Class: Cumulus::IAM::IamRoles

Inherits:
IamResource show all
Defined in:
lib/iam/manager/IamRoles.rb

Overview

Public: Manager class for IAM Roles.

Instance Method Summary collapse

Methods inherited from IamResource

#diff, #diff_one, #list, #migrate, #sync, #sync_one

Constructor Details

#initialize(iam) ⇒ IamRoles

Returns a new instance of IamRoles.



16
17
18
19
20
 
# File 'lib/iam/manager/IamRoles.rb', line 16

def initialize(iam)
  super(iam)
  @type = "role"
  @migration_dir = "roles"
end

Instance Method Details

#aws_resourcesObject 



34
35
36
 
# File 'lib/iam/manager/IamRoles.rb', line 34

def aws_resources
  @aws_roles ||= init_aws_roles
end

#create(difference) ⇒ Object 



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/iam/manager/IamRoles.rb', line 52

def create(difference)
  # create the role
  @iam.create_role({
    :role_name => difference.local.name,
    :assume_role_policy_document => difference.local.policy_document
  })
  role = Aws::IAM::Role.new(difference.local.name, { :client => @iam })

  # try to create the instance profile, but if it already exists, just warn
  # the user
  begin
    @iam.create_instance_profile({
      :instance_profile_name => difference.local.name
    })
  rescue Aws::IAM::Errors::EntityAlreadyExists
    Colors.red("Instance profile already exists")
  end

  # assign the role to the instance profile
  instance_profile = Aws::IAM::InstanceProfile.new(difference.local.name, { :client => @iam })
  instance_profile.add_role({
    :role_name => difference.local.name
  })
  role
end

#empty_configObject 



91
92
93
 
# File 'lib/iam/manager/IamRoles.rb', line 91

def empty_config
  RoleConfig.new
end

#local_resourcesObject 



22
23
24
25
26
27
28
 
# File 'lib/iam/manager/IamRoles.rb', line 22

def local_resources
  local = {}
  Loader.roles.each do |role|
    local[role.name] = role
  end
  local
end

#migrate_additional(configs_to_aws) ⇒ Object 



95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'lib/iam/manager/IamRoles.rb', line 95

def migrate_additional(configs_to_aws)
  policy_document_dir = "#{@migration_root}/#{@migration_dir}/policy-documents"

  if !Dir.exists?(policy_document_dir)
    Dir.mkdir(policy_document_dir)
  end

  unifier = AssumeRoleUnifier.new(
    policy_document_dir,
    &Proc.new { |c, v| c.policy_document = v }
  )
  configs_to_aws.map do |config, resource|
    unifier.unify(
      config,
      URI.unescape(resource.assume_role_policy_document),
      config.name
    )
  end
end

#one_local(name) ⇒ Object 



30
31
32
 
# File 'lib/iam/manager/IamRoles.rb', line 30

def one_local(name)
  Loader.role(name)
end

#update(resource, diffs) ⇒ Object 



78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/iam/manager/IamRoles.rb', line 78

def update(resource, diffs)
  super(resource, diffs)

  diffs.each do |diff|
    if diff.type == IamChange::POLICY_DOC
      puts Colors.blue("updating assume role policy document...")
      resource.assume_role_policy.update({
        policy_document: diff.local.policy_document
      })
    end
  end
end