Class: Yle::AWS::Role
- Inherits:
-
Object
show all
- Defined in:
- lib/yle/aws/role.rb,
lib/yle/aws/role/cli.rb,
lib/yle/aws/role/config.rb,
lib/yle/aws/role/errors.rb,
lib/yle/aws/role/version.rb,
lib/yle/aws/role/accounts.rb
Defined Under Namespace
Modules: Errors
Classes: AccountAlias, Accounts, Cli, Config
Constant Summary
collapse
- DEFAULT_DURATION =
Default duration in seconds when assuming a role
900
- VERSION =
'2.0.1'.freeze
Instance Attribute Summary collapse
Class Method Summary
collapse
Instance Method Summary
collapse
Constructor Details
#initialize(account_alias, role_name = nil, duration = nil) ⇒ Role
Returns a new instance of Role.
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
# File 'lib/yle/aws/role.rb', line 44
def initialize(account_alias, role_name = nil, duration = nil)
@account = account_alias
@role_name = role_name || Role.default_role_name
duration ||= Role.default_duration
raise Errors::AssumeRoleError, 'Role name not specified' if !@role_name
@credentials = Aws::AssumeRoleCredentials.new(
role_arn: role_arn,
role_session_name: session_name,
duration_seconds: duration
).credentials
rescue Aws::STS::Errors::ServiceError,
Aws::Errors::MissingCredentialsError => e
raise Errors::AssumeRoleError, "Failed to assume role #{role_arn}: #{e}"
end
|
Instance Attribute Details
#account ⇒ Object
Returns the value of attribute account.
42
43
44
|
# File 'lib/yle/aws/role.rb', line 42
def account
@account
end
|
#credentials ⇒ Object
Returns the value of attribute credentials.
42
43
44
|
# File 'lib/yle/aws/role.rb', line 42
def credentials
@credentials
end
|
#role_name ⇒ Object
Returns the value of attribute role_name.
42
43
44
|
# File 'lib/yle/aws/role.rb', line 42
def role_name
@role_name
end
|
Class Method Details
.accounts ⇒ Object
30
31
32
|
# File 'lib/yle/aws/role.rb', line 30
def self.accounts
@accounts ||= Accounts.new(config['accounts'])
end
|
.assume_role(account_name, role_name = nil, duration = nil) ⇒ Object
15
16
17
18
19
20
21
22
23
24
|
# File 'lib/yle/aws/role.rb', line 15
def self.assume_role(account_name, role_name = nil, duration = nil)
account_alias = accounts.find(account_name)
if !account_alias
raise Errors::AccountNotFoundError, "No account found for '#{account_name}'"
end
role = Role.new(account_alias, role_name, duration)
role.with_env { yield role } if block_given?
role
end
|
.config ⇒ Object
26
27
28
|
# File 'lib/yle/aws/role.rb', line 26
def self.config
@config ||= Config.load
end
|
.default_duration ⇒ Object
38
39
40
|
# File 'lib/yle/aws/role.rb', line 38
def self.default_duration
config['defaults']['duration'] || DEFAULT_DURATION
end
|
.default_role_name ⇒ Object
34
35
36
|
# File 'lib/yle/aws/role.rb', line 34
def self.default_role_name
config['defaults']['role']
end
|
Instance Method Details
#current_user ⇒ Object
112
113
114
|
# File 'lib/yle/aws/role.rb', line 112
def current_user
ENV['USER'] || ENV['USERNAME'] || 'unknown'
end
|
#env_vars ⇒ Object
76
77
78
79
80
81
82
83
|
# File 'lib/yle/aws/role.rb', line 76
def env_vars
{
'AWS_ACCESS_KEY_ID' => credentials.access_key_id,
'AWS_SECRET_ACCESS_KEY' => credentials.secret_access_key,
'AWS_SESSION_TOKEN' => credentials.session_token,
'ASU_CURRENT_PROFILE' => name
}
end
|
#export_env_vars(vars) ⇒ Object
85
86
87
88
89
90
91
92
|
# File 'lib/yle/aws/role.rb', line 85
def export_env_vars(vars)
old_env = {}
vars.each do |key, value|
old_env[key] = ENV[key]
ENV[key] = value
end
old_env
end
|
#name ⇒ Object
100
101
102
|
# File 'lib/yle/aws/role.rb', line 100
def name
"#{account.name}:#{role_name}"
end
|
#print_env_vars ⇒ Object
94
95
96
97
98
|
# File 'lib/yle/aws/role.rb', line 94
def print_env_vars
env_vars.each do |key, value|
puts "export #{key}=#{Shellwords.escape(value)}"
end
end
|
#role_arn ⇒ Object
104
105
106
|
# File 'lib/yle/aws/role.rb', line 104
def role_arn
"arn:aws:iam::#{account.id}:role/#{role_name}"
end
|
#session_name ⇒ Object
108
109
110
|
# File 'lib/yle/aws/role.rb', line 108
def session_name
"#{current_user}-#{Time.now.to_i}"
end
|
#with_env ⇒ Object
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
# File 'lib/yle/aws/role.rb', line 61
def with_env
old_env = export_env_vars(env_vars)
old_credentials = Aws.config[:credentials]
Aws.config.update(credentials: credentials)
yield
if old_credentials
Aws.config.update(credentials: old_credentials)
else
Aws.config.delete(:credentials)
end
export_env_vars(old_env)
end
|