class Sfn::Callback::StackPolicy

Constants

DEFENSELESS_POLICY

Policy to apply prior to stack deletion

Attributes

policies[R]

@return [Smash] cached policies

Public Class Methods

new(*args) click to toggle source

Overload to init policy cache

@return [self]

Calls superclass method Sfn::Callback::new
# File lib/sfn/callback/stack_policy.rb, line 23
def initialize(*args)
  super
  @policies = Smash.new
end

Public Instance Methods

after_create(args)
Alias for: submit_policy
after_update(args)
Alias for: submit_policy
before_update(args) click to toggle source

Disable all existing policies prior to update

@param args [Hash]

# File lib/sfn/callback/stack_policy.rb, line 48
def before_update(args)
  if config.get(:stack_policy, :update).to_s == "defenseless"
    ui.warn "Disabling all stack policies for update."
    stack = args[:api_stack]
    ([stack] + stack.nested_stacks).compact.each do |p_stack|
      @policies[p_stack.name] = DEFENSELESS_POLICY
      run_action "Disabling stack policy for #{ui.color(p_stack.name, :yellow)}" do
        save_stack_policy(p_stack)
      end
    end
  end
end
save_stack_policy(p_stack) click to toggle source

Save the cached policy for the given stack

@param p_stack [Miasma::Models::Orchestration::Stack] @return [NilClass]

# File lib/sfn/callback/stack_policy.rb, line 76
def save_stack_policy(p_stack)
  valid_logical_ids = p_stack.resources.reload.all.map(&:logical_id)
  stack_policy = @policies.fetch(p_stack.id,
                                 @policies.fetch(p_stack.data[:logical_id]),
                                 @policies[p_stack.name]).to_smash
  if stack_policy
    stack_policy[:Statement].delete_if do |policy_item|
      policy_match = policy_item[:Resource].to_s.match(
        %r{LogicalResourceId/(?<logical_id>.+)$}
      )
      if policy_match
        !valid_logical_ids.include?(policy_match["logical_id"])
      end
    end
  end
  result = p_stack.api.request(
    :path => "/",
    :method => :post,
    :form => Smash.new(
      "Action" => "SetStackPolicy",
      "StackName" => p_stack.id,
      "StackPolicyBody" => MultiJson.dump(stack_policy),
    ),
  )
end
submit_policy(args) click to toggle source

Submit all cached policies

@param args [Hash]

# File lib/sfn/callback/stack_policy.rb, line 31
def submit_policy(args)
  ui.info "Submitting stack policy documents"
  stack = args[:api_stack]
  ([stack] + stack.nested_stacks).compact.each do |p_stack|
    run_action "Applying stack policy to #{ui.color(p_stack.name, :yellow)}" do
      save_stack_policy(p_stack)
    end
  end
  ui.info "Stack policy documents successfully submitted!"
end
Also aliased as: after_create, after_update
template(info) click to toggle source

Generate stack policy for stack and cache for the after hook to handle

@param info [Hash]

# File lib/sfn/callback/stack_policy.rb, line 65
def template(info)
  if info[:sparkle_stack]
    @policies.set(info.fetch(:stack_name, "unknown"),
                  info[:sparkle_stack].generate_policy)
  end
end