class Yle::AWS::Role
Constants
- AccountAlias
- Config
rubocop:disable Metrics/BlockLength
- DEFAULT_DURATION
Default duration in seconds when assuming a role
- VERSION
Attributes
account[R]
credentials[R]
role_name[R]
Public Class Methods
accounts()
click to toggle source
# File lib/yle/aws/role.rb, line 32 def self.accounts @accounts ||= Accounts.new(config['accounts']) end
assume_role(account_name, role_name = nil, duration = nil) { |role| ... }
click to toggle source
# File lib/yle/aws/role.rb, line 17 def self.assume_role(account_name, role_name = nil, duration = nil) account_alias = accounts.find(account_name) if !account_alias raise Errors::AccountNotFoundError, "No account found for '#{account_name}'" end role = Role.new(account_alias, role_name, duration) role.with_env { yield role } if block_given? role end
config()
click to toggle source
# File lib/yle/aws/role.rb, line 28 def self.config @config ||= Config.load end
default_duration()
click to toggle source
# File lib/yle/aws/role.rb, line 40 def self.default_duration config['defaults']['duration'] || DEFAULT_DURATION end
default_role_name()
click to toggle source
# File lib/yle/aws/role.rb, line 36 def self.default_role_name config['defaults']['role'] end
new(account_alias, role_name = nil, duration = nil)
click to toggle source
# File lib/yle/aws/role.rb, line 46 def initialize(account_alias, role_name = nil, duration = nil) @account = account_alias @role_name = role_name || Role.default_role_name duration ||= Role.default_duration raise Errors::AssumeRoleError, 'Role name not specified' if !@role_name @credentials = Aws::AssumeRoleCredentials.new( role_arn: role_arn, role_session_name: session_name, duration_seconds: duration ).credentials rescue Aws::STS::Errors::ServiceError, Aws::Errors::MissingCredentialsError => e raise Errors::AssumeRoleError, "Failed to assume role #{role_arn}: #{e}" end
Public Instance Methods
current_user()
click to toggle source
# File lib/yle/aws/role.rb, line 114 def current_user ENV['USER'] || ENV['USERNAME'] || 'unknown' end
env_vars()
click to toggle source
# File lib/yle/aws/role.rb, line 78 def env_vars { 'AWS_ACCESS_KEY_ID' => credentials.access_key_id, 'AWS_SECRET_ACCESS_KEY' => credentials.secret_access_key, 'AWS_SESSION_TOKEN' => credentials.session_token, 'ASU_CURRENT_PROFILE' => name } end
export_env_vars(vars)
click to toggle source
# File lib/yle/aws/role.rb, line 87 def export_env_vars(vars) old_env = {} vars.each do |key, value| old_env[key] = ENV[key] ENV[key] = value end old_env end
name()
click to toggle source
# File lib/yle/aws/role.rb, line 102 def name "#{account.name}:#{role_name}" end
print_env_vars()
click to toggle source
# File lib/yle/aws/role.rb, line 96 def print_env_vars env_vars.each do |key, value| puts "export #{key}=#{Shellwords.escape(value)}" end end
role_arn()
click to toggle source
# File lib/yle/aws/role.rb, line 106 def role_arn "arn:aws:iam::#{account.id}:role/#{role_name}" end
session_name()
click to toggle source
# File lib/yle/aws/role.rb, line 110 def session_name "#{current_user}-#{Time.now.to_i}" end
with_env() { || ... }
click to toggle source
# File lib/yle/aws/role.rb, line 63 def with_env old_env = export_env_vars(env_vars) old_credentials = Aws.config[:credentials] Aws.config.update(credentials: credentials) yield if old_credentials Aws.config.update(credentials: old_credentials) else Aws.config.delete(:credentials) end export_env_vars(old_env) end