Class: Jets::Resource::ApiGateway::BasePath::Role

Inherits:
Base
  • Object
show all
Extended by:
Memoist
Includes:
AwsServices
Defined in:
lib/jets/resource/api_gateway/base_path/role.rb

Instance Method Summary collapse

Methods included from AwsServices

#apigateway, #aws_lambda, #cfn, #dynamodb, #logs, #s3, #s3_resource, #sns, #sqs, #sts

Methods included from AwsServices::StackStatus

#lookup, #stack_exists?, #stack_in_progress?

Methods included from AwsServices::GlobalMemoist

included

Methods inherited from Base

#replacements, #resource

Instance Method Details

#definitionObject 



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/jets/resource/api_gateway/base_path/role.rb', line 6

def definition
  {
    base_path_role: {
      type: "AWS::IAM::Role",
      properties: {
        role_name: role_name,
        path: "/",
        assume_role_policy_document: {
          version: "2012-10-17",
          statement: [{
            effect: "Allow",
            principal: {service: ["lambda.amazonaws.com"]},
            action: ["sts:AssumeRole"]}
          ]
        },
        policies: [
          policy_name: "#{role_name}-policy",
          policy_document: policy_document,
        ]
      },
    }
  }
end

#policy_documentObject 



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/jets/resource/api_gateway/base_path/role.rb', line 30

def policy_document
  project_namespace = Jets.config.project_namespace
  default_policy_statements = Jets::Application.default_iam_policy # Array of Hashes
  apigateway = [{
    action: [ "apigateway:*" ],
    effect: "Allow",
    resource: "arn:aws:apigateway:#{Jets.aws.region}::/restapis/*", # scoped to all restapis because this changes
  },{
    action: [ "apigateway:*" ],
    effect: "Allow",
    resource: "arn:aws:apigateway:#{Jets.aws.region}::/domainnames/*", # scoped to all restapis because this changes
  }]
  cloudformation = [{
    action: ["cloudformation:DescribeStacks"],
    effect: "Allow",
    resource: "arn:aws:cloudformation:#{Jets.aws.region}:#{Jets.aws.}:stack/#{project_namespace}*",
  }]

  # Combine the statements
  {
    version: '2012-10-17',
    statement: default_policy_statements + apigateway + cloudformation
  }
end

#rest_api_idObject

Duplicated in rest_api/change_detection.rb, base_path/role.rb, rest_api/routes.rb



56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/jets/resource/api_gateway/base_path/role.rb', line 56

def rest_api_id
  stack_name = Jets::Naming.parent_stack_name
  return "RestApi" unless stack_exists?(stack_name)

  stack = cfn.describe_stacks(stack_name: stack_name).stacks.first

  api_gateway_stack_arn = lookup(stack[:outputs], "ApiGateway")

  # resources = cfn.describe_stack_resources(stack_name: api_gateway_stack_arn).stack_resources
  stack = cfn.describe_stacks(stack_name: api_gateway_stack_arn).stacks.first
  rest_api_id = lookup(stack[:outputs], "RestApi")
end

#role_nameObject 



70
71
72
73
74
 
# File 'lib/jets/resource/api_gateway/base_path/role.rb', line 70

def role_name
  # TODO: dont think we should change the role name every time but have to right now because the deployment logical id changes
  timestamp = Jets::Resource::ApiGateway::Deployment.timestamp
  "#{Jets.config.project_namespace}-base-path-mapping-#{timestamp}"
end