class Formatron::CloudFormation::Template::VPC::Subnet::Instance::Policy

generates CloudFormation policy resource

Constants

POLICY_PREFIX

Public Class Methods

new( policy:, instance_guid:, kms_key:, bucket:, name:, target: ) click to toggle source

rubocop:disable Metrics/MethodLength rubocop:disable Metrics/ParameterLists

# File lib/formatron/cloud_formation/template/vpc/subnet/instance/policy.rb, line 16
def initialize(
  policy:,
  instance_guid:,
  kms_key:,
  bucket:,
  name:,
  target:
)
  @policy = policy
  @kms_key = kms_key
  @guid = instance_guid
  @bucket = bucket
  @config_key = S3::Configuration.key(
    name: name,
    target: target
  )
  @policy_id = "#{POLICY_PREFIX}#{@guid}"
  @role_id = "#{Instance::ROLE_PREFIX}#{@guid}"
end

Public Instance Methods

merge(resources:) click to toggle source

rubocop:disable Metrics/MethodLength

# File lib/formatron/cloud_formation/template/vpc/subnet/instance/policy.rb, line 39
def merge(resources:)
  statements = [{
    actions: %w(kms:Decrypt kms:Encrypt kms:GenerateDataKey*),
    resources: [Template.join(
      'arn:aws:kms:',
      Template.ref('AWS::Region'),
      ':',
      Template.ref('AWS::AccountId'),
      ":key/#{@kms_key}"
    )]
  }, {
    actions: %w(S3:GetObject),
    resources: ["arn:aws:s3:::#{@bucket}/#{@config_key}"]
  }]
  statements.concat(
    @policy.statement.collect do |statement|
      {
        actions: statement.action,
        resources: statement.resource
      }
    end
  ) unless @policy.nil?
  resources[@policy_id] = Resources::IAM.policy(
    role: @role_id,
    name: @policy_id,
    statements: statements
  )
end