modules/mu/clouds/aws/role.rb in cloud-mu-2.0.1 vs modules/mu/clouds/aws/role.rb in cloud-mu-2.0.2
- old
+ new
@@ -35,10 +35,14 @@
# Called automatically by {MU::Deploy#createResources}
def create
if @config['iam_policies']
@config['iam_policies'].each { |policy|
+ policy.values.each { |p|
+ p["Version"] ||= "2012-10-17"
+ }
+
policy_name = @mu_name+"-"+policy.keys.first.upcase
MU.log "Creating IAM policy #{policy_name}"
resp = MU::Cloud::AWS.iam(credentials: @config['credentials']).create_policy(
policy_name: policy_name,
path: "/"+@deploy.deploy_id+"/",
@@ -109,10 +113,13 @@
}
end
if @config['iam_policies']
@config['iam_policies'].each { |policy|
+ policy.values.each { |p|
+ p["Version"] ||= "2012-10-17"
+ }
policy_name = @mu_name+"-"+policy.keys.first.upcase
arn = "arn:"+(MU::Cloud::AWS.isGovCloud? ? "aws-us-gov" : "aws")+":iam::"+MU::Cloud::AWS.credToAcct(@config['credentials'])+":policy/#{@deploy.deploy_id}/#{policy_name}"
resp = begin
desc = MU::Cloud::AWS.iam(credentials: @config['credentials']).get_policy(policy_arn: arn)
@@ -205,10 +212,11 @@
# @param mu_type [String]: A valid Mu resource type
def injectPolicyTargets(policy, targets, mu_type = nil)
if !policy.match(/^#{@deploy.deploy_id}/)
policy = @mu_name+"-"+policy.upcase
end
+
my_policies = cloud_desc["policies"]
my_policies.each { |p|
if p.policy_name == policy
old = MU::Cloud::AWS.iam(credentials: @config['credentials']).get_policy_version(
policy_arn: p.arn,
@@ -222,18 +230,22 @@
sibling = @deploy.findLitterMate(
name: target["identifier"],
type: target["type"]
)
sibling.cloudobj.arn
- else
+ elsif target.is_a?(Hash)
target['identifier']
+ else
+ target
end
- if sibling and !s["Resource"].include?(targetstr)
+
+ if targetstr and !s["Resource"].include?(targetstr)
s["Resource"] << targetstr
need_update = true
end
}
}
+
if need_update
MU.log "Updating IAM policy #{policy} to grant permissions on #{targets.to_s}", details: doc
update_policy(p.arn, doc)
end
end