Module: Jets::Resource::Iam::BaseRoleDefinition

Included in:: ApplicationRole, ClassRole, FunctionRole

Defined in:: lib/jets/resource/iam/base_role_definition.rb

Instance Attribute Summary collapse

#managed_policy_definitions ⇒ Object readonly

Returns the value of attribute managed_policy_definitions.
#policy_definitions ⇒ Object readonly

Returns the value of attribute policy_definitions.

Instance Method Summary collapse

Instance Attribute Details

#managed_policy_definitions ⇒ `Object` (readonly)

Returns the value of attribute managed_policy_definitions.



3
4
5

# File 'lib/jets/resource/iam/base_role_definition.rb', line 3

def managed_policy_definitions
  @managed_policy_definitions
end

#policy_definitions ⇒ `Object` (readonly)

Returns the value of attribute policy_definitions.



3
4
5

# File 'lib/jets/resource/iam/base_role_definition.rb', line 3

def policy_definitions
  @policy_definitions
end

Instance Method Details

#definition ⇒ `Object`

# File 'lib/jets/resource/iam/base_role_definition.rb', line 5

def definition
  logical_id = role_logical_id

  # Do not assign pretty role_name because long controller names might hit the 64-char
  # limit. Also, IAM roles are global, so assigning role names prevents cross region deploys.
  definition = {
    logical_id => {
      type: "AWS::IAM::Role",
      properties: {
        path: "/",
        assume_role_policy_document: {
          version: "2012-10-17",
          statement: [{
            effect: "Allow",
            principal: {service: ["lambda.amazonaws.com"]},
            action: ["sts:AssumeRole"]}
          ]
        }
      }
    }
  }

  definition[logical_id][:properties][:policies] = [
    policy_name: "#{policy_name[0..127]}", # required, limited to 128-chars
    policy_document: policy_document,
  ] unless policy_document['Statement'].empty?

  unless managed_policy_arns.empty?
    definition[logical_id][:properties][:managed_policy_arns] = managed_policy_arns
  end

  definition
end

#managed_policy_arns ⇒ `Object`



43
44
45

# File 'lib/jets/resource/iam/base_role_definition.rb', line 43

def managed_policy_arns
  ManagedPolicy.new(@managed_policy_definitions.flatten.uniq).arns
end

#policy_document ⇒ `Object`



39
40
41

# File 'lib/jets/resource/iam/base_role_definition.rb', line 39

def policy_document
  PolicyDocument.new(@policy_definitions.flatten.uniq).policy_document
end

Module: Jets::Resource::Iam::BaseRoleDefinition

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#managed_policy_definitions ⇒ Object (readonly)

#policy_definitions ⇒ Object (readonly)

Instance Method Details

#definition ⇒ Object

#managed_policy_arns ⇒ Object

#policy_document ⇒ Object

#managed_policy_definitions ⇒ `Object` (readonly)

#policy_definitions ⇒ `Object` (readonly)

#definition ⇒ `Object`

#managed_policy_arns ⇒ `Object`

#policy_document ⇒ `Object`