class Sfn::Callback::StackPolicy
Constants
- DEFENSELESS_POLICY
Policy to apply prior to stack deletion
Attributes
policies[R]
@return [Smash] cached policies
Public Class Methods
new(*args)
click to toggle source
Overload to init policy cache
@return [self]
Calls superclass method
Sfn::Callback::new
# File lib/sfn/callback/stack_policy.rb, line 23 def initialize(*args) super @policies = Smash.new end
Public Instance Methods
before_update(args)
click to toggle source
Disable all existing policies prior to update
@param args [Hash]
# File lib/sfn/callback/stack_policy.rb, line 48 def before_update(args) if config.get(:stack_policy, :update).to_s == "defenseless" ui.warn "Disabling all stack policies for update." stack = args[:api_stack] ([stack] + stack.nested_stacks).compact.each do |p_stack| @policies[p_stack.name] = DEFENSELESS_POLICY run_action "Disabling stack policy for #{ui.color(p_stack.name, :yellow)}" do save_stack_policy(p_stack) end end end end
save_stack_policy(p_stack)
click to toggle source
Save the cached policy for the given stack
@param p_stack [Miasma::Models::Orchestration::Stack] @return [NilClass]
# File lib/sfn/callback/stack_policy.rb, line 76 def save_stack_policy(p_stack) valid_logical_ids = p_stack.resources.reload.all.map(&:logical_id) stack_policy = @policies.fetch(p_stack.id, @policies.fetch(p_stack.data[:logical_id]), @policies[p_stack.name]).to_smash if stack_policy stack_policy[:Statement].delete_if do |policy_item| policy_match = policy_item[:Resource].to_s.match( %r{LogicalResourceId/(?<logical_id>.+)$} ) if policy_match !valid_logical_ids.include?(policy_match["logical_id"]) end end end result = p_stack.api.request( :path => "/", :method => :post, :form => Smash.new( "Action" => "SetStackPolicy", "StackName" => p_stack.id, "StackPolicyBody" => MultiJson.dump(stack_policy), ), ) end
submit_policy(args)
click to toggle source
Submit all cached policies
@param args [Hash]
# File lib/sfn/callback/stack_policy.rb, line 31 def submit_policy(args) ui.info "Submitting stack policy documents" stack = args[:api_stack] ([stack] + stack.nested_stacks).compact.each do |p_stack| run_action "Applying stack policy to #{ui.color(p_stack.name, :yellow)}" do save_stack_policy(p_stack) end end ui.info "Stack policy documents successfully submitted!" end
Also aliased as: after_create, after_update
template(info)
click to toggle source
Generate stack policy for stack and cache for the after hook to handle
@param info [Hash]
# File lib/sfn/callback/stack_policy.rb, line 65 def template(info) if info[:sparkle_stack] @policies.set(info.fetch(:stack_name, "unknown"), info[:sparkle_stack].generate_policy) end end