Class: Sfn::Callback::StackPolicy

Inherits:

Sfn::Callback

• Object
• Sfn::Callback
• Sfn::Callback::StackPolicy

Defined in:

lib/sfn/callback/stack_policy.rb

Constant Summary

DEFENSELESS_POLICY =

Policy to apply prior to stack deletion

{
  'Statement' => [{
      'Effect' => 'Allow',
      'Action' => 'Update:*',
      'Resource' => '*',
      'Principal' => '*'
    }]
}

Instance Attribute Summary

• #policies ⇒ Smash readonly

  Cached policies.

Attributes inherited from Sfn::Callback

#config, #ui

Instance Method Summary

• #before_destroy(args) ⇒ Object

  Update all policies to allow resource destruction.

• #initialize(*args) ⇒ self constructor

  Overload to init policy cache.

• #save_stack_policy(p_stack) ⇒ NilClass

  Save the cached policy for the given stack.

• #submit_policy(args) ⇒ Object (also: #after_create, #after_update)

  Submit all cached policies.

• #template(info) ⇒ Object

  Generate stack policy for stack and cache for the after hook to handle.

Methods inherited from Sfn::Callback

#run_action

Constructor Details

#initialize(*args) ⇒ self

Overload to init policy cache

# File 'lib/sfn/callback/stack_policy.rb', line 23

def initialize(*args)
  super
  @policies = Smash.new
end

Instance Attribute Details

#policies ⇒ Smash (readonly)

Returns cached policies.

Returns:

• (Smash) —

  cached policies

# File 'lib/sfn/callback/stack_policy.rb', line 18

def policies
  @policies
end

Instance Method Details

#before_destroy(args) ⇒ Object

Update all policies to allow resource destruction

# File 'lib/sfn/callback/stack_policy.rb', line 45

def before_destroy(args)
  ui.warn 'All policies will be disabled for stack destruction!'
  ui.confirm 'Continue with stack destruction'
  stack = args[:api_stack]
  ([stack] + stack.nested_stacks).compact.each do |p_stack|
    @policies[p_stack.name] = DEFENSELESS_POLICY
    run_action "Disabling stack policy for #{ui.color(p_stack.name, :yellow)}" do
      save_stack_policy(p_stack)
    end
  end
  ui.warn "Policy modification for deletion not currently enabled!"
end

#save_stack_policy(p_stack) ⇒ NilClass

Save the cached policy for the given stack

Parameters:

• p_stack (Miasma::Models::Orchestration::Stack)

Returns:

• (NilClass)

# File 'lib/sfn/callback/stack_policy.rb', line 74

def save_stack_policy(p_stack)
  result = p_stack.api.request(
    :path => '/',
    :method => :post,
    :form => Smash.new(
      'Action' => 'SetStackPolicy',
      'StackName' => p_stack.id,
      'StackPolicyBody' => MultiJson.dump(
        @policies.fetch(p_stack.id,
          @policies.fetch(p_stack.data[:logical_id],
            @policies[p_stack.name]
          )
        )
      )
    )
  )
end

#submit_policy(args) ⇒ Object Also known as: after_create, after_update

Submit all cached policies

Parameters:

• args (Hash)

# File 'lib/sfn/callback/stack_policy.rb', line 31

def submit_policy(args)
  ui.info 'Submitting stack policy documents'
  stack = args[:api_stack]
  ([stack] + stack.nested_stacks).compact.each do |p_stack|
    run_action "Applying stack policy to #{ui.color(p_stack.name, :yellow)}" do
      save_stack_policy(p_stack)
    end
  end
  ui.info 'Stack policy documents successfully submitted!'
end

#template(info) ⇒ Object

Generate stack policy for stack and cache for the after hook to handle

Parameters:

• info (Hash)

# File 'lib/sfn/callback/stack_policy.rb', line 62

def template(info)
  if(info[:sparkle_stack])
    @policies.set(info[:stack_name],
      info[:sparkle_stack].generate_policy
    )
  end
end