Class: Cumulus::IAM::IamRoles
Overview
Public: Manager class for IAM Roles.
Instance Method Summary
collapse
Methods inherited from IamResource
#diff, #diff_one, #list, #migrate, #sync, #sync_one
Constructor Details
#initialize(iam) ⇒ IamRoles
Returns a new instance of IamRoles.
16
17
18
19
20
|
# File 'lib/iam/manager/IamRoles.rb', line 16
def initialize(iam)
super(iam)
@type = "role"
@migration_dir = "roles"
end
|
Instance Method Details
#aws_resources ⇒ Object
34
35
36
|
# File 'lib/iam/manager/IamRoles.rb', line 34
def aws_resources
@aws_roles ||= init_aws_roles
end
|
#create(difference) ⇒ Object
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
# File 'lib/iam/manager/IamRoles.rb', line 52
def create(difference)
@iam.create_role({
:role_name => difference.local.name,
:assume_role_policy_document => difference.local.policy_document
})
role = Aws::IAM::Role.new(difference.local.name, { :client => @iam })
begin
@iam.create_instance_profile({
:instance_profile_name => difference.local.name
})
rescue Aws::IAM::Errors::EntityAlreadyExists
Colors.red("Instance profile already exists")
end
instance_profile = Aws::IAM::InstanceProfile.new(difference.local.name, { :client => @iam })
instance_profile.add_role({
:role_name => difference.local.name
})
role
end
|
#empty_config ⇒ Object
91
92
93
|
# File 'lib/iam/manager/IamRoles.rb', line 91
def empty_config
RoleConfig.new
end
|
#local_resources ⇒ Object
22
23
24
25
26
27
28
|
# File 'lib/iam/manager/IamRoles.rb', line 22
def local_resources
local = {}
Loader.roles.each do |role|
local[role.name] = role
end
local
end
|
#migrate_additional(configs_to_aws) ⇒ Object
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
# File 'lib/iam/manager/IamRoles.rb', line 95
def migrate_additional(configs_to_aws)
policy_document_dir = "#{@migration_root}/#{@migration_dir}/policy-documents"
if !Dir.exists?(policy_document_dir)
Dir.mkdir(policy_document_dir)
end
unifier = AssumeRoleUnifier.new(
policy_document_dir,
&Proc.new { |c, v| c.policy_document = v }
)
configs_to_aws.map do |config, resource|
unifier.unify(
config,
URI.unescape(resource.assume_role_policy_document),
config.name
)
end
end
|
#one_local(name) ⇒ Object
30
31
32
|
# File 'lib/iam/manager/IamRoles.rb', line 30
def one_local(name)
Loader.role(name)
end
|
#update(resource, diffs) ⇒ Object
78
79
80
81
82
83
84
85
86
87
88
89
|
# File 'lib/iam/manager/IamRoles.rb', line 78
def update(resource, diffs)
super(resource, diffs)
diffs.each do |diff|
if diff.type == IamChange::POLICY_DOC
puts Colors.blue("updating assume role policy document...")
resource.assume_role_policy.update({
policy_document: diff.local.policy_document
})
end
end
end
|