
import org.jclouds.collect.IterableWithMarkers;
import org.jclouds.http.functions.ParseSax;
import org.xml.sax.Attributes;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableList.Builder;
/**
* @see <a href="http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html" />
*
* @author Adrian Cole
*/
public class ListPoliciesResultHandler extends
ParseSax.HandlerForGeneratedRequestWithResult<IterableWithMarker<String>> {
private StringBuilder currentText = new StringBuilder();
private Builder<String> names = ImmutableList.<String> builder();
private boolean inPolicyNames;
private String afterMarker;
@Override
public IterableWithMarker<String> getResult() {
try {
return IterableWithMarkers.from(names.build(), afterMarker);
} finally {
names = ImmutableList.<String> builder();
}
}
@Override
public void startElement(String url, String name, String qName, Attributes attributes) {
if (equalsOrSuffix(qName, "PolicyNames")) {
inPolicyNames = true;
}
}
@Override
public void endElement(String uri, String name, String qName) {
if (inPolicyNames && qName.equals("PolicyNames")) {
inPolicyNames = false;
} else if (qName.equals("member")) {
names.add(currentOrNull(currentText));
} else if (qName.equals("Marker")) {
afterMarker = currentOrNull(currentText);
}
currentText = new StringBuilder();
}
@Override
public void characters(char ch[], int start, int length) {
currentText.append(ch, start, length);
}
}

View File

@ -0,0 +1,67 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.iam.xml;
import static org.jclouds.util.SaxUtils.currentOrNull;
import static org.jclouds.util.Strings2.urlDecode;
import org.jclouds.http.functions.ParseSax;
import org.jclouds.iam.domain.Policy;
import org.xml.sax.Attributes;
/**
* @see <a href="http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html" />
*
* @author Adrian Cole
*/
public class PolicyHandler extends ParseSax.HandlerForGeneratedRequestWithResult<Policy> {
private StringBuilder currentText = new StringBuilder();
private Policy.Builder builder = Policy.builder();
@Override
public Policy getResult() {
try {
return builder.build();
} finally {
builder = Policy.builder();
}
}
@Override
public void startElement(String url, String name, String qName, Attributes attributes) {
}
@Override
public void endElement(String uri, String name, String qName) {
if (qName.equals("PolicyName")) {
builder.name(currentOrNull(currentText));
} else if (qName.endsWith("Name")) {
builder.owner(currentOrNull(currentText));
} else if (qName.equals("PolicyDocument")) {
builder.document(urlDecode(currentOrNull(currentText)));
}
currentText = new StringBuilder();
}
@Override
public void characters(char ch[], int start, int length) {
currentText.append(ch, start, length);
}
}

View File

@ -79,6 +79,7 @@ public class RoleApiLiveTest extends BaseIAMApiLiveTest {
newRole = api().createWithPolicy(name, policy); newRole = api().createWithPolicy(name, policy);
getAnonymousLogger().info("created role: " + newRole); getAnonymousLogger().info("created role: " + newRole);
checkRole(newRole); checkRole(newRole);
assertEquals(newRole.getAssumeRolePolicy(), policy);
} finally { } finally {
api().delete(name); api().delete(name);
assertNull(api().get(name)); assertNull(api().get(name));

View File

@ -0,0 +1,199 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unles required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either expres or implied. See the License for the
* specific language governing permisions and limitations
* under the License.
*/
package org.jclouds.iam.features;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertNull;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpResponse;
import org.jclouds.iam.IAMApi;
import org.jclouds.iam.internal.BaseIAMApiExpectTest;
import org.jclouds.iam.parse.GetRolePolicyResponseTest;
import org.jclouds.iam.parse.ListRolePoliciesResponseTest;
import org.jclouds.rest.ResourceNotFoundException;
import org.testng.annotations.Test;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
/**
* @author Adrian Cole
*/
@Test(groups = "unit", testName = "RolePolicyApiExpectTest")
public class RolePolicyApiExpectTest extends BaseIAMApiExpectTest {
String policy = "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"s3:*\"],\"Resource\":[\"*\"]}]}";
HttpRequest create = HttpRequest.builder()
.method("POST")
.endpoint("https://iam.amazonaws.com/")
.addHeader("Host", "iam.amazonaws.com")
.addFormParam("Action", "PutRolePolicy")
.addFormParam("PolicyDocument", policy)
.addFormParam("PolicyName", "S3AccessPolicy")
.addFormParam("RoleName", "S3Access")
.addFormParam("Signature", "CEf5SvDv%2BLBRwlZI/3nBghWXFHC1nMfOFccfAITNjOk%3D")
.addFormParam("SignatureMethod", "HmacSHA256")
.addFormParam("SignatureVersion", "2")
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
.addFormParam("Version", "2010-05-08")
.addFormParam("AWSAccessKeyId", "identity").build();
public void testCreateWhenResponseIs2xx() throws Exception {
HttpResponse getResponse = HttpResponse.builder().statusCode(200)
.payload(payloadFromResourceWithContentType("/put_role_policy.xml", "text/xml")).build();
IAMApi apiWhenExist = requestSendsResponse(create, getResponse);
apiWhenExist.getPolicyApiForRole("S3Access").create("S3AccessPolicy", policy);
}
HttpRequest get = HttpRequest.builder()
.method("POST")
.endpoint("https://iam.amazonaws.com/")
.addHeader("Host", "iam.amazonaws.com")
.addFormParam("Action", "GetRolePolicy")
.addFormParam("PolicyName", "S3AccessPolicy")
.addFormParam("RoleName", "S3Access")
.addFormParam("Signature", "MBTj0PjbypNbE7%2ByD2CJ/4NnzLFzV8RQNFPMI7GH03k%3D")
.addFormParam("SignatureMethod", "HmacSHA256")
.addFormParam("SignatureVersion", "2")
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
.addFormParam("Version", "2010-05-08")
.addFormParam("AWSAccessKeyId", "identity").build();
public void testGetWhenResponseIs2xx() throws Exception {
HttpResponse getResponse = HttpResponse.builder().statusCode(200)
.payload(payloadFromResourceWithContentType("/get_role_policy.xml", "text/xml")).build();
IAMApi apiWhenExist = requestSendsResponse(get, getResponse);
assertEquals(apiWhenExist.getPolicyApiForRole("S3Access").get("S3AccessPolicy").toString(),
new GetRolePolicyResponseTest().expected().toString());
}
public void testGetWhenResponseIs404() throws Exception {
HttpResponse getResponse = HttpResponse.builder().statusCode(404).build();
IAMApi apiWhenDontExist = requestSendsResponse(
get, getResponse);
assertNull(apiWhenDontExist.getPolicyApiForRole("S3Access").get("S3AccessPolicy"));
}
HttpRequest delete = HttpRequest.builder()
.method("POST")
.endpoint("https://iam.amazonaws.com/")
.addHeader("Host", "iam.amazonaws.com")
.addFormParam("Action", "DeleteRolePolicy")
.addFormParam("PolicyName", "S3AccessPolicy")
.addFormParam("RoleName", "S3Access")
.addFormParam("Signature", "eoLLlpvrOuh9MU4d9y1frBFc6RISnzejYwh0jgtKlhY%3D")
.addFormParam("SignatureMethod", "HmacSHA256")
.addFormParam("SignatureVersion", "2")
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
.addFormParam("Version", "2010-05-08")
.addFormParam("AWSAccessKeyId", "identity").build();
public void testDeleteWhenResponseIs2xx() throws Exception {
HttpResponse deleteResponse = HttpResponse.builder().statusCode(200)
.payload(payloadFromResourceWithContentType("/delete_role_policy.xml", "text/xml")).build();
IAMApi apiWhenExist = requestSendsResponse(delete, deleteResponse);
apiWhenExist.getPolicyApiForRole("S3Access").delete("S3AccessPolicy");
}
public void testDeleteWhenResponseIs404() throws Exception {
HttpResponse deleteResponse = HttpResponse.builder().statusCode(404).build();
IAMApi apiWhenDontExist = requestSendsResponse(delete, deleteResponse);
apiWhenDontExist.getPolicyApiForRole("S3Access").delete("S3AccessPolicy");
}
HttpRequest list = HttpRequest.builder()
.method("POST")
.endpoint("https://iam.amazonaws.com/")
.addHeader("Host", "iam.amazonaws.com")
.addFormParam("Action", "ListRolePolicies")
.addFormParam("RoleName", "S3Access")
.addFormParam("Signature", "qsfSpvDHNcMtKgnCiiYO1cikVVYrEHo/vqSt0tztvuY%3D")
.addFormParam("SignatureMethod", "HmacSHA256")
.addFormParam("SignatureVersion", "2")
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
.addFormParam("Version", "2010-05-08")
.addFormParam("AWSAccessKeyId", "identity").build();
public void testListWhenResponseIs2xx() throws Exception {
HttpResponse listResponse = HttpResponse.builder().statusCode(200)
.payload(payloadFromResourceWithContentType("/list_role_policies.xml", "text/xml")).build();
IAMApi apiWhenExist = requestSendsResponse(list, listResponse);
assertEquals(apiWhenExist.getPolicyApiForRole("S3Access").list().get(0).toString(),
new ListRolePoliciesResponseTest().expected().toString());
}
public void testList2PagesWhenResponseIs2xx() throws Exception {
HttpResponse listResponse = HttpResponse.builder().statusCode(200)
.payload(payloadFromResourceWithContentType("/list_role_policies_marker.xml", "text/xml")).build();
HttpRequest list2 = HttpRequest.builder()
.method("POST")
.endpoint("https://iam.amazonaws.com/")
.addHeader("Host", "iam.amazonaws.com")
.addFormParam("Action", "ListRolePolicies")
.addFormParam("Marker", "MARKER")
.addFormParam("RoleName", "S3Access")
.addFormParam("Signature", "GdoVCf2QZ7rld%2BHvIgbSPhjgwYtigqYXdi/LfVzlWaM%3D")
.addFormParam("SignatureMethod", "HmacSHA256")
.addFormParam("SignatureVersion", "2")
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
.addFormParam("Version", "2010-05-08")
.addFormParam("AWSAccessKeyId", "identity").build();
HttpResponse list2Response = HttpResponse.builder().statusCode(200)
.payload(payloadFromResourceWithContentType("/list_role_policies.xml", "text/xml")).build();
IAMApi apiWhenExist = requestsSendResponses(list, listResponse, list2, list2Response);
assertEquals(apiWhenExist.getPolicyApiForRole("S3Access").list().concat().toList(),
ImmutableList.copyOf(Iterables.concat(new ListRolePoliciesResponseTest().expected(),
new ListRolePoliciesResponseTest().expected())));
}
// TODO: this should really be an empty set
@Test(expectedExceptions = ResourceNotFoundException.class)
public void testListWhenResponseIs404() throws Exception {
HttpResponse listResponse = HttpResponse.builder().statusCode(404).build();
IAMApi apiWhenDontExist = requestSendsResponse(list, listResponse);
apiWhenDontExist.getPolicyApiForRole("S3Access").list().get(0);
}
}

View File

@ -0,0 +1,78 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.iam.features;
import static com.google.common.base.Preconditions.checkNotNull;
import static java.util.logging.Logger.getAnonymousLogger;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertNull;
import org.jclouds.iam.domain.Policy;
import org.jclouds.iam.domain.Role;
import org.jclouds.iam.internal.BaseIAMApiLiveTest;
import org.testng.annotations.Test;
/**
* @author Adrian Cole
*/
@Test(groups = "live", testName = "RolePolicyApiLiveTest")
public class RolePolicyApiLiveTest extends BaseIAMApiLiveTest {
private void checkPolicy(Policy policy) {
checkNotNull(policy.getOwner(), "Owner cannot be null for Policy %s", policy);
checkNotNull(policy.getName(), "Name cannot be null for Policy %s", policy);
checkNotNull(policy.getDocument(), "Document cannot be null for Policy %s", policy);
}
@Test
protected void testListRolePolicies() {
for (Role role : context.getApi().getRoleApi().list().concat()) {
for (String policy : api(role.getName()).list().concat()) {
checkPolicy(api(role.getName()).get(policy));
}
}
}
String assumeRolePolicy = "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}";
String s3Policy = "{\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}";
@Test
public void testCreateAndDeleteRolePolicy() {
String roleName = System.getProperty("user.name").replace('.', '-') + ".role_policy.iamtest.jclouds.org.";
Role newRole;
try {
newRole = context.getApi().getRoleApi().createWithPolicy(roleName, assumeRolePolicy);
getAnonymousLogger().info("created role: " + newRole);
api(roleName).create("S3Access", s3Policy);
Policy newPolicy = api(roleName).get("S3Access");
getAnonymousLogger().info("created policy: " + newPolicy);
checkPolicy(newPolicy);
assertEquals(newPolicy.getDocument(), s3Policy);
api(roleName).delete("S3Access");
assertNull(api(roleName).get("S3Access"));
} finally {
api(roleName).delete("S3Access");
context.getApi().getRoleApi().delete(roleName);
}
}
protected RolePolicyApi api(String role) {
return context.getApi().getPolicyApiForRole(role);
}
}

View File

@ -0,0 +1,60 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.iam.parse;
import static org.testng.Assert.assertEquals;
import java.io.InputStream;
import org.jclouds.http.functions.BaseHandlerTest;
import org.jclouds.iam.domain.Policy;
import org.jclouds.iam.xml.PolicyHandler;
import org.testng.annotations.Test;
/**
* @author Adrian Cole
*/
// NOTE:without testName, this will not call @Before* and fail w/NPE during surefire
@Test(groups = "unit", testName = "GetRolePolicyResponseTest")
public class GetRolePolicyResponseTest extends BaseHandlerTest {
public void test() {
InputStream is = getClass().getResourceAsStream("/get_role_policy.xml");
Policy expected = expected();
PolicyHandler handler = injector.getInstance(PolicyHandler.class);
Policy result = factory.create(handler).parse(is);
assertEquals(result, expected);
assertEquals(result.getOwner(), expected.getOwner());
assertEquals(result.getName(), expected.getName());
assertEquals(result.getDocument(), expected.getDocument());
}
public Policy expected() {
return Policy.builder()
.owner("S3Access")
.name("S3AccessPolicy")
.document(
"{\"Version\":\"2008-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"s3:*\"],\"Resource\":[\"*\"]}]}")
.build();
}
}

View File

@ -0,0 +1,56 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.iam.parse;
import static org.testng.Assert.assertEquals;
import java.io.InputStream;
import org.jclouds.collect.IterableWithMarker;
import org.jclouds.collect.IterableWithMarkers;
import org.jclouds.http.functions.BaseHandlerTest;
import org.jclouds.iam.xml.ListPoliciesResultHandler;
import org.testng.annotations.Test;
import com.google.common.collect.ImmutableSet;
/**
* @author Adrian Cole
*/
// NOTE:without testName, this will not call @Before* and fail w/NPE during surefire
@Test(groups = "unit", testName = "ListRolePoliciesResponseTest")
public class ListRolePoliciesResponseTest extends BaseHandlerTest {
public void test() {
InputStream is = getClass().getResourceAsStream("/list_role_policies.xml");
IterableWithMarker<String> expected = expected();
ListPoliciesResultHandler handler = injector.getInstance(ListPoliciesResultHandler.class);
IterableWithMarker<String> result = factory.create(handler).parse(is);
assertEquals(result.toString(), expected.toString());
}
public IterableWithMarker<String> expected() {
return IterableWithMarkers.from(ImmutableSet.of("CloudwatchPutMetricPolicy", "S3AccessPolicy"));
}
}

View File

@ -0,0 +1,5 @@
<DeleteRolePolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>c749ee7f-99ef-11e1-a4c3-27EXAMPLE804</RequestId>
</ResponseMetadata>
</DeleteRolePolicyResponse>

View File

@ -0,0 +1,10 @@
<GetRolePolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<GetRolePolicyResult>
<PolicyName>S3AccessPolicy</PolicyName>
<RoleName>S3Access</RoleName>
<PolicyDocument>{"Version":"2008-10-17","Statement":[{"Effect":"Allow","Action":["s3:*"],"Resource":["*"]}]}</PolicyDocument>
</GetRolePolicyResult>
<ResponseMetadata>
<RequestId>7e7cd8bc-99ef-11e1-a4c3-27EXAMPLE804</RequestId>
</ResponseMetadata>
</GetRolePolicyResponse>

View File

@ -0,0 +1,12 @@
<ListRolePoliciesResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ListRolePoliciesResult>
<PolicyNames>
<member>CloudwatchPutMetricPolicy</member>
<member>S3AccessPolicy</member>
</PolicyNames>
<IsTruncated>false</IsTruncated>
</ListRolePoliciesResult>
<ResponseMetadata>
<RequestId>8c7e1816-99f0-11e1-a4c3-27EXAMPLE804</RequestId>
</ResponseMetadata>
</ListRolePoliciesResponse>

View File

@ -0,0 +1,13 @@
<ListRolePoliciesResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ListRolePoliciesResult>
<PolicyNames>
<member>CloudwatchPutMetricPolicy</member>
<member>S3AccessPolicy</member>
</PolicyNames>
<Marker>MARKER</Marker>
<IsTruncated>false</IsTruncated>
</ListRolePoliciesResult>
<ResponseMetadata>
<RequestId>8c7e1816-99f0-11e1-a4c3-27EXAMPLE804</RequestId>
</ResponseMetadata>
</ListRolePoliciesResponse>

View File

@ -0,0 +1,5 @@
<PutRolePolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>3a03c24e-7f1d-11e2-8529-1d90c00d4f52</RequestId>
</ResponseMetadata>
</PutRolePolicyResponse>