Class: Cumulus::IAM::ResourceWithPolicy

Inherits:

Object

• Object
• Cumulus::IAM::ResourceWithPolicy

Defined in:

lib/iam/models/ResourceWithPolicy.rb

Overview

Public: Represents a configuration for a resource that has attached policies. Lazily loads its static and template policies as needed. Is the base class for groups, roles, and users.

Additionally, exposes a constructor that takes no parameters. This parameter essentially creates an “empty resource”, which can then be filled and json configuration can be generated from the object. This is useful when migrating.

Direct Known Subclasses

GroupConfig, RoleConfig, UserConfig

Instance Attribute Summary

• #attached_policies ⇒ Object

  Returns the value of attribute attached_policies.

• #inlines ⇒ Object readonly

  Returns the value of attribute inlines.

• #name ⇒ Object

  Returns the value of attribute name.

• #statics ⇒ Object readonly

  Returns the value of attribute statics.

• #type ⇒ Object readonly

  Returns the value of attribute type.

Instance Method Summary

• #diff(aws_resource) ⇒ Object

  Public: Diff this resource with the resource from AWS.

• #generated_policy_name ⇒ Object

  Public: Produce the name for the policy that will be generated for this resource.

• #hash ⇒ Object

  Public: Generate a hash that represents this config.

• #initialize(name = nil, json = nil) ⇒ ResourceWithPolicy constructor

  Public: Constructor.

• #json ⇒ Object

  Public: Generate the JSON string to turn this object back into a Cumulus config file.

• #policy ⇒ Object

  Public: Lazily produce the inline policy document for this resource as a PolicyConfig.

Constructor Details

#initialize(name = nil, json = nil) ⇒ ResourceWithPolicy

Public: Constructor.

name - the name of the resource json - a hash containing JSON configuration for this resource, if nil, this

resource will be an "empty resource"

# File 'lib/iam/models/ResourceWithPolicy.rb', line 40

def initialize(name = nil, json = nil)
  if !json.nil?
    @name = name
    @json = json
    @attached_policies = json["policies"]["attached"] || []
    @statics = json["policies"]["static"] || []
    @templates = json["policies"]["templates"] || []
    @inlines = json["policies"]["inlines"] || []
  else
    @name = nil
    @attached_policies = []
    @statics = []
    @templates = []
    @inlines = []
  end
end

Instance Attribute Details

#attached_policies ⇒ Object

Returns the value of attribute attached_policies.

# File 'lib/iam/models/ResourceWithPolicy.rb', line 29

def attached_policies
  @attached_policies
end

#inlines ⇒ Object (readonly)

Returns the value of attribute inlines.

# File 'lib/iam/models/ResourceWithPolicy.rb', line 31

def inlines
  @inlines
end

#name ⇒ Object

Returns the value of attribute name.

# File 'lib/iam/models/ResourceWithPolicy.rb', line 30

def name
  @name
end

#statics ⇒ Object (readonly)

Returns the value of attribute statics.

# File 'lib/iam/models/ResourceWithPolicy.rb', line 32

def statics
  @statics
end

#type ⇒ Object (readonly)

Returns the value of attribute type.

# File 'lib/iam/models/ResourceWithPolicy.rb', line 33

def type
  @type
end

Instance Method Details

#diff(aws_resource) ⇒ Object

Public: Diff this resource with the resource from AWS

aws_resource - the Aws::IAM::* resource to compare against

Returns an array of IamDiff objects representing the differences

# File 'lib/iam/models/ResourceWithPolicy.rb', line 175

def diff(aws_resource)
  diffs = []

  aws_policies = Hash[aws_resource.policies.map do |policy|
    [policy.name, policy.as_hash]
  end]
  p = policy
  p.name = generated_policy_name

  # check if we've ever generated a policy for this resource
  if !aws_policies.key?(generated_policy_name) and !policy.empty?
    diffs << IamDiff.added_policy(generated_policy_name, p)
  end

  # loop through all the policies and look for changes
  aws_policies.each do |name, aws_policy|
    if name != generated_policy_name
      diffs << IamDiff.unmanaged_policy(name)
    else
      aws_statements = aws_policy["Statement"]
      local_statements = p.as_hash["Statement"]
      if aws_statements != local_statements
        diff = IamDiff.new(IamChange::POLICY, aws_statements, p)
        diff.policy_name = generated_policy_name
        diffs << diff
      end
    end
  end

  # look for changes in managed policies
  aws_arns = aws_resource.attached_policies.map { |a| a.arn }
  new_policies = @attached_policies.select { |local| !aws_arns.include?(local) }
  removed_policies = aws_arns.select { |aws| !@attached_policies.include?(aws) }
  if !new_policies.empty? or !removed_policies.empty?
    diffs << IamDiff.attached(new_policies, removed_policies)
  end

  diffs
end

#generated_policy_name ⇒ Object

Public: Produce the name for the policy that will be generated for this resource.

Returns the String name

# File 'lib/iam/models/ResourceWithPolicy.rb', line 114

def generated_policy_name
  policy_prefix = Configuration.instance.iam.policy_prefix
  policy_suffix = Configuration.instance.iam.policy_suffix
  "#{policy_prefix}#{@name}#{policy_suffix}"
end

#hash ⇒ Object

Public: Generate a hash that represents this config. This hash will be json serializable to Cumulus config format

Returns the hash

# File 'lib/iam/models/ResourceWithPolicy.rb', line 69

def hash
  {
    "name" => @name,
    "policies" => {
      "attached" => @attached_policies,
      "inlines" => @inlines.flatten,
      "static" => @statics,
      "templates" => @templates
    }
  }
end

#json ⇒ Object

Public: Generate the JSON string to turn this object back into a Cumulus config file.

Returns the JSON string.

# File 'lib/iam/models/ResourceWithPolicy.rb', line 61

def json
  JSON.pretty_generate(hash)
end

#policy ⇒ Object

Public: Lazily produce the inline policy document for this resource as a PolicyConfig. Includes the static and inline policies as well as applied templates.

Returns the policy for this resource as a PolicyConfig

# File 'lib/iam/models/ResourceWithPolicy.rb', line 86

def policy
  @policy ||= init_policy
end