Class: Ufo::IamRole::Builder

Inherits:

Object

• Object
• Ufo::IamRole::Builder

Defined in:

lib/ufo/iam_role/builder.rb

Instance Method Summary

• #build ⇒ Object
• #build? ⇒ Boolean
• #initialize(role_type) ⇒ Builder constructor

  A new instance of Builder.

• #managed_policy_arns ⇒ Object
• #policies ⇒ Object
• #resource(policies, managed_policy_arns) ⇒ Object

Constructor Details

#initialize(role_type) ⇒ Builder

Returns a new instance of Builder.

# File 'lib/ufo/iam_role/builder.rb', line 3

def initialize(role_type)
  @role_type = role_type
end

Instance Method Details

#build ⇒ Object

# File 'lib/ufo/iam_role/builder.rb', line 7

def build
  resource(policies, managed_policy_arns)
end

#build? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ufo/iam_role/builder.rb', line 11

def build?
  !!(policies || managed_policy_arns)
end

#managed_policy_arns ⇒ Object

# File 'lib/ufo/iam_role/builder.rb', line 31

def managed_policy_arns
  items = Registry.managed_policies[@role_type] # Array of Arrays
  return unless items && !items.empty?

  items.map do |item|
    item.include?('iam::aws:policy') ? item : "arn:aws:iam::aws:policy/#{item}"
  end
end

#policies ⇒ Object

# File 'lib/ufo/iam_role/builder.rb', line 15

def policies
  items = Registry.policies[@role_type] # Array of Arrays
  return unless items && !items.empty?

  items.map do |item|
    policy_name, statements = item # first element has policy name, second element has statements
    {
      PolicyName: policy_name,
      PolicyDocument: {
        Version: "2012-10-17",
        Statement: statements
      }
    }
  end
end

#resource(policies, managed_policy_arns) ⇒ Object

# File 'lib/ufo/iam_role/builder.rb', line 40

def resource(policies, managed_policy_arns)
  properties = {
    AssumeRolePolicyDocument: {
      Version: "2012-10-17",
      Statement: [
        {
          Effect: "Allow",
          Principal: {
            Service: "ecs-tasks.amazonaws.com"
          },
          Action: "sts:AssumeRole"
        }
      ]
    },
  }
  properties[:Policies] = policies if policies
  properties[:ManagedPolicyArns] = managed_policy_arns if managed_policy_arns

  attrs = {
    Type: "AWS::IAM::Role",
    Properties: properties
  }

  attrs.deep_stringify_keys
end