Class: EksCli::IAM::Client

Inherits:

Object

Object
EksCli::IAM::Client

show all

Defined in:: lib/eks_cli/iam/client.rb

Constant Summary collapse

EKS_CLUSTER_POLICIES =

["AmazonEKSClusterPolicy", "AmazonEKSServicePolicy"]

ASSUME_ROLE =

{
  "Version" => "2012-10-17",
  "Statement" => [
    {
      "Effect" => "Allow",
      "Principal" => {
        "Service" => "eks.amazonaws.com"
      },
      "Action" => "sts:AssumeRole"
    }
  ]
}

Instance Method Summary collapse

#arn(p) ⇒ Object
#attach_policies(role_name, policies) ⇒ Object
#client ⇒ Object
#config ⇒ Object
#create_eks_role ⇒ Object
#initialize(cluster_name) ⇒ Client constructor

A new instance of Client.
#role_name ⇒ Object

Constructor Details

#initialize(cluster_name) ⇒ `Client`

Returns a new instance of Client.



21
22
23

# File 'lib/eks_cli/iam/client.rb', line 21

def initialize(cluster_name)
  @cluster_name = cluster_name
end

Instance Method Details

#arn(p) ⇒ `Object`



55
56
57

# File 'lib/eks_cli/iam/client.rb', line 55

def arn(p)
  "arn:aws:iam::aws:policy/#{p}"
end

#attach_policies(role_name, policies) ⇒ `Object`

# File 'lib/eks_cli/iam/client.rb', line 47

def attach_policies(role_name, policies)
  Log.info "attaching IAM policies to #{role_name}"
  policies.each do |p|
    client.attach_role_policy(policy_arn: arn(p),
                              role_name: role_name)
  end
end

#client ⇒ `Object`



25
26
27

# File 'lib/eks_cli/iam/client.rb', line 25

def client
  @client ||= Aws::IAM::Client.new(region: config["region"])
end

#config ⇒ `Object`



29
30
31

# File 'lib/eks_cli/iam/client.rb', line 29

def config
  @config ||= Config[@cluster_name]
end

#create_eks_role ⇒ `Object`

# File 'lib/eks_cli/iam/client.rb', line 33

def create_eks_role
  Log.info "creating IAM cluster role for #{@cluster_name}"
  begin 
    role = client.get_role(role_name: role_name).role
  rescue Aws::IAM::Errors::NoSuchEntity => e
    role = client.create_role(role_name: role_name,
                              description: "created by eks cli for #{@cluster_name}",
                              assume_role_policy_document: ASSUME_ROLE.to_json).role
    attach_policies(role.role_name, EKS_CLUSTER_POLICIES)
  end
  Log.info "created role #{role}"
  role
end

#role_name ⇒ `Object`



59
60
61

# File 'lib/eks_cli/iam/client.rb', line 59

def role_name
  "#{@cluster_name}-EKS-Role"
end

Class: EksCli::IAM::Client

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(cluster_name) ⇒ Client

Instance Method Details

#arn(p) ⇒ Object

#attach_policies(role_name, policies) ⇒ Object

#client ⇒ Object

#config ⇒ Object

#create_eks_role ⇒ Object

#role_name ⇒ Object

#initialize(cluster_name) ⇒ `Client`

#arn(p) ⇒ `Object`

#attach_policies(role_name, policies) ⇒ `Object`

#client ⇒ `Object`

#config ⇒ `Object`

#create_eks_role ⇒ `Object`

#role_name ⇒ `Object`