Sha256: 83fe7edf2a00e7745ddba403d17a9c7abfa59d5533d8ef1686a52e704fc1b85c

Contents?: true

Size: 1.94 KB

Versions: 10

Compression:

Stored size: 1.94 KB

Contents

require "yaml"

module Cody
  class Role
    include Cody::Dsl::Role
    include Evaluate
    include Variables

    def initialize(options={})
      @options = options
      @role_path = options[:role_path] || get_role_path
      @properties = default_properties
      @iam_policy = {}
    end

    def run
      load_variables
      evaluate(@role_path) if File.exist?(@role_path)
      @properties[:policies] = [{
        policy_name: "CodeBuildAccess",
        policy_document: {
          version: "2012-10-17",
          statement: derived_iam_statements
        }
      }]

      if @managed_policy_arns && !@managed_policy_arns.empty?
        @properties[:managed_policy_arns] = @managed_policy_arns
      else
        @properties[:managed_policy_arns] = default_managed_policy_arns
      end

      resource = {
        IamRole: {
          type: "AWS::IAM::Role",
          properties: @properties
        }
      }
      CfnCamelizer.transform(resource)
    end

  private
    def get_role_path
      lookup_cody_file("role.rb")
    end

    def default_properties
      {
        assume_role_policy_document: {
          statement: [{
            action: ["sts:AssumeRole"],
            effect: "Allow",
            principal: {
              service: ["codebuild.amazonaws.com"]
            }
          }],
          version: "2012-10-17"
        },
        path: "/"
      }
    end

    def derived_iam_statements
      @iam_statements || default_iam_statements
    end

    def default_iam_statements
      [{
        action: [
          "logs:CreateLogGroup",
          "logs:CreateLogStream",
          "logs:PutLogEvents",
          "ssm:DescribeDocumentParameters",
          "ssm:DescribeParameters",
          "ssm:GetParameter*",
        ],
        effect: "Allow",
        resource: "*"
      }]
    end

    def default_managed_policy_arns
      # Useful when using with CodePipeline
      ["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
    end
  end
end

Version data entries

10 entries across 10 versions & 1 rubygems

Version Path
cody-0.8.6 lib/cody/role.rb
cody-0.8.5 lib/cody/role.rb
cody-0.8.4 lib/cody/role.rb
cody-0.8.3 lib/cody/role.rb
cody-0.8.2 lib/cody/role.rb
cody-0.8.1 lib/cody/role.rb
cody-0.8.0 lib/cody/role.rb
cody-0.7.3 lib/cody/role.rb
cody-0.7.2 lib/cody/role.rb
cody-0.7.1 lib/cody/role.rb