Class: Yle::AWS::Role

Inherits:
Object
  • Object
show all
Defined in:
lib/yle/aws/role.rb,
lib/yle/aws/role/cli.rb,
lib/yle/aws/role/config.rb,
lib/yle/aws/role/errors.rb,
lib/yle/aws/role/version.rb,
lib/yle/aws/role/accounts.rb

Defined Under Namespace

Modules: Errors Classes: AccountAlias, Accounts, Cli, Config

Constant Summary collapse

DEFAULT_DURATION =

Default duration in seconds when assuming a role

900
VERSION = 
'1.0.1'.freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(account_alias, role_name, duration = nil) ⇒ Role

Returns a new instance of Role.



36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/yle/aws/role.rb', line 36

def initialize(, role_name, duration = nil)
  @account = 
  @role_name = role_name

  @credentials = Aws::AssumeRoleCredentials.new(
    role_arn: role_arn,
    role_session_name: session_name,
    duration_seconds: duration || DEFAULT_DURATION
  ).credentials
rescue Aws::STS::Errors::ServiceError,
  Aws::Errors::MissingCredentialsError => e
  raise Errors::AssumeRoleError, "Failed to assume role #{role_arn}: #{e}"
end

Instance Attribute Details

#accountObject (readonly)

Returns the value of attribute account.



34
35
36
 
# File 'lib/yle/aws/role.rb', line 34

def 
  @account
end

#credentialsObject (readonly)

Returns the value of attribute credentials.



34
35
36
 
# File 'lib/yle/aws/role.rb', line 34

def credentials
  @credentials
end

#role_nameObject (readonly)

Returns the value of attribute role_name.



34
35
36
 
# File 'lib/yle/aws/role.rb', line 34

def role_name
  @role_name
end

Class Method Details

.accountsObject 



30
31
32
 
# File 'lib/yle/aws/role.rb', line 30

def self.accounts
  @accounts ||= Accounts.new(config['accounts'])
end

.assume_role(account_name, role_name, duration = nil) ⇒ Object 



15
16
17
18
19
20
21
22
23
24
 
# File 'lib/yle/aws/role.rb', line 15

def self.assume_role(, role_name, duration = nil)
   = accounts.find()
  if !
    raise Errors::AccountNotFoundError, "No account found for '#{account_name}'"
  end

  role = Role.new(, role_name, duration)
  role.with_env { yield role } if block_given?
  role
end

.configObject 



26
27
28
 
# File 'lib/yle/aws/role.rb', line 26

def self.config
  @config ||= Config.load
end

Instance Method Details

#current_userObject 



101
102
103
 
# File 'lib/yle/aws/role.rb', line 101

def current_user
  ENV['USER'] || ENV['USERNAME'] || 'unknown'
end

#env_varsObject 



65
66
67
68
69
70
71
72
 
# File 'lib/yle/aws/role.rb', line 65

def env_vars
  {
    'AWS_ACCESS_KEY_ID'     => credentials.access_key_id,
    'AWS_SECRET_ACCESS_KEY' => credentials.secret_access_key,
    'AWS_SESSION_TOKEN'     => credentials.session_token,
    'ASU_CURRENT_PROFILE'   => name
  }
end

#nameObject 



89
90
91
 
# File 'lib/yle/aws/role.rb', line 89

def name
  "#{account.name}:#{role_name}"
end

#print_env_varsObject 



83
84
85
86
87
 
# File 'lib/yle/aws/role.rb', line 83

def print_env_vars
  env_vars.each do |key, value|
    puts "export #{key}=#{Shellwords.escape(value)}"
  end
end

#role_arnObject 



93
94
95
 
# File 'lib/yle/aws/role.rb', line 93

def role_arn
  "arn:aws:iam::#{account.id}:role/#{role_name}"
end

#session_nameObject 



97
98
99
 
# File 'lib/yle/aws/role.rb', line 97

def session_name
  "#{current_user}-#{Time.now.to_i}"
end

#set_env_vars(vars) ⇒ Object 



74
75
76
77
78
79
80
81
 
# File 'lib/yle/aws/role.rb', line 74

def set_env_vars(vars)
  old_env = {}
  vars.each do |key, value|
    old_env[key] = ENV[key]
    ENV[key] = value
  end
  old_env
end

#with_envObject 



50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/yle/aws/role.rb', line 50

def with_env
  old_env = set_env_vars(env_vars)
  old_credentials = Aws.config[:credentials]
  Aws.config.update(credentials: credentials)

  yield

  if old_credentials
    Aws.config.update(credentials: old_credentials)
  else
    Aws.config.delete(:credentials)
  end
  set_env_vars(old_env)
end