# frozen_string_literal: true
# WARNING ABOUT GENERATED CODE
#
# This file is generated. See the contributing guide for more information:
# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
#
# WARNING ABOUT GENERATED CODE
module Aws::IAM
class Role
extend Aws::Deprecations
# @overload def initialize(name, options = {})
# @param [String] name
# @option options [Client] :client
# @overload def initialize(options = {})
# @option options [required, String] :name
# @option options [Client] :client
def initialize(*args)
options = Hash === args.last ? args.pop.dup : {}
@name = extract_name(args, options)
@data = options.delete(:data)
@client = options.delete(:client) || Client.new(options)
@waiter_block_warned = false
end
# @!group Read-Only Attributes
# @return [String]
def name
@name
end
alias :role_name :name
# The path to the role. For more information about paths, see [IAM
# identifiers][1] in the *IAM User Guide*.
#
#
#
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
# @return [String]
def path
data[:path]
end
# The stable and unique string identifying the role. For more
# information about IDs, see [IAM identifiers][1] in the *IAM User
# Guide*.
#
#
#
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
# @return [String]
def role_id
data[:role_id]
end
# The Amazon Resource Name (ARN) specifying the role. For more
# information about ARNs and how to use them in policies, see [IAM
# identifiers][1] in the *IAM User Guide* guide.
#
#
#
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
# @return [String]
def arn
data[:arn]
end
# The date and time, in [ISO 8601 date-time format][1], when the role
# was created.
#
#
#
# [1]: http://www.iso.org/iso/iso8601
# @return [Time]
def create_date
data[:create_date]
end
# The policy that grants an entity permission to assume the role.
# @return [String]
def assume_role_policy_document
data[:assume_role_policy_document]
end
# A description of the role that you provide.
# @return [String]
def description
data[:description]
end
# The maximum session duration (in seconds) for the specified role.
# Anyone who uses the AWS CLI, or API to assume the role can specify the
# duration using the optional `DurationSeconds` API parameter or
# `duration-seconds` CLI parameter.
# @return [Integer]
def max_session_duration
data[:max_session_duration]
end
# The ARN of the policy used to set the permissions boundary for the
# role.
#
# For more information about permissions boundaries, see [Permissions
# boundaries for IAM identities ][1] in the *IAM User Guide*.
#
#
#
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
# @return [Types::AttachedPermissionsBoundary]
def permissions_boundary
data[:permissions_boundary]
end
# A list of tags that are attached to the role. For more information
# about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
#
#
#
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
# @return [Array<Types::Tag>]
def tags
data[:tags]
end
# Contains information about the last time that an IAM role was used.
# This includes the date and time and the Region in which the role was
# last used. Activity is only reported for the trailing 400 days. This
# period can be shorter if your Region began supporting these features
# within the last year. The role might have been used more than 400 days
# ago. For more information, see [Regions where data is tracked][1] in
# the *IAM User Guide*.
#
#
#
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
# @return [Types::RoleLastUsed]
def role_last_used
data[:role_last_used]
end
# @!endgroup
# @return [Client]
def client
@client
end
# Loads, or reloads {#data} for the current {Role}.
# Returns `self` making it possible to chain methods.
#
# role.reload.data
#
# @return [self]
def load
resp = @client.get_role(role_name: @name)
@data = resp.role
self
end
alias :reload :load
# @return [Types::Role]
# Returns the data for this {Role}. Calls
# {Client#get_role} if {#data_loaded?} is `false`.
def data
load unless @data
@data
end
# @return [Boolean]
# Returns `true` if this resource is loaded. Accessing attributes or
# {#data} on an unloaded resource will trigger a call to {#load}.
def data_loaded?
!!@data
end
# @deprecated Use [Aws::IAM::Client] #wait_until instead
#
# Waiter polls an API operation until a resource enters a desired
# state.
#
# @note The waiting operation is performed on a copy. The original resource
# remains unchanged.
#
# ## Basic Usage
#
# Waiter will polls until it is successful, it fails by
# entering a terminal state, or until a maximum number of attempts
# are made.
#
# # polls in a loop until condition is true
# resource.wait_until(options) {|resource| condition}
#
# ## Example
#
# instance.wait_until(max_attempts:10, delay:5) do |instance|
# instance.state.name == 'running'
# end
#
# ## Configuration
#
# You can configure the maximum number of polling attempts, and the
# delay (in seconds) between each polling attempt. The waiting condition is
# set by passing a block to {#wait_until}:
#
# # poll for ~25 seconds
# resource.wait_until(max_attempts:5,delay:5) {|resource|...}
#
# ## Callbacks
#
# You can be notified before each polling attempt and before each
# delay. If you throw `:success` or `:failure` from these callbacks,
# it will terminate the waiter.
#
# started_at = Time.now
# # poll for 1 hour, instead of a number of attempts
# proc = Proc.new do |attempts, response|
# throw :failure if Time.now - started_at > 3600
# end
#
# # disable max attempts
# instance.wait_until(before_wait:proc, max_attempts:nil) {...}
#
# ## Handling Errors
#
# When a waiter is successful, it returns the Resource. When a waiter
# fails, it raises an error.
#
# begin
# resource.wait_until(...)
# rescue Aws::Waiters::Errors::WaiterFailed
# # resource did not enter the desired state in time
# end
#
# @yieldparam [Resource] resource to be used in the waiting condition.
#
# @raise [Aws::Waiters::Errors::FailureStateError] Raised when the waiter
# terminates because the waiter has entered a state that it will not
# transition out of, preventing success.
#
# yet successful.
#
# @raise [Aws::Waiters::Errors::UnexpectedError] Raised when an error is
# encountered while polling for a resource that is not expected.
#
# @raise [NotImplementedError] Raised when the resource does not
#
# @option options [Integer] :max_attempts (10) Maximum number of
# attempts
# @option options [Integer] :delay (10) Delay between each
# attempt in seconds
# @option options [Proc] :before_attempt (nil) Callback
# invoked before each attempt
# @option options [Proc] :before_wait (nil) Callback
# invoked before each wait
# @return [Resource] if the waiter was successful
def wait_until(options = {}, &block)
self_copy = self.dup
attempts = 0
options[:max_attempts] = 10 unless options.key?(:max_attempts)
options[:delay] ||= 10
options[:poller] = Proc.new do
attempts += 1
if block.call(self_copy)
[:success, self_copy]
else
self_copy.reload unless attempts == options[:max_attempts]
:retry
end
end
Aws::Waiters::Waiter.new(options).wait({})
end
# @!group Actions
# @example Request syntax with placeholder values
#
# role.attach_policy({
# policy_arn: "arnType", # required
# })
# @param [Hash] options ({})
# @option options [required, String] :policy_arn
# The Amazon Resource Name (ARN) of the IAM policy you want to attach.
#
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
# in the *AWS General Reference*.
#
#
#
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
# @return [EmptyStructure]
def attach_policy(options = {})
options = options.merge(role_name: @name)
resp = @client.attach_role_policy(options)
resp.data
end
# @example Request syntax with placeholder values
#
# role.delete()
# @param [Hash] options ({})
# @return [EmptyStructure]
def delete(options = {})
options = options.merge(role_name: @name)
resp = @client.delete_role(options)
resp.data
end
# @example Request syntax with placeholder values
#
# role.detach_policy({
# policy_arn: "arnType", # required
# })
# @param [Hash] options ({})
# @option options [required, String] :policy_arn
# The Amazon Resource Name (ARN) of the IAM policy you want to detach.
#
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
# in the *AWS General Reference*.
#
#
#
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
# @return [EmptyStructure]
def detach_policy(options = {})
options = options.merge(role_name: @name)
resp = @client.detach_role_policy(options)
resp.data
end
# @!group Associations
# @return [AssumeRolePolicy]
def assume_role_policy
AssumeRolePolicy.new(
role_name: @name,
client: @client
)
end
# @example Request syntax with placeholder values
#
# attached_policies = role.attached_policies({
# path_prefix: "policyPathType",
# })
# @param [Hash] options ({})
# @option options [String] :path_prefix
# The path prefix for filtering the results. This parameter is optional.
# If it is not included, it defaults to a slash (/), listing all
# policies.
#
# This parameter allows (through its [regex pattern][1]) a string of
# characters consisting of either a forward slash (/) by itself or a
# string that must begin and end with forward slashes. In addition, it
# can contain any ASCII character from the ! (`\u0021`) through the DEL
# character (`\u007F`), including most punctuation characters, digits,
# and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
# @return [Policy::Collection]
def attached_policies(options = {})
batches = Enumerator.new do |y|
options = options.merge(role_name: @name)
resp = @client.list_attached_role_policies(options)
resp.each_page do |page|
batch = []
page.data.attached_policies.each do |a|
batch << Policy.new(
arn: a.policy_arn,
client: @client
)
end
y.yield(batch)
end
end
Policy::Collection.new(batches)
end
# @example Request syntax with placeholder values
#
# role.instance_profiles()
# @param [Hash] options ({})
# @return [InstanceProfile::Collection]
def instance_profiles(options = {})
batches = Enumerator.new do |y|
options = options.merge(role_name: @name)
resp = @client.list_instance_profiles_for_role(options)
resp.each_page do |page|
batch = []
page.data.instance_profiles.each do |i|
batch << InstanceProfile.new(
name: i.instance_profile_name,
data: i,
client: @client
)
end
y.yield(batch)
end
end
InstanceProfile::Collection.new(batches)
end
# @example Request syntax with placeholder values
#
# role.policies()
# @param [Hash] options ({})
# @return [RolePolicy::Collection]
def policies(options = {})
batches = Enumerator.new do |y|
options = options.merge(role_name: @name)
resp = @client.list_role_policies(options)
resp.each_page do |page|
batch = []
page.data.policy_names.each do |p|
batch << RolePolicy.new(
role_name: @name,
name: p,
client: @client
)
end
y.yield(batch)
end
end
RolePolicy::Collection.new(batches)
end
# @param [String] name
# @return [RolePolicy]
def policy(name)
RolePolicy.new(
role_name: @name,
name: name,
client: @client
)
end
# @deprecated
# @api private
def identifiers
{ name: @name }
end
deprecated(:identifiers)
private
def extract_name(args, options)
value = args[0] || options.delete(:name)
case value
when String then value
when nil then raise ArgumentError, "missing required option :name"
else
msg = "expected :name to be a String, got #{value.class}"
raise ArgumentError, msg
end
end
class Collection < Aws::Resources::Collection; end
end
end