Class: Cumulus::IAM::ResourceWithPolicy
- Inherits:
-
Object
- Object
- Cumulus::IAM::ResourceWithPolicy
- Defined in:
- lib/iam/models/ResourceWithPolicy.rb
Overview
Public: Represents a configuration for a resource that has attached policies. Lazily loads its static and template policies as needed. Is the base class for groups, roles, and users.
Additionally, exposes a constructor that takes no parameters. This parameter essentially creates an “empty resource”, which can then be filled and json configuration can be generated from the object. This is useful when migrating.
Direct Known Subclasses
Instance Attribute Summary collapse
-
#attached_policies ⇒ Object
Returns the value of attribute attached_policies.
-
#inlines ⇒ Object
readonly
Returns the value of attribute inlines.
-
#name ⇒ Object
Returns the value of attribute name.
-
#statics ⇒ Object
readonly
Returns the value of attribute statics.
-
#type ⇒ Object
readonly
Returns the value of attribute type.
Instance Method Summary collapse
-
#diff(aws_resource) ⇒ Object
Public: Diff this resource with the resource from AWS.
-
#generated_policy_name ⇒ Object
Public: Produce the name for the policy that will be generated for this resource.
-
#hash ⇒ Object
Public: Generate a hash that represents this config.
-
#initialize(name = nil, json = nil) ⇒ ResourceWithPolicy
constructor
Public: Constructor.
-
#json ⇒ Object
Public: Generate the JSON string to turn this object back into a Cumulus config file.
-
#policy ⇒ Object
Public: Lazily produce the inline policy document for this resource as a PolicyConfig.
Constructor Details
#initialize(name = nil, json = nil) ⇒ ResourceWithPolicy
Public: Constructor.
name - the name of the resource json - a hash containing JSON configuration for this resource, if nil, this
resource will be an "empty resource"
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/iam/models/ResourceWithPolicy.rb', line 40 def initialize(name = nil, json = nil) if !json.nil? @name = name @json = json @attached_policies = json["policies"]["attached"] || [] @statics = json["policies"]["static"] || [] @templates = json["policies"]["templates"] || [] @inlines = json["policies"]["inlines"] || [] else @name = nil @attached_policies = [] @statics = [] @templates = [] @inlines = [] end end |
Instance Attribute Details
#attached_policies ⇒ Object
Returns the value of attribute attached_policies.
29 30 31 |
# File 'lib/iam/models/ResourceWithPolicy.rb', line 29 def attached_policies @attached_policies end |
#inlines ⇒ Object (readonly)
Returns the value of attribute inlines.
31 32 33 |
# File 'lib/iam/models/ResourceWithPolicy.rb', line 31 def inlines @inlines end |
#name ⇒ Object
Returns the value of attribute name.
30 31 32 |
# File 'lib/iam/models/ResourceWithPolicy.rb', line 30 def name @name end |
#statics ⇒ Object (readonly)
Returns the value of attribute statics.
32 33 34 |
# File 'lib/iam/models/ResourceWithPolicy.rb', line 32 def statics @statics end |
#type ⇒ Object (readonly)
Returns the value of attribute type.
33 34 35 |
# File 'lib/iam/models/ResourceWithPolicy.rb', line 33 def type @type end |
Instance Method Details
#diff(aws_resource) ⇒ Object
Public: Diff this resource with the resource from AWS
aws_resource - the Aws::IAM::* resource to compare against
Returns an array of IamDiff objects representing the differences
175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 |
# File 'lib/iam/models/ResourceWithPolicy.rb', line 175 def diff(aws_resource) diffs = [] aws_policies = Hash[aws_resource.policies.map do |policy| [policy.name, policy.as_hash] end] p = policy p.name = generated_policy_name # check if we've ever generated a policy for this resource if !aws_policies.key?(generated_policy_name) and !policy.empty? diffs << IamDiff.added_policy(generated_policy_name, p) end # loop through all the policies and look for changes aws_policies.each do |name, aws_policy| if name != generated_policy_name diffs << IamDiff.unmanaged_policy(name) else aws_statements = aws_policy["Statement"] local_statements = p.as_hash["Statement"] if aws_statements != local_statements diff = IamDiff.new(IamChange::POLICY, aws_statements, p) diff.policy_name = generated_policy_name diffs << diff end end end # look for changes in managed policies aws_arns = aws_resource.attached_policies.map { |a| a.arn } new_policies = @attached_policies.select { |local| !aws_arns.include?(local) } removed_policies = aws_arns.select { |aws| !@attached_policies.include?(aws) } if !new_policies.empty? or !removed_policies.empty? diffs << IamDiff.attached(new_policies, removed_policies) end diffs end |
#generated_policy_name ⇒ Object
Public: Produce the name for the policy that will be generated for this resource.
Returns the String name
114 115 116 117 118 |
# File 'lib/iam/models/ResourceWithPolicy.rb', line 114 def generated_policy_name policy_prefix = Configuration.instance.iam.policy_prefix policy_suffix = Configuration.instance.iam.policy_suffix "#{policy_prefix}#{@name}#{policy_suffix}" end |
#hash ⇒ Object
Public: Generate a hash that represents this config. This hash will be json serializable to Cumulus config format
Returns the hash
69 70 71 72 73 74 75 76 77 78 79 |
# File 'lib/iam/models/ResourceWithPolicy.rb', line 69 def hash { "name" => @name, "policies" => { "attached" => @attached_policies, "inlines" => @inlines.flatten, "static" => @statics, "templates" => @templates } } end |
#json ⇒ Object
Public: Generate the JSON string to turn this object back into a Cumulus config file.
Returns the JSON string.
61 62 63 |
# File 'lib/iam/models/ResourceWithPolicy.rb', line 61 def json JSON.pretty_generate(hash) end |
#policy ⇒ Object
Public: Lazily produce the inline policy document for this resource as a PolicyConfig. Includes the static and inline policies as well as applied templates.
Returns the policy for this resource as a PolicyConfig
86 87 88 |
# File 'lib/iam/models/ResourceWithPolicy.rb', line 86 def policy @policy ||= init_policy end |