class Conjur::Provisioner::AWS::CreateRole
Attributes
host_factory_token[RW]
Public Instance Methods
create_role()
click to toggle source
# File lib/conjur/provisioner/aws.rb, line 135 def create_role policy = { "Version" => "2012-10-17", "Statement" => [ { "Effect" => "Allow", "Principal" => { "Service" => "ec2.amazonaws.com" }, "Action" => "sts:AssumeRole" } ] } role_params = { role_name: role_name, assume_role_policy_document: JSON.pretty_generate(policy) } instance_profile_params = { instance_profile_name: role_name } role = aws_iam.client.create_role role_params instance_profile = aws_iam.client.create_instance_profile instance_profile_params aws_iam.client.add_role_to_instance_profile role_name: role_name, instance_profile_name: role_name aws_iam.client.put_role_policy role_name: role_name, policy_name: 'read-bootstrap-file', policy_document: JSON.pretty_generate({ "Statement" => [{ "Effect" => "Allow", "Action" => "s3:GetObject", "Resource" => ["arn:aws:s3:::#{bucket_name}/#{token_file_name}"] } ] }) end
create_s3_token_file()
click to toggle source
# File lib/conjur/provisioner/aws.rb, line 128 def create_s3_token_file bucket = aws_s3.buckets[bucket_name] bucket = aws_s3.buckets.create(bucket_name) unless bucket.exists? bucket.objects[token_file_name].write host_factory_token.token end
host_factory()
click to toggle source
# File lib/conjur/provisioner/aws.rb, line 124 def host_factory host_factory_token.host_factory end
perform()
click to toggle source
Creates an AWS
IAM Role corresponding to the Layer. The Role can be assumed by EC2 instances. Creates a system user (deputy) and adds it to the layer. In S3, a file is created with the identity of the system user, along with other information needed by Conjur
chef-solo. The file is in chef-solo JSON format. It will be used by the [conjur-client Upstart job](github.com/conjur-cookbooks/conjur-client/blob/master/templates/default/conjur-bootstrap.conf.erb) to finish the server configuration.
# File lib/conjur/provisioner/aws.rb, line 119 def perform create_role create_s3_token_file end
role_name()
click to toggle source
# File lib/conjur/provisioner/aws.rb, line 105 def role_name host_factory.id.parameterize end
token_file_name()
click to toggle source
# File lib/conjur/provisioner/aws.rb, line 109 def token_file_name host_factory.id.parameterize end
validate()
click to toggle source
Calls superclass method
Conjur::Provisioner::AWS::BucketHelper#validate
# File lib/conjur/provisioner/aws.rb, line 99 def validate super raise "host_factory_token is missing" unless host_factory_token end