Module: Cody::Dsl::Role

Extended by:
Memoist
Included in:
Role
Defined in:
lib/cody/dsl/role.rb,
lib/cody/dsl/role/registry.rb

Defined Under Namespace

Classes: Registry

Constant Summary collapse

PROPERTIES = 
%w[
  AssumeRolePolicyDocument
  ManagedPolicyArns
  MaxSessionDuration
  Path
  PermissionsBoundary
  Policies
  RoleName
]

Instance Method Summary collapse

Instance Method Details

#awsObject 



53
54
55
 
# File 'lib/cody/dsl/role.rb', line 53

def aws
  AwsData.new
end

#iam_policy(*definitions) ⇒ Object

convenience wrapper methods



21
22
23
24
 
# File 'lib/cody/dsl/role.rb', line 21

def iam_policy(*definitions)
  statements = definitions.map { |definition| standardize_iam_policy(definition) }
  Registry.register_policy(statements)
end

#managed_iam_policy(*definitions) ⇒ Object 



26
27
28
29
 
# File 'lib/cody/dsl/role.rb', line 26

def managed_iam_policy(*definitions)
  managed_policy_arns = definitions.map { |definition| standardize_managed_iam_policy(definition) }
  Registry.register_managed_policy(managed_policy_arns)
end

#standardize_iam_policy(definition) ⇒ Object

Returns standarized IAM statement



32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/cody/dsl/role.rb', line 32

def standardize_iam_policy(definition)
  case definition
  when String
    # Expands simple string from: logs => logs:*
    definition = "#{definition}:*" unless definition.include?(':')
    {
      Action: [definition],
      Effect: "Allow",
      Resource: "*",
    }
  when Hash
    definition
  end
end

#standardize_managed_iam_policy(definition) ⇒ Object

AmazonEC2ReadOnlyAccess => arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess



48
49
50
51
 
# File 'lib/cody/dsl/role.rb', line 48

def standardize_managed_iam_policy(definition)
  return definition if definition.include?('iam::aws:policy')
  "arn:aws:iam::aws:policy/#{definition}"
end