Class: YleTfPlugins::AWSAssumeRole::Action

Inherits:

Object

• Object
• YleTfPlugins::AWSAssumeRole::Action

Defined in:

lib/yle_tf-aws_assume_role/action.rb

Instance Method Summary

• #assume_role(config, &block) ⇒ Object
• #assume_role?(config, env) ⇒ Boolean
• #call(env) ⇒ Object
• #initialize(app, **config) ⇒ Action constructor

  A new instance of Action.

Constructor Details

#initialize(app, **config) ⇒ Action

Returns a new instance of Action.

# File 'lib/yle_tf-aws_assume_role/action.rb', line 10

def initialize(app, **config)
  @app = app
  @action_config = config
end

Instance Method Details

#assume_role(config, &block) ⇒ Object

# File 'lib/yle_tf-aws_assume_role/action.rb', line 43

def assume_role(config, &block)
  account  = config[:account]
  role     = config[:role]
  duration = config[:duration]

  YleTf::Logger.debug("Assuming AWS IAM role '#{account}:#{role}'")
  ::Yle::AWS::Role.assume_role(account, role, duration, &block)
rescue ::Yle::AWS::Role::Errors::AssumeRoleError => e
  raise YleTf::Error, e, e.backtrace
end

#assume_role?(config, env) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/yle_tf-aws_assume_role/action.rb', line 30

def assume_role?(config, env)
  reason = if env[:aws_role_assumed]
             'AWS IAM role already assumed'
           elsif !config.assume_role?
             'Not assuming AWS IAM role'
           end

  return true if !reason

  YleTf::Logger.debug(reason)
  false
end

#call(env) ⇒ Object

# File 'lib/yle_tf-aws_assume_role/action.rb', line 15

def call(env)
  config = Config.new(@action_config, env[:config])

  if !assume_role?(config, env)
    @app.call(env)
    return
  end

  assume_role(config) do |role|
    env[:aws_role_assumed] = role
    @app.call(env)
    env[:aws_role_assumed] = nil
  end
end