class Yle::AWS::Role

Constants

AccountAlias
Config

rubocop:disable Metrics/BlockLength

DEFAULT_DURATION

Default duration in seconds when assuming a role

VERSION

Attributes

account[R]
credentials[R]
role_name[R]

Public Class Methods

accounts() click to toggle source
# File lib/yle/aws/role.rb, line 32
def self.accounts
  @accounts ||= Accounts.new(config['accounts'])
end
assume_role(account_name, role_name = nil, duration = nil) { |role| ... } click to toggle source
# File lib/yle/aws/role.rb, line 17
def self.assume_role(account_name, role_name = nil, duration = nil)
  account_alias = accounts.find(account_name)
  if !account_alias
    raise Errors::AccountNotFoundError, "No account found for '#{account_name}'"
  end

  role = Role.new(account_alias, role_name, duration)
  role.with_env { yield role } if block_given?
  role
end
config() click to toggle source
# File lib/yle/aws/role.rb, line 28
def self.config
  @config ||= Config.load
end
default_duration() click to toggle source
# File lib/yle/aws/role.rb, line 40
def self.default_duration
  config['defaults']['duration'] || DEFAULT_DURATION
end
default_role_name() click to toggle source
# File lib/yle/aws/role.rb, line 36
def self.default_role_name
  config['defaults']['role']
end
new(account_alias, role_name = nil, duration = nil) click to toggle source
# File lib/yle/aws/role.rb, line 46
def initialize(account_alias, role_name = nil, duration = nil)
  @account = account_alias
  @role_name = role_name || Role.default_role_name
  duration ||= Role.default_duration

  raise Errors::AssumeRoleError, 'Role name not specified' if !@role_name

  @credentials = Aws::AssumeRoleCredentials.new(
    role_arn:          role_arn,
    role_session_name: session_name,
    duration_seconds:  duration
  ).credentials
rescue Aws::STS::Errors::ServiceError,
       Aws::Errors::MissingCredentialsError => e
  raise Errors::AssumeRoleError, "Failed to assume role #{role_arn}: #{e}"
end

Public Instance Methods

current_user() click to toggle source
# File lib/yle/aws/role.rb, line 114
def current_user
  ENV['USER'] || ENV['USERNAME'] || 'unknown'
end
env_vars() click to toggle source
# File lib/yle/aws/role.rb, line 78
def env_vars
  {
    'AWS_ACCESS_KEY_ID'     => credentials.access_key_id,
    'AWS_SECRET_ACCESS_KEY' => credentials.secret_access_key,
    'AWS_SESSION_TOKEN'     => credentials.session_token,
    'ASU_CURRENT_PROFILE'   => name
  }
end
export_env_vars(vars) click to toggle source
# File lib/yle/aws/role.rb, line 87
def export_env_vars(vars)
  old_env = {}
  vars.each do |key, value|
    old_env[key] = ENV[key]
    ENV[key] = value
  end
  old_env
end
name() click to toggle source
# File lib/yle/aws/role.rb, line 102
def name
  "#{account.name}:#{role_name}"
end
print_env_vars() click to toggle source
role_arn() click to toggle source
# File lib/yle/aws/role.rb, line 106
def role_arn
  "arn:aws:iam::#{account.id}:role/#{role_name}"
end
session_name() click to toggle source
# File lib/yle/aws/role.rb, line 110
def session_name
  "#{current_user}-#{Time.now.to_i}"
end
with_env() { || ... } click to toggle source
# File lib/yle/aws/role.rb, line 63
def with_env
  old_env = export_env_vars(env_vars)
  old_credentials = Aws.config[:credentials]
  Aws.config.update(credentials: credentials)

  yield

  if old_credentials
    Aws.config.update(credentials: old_credentials)
  else
    Aws.config.delete(:credentials)
  end
  export_env_vars(old_env)
end