Class: Yle::AWS::Role

Inherits:

Object

Object
Yle::AWS::Role

show all

Defined in:: lib/yle/aws/role.rb,
lib/yle/aws/role/cli.rb,
lib/yle/aws/role/config.rb,
lib/yle/aws/role/errors.rb,
lib/yle/aws/role/version.rb,
lib/yle/aws/role/accounts.rb

Defined Under Namespace

Modules: Errors Classes: AccountAlias, Accounts, Cli, Config

Constant Summary collapse

DEFAULT_DURATION = Default duration in seconds when assuming a role

VERSION =

'2.0.1'.freeze

Instance Attribute Summary collapse

#account ⇒ Object readonly

Returns the value of attribute account.
#credentials ⇒ Object readonly

Returns the value of attribute credentials.
#role_name ⇒ Object readonly

Returns the value of attribute role_name.

Class Method Summary collapse

Instance Method Summary collapse

#current_user ⇒ Object
#env_vars ⇒ Object
#export_env_vars(vars) ⇒ Object
#initialize(account_alias, role_name = nil, duration = nil) ⇒ Role constructor

A new instance of Role.
#name ⇒ Object
#print_env_vars ⇒ Object
#role_arn ⇒ Object
#session_name ⇒ Object
#with_env ⇒ Object

Constructor Details

#initialize(account_alias, role_name = nil, duration = nil) ⇒ `Role`

Returns a new instance of Role.

# File 'lib/yle/aws/role.rb', line 44

def initialize(account_alias, role_name = nil, duration = nil)
  @account = account_alias
  @role_name = role_name || Role.default_role_name
  duration ||= Role.default_duration

  raise Errors::AssumeRoleError, 'Role name not specified' if !@role_name

  @credentials = Aws::AssumeRoleCredentials.new(
    role_arn: role_arn,
    role_session_name: session_name,
    duration_seconds: duration
  ).credentials
rescue Aws::STS::Errors::ServiceError,
       Aws::Errors::MissingCredentialsError => e
  raise Errors::AssumeRoleError, "Failed to assume role #{role_arn}: #{e}"
end

Instance Attribute Details

#account ⇒ `Object` (readonly)

Returns the value of attribute account.



42
43
44

# File 'lib/yle/aws/role.rb', line 42

def account
  @account
end

#credentials ⇒ `Object` (readonly)

Returns the value of attribute credentials.



42
43
44

# File 'lib/yle/aws/role.rb', line 42

def credentials
  @credentials
end

#role_name ⇒ `Object` (readonly)

Returns the value of attribute role_name.



42
43
44

# File 'lib/yle/aws/role.rb', line 42

def role_name
  @role_name
end

Class Method Details

.accounts ⇒ `Object`



30
31
32

# File 'lib/yle/aws/role.rb', line 30

def self.accounts
  @accounts ||= Accounts.new(config['accounts'])
end

.assume_role(account_name, role_name = nil, duration = nil) ⇒ `Object`

# File 'lib/yle/aws/role.rb', line 15

def self.assume_role(account_name, role_name = nil, duration = nil)
  account_alias = accounts.find(account_name)
  if !account_alias
    raise Errors::AccountNotFoundError, "No account found for '#{account_name}'"
  end

  role = Role.new(account_alias, role_name, duration)
  role.with_env { yield role } if block_given?
  role
end

.config ⇒ `Object`



26
27
28

# File 'lib/yle/aws/role.rb', line 26

def self.config
  @config ||= Config.load
end

.default_duration ⇒ `Object`



38
39
40

# File 'lib/yle/aws/role.rb', line 38

def self.default_duration
  config['defaults']['duration'] || DEFAULT_DURATION
end

.default_role_name ⇒ `Object`



34
35
36

# File 'lib/yle/aws/role.rb', line 34

def self.default_role_name
  config['defaults']['role']
end

Instance Method Details

#current_user ⇒ `Object`



112
113
114

# File 'lib/yle/aws/role.rb', line 112

def current_user
  ENV['USER'] || ENV['USERNAME'] || 'unknown'
end

#env_vars ⇒ `Object`

# File 'lib/yle/aws/role.rb', line 76

def env_vars
  {
    'AWS_ACCESS_KEY_ID'     => credentials.access_key_id,
    'AWS_SECRET_ACCESS_KEY' => credentials.secret_access_key,
    'AWS_SESSION_TOKEN'     => credentials.session_token,
    'ASU_CURRENT_PROFILE'   => name
  }
end

#export_env_vars(vars) ⇒ `Object`

# File 'lib/yle/aws/role.rb', line 85

def export_env_vars(vars)
  old_env = {}
  vars.each do |key, value|
    old_env[key] = ENV[key]
    ENV[key] = value
  end
  old_env
end

#name ⇒ `Object`



100
101
102

# File 'lib/yle/aws/role.rb', line 100

def name
  "#{account.name}:#{role_name}"
end

#print_env_vars ⇒ `Object`

# File 'lib/yle/aws/role.rb', line 94

def print_env_vars
  env_vars.each do |key, value|
    puts "export #{key}=#{Shellwords.escape(value)}"
  end
end

#role_arn ⇒ `Object`



104
105
106

# File 'lib/yle/aws/role.rb', line 104

def role_arn
  "arn:aws:iam::#{account.id}:role/#{role_name}"
end

#session_name ⇒ `Object`



108
109
110

# File 'lib/yle/aws/role.rb', line 108

def session_name
  "#{current_user}-#{Time.now.to_i}"
end

#with_env ⇒ `Object`

# File 'lib/yle/aws/role.rb', line 61

def with_env
  old_env = export_env_vars(env_vars)
  old_credentials = Aws.config[:credentials]
  Aws.config.update(credentials: credentials)

  yield

  if old_credentials
    Aws.config.update(credentials: old_credentials)
  else
    Aws.config.delete(:credentials)
  end
  export_env_vars(old_env)
end

Class: Yle::AWS::Role

Defined Under Namespace

Constant Summary collapse

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(account_alias, role_name = nil, duration = nil) ⇒ Role

Instance Attribute Details

#account ⇒ Object (readonly)

#credentials ⇒ Object (readonly)

#role_name ⇒ Object (readonly)

Class Method Details

.accounts ⇒ Object

.assume_role(account_name, role_name = nil, duration = nil) ⇒ Object

.config ⇒ Object

.default_duration ⇒ Object

.default_role_name ⇒ Object

Instance Method Details

#current_user ⇒ Object

#env_vars ⇒ Object

#export_env_vars(vars) ⇒ Object

#name ⇒ Object

#print_env_vars ⇒ Object

#role_arn ⇒ Object

#session_name ⇒ Object

#with_env ⇒ Object