class Wonk::PolicyValidators::AwsEC2::HasRoleWithRule
Attributes
name[R]
Public Class Methods
new(parameters)
click to toggle source
# File lib/wonk/policy_validators/aws_ec2/has_role_with_rule.rb, line 9 def initialize(parameters) @name = Regexp.new(parameters[:name]) if parameters[:name] @iam_rsrc = Aws::IAM::Resource.new(region: Wonk.aws_region) end
Public Instance Methods
try_match(instance, identity)
click to toggle source
# File lib/wonk/policy_validators/aws_ec2/has_role_with_rule.rb, line 15 def try_match(instance, identity) if instance.iam_instance_profile.nil? RuleResult.new(successful: false) else instance_profile = @iam_rsrc.instance_profile(instance.iam_instance_profile.arn.split('/').last) roles = instance_profile.roles match_role = roles.map do |role| if @name.nil? [ role, true, {} ] else match = @name.match(role.name) if !match.nil? [ role, true, Hash[match.names.zip(match.captures)] ] else [ role, false, {} ] end end end.find { |rt| rt[1] == true } RuleResult.new(successful: !match_role.nil?, captures: match_role[2] || {}) end end