class Wonk::PolicyValidators::AwsEC2::HasRoleWithRule

Attributes

name[R]

Public Class Methods

new(parameters) click to toggle source
# File lib/wonk/policy_validators/aws_ec2/has_role_with_rule.rb, line 9
def initialize(parameters)
  @name = Regexp.new(parameters[:name]) if parameters[:name]

  @iam_rsrc = Aws::IAM::Resource.new(region: Wonk.aws_region)
end

Public Instance Methods

try_match(instance, identity) click to toggle source
# File lib/wonk/policy_validators/aws_ec2/has_role_with_rule.rb, line 15
def try_match(instance, identity)
  if instance.iam_instance_profile.nil?
    RuleResult.new(successful: false)
  else
    instance_profile =
      @iam_rsrc.instance_profile(instance.iam_instance_profile.arn.split('/').last)

    roles = instance_profile.roles

    match_role = roles.map do |role|
      if @name.nil?
        [ role, true, {} ]
      else
        match = @name.match(role.name)

        if !match.nil?
          [ role, true, Hash[match.names.zip(match.captures)] ]
        else
          [ role, false, {} ]
        end
      end
    end.find { |rt| rt[1] == true }

    RuleResult.new(successful: !match_role.nil?,
                   captures: match_role[2] || {})
  end
end