class StackMaster::RoleAssumer

Constants

BlockNotSpecified

Public Class Methods

new() click to toggle source
# File lib/stack_master/role_assumer.rb, line 7
def initialize
  @credentials = {}
end

Public Instance Methods

assume_role(account, role, &block) click to toggle source
# File lib/stack_master/role_assumer.rb, line 11
def assume_role(account, role, &block)
  raise BlockNotSpecified unless block_given?
  raise ArgumentError, "Both 'account' and 'role' are required to assume a role" if account.nil? || role.nil?

  role_credentials = assume_role_credentials(account, role)
  with_temporary_credentials(role_credentials) do
    with_temporary_cf_driver do
      block.call
    end
  end
end

Private Instance Methods

assume_role_credentials(account, role) click to toggle source
# File lib/stack_master/role_assumer.rb, line 44
def assume_role_credentials(account, role)
  credentials_key = "#{account}:#{role}"
  @credentials.fetch(credentials_key) do
    @credentials[credentials_key] = Aws::AssumeRoleCredentials.new(
      region: StackMaster.cloud_formation_driver.region,
      role_arn: "arn:aws:iam::#{account}:role/#{role}",
      role_session_name: "stack-master-role-assumer"
    )
  end
end
with_temporary_cf_driver(&block) click to toggle source
# File lib/stack_master/role_assumer.rb, line 34
def with_temporary_cf_driver(&block)
  original_driver = StackMaster.cloud_formation_driver
  new_driver = original_driver.class.new
  new_driver.set_region(original_driver.region)
  StackMaster.cloud_formation_driver = new_driver
  block.call
ensure
  StackMaster.cloud_formation_driver = original_driver
end
with_temporary_credentials(credentials, &block) click to toggle source
# File lib/stack_master/role_assumer.rb, line 25
def with_temporary_credentials(credentials, &block)
  original_aws_config = Aws.config
  Aws.config = original_aws_config.deep_dup
  Aws.config[:credentials] = credentials
  block.call
ensure
  Aws.config = original_aws_config
end