fujiwara/iam-policy-diff.rb

## iam-policy-diff.rb
#!/usr/bin/env ruby

require 'json'

def read_json(file_name)
  JSON.parse(File.read(file_name))
end

def parse(iam)
  result = []
  iam["Statement"].each do |statement|
    action = statement["Action"]
    if !action.respond_to?(:each)
      action = [action]
    end
    res = statement["Resource"]
    if !res.respond_to?(:each)
      res = [res]
    end
    res.each do |r|
      action.each do |a|
        result << "#{statement['Effect']} #{a} to #{r}"
      end
    end
  end
  result
end

from = read_json(ARGV[0])
to = read_json(ARGV[1])
from_set = parse(from)
to_set = parse(to)

minus = from_set - to_set
plus = to_set - from_set

if minus.empty? and plus.empty?
  exit 0
else
  puts "--- #{ARGV[0]}"
  puts "+++ #{ARGV[1]}"
  puts
end

minus.each do |diff|
  puts "- #{diff}"
end
plus.each  do |diff|
  puts "+ #{diff}"
end
	#!/usr/bin/env ruby

	require 'json'

	def read_json(file_name)
	JSON.parse(File.read(file_name))
	end

	def parse(iam)
	result = []
	iam["Statement"].each do \|statement\|
	action = statement["Action"]
	if !action.respond_to?(:each)
	action = [action]
	end
	res = statement["Resource"]
	if !res.respond_to?(:each)
	res = [res]
	end
	res.each do \|r\|
	action.each do \|a\|
	result << "#{statement['Effect']} #{a} to #{r}"
	end
	end
	end
	result
	end

	from = read_json(ARGV[0])
	to = read_json(ARGV[1])
	from_set = parse(from)
	to_set = parse(to)

	minus = from_set - to_set
	plus = to_set - from_set

	if minus.empty? and plus.empty?
	exit 0
	else
	puts "--- #{ARGV[0]}"
	puts "+++ #{ARGV[1]}"
	puts
	end

	minus.each do \|diff\|
	puts "- #{diff}"
	end
	plus.each do \|diff\|
	puts "+ #{diff}"
	end