class Cumulus::IAM::ResourceWithPolicy

Public: Represents a configuration for a resource that has attached policies. Lazily loads its static and template policies as needed. Is the base class for groups, roles, and users.

Additionally, exposes a constructor that takes no parameters. This parameter essentially creates an “empty resource”, which can then be filled and json configuration can be generated from the object. This is useful when migrating.

Attributes

attached_policies[RW]
inlines[R]
name[RW]
statics[R]
type[R]

Public Class Methods

new(name = nil, json = nil) click to toggle source

Public: Constructor.

name - the name of the resource json - a hash containing JSON configuration for this resource, if nil, this

resource will be an "empty resource"
# File lib/iam/models/ResourceWithPolicy.rb, line 32
def initialize(name = nil, json = nil)
  if !json.nil?
    @name = name
    @json = json
    @attached_policies = json["policies"]["attached"]
    @statics = json["policies"]["static"]
    @templates = json["policies"]["templates"]
    @inlines = json["policies"]["inlines"]
  else
    @name = nil
    @attached_policies = []
    @statics = []
    @templates = []
    @inlines = []
  end
end

Public Instance Methods

diff(aws_resource) click to toggle source

Public: Diff this resource with the resource from AWS

aws_resource - the Aws::IAM::* resource to compare against

Returns an array of IamDiff objects representing the differences

# File lib/iam/models/ResourceWithPolicy.rb, line 167
def diff(aws_resource)
  diffs = []

  aws_policies = Hash[aws_resource.policies.map { |p| [p.name, p] }]
  p = policy
  p.name = generated_policy_name

  # check if we've ever generated a policy for this resource
  if !aws_policies.key?(generated_policy_name) and !policy.empty?
    diffs << IamDiff.added_policy(generated_policy_name, p)
  end

  # loop through all the policies and look for changes
  aws_policies.each do |name, aws_policy|
    if name != generated_policy_name
      diffs << IamDiff.unmanaged_policy(name)
    else
      aws_statements = JSON.parse(URI.unescape(aws_policy.policy_document))["Statement"]
      local_statements = p.as_hash["Statement"]

      if aws_statements != local_statements
        diff = IamDiff.new(IamChange::POLICY, aws_statements, p)
        diff.policy_name = generated_policy_name
        diffs << diff
      end
    end
  end

  # look for changes in managed policies
  aws_arns = aws_resource.attached_policies.map { |a| a.arn }
  new_policies = @attached_policies.select { |local| !aws_arns.include?(local) }
  removed_policies = aws_arns.select { |aws| !@attached_policies.include?(aws) }
  if !new_policies.empty? or !removed_policies.empty?
    diffs << IamDiff.attached(new_policies, removed_policies)
  end

  diffs
end
generated_policy_name() click to toggle source

Public: Produce the name for the policy that will be generated for this resource.

Returns the String name

# File lib/iam/models/ResourceWithPolicy.rb, line 106
def generated_policy_name
  policy_prefix = Configuration.instance.iam.policy_prefix
  policy_suffix = Configuration.instance.iam.policy_suffix
  "#{policy_prefix}#{@name}#{policy_suffix}"
end
hash() click to toggle source

Public: Generate a hash that represents this config. This hash will be json serializable to Cumulus config format

Returns the hash

# File lib/iam/models/ResourceWithPolicy.rb, line 61
def hash
  {
    "name" => @name,
    "policies" => {
      "attached" => @attached_policies,
      "inlines" => @inlines.flatten,
      "static" => @statics,
      "templates" => @templates
    }
  }
end
json() click to toggle source

Public: Generate the JSON string to turn this object back into a Cumulus config file.

Returns the JSON string.

# File lib/iam/models/ResourceWithPolicy.rb, line 53
def json
  JSON.pretty_generate(hash)
end
policy() click to toggle source

Public: Lazily produce the inline policy document for this resource as a PolicyConfig. Includes the static and inline policies as well as applied templates.

Returns the policy for this resource as a PolicyConfig

# File lib/iam/models/ResourceWithPolicy.rb, line 78
def policy
  @policy ||= init_policy
end

Private Instance Methods

init_policy() click to toggle source

Internal: Produce the inline policy document for this resource as a PolicyConfig. Includes the static and inline policies as well as applied templates.

Returns the policy for this resource as a PolicyConfig

# File lib/iam/models/ResourceWithPolicy.rb, line 87
def init_policy
  policy = PolicyConfig.new
  static_statements.each do |statement|
    policy.add_statement(statement)
  end
  template_statements.each do |statement|
    policy.add_statement(statement)
  end
  inline_statements.each do |statement|
    policy.add_statement(statement)
  end
  policy
end
init_static_statements() click to toggle source

Internal: Load the static policies for this resource

Returns an Array of static policies as StatementConfig

# File lib/iam/models/ResourceWithPolicy.rb, line 123
def init_static_statements
  statements = []
  @statics.map do |name|
    statements << Loader.static_policy(name)
  end
  statements.flatten!
  statements
end
init_template_statements() click to toggle source

Internal: Load the template policies for this resource, applying template variables

Returns an Array of applied templates as StatementConfig objects

# File lib/iam/models/ResourceWithPolicy.rb, line 146
def init_template_statements
  @templates.map do |template|
    Loader.template_policy(template["template"], template["vars"])
  end.flatten
end
inline_statements() click to toggle source

Internal: Load the inline policies defined in the JSON config for this resource.

# File lib/iam/models/ResourceWithPolicy.rb, line 155
def inline_statements
  @inlines.map do |inline|
    StatementConfig.new(inline)
  end
end
static_statements() click to toggle source

Internal: Lazily load the static policies for this resource

Returns an Array of static policies as StatementConfig

# File lib/iam/models/ResourceWithPolicy.rb, line 115
def static_statements
  @static_statements ||= init_static_statements
end
template_statements() click to toggle source

Internal: Lazily load the template policies for this resource, applying template variables

Returns an Array of applied templates as StatementConfig objects

# File lib/iam/models/ResourceWithPolicy.rb, line 137
def template_statements
  @template_statements ||= init_template_statements
end