class Codebuild::Role
Public Class Methods
new(options={})
click to toggle source
# File lib/codebuild/role.rb, line 9 def initialize(options={}) @options = options @role_path = options[:role_path] || get_role_path @properties = default_properties @iam_policy = {} end
Public Instance Methods
run()
click to toggle source
# File lib/codebuild/role.rb, line 16 def run load_variables evaluate(@role_path) if File.exist?(@role_path) @properties[:policies] = [{ policy_name: "CodeBuildAccess", policy_document: { version: "2012-10-17", statement: derived_iam_statements } }] if @managed_policy_arns && !@managed_policy_arns.empty? @properties[:managed_policy_arns] = @managed_policy_arns else @properties[:managed_policy_arns] = default_managed_policy_arns end resource = { IamRole: { type: "AWS::IAM::Role", properties: @properties } } CfnCamelizer.transform(resource) end
Private Instance Methods
default_iam_statements()
click to toggle source
# File lib/codebuild/role.rb, line 67 def default_iam_statements [{ action: [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "ssm:DescribeDocumentParameters", "ssm:DescribeParameters", "ssm:GetParameter*", ], effect: "Allow", resource: "*" }] end
default_managed_policy_arns()
click to toggle source
# File lib/codebuild/role.rb, line 82 def default_managed_policy_arns # Useful when using with CodePipeline ["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"] end
default_properties()
click to toggle source
# File lib/codebuild/role.rb, line 47 def default_properties { assume_role_policy_document: { statement: [{ action: ["sts:AssumeRole"], effect: "Allow", principal: { service: ["codebuild.amazonaws.com"] } }], version: "2012-10-17" }, path: "/" } end
derived_iam_statements()
click to toggle source
# File lib/codebuild/role.rb, line 63 def derived_iam_statements @iam_statements || default_iam_statements end
get_role_path()
click to toggle source
# File lib/codebuild/role.rb, line 43 def get_role_path lookup_codebuild_file("role.rb") end