class Cumulus::IAM::IamRoles

Public: Manager class for IAM Roles.

Public Class Methods

new(iam) click to toggle source
Calls superclass method Cumulus::IAM::IamResource::new
# File lib/iam/manager/IamRoles.rb, line 16
def initialize(iam)
  super(iam)
  @type = "role"
  @migration_dir = "roles"
end

Public Instance Methods

aws_resources() click to toggle source
# File lib/iam/manager/IamRoles.rb, line 34
def aws_resources
  @aws_roles ||= init_aws_roles
end
create(difference) click to toggle source
# File lib/iam/manager/IamRoles.rb, line 52
def create(difference)
  # create the role
  @iam.create_role({
    :role_name => difference.local.name,
    :assume_role_policy_document => difference.local.policy_document
  })
  role = Aws::IAM::Role.new(difference.local.name, { :client => @iam })

  # try to create the instance profile, but if it already exists, just warn
  # the user
  begin
    @iam.create_instance_profile({
      :instance_profile_name => difference.local.name
    })
  rescue Aws::IAM::Errors::EntityAlreadyExists
    Colors.red("Instance profile already exists")
  end

  # assign the role to the instance profile
  instance_profile = Aws::IAM::InstanceProfile.new(difference.local.name, { :client => @iam })
  instance_profile.add_role({
    :role_name => difference.local.name
  })
  role
end
empty_config() click to toggle source
# File lib/iam/manager/IamRoles.rb, line 91
def empty_config
  RoleConfig.new
end
local_resources() click to toggle source
# File lib/iam/manager/IamRoles.rb, line 22
def local_resources
  local = {}
  Loader.roles.each do |role|
    local[role.name] = role
  end
  local
end
migrate_additional(configs_to_aws) click to toggle source
# File lib/iam/manager/IamRoles.rb, line 95
def migrate_additional(configs_to_aws)
  policy_document_dir = "#{@migration_root}/#{@migration_dir}/policy-documents"

  if !Dir.exists?(policy_document_dir)
    Dir.mkdir(policy_document_dir)
  end

  unifier = AssumeRoleUnifier.new(
    policy_document_dir,
    &Proc.new { |c, v| c.policy_document = v }
  )
  configs_to_aws.map do |config, resource|
    unifier.unify(
      config,
      URI.unescape(resource.assume_role_policy_document),
      config.name
    )
  end
end
one_local(name) click to toggle source
# File lib/iam/manager/IamRoles.rb, line 30
def one_local(name)
  Loader.role(name)
end
update(resource, diffs) click to toggle source
Calls superclass method Cumulus::IAM::IamResource#update
# File lib/iam/manager/IamRoles.rb, line 78
def update(resource, diffs)
  super(resource, diffs)

  diffs.each do |diff|
    if diff.type == IamChange::POLICY_DOC
      puts Colors.blue("updating assume role policy document...")
      resource.assume_role_policy.update({
        policy_document: diff.local.policy_document
      })
    end
  end
end

Private Instance Methods

init_aws_roles() click to toggle source

Internal: Load all the roles from AWS

Returns the Array of AWS roles

# File lib/iam/manager/IamRoles.rb, line 41
def init_aws_roles
  roles = AwsUtil.list_paged_results do |marker|
    response = @iam.list_roles(marker: marker)
    [response.roles, response.is_truncated, response.marker]
  end
  roles.map do |role|
    Aws::IAM::Role.new(role.role_name, { :client => @iam })
  end
end