class Ufo::Role::Builder
Public Class Methods
new(role_type)
click to toggle source
# File lib/ufo/role/builder.rb, line 3 def initialize(role_type) @role_type = role_type end
Public Instance Methods
build()
click to toggle source
# File lib/ufo/role/builder.rb, line 7 def build resource(policies, managed_policy_arns) end
build?()
click to toggle source
# File lib/ufo/role/builder.rb, line 11 def build? !!(policies || managed_policy_arns) end
managed_policy_arns()
click to toggle source
# File lib/ufo/role/builder.rb, line 31 def managed_policy_arns items = Registry.managed_policies[@role_type] # Array of Arrays return unless items && !items.empty? items.map do |item| item.include?('iam::aws:policy') ? item : "arn:aws:iam::aws:policy/#{item}" end end
policies()
click to toggle source
# File lib/ufo/role/builder.rb, line 15 def policies items = Registry.policies[@role_type] # Array of Arrays return unless items && !items.empty? items.map do |item| policy_name, statements = item # first element has policy name, second element has statements { PolicyName: policy_name, PolicyDocument: { Version: "2012-10-17", Statement: statements } } end end
resource(policies, managed_policy_arns)
click to toggle source
# File lib/ufo/role/builder.rb, line 40 def resource(policies, managed_policy_arns) properties = { AssumeRolePolicyDocument: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Principal: { Service: "ecs-tasks.amazonaws.com" }, Action: "sts:AssumeRole" } ] }, } properties[:Policies] = policies if policies properties[:ManagedPolicyArns] = managed_policy_arns if managed_policy_arns attrs = { Type: "AWS::IAM::Role", Properties: properties } attrs.deep_stringify_keys end