class Cumulus::IAM::IamRoles
Public Class Methods
new(iam)
click to toggle source
Calls superclass method
Cumulus::IAM::IamResource::new
# File lib/iam/manager/IamRoles.rb, line 16 def initialize(iam) super(iam) @type = "role" @migration_dir = "roles" end
Public Instance Methods
aws_resources()
click to toggle source
# File lib/iam/manager/IamRoles.rb, line 34 def aws_resources @aws_roles ||= init_aws_roles end
create(difference)
click to toggle source
# File lib/iam/manager/IamRoles.rb, line 52 def create(difference) # create the role @iam.create_role({ :role_name => difference.local.name, :assume_role_policy_document => difference.local.policy_document }) role = Aws::IAM::Role.new(difference.local.name, { :client => @iam }) # try to create the instance profile, but if it already exists, just warn # the user begin @iam.create_instance_profile({ :instance_profile_name => difference.local.name }) rescue Aws::IAM::Errors::EntityAlreadyExists Colors.red("Instance profile already exists") end # assign the role to the instance profile instance_profile = Aws::IAM::InstanceProfile.new(difference.local.name, { :client => @iam }) instance_profile.add_role({ :role_name => difference.local.name }) role end
empty_config()
click to toggle source
# File lib/iam/manager/IamRoles.rb, line 91 def empty_config RoleConfig.new end
local_resources()
click to toggle source
# File lib/iam/manager/IamRoles.rb, line 22 def local_resources local = {} Loader.roles.each do |role| local[role.name] = role end local end
migrate_additional(configs_to_aws)
click to toggle source
# File lib/iam/manager/IamRoles.rb, line 95 def migrate_additional(configs_to_aws) policy_document_dir = "#{@migration_root}/#{@migration_dir}/policy-documents" if !Dir.exists?(policy_document_dir) Dir.mkdir(policy_document_dir) end unifier = AssumeRoleUnifier.new( policy_document_dir, &Proc.new { |c, v| c.policy_document = v } ) configs_to_aws.map do |config, resource| unifier.unify( config, URI.unescape(resource.assume_role_policy_document), config.name ) end end
one_local(name)
click to toggle source
# File lib/iam/manager/IamRoles.rb, line 30 def one_local(name) Loader.role(name) end
update(resource, diffs)
click to toggle source
Calls superclass method
Cumulus::IAM::IamResource#update
# File lib/iam/manager/IamRoles.rb, line 78 def update(resource, diffs) super(resource, diffs) diffs.each do |diff| if diff.type == IamChange::POLICY_DOC puts Colors.blue("updating assume role policy document...") resource.assume_role_policy.update({ policy_document: diff.local.policy_document }) end end end
Private Instance Methods
init_aws_roles()
click to toggle source
Internal: Load all the roles from AWS
Returns the Array of AWS roles
# File lib/iam/manager/IamRoles.rb, line 41 def init_aws_roles roles = AwsUtil.list_paged_results do |marker| response = @iam.list_roles(marker: marker) [response.roles, response.is_truncated, response.marker] end roles.map do |role| Aws::IAM::Role.new(role.role_name, { :client => @iam }) end end