Module: Cody::Dsl::Role
- Extended by:
- Memoist
- Included in:
- Role
- Defined in:
- lib/cody/dsl/role.rb,
lib/cody/dsl/role/registry.rb
Defined Under Namespace
Classes: Registry
Constant Summary collapse
- PROPERTIES =
%w[ AssumeRolePolicyDocument ManagedPolicyArns MaxSessionDuration Path PermissionsBoundary Policies RoleName ]
Instance Method Summary collapse
- #aws ⇒ Object
-
#iam_policy(*definitions) ⇒ Object
convenience wrapper methods.
- #managed_iam_policy(*definitions) ⇒ Object
-
#standardize_iam_policy(definition) ⇒ Object
Returns standarized IAM statement.
-
#standardize_managed_iam_policy(definition) ⇒ Object
AmazonEC2ReadOnlyAccess => arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess.
Instance Method Details
#aws ⇒ Object
53 54 55 |
# File 'lib/cody/dsl/role.rb', line 53 def aws AwsData.new end |
#iam_policy(*definitions) ⇒ Object
convenience wrapper methods
21 22 23 24 |
# File 'lib/cody/dsl/role.rb', line 21 def iam_policy(*definitions) statements = definitions.map { |definition| standardize_iam_policy(definition) } Registry.register_policy(statements) end |
#managed_iam_policy(*definitions) ⇒ Object
26 27 28 29 |
# File 'lib/cody/dsl/role.rb', line 26 def managed_iam_policy(*definitions) managed_policy_arns = definitions.map { |definition| standardize_managed_iam_policy(definition) } Registry.register_managed_policy(managed_policy_arns) end |
#standardize_iam_policy(definition) ⇒ Object
Returns standarized IAM statement
32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/cody/dsl/role.rb', line 32 def standardize_iam_policy(definition) case definition when String # Expands simple string from: logs => logs:* definition = "#{definition}:*" unless definition.include?(':') { Action: [definition], Effect: "Allow", Resource: "*", } when Hash definition end end |
#standardize_managed_iam_policy(definition) ⇒ Object
AmazonEC2ReadOnlyAccess => arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
48 49 50 51 |
# File 'lib/cody/dsl/role.rb', line 48 def standardize_managed_iam_policy(definition) return definition if definition.include?('iam::aws:policy') "arn:aws:iam::aws:policy/#{definition}" end |