class Chef::Provider::AwsIamRole
Public Instance Methods
action_create()
click to toggle source
Calls superclass method
# File lib/chef/provider/aws_iam_role.rb, line 15 def action_create role = super update_inline_policy(role) unless new_resource.inline_policies.nil? end
iam_client()
click to toggle source
# File lib/chef/provider/aws_iam_role.rb, line 7 def iam_client new_resource.driver.iam_client end
iam_resource()
click to toggle source
# File lib/chef/provider/aws_iam_role.rb, line 11 def iam_resource new_resource.driver.iam_resource end
Protected Instance Methods
create_aws_object()
click to toggle source
# File lib/chef/provider/aws_iam_role.rb, line 23 def create_aws_object converge_by "create IAM Role #{new_resource.name}" do iam_resource.create_role( path: new_resource.path, role_name: new_resource.name, assume_role_policy_document: new_resource.assume_role_policy_document ) end iam_resource.role(new_resource.name) end
destroy_aws_object(role)
click to toggle source
# File lib/chef/provider/aws_iam_role.rb, line 48 def destroy_aws_object(role) converge_by "delete IAM Role #{role.name}" do role.instance_profiles.each do |profile| profile.remove_role(role_name: role.name) end role.policies.each do |policy| converge_by "delete IAM Role inline policy #{policy.name}" do policy.delete end end role.delete end end
update_aws_object(role)
click to toggle source
# File lib/chef/provider/aws_iam_role.rb, line 34 def update_aws_object(role) if new_resource.path && new_resource.path != role.path raise "Path of IAM Role #{new_resource.name} is #{role.path}, but desired path is #{new_resource.path}. IAM Role paths cannot be updated!" end if new_resource.assume_role_policy_document && policy_update_required?(role.assume_role_policy_document, new_resource.assume_role_policy_document) converge_by "update IAM Role #{role.name} assume_role_policy_document" do iam_client.update_assume_role_policy( role_name: new_resource.name, policy_document: new_resource.assume_role_policy_document ) end end end
Private Instance Methods
policy_update_required?(current_policy, desired_policy)
click to toggle source
# File lib/chef/provider/aws_iam_role.rb, line 91 def policy_update_required?(current_policy, desired_policy) # We parse the JSON into a hash to get rid of whitespace and ordering issues Chef::JSONCompat.parse(URI.decode(current_policy)) != Chef::JSONCompat.parse(desired_policy) end
update_inline_policy(role)
click to toggle source
# File lib/chef/provider/aws_iam_role.rb, line 64 def update_inline_policy(role) desired_inline_policies = Hash[new_resource.inline_policies.map { |k, v| [k.to_s, v] }] current_inline_policies = Hash[role.policies.map { |p| [p.name, p.policy_document] }] policies_to_put = desired_inline_policies.reject { |k, v| current_inline_policies[k] && !policy_update_required?(current_inline_policies[k], v) } policies_to_delete = current_inline_policies.keys - desired_inline_policies.keys policies_to_put.each do |policy_name, policy| converge_by "Adding or updating inline Role policy #{policy_name}" do iam_client.put_role_policy( role_name: role.name, policy_name: policy_name, policy_document: policy ) end end policies_to_delete.each do |policy_name| converge_by "Deleting inline Role policy #{policy_name}" do iam_client.delete_role_policy( role_name: role.name, policy_name: policy_name ) end end end