Class: Formatron::CloudFormation::Template::VPC::Subnet::Instance::Policy

Inherits:
Object
  • Object
show all
Defined in:
lib/formatron/cloud_formation/template/vpc/subnet/instance/policy.rb

Overview

generates CloudFormation policy resource

Constant Summary collapse

POLICY_PREFIX = 
'policy'

Instance Method Summary collapse

Constructor Details

#initialize(policy:, instance_guid:, kms_key:, bucket:, name:, target:) ⇒ Policy

rubocop:disable Metrics/MethodLength rubocop:disable Metrics/ParameterLists



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/formatron/cloud_formation/template/vpc/subnet/instance/policy.rb', line 16

def initialize(
  policy:,
  instance_guid:,
  kms_key:,
  bucket:,
  name:,
  target:
)
  @policy = policy
  @kms_key = kms_key
  @guid = instance_guid
  @bucket = bucket
  @config_key = S3::Configuration.key(
    name: name,
    target: target
  )
  @policy_id = "#{POLICY_PREFIX}#{@guid}"
  @role_id = "#{Instance::ROLE_PREFIX}#{@guid}"
end

Instance Method Details

#merge(resources:) ⇒ Object

rubocop:disable Metrics/MethodLength



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/formatron/cloud_formation/template/vpc/subnet/instance/policy.rb', line 39

def merge(resources:)
  statements = [{
    actions: %w(kms:Decrypt kms:Encrypt kms:GenerateDataKey*),
    resources: [Template.join(
      'arn:aws:kms:',
      Template.ref('AWS::Region'),
      ':',
      Template.ref('AWS::AccountId'),
      ":key/#{@kms_key}"
    )]
  }, {
    actions: %w(S3:GetObject),
    resources: ["arn:aws:s3:::#{@bucket}/#{@config_key}"]
  }]
  statements.concat(
    @policy.statement.collect do |statement|
      {
        actions: statement.action,
        resources: statement.resource
      }
    end
  ) unless @policy.nil?
  resources[@policy_id] = Resources::IAM.policy(
    role: @role_id,
    name: @policy_id,
    statements: statements
  )
end