jets 0.5.8 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ea1e1a42bbfe0e0008e3ba21c5f35f208783533aad98e84c43e851bcf9ef93d7
-  data.tar.gz: e08138d929d12d24259b712c134fa5beaa321f680ef1eb0d24f4c6661031fd65
+  metadata.gz: b156a3904d427d2d2604ad4026e069c6efe7a724c6c3937c9bd0a8cc28ecdda2
+  data.tar.gz: 4fb811e051ea4cf10dd5032a2b127a0b92b686d3e9818640fe8e10f2cc6b34a4
 SHA512:
-  metadata.gz: 820b153d9dc5851fa71a16dea4907c4ca910f3b3216b6f558a138b82e45220fd571d0b254c81eaba824f860f22befb59b15ec7e84e0f855dd8e8421097a1876d
-  data.tar.gz: '082993a2d007f0f700a43a4464901c059dbcb3ca0e5723520800785b826ef7f6120257f036c0b6d38a85326a13e594046e74254d506182b37ba9fb8c28aaaacb'
+  metadata.gz: c137bfe10a6a4c07af49d524a95374ca26c124b5367054015e709adaa200c748b2187b4275e69495cff5a0cef60c70e52e6abb8be81bd0a524953c96d7043b6a
+  data.tar.gz: e823f819bc813e3e78b99ca76c38aae10ee644178b73ad4728bc5bdea70818bfc544af116020e89c472d2cd5ac99fee79244e69fea2aacb26644a37e3fae9888

data/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [0.6.0]
+- fine grain iam policy abilities: pull request #13 from tongueroo/iam-policy
+- changed quite a few logical ids in the CloudFormation templates
+
 ## [0.5.8]
 - fix config.prewarm defaults
 

data/Gemfile

@@ -4,9 +4,8 @@ source "https://rubygems.org"
 gemspec
 
 # required here for specs
-# TODO: Would like to only required this in the project's Gemfile
-# right now need both because of jets/application.rb and
-# jets/webpacker/middleware_setup.rb
+# TODO: Only require webpacker in Gemfile of project if possible.
+# Need both because of jets/application.rb and jets/webpacker/middleware_setup.rb
 group :development, :test do
   gem "webpacker", git: "https://github.com/tongueroo/webpacker.git", branch: "jets"
   gem "rspec_junit_formatter"

data/jets.gemspec

@@ -31,8 +31,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency "actionpack"
   spec.add_dependency "activerecord"
   spec.add_dependency "railties" # ActiveRecord database_tasks.rb require this
-  # TODO: only load the database adapters that the app uses, so generate this
-  # in the app's Gemfile
   spec.add_dependency "dotenv"
 
   spec.add_dependency "recursive-open-struct"
@@ -45,8 +43,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "text-table"
   spec.add_dependency "rack"
   spec.add_dependency "json"
-  # there are development dependencies because we want to lazy load them
-  # in the app. but we want to have them so we can run specs.
+  # TODO: only load the database adapters that app's Gemfile instead of jets.gemspec
   spec.add_dependency "pg", "=0.21"
 
   spec.add_dependency "gems" # lambdagem dependency

data/lib/jets.rb

@@ -5,7 +5,7 @@ require "active_support/core_ext/string"
 require "active_support/ordered_hash"
 require "colorize"
 require "fileutils"
-require "pp" # TODO: remove pp after debugging
+require "pp" # TODO: Remove pp after debugging
 require "memoist"
 
 module Jets
@@ -15,6 +15,7 @@ module Jets
   autoload :CLI, "jets/cli"
   autoload :Commands, "jets/commands"
 
+  autoload :AwsInfo, "jets/aws_info"
   autoload :AwsServices, "jets/aws_services"
   autoload :Builders, 'jets/builders'
   autoload :Call, "jets/call"
@@ -57,7 +58,7 @@ if File.exist?("#{Jets.root}config/dynamodb.yml")
   require "dynomite"
 end
 
-# https://makandracards.com/makandra/42521-detecting-if-a-ruby-gem-is-loaded
+# Thanks: https://makandracards.com/makandra/42521-detecting-if-a-ruby-gem-is-loaded
 # TODO: move require "pg" into loader class and abstract to support more gems
 if File.exist?("#{Jets.root}config/database.yml")
   require "active_record"

data/lib/jets/application.rb

@@ -82,9 +82,21 @@ class Jets::Application
     # IE: With env_extra: project-dev-1
     #     Without env_extra: project-dev
     config.short_env = ENV_MAP[Jets.env.to_sym] || Jets.env
-    config.project_namespace = [config.project_name, config.short_env, config.env_extra].compact.join('-')
     # table_namespace does not have the env_extra, more common case desired.
     config.table_namespace = [config.project_name, config.short_env].compact.join('-')
+
+    project_namespace = [config.project_name, config.short_env, config.env_extra].compact.join('-')
+    config.project_namespace = project_namespace
+
+    # config.iam_policy = ["logs2:*"]
+    # Must set defaul t iam_policy here instead of `def config` because we need access to
+    # the project_namespace and if we call it from `def config` we get an infinit loop
+    config.iam_policy = [{
+      sid: "Statement1",
+      action: ["logs:*"],
+      effect: "Allow",
+      resource: "arn:aws:logs:#{Jets.aws.region}:#{Jets.aws.account}:log-group:#{project_namespace}-*",
+    }]
   end
 
   # It is pretty easy to attempt to set environment variables without
@@ -124,4 +136,9 @@ class Jets::Application
     require routes_file if File.exist?(routes_file)
   end
 
+  def aws
+    Jets::AwsInfo.new
+  end
+  memoize :aws
+
 end

data/lib/jets/aws_info.rb

@@ -0,0 +1,36 @@
+
+module Jets
+  class AwsInfo
+    extend Memoist
+    include AwsServices
+
+    def region
+      return 'us-east-1' if ENV['TEST']
+
+      region = nil
+
+      # First try to get it from the ~/.aws/config
+      region = `aws configure get region`.strip rescue nil
+      return region if region
+
+      # Second try the metadata endpoint, should be available on AWS Lambda environment
+      # https://stackoverflow.com/questions/4249488/find-region-from-within-an-ec2-instance
+      begin
+        az = `curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`
+        region = az.strip.chop # remove last char
+      rescue
+      end
+      return region if region
+
+      ENV['JETS_AWS_REGION'] || 'us-east-1' # default if all else fails
+    end
+    memoize :region
+
+    # aws sts get-caller-identity
+    def account
+      return '123456789' if ENV['TEST']
+      sts.get_caller_identity.account
+    end
+    memoize :account
+  end
+end

data/lib/jets/aws_services.rb

@@ -1,6 +1,7 @@
 require "aws-sdk-s3"
 require "aws-sdk-cloudformation"
 require "aws-sdk-lambda"
+require "aws-sdk-sts"
 
 module Jets::AwsServices
   def s3
@@ -19,6 +20,10 @@ module Jets::AwsServices
     @lambda ||= Aws::Lambda::Client.new
   end
 
+  def sts
+    @sts ||= Aws::STS::Client.new
+  end
+
   def stack_exists?(stack_name)
     return false if ENV['TEST']
 

data/lib/jets/builders/code_builder.rb

@@ -359,7 +359,6 @@ EOL
         md = spec.source.to_s.match(/@(\w+)\)/)
         git_sha = md[1]
       end
-      puts "git_shas #{git_shas.inspect}"
 
       # IE: /tmp/jets/demo/cache/bundled/gems/ruby/2.5.0/bundler/gems/webpacker-a8c46614c675
       Dir.glob("#{cache_area}/bundled/gems/ruby/2.5.0/bundler/gems/*").each do |path|

data/lib/jets/cfn/template_builders.rb

@@ -2,6 +2,7 @@ require 'active_support/core_ext/hash'
 require 'yaml'
 
 class Jets::Cfn
+  # TODO: Refactor builder classes. They all work slightly differently.
   class TemplateBuilders
     autoload :Interface, "jets/cfn/template_builders/interface"
     autoload :ParentBuilder, "jets/cfn/template_builders/parent_builder"
@@ -15,7 +16,9 @@ class Jets::Cfn
 
     autoload :ApiGatewayBuilder, "jets/cfn/template_builders/api_gateway_builder"
     autoload :ApiGatewayDeploymentBuilder, "jets/cfn/template_builders/api_gateway_deployment_builder"
-    # separate beast:
-    autoload :FunctionProperties, "jets/cfn/template_builders/function_properties"
+
+    # separate beasts:
+    autoload :FunctionProperties, "jets/cfn/template_builders/function_properties" # sort of a builder
+    autoload :IamPolicy, "jets/cfn/template_builders/iam_policy" # resource only
   end
 end

data/lib/jets/cfn/template_builders/api_gateway_builder.rb

@@ -43,9 +43,8 @@ class Jets::Cfn::TemplateBuilders
     # Adds route related Resources and Outputs
     def add_gateway_routes
       # The routes required a Gateway Resource to contain them.
-      # TODO: outputing all routes in 1 template will hit the 60 routes limit
-      # Will have to either output them as a joined string or
-      # break this up to multiple tempaltes.
+      # TODO: Support more routes. Right now outputing all routes in 1 template will hit the 60 routes limit.
+      # Will have to either output them as a joined string or break this up to multiple tempaltes.
       # http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html
       # Outputs: Maximum number of outputs that you can declare in your AWS CloudFormation template. 60 outputs
       # Output name: Maximum size of an output name. 255 characters.

data/lib/jets/cfn/template_builders/base_child_builder.rb

@@ -20,8 +20,10 @@ class Jets::Cfn::TemplateBuilders
     end
 
     def add_functions
+      add_class_iam_policy if @app_klass.class_iam_policy
       @app_klass.tasks.each do |task|
         add_function(task)
+        add_iam_policy(task) if task.iam_policy
       end
     end
 
@@ -34,5 +36,19 @@ class Jets::Cfn::TemplateBuilders
       logical_id = builder.map.logical_id
       add_resource(logical_id, "AWS::Lambda::Function", builder.properties)
     end
+
+    def add_class_iam_policy
+      map = Jets::Cfn::TemplateMappers::IamPolicy::ClassPolicyMapper.new(@app_klass)
+      logical_id = map.logical_id
+      properties = map.properties
+      add_resource(logical_id, "AWS::IAM::Role", properties)
+    end
+
+    def add_iam_policy(task)
+      map = Jets::Cfn::TemplateMappers::IamPolicy::FunctionPolicyMapper.new(task)
+      logical_id = map.logical_id
+      properties = map.properties
+      add_resource(logical_id, "AWS::IAM::Role", properties)
+    end
   end
 end

data/lib/jets/cfn/template_builders/function_properties/base_builder.rb

@@ -79,10 +79,19 @@ module Jets::Cfn::TemplateBuilders::FunctionProperties
     #     class_timeout 22
     #     ...
     #   end
+    #
+    # Also handles iam policy override at the class level. Example:
+    #
+    #   class_iam_policy("logs:*")
+    #
     def class_properties
       # klass is PostsController, HardJob, GameRule, Hello or HelloFunction
       klass = Jets::Klass.from_task(@task)
       class_properties = klass.class_properties
+      if klass.class_iam_policy
+        map = Jets::Cfn::TemplateMappers::IamPolicy::ClassPolicyMapper.new(klass)
+        class_properties[:Role] = "!GetAtt #{map.logical_id}.Arn"
+      end
       Pascalize.pascalize(class_properties.deep_stringify_keys)
     end
 
@@ -93,8 +102,21 @@ module Jets::Cfn::TemplateBuilders::FunctionProperties
     #   def index
     #     ...
     #   end
+    #
+    # Also handles iam policy override at the function level. Example:
+    #
+    #   iam_policy("ec2:*")
+    #   def new
+    #     render json: params.merge(action: "new")
+    #   end
+    #
     def function_properties
-      Pascalize.pascalize(@task.properties.deep_stringify_keys)
+      properties = @task.properties
+      if @task.iam_policy
+        map = Jets::Cfn::TemplateMappers::IamPolicy::FunctionPolicyMapper.new(@task)
+        properties[:Role] = "!GetAtt #{map.logical_id}.Arn"
+      end
+      Pascalize.pascalize(properties.deep_stringify_keys)
     end
 
     def env_file_properties

data/lib/jets/cfn/template_builders/iam_policy.rb

@@ -0,0 +1,6 @@
+module Jets::Cfn::TemplateBuilders::IamPolicy
+  autoload :ApplicationPolicy, "jets/cfn/template_builders/iam_policy/application_policy"
+  autoload :BasePolicy, "jets/cfn/template_builders/iam_policy/base_policy"
+  autoload :ClassPolicy, "jets/cfn/template_builders/iam_policy/class_policy"
+  autoload :FunctionPolicy, "jets/cfn/template_builders/iam_policy/function_policy"
+end

data/lib/jets/cfn/template_builders/iam_policy/application_policy.rb

@@ -0,0 +1,18 @@
+# Implements:
+#   initialize
+#   policy_name
+#
+module Jets::Cfn::TemplateBuilders::IamPolicy
+  class ApplicationPolicy < BasePolicy
+    def initialize
+      setup
+      @definitions = Jets.config.iam_policy || [] # config.iam_policy contains definitions
+    end
+
+    # Example: PostsControllerPolicy or SleepJobPolicy
+    # Note: There is no "method" in the name
+    def policy_name
+      "ApplicationPolicy"
+    end
+  end
+end

data/lib/jets/cfn/template_builders/iam_policy/base_policy.rb

@@ -0,0 +1,57 @@
+# Classes that inherit this Base class should implement:
+#
+#   initialize - should call setup in it
+#   policy_name
+#
+module Jets::Cfn::TemplateBuilders::IamPolicy
+  class BasePolicy
+    extend Memoist
+
+    attr_reader :definitions
+    # Not using initialize because method signature is different
+    def setup
+      # empty starting policy that will be changed
+      @policy = {
+        "Version" => "2012-10-17",
+        "Statement" => []
+      }
+      # https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html
+      @sid = 0 # counter
+    end
+
+    def policy_document
+      definitions.map { |definition| standardize(definition) }
+      # Thanks: https://www.mnishiguchi.com/2017/11/29/rails-hash-camelize-and-underscore-keys/
+      @policy.deep_transform_keys! { |key| key.to_s.camelize }
+    end
+    memoize :policy_document # only process policy_document once
+
+    def standardize(definition)
+      @sid += 1
+      case definition
+      when String
+        @policy["Statement"] << {
+          sid: "Stmt#{@sid}",
+          action: [definition],
+          effect: "Allow",
+          resource: "*",
+        }
+      when Hash
+        definition = definition.stringify_keys
+        if definition.key?("Version") # special case where we replace the policy entirely
+          @policy = definition
+        else
+          @policy["Statement"] << definition
+        end
+      end
+    end
+
+    # Need to underscore and then classify again for this case:
+    #   Jets::PreheatJob_policy => JetsPreheatJobPolicy
+    # Or else you we get this:
+    #   Jets::PreheatJob_policy => JetsPreheatjobPolicy
+    def classify_name(text)
+      text.gsub('::','_').underscore.classify
+    end
+  end
+end

data/lib/jets/cfn/template_builders/iam_policy/class_policy.rb

@@ -0,0 +1,20 @@
+# Implements:
+#   initialize
+#   policy_name
+#
+module Jets::Cfn::TemplateBuilders::IamPolicy
+  class ClassPolicy < BasePolicy
+    def initialize(app_class)
+      setup
+      @app_class = app_class
+      # IE: @app_class: PostsController, HardJob, Hello, HelloFunction
+      @definitions = app_class.class_iam_policy || [] # class_iam_policy contains definitions
+    end
+
+    # Example: PostsControllerPolicy or SleepJobPolicy
+    # Note: There is no "method" in the name
+    def policy_name
+      classify_name("#{@app_class}_policy")
+    end
+  end
+end

data/lib/jets/cfn/template_builders/iam_policy/function_policy.rb

@@ -0,0 +1,21 @@
+# Implements:
+#   initialize
+#   policy_name
+#
+module Jets::Cfn::TemplateBuilders::IamPolicy
+  class FunctionPolicy < BasePolicy
+    def initialize(task)
+      setup
+      @task = task
+      @app_class = task.class_name.to_s
+      # IE: @app_class: PostsController, HardJob, Hello, HelloFunction
+
+      @definitions = task.iam_policy || [] # iam_policy contains definitions
+    end
+
+    # Example: PostsControllerIndexPolicy or SleepJobPerformPolicy
+    def policy_name
+      classify_name("#{@app_class}_#{@task.meth}_policy")
+    end
+  end
+end

data/lib/jets/cfn/template_builders/interface.rb

@@ -43,7 +43,7 @@ class Jets::Cfn::TemplateBuilders
       results.join("\n") + "\n"
     end
 
-    # add_resource handles an options Hash with both only Rroperties
+    # add_resource handles an options Hash with both only Properties
     # and also one with a nested Properties.
 
     # Example:

data/lib/jets/cfn/template_builders/parent_builder.rb

@@ -32,9 +32,11 @@ class Jets::Cfn::TemplateBuilders
       }
       rendered_result = Jets::Erb.result(path, variables)
       minimal_template = YAML.load(rendered_result)
-
-      # minimal_template = YAML.load(IO.read(path))
       @template.deep_merge!(minimal_template)
+
+      # Add application-wide IAM policy from Jets.config.iam_role
+      map = Jets::Cfn::TemplateMappers::IamPolicy::ApplicationPolicyMapper.new
+      add_resource(map.logical_id, "AWS::IAM::Role", map.properties)
     end
 
     def add_child_resources
@@ -48,7 +50,6 @@ class Jets::Cfn::TemplateBuilders
         #
         #   map = Jets::Cfn::TemplateMappers::ControllerMapper.new(path, s3_bucket)
         #   map = Jets::Cfn::TemplateMappers::JobMapper.new(path, s3_bucket)
-        #   map = Jets::Cfn::TemplateMappers::FunctionMapper.new(path, s3_bucket)
         #
         mapper_class_name = File.basename(path, '.yml').split('_').last
         mapper_class_name = mapper_class_name.classify
@@ -68,9 +69,6 @@ class Jets::Cfn::TemplateBuilders
       end
     end
 
-    # Each shared stacks has different logic.
-    # Handle in ugly case statement until we see the common patterns between them.
-    # TODO: clean up the add_shared_stack logical after we figure out the common interface pattern
     def add_api_gateway
       path = "#{Jets.config.project_namespace}-api-gateway.yml"
       map = Jets::Cfn::TemplateMappers::ApiGatewayMapper.new(path, @options[:s3_bucket])

data/lib/jets/cfn/template_builders/templates/minimal-stack.yml

@@ -2,42 +2,6 @@
 Resources:
   S3Bucket:
     Type: AWS::S3::Bucket
-  IamRole:
-    Type: AWS::IAM::Role
-    Properties:
-      AssumeRolePolicyDocument:
-        Version: '2012-10-17'
-        Statement:
-        - Effect: Allow
-          Principal:
-            Service:
-            - lambda.amazonaws.com
-          Action:
-          - sts:AssumeRole
-      Policies:
-      - PolicyName: <%= @policy_name %>
-        PolicyDocument:
-          Version: '2012-10-17'
-          Statement:
-          - Effect: Allow
-            Action:
-            - logs:*
-            Resource: '*'
-            # TODO: Make IAM permissions more fine grain for mimimal stack
-            # - Fn::Sub: arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/quiz-dev-hello:*:*
-            # - Fn::Sub: arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/quiz-dev-quiz:*:*
-            # TODO: Allow hook so user can configure IAM themselves and support managed polices
-          - Effect: Allow
-            Action:
-            - dynamodb:*
-            Resource: "*"
-            # required for PreheatJob which calls the other lambda functions repeatedly
-          - Effect: Allow
-            Action:
-            - lambda:*
-            Resource: "*"
-      Path: "/"
-      RoleName: <%= @role_name %>
 Outputs:
   S3Bucket:
     Value: "!Ref S3Bucket" # not a valid cfn notation, surrounding double quotes is handled by post processing.

data/lib/jets/cfn/template_mappers.rb

@@ -19,5 +19,7 @@ class Jets::Cfn
 
     autoload :EventsRuleMapper, "jets/cfn/template_mappers/events_rule_mapper"
     autoload :ConfigRuleMapper, "jets/cfn/template_mappers/config_rule_mapper"
+
+    autoload :IamPolicy, "jets/cfn/template_mappers/iam_policy"
   end
 end

data/lib/jets/cfn/template_mappers/iam_policy.rb

@@ -0,0 +1,6 @@
+module Jets::Cfn::TemplateMappers::IamPolicy
+  autoload :ApplicationPolicyMapper, "jets/cfn/template_mappers/iam_policy/application_policy_mapper"
+  autoload :BasePolicyMapper, "jets/cfn/template_mappers/iam_policy/base_policy_mapper"
+  autoload :ClassPolicyMapper, "jets/cfn/template_mappers/iam_policy/class_policy_mapper"
+  autoload :FunctionPolicyMapper, "jets/cfn/template_mappers/iam_policy/function_policy_mapper"
+end

data/lib/jets/cfn/template_mappers/iam_policy/application_policy_mapper.rb

@@ -0,0 +1,28 @@
+# Implements:
+#
+#   initialize
+#   iam_policy
+#   logical_id
+#   role_name
+#
+module Jets::Cfn::TemplateMappers::IamPolicy
+  class ApplicationPolicyMapper < BasePolicyMapper
+    def initialize; end # does nothing
+
+    def iam_policy
+      Jets::Cfn::TemplateBuilders::IamPolicy::ApplicationPolicy.new
+    end
+    memoize :iam_policy
+
+    # Example: PostsControllerLambdaFunction
+    # Note there are is no "Show" action in the name
+    def logical_id
+      "IamRole" # very simple logical ideal for the application-wide logical id
+    end
+
+    # There should be namespace in the role_name.
+    def role_name
+      "#{namespace}_application_iam_role".underscore.dasherize
+    end
+  end
+end

data/lib/jets/cfn/template_mappers/iam_policy/base_policy_mapper.rb

@@ -0,0 +1,44 @@
+# Class that inherits this base class should implement:
+#
+#   initialize
+#   iam_policy
+#   logical_id
+#   role_name
+#
+module Jets::Cfn::TemplateMappers::IamPolicy
+  class BasePolicyMapper
+    extend Memoist
+
+    def properties
+      properties = {
+        AssumeRolePolicyDocument: {
+          Version: "2012-10-17",
+          Statement: [{
+            Effect: "Allow",
+            Principal: {Service: ["lambda.amazonaws.com"]},
+            Action: ["sts:AssumeRole"]}
+          ]},
+        Path: "/"
+      }
+      properties[:Policies] = [
+        PolicyName: iam_policy.policy_name,
+        PolicyDocument: iam_policy.policy_document,
+      ]
+      properties[:RoleName] = role_name
+      properties.deep_stringify_keys!
+      properties
+    end
+
+    def namespace
+      Jets.config.project_namespace.underscore
+    end
+
+    # Need to underscore and then classify again for this case:
+    #   Jets::PreheatJob_policy => JetsPreheatJobPolicy
+    # Or else you we get this:
+    #   Jets::PreheatJob_policy => JetsPreheatjobPolicy
+    def classify_name(text)
+      text.gsub('::','_').underscore.classify
+    end
+  end
+end

data/lib/jets/cfn/template_mappers/iam_policy/class_policy_mapper.rb

@@ -0,0 +1,32 @@
+# Implements:
+#
+#   initialize
+#   iam_policy
+#   logical_id
+#   role_name
+#
+module Jets::Cfn::TemplateMappers::IamPolicy
+  class ClassPolicyMapper < BasePolicyMapper
+    def initialize(app_class)
+      @app_class = app_class
+      # IE: @app_class: PostsController, HardJob, Hello, HelloFunction
+    end
+
+    def iam_policy
+      Jets::Cfn::TemplateBuilders::IamPolicy::ClassPolicy.new(@app_class)
+    end
+    memoize :iam_policy
+
+    # Example: PostsControllerLambdaFunction
+    # Note there are is no "Show" action in the name
+    # There should be no namespace in the logical_id.
+    def logical_id
+      classify_name("#{@app_class}_iam_role")
+    end
+
+    # There should be namespace in the role_name.
+    def role_name
+      classify_name("#{namespace}_#{@app_class}_iam_role").underscore.dasherize
+    end
+  end
+end

data/lib/jets/cfn/template_mappers/iam_policy/function_policy_mapper.rb

@@ -0,0 +1,32 @@
+# Implements:
+#
+#   initialize
+#   iam_policy
+#   logical_id
+#   role_name
+#
+module Jets::Cfn::TemplateMappers::IamPolicy
+  class FunctionPolicyMapper < BasePolicyMapper
+    def initialize(task)
+      @task = task
+      @app_class = task.class_name.to_s
+      # IE: @app_class: PostsController, HardJob, Hello, HelloFunction
+    end
+
+    def iam_policy
+      Jets::Cfn::TemplateBuilders::IamPolicy::FunctionPolicy.new(@task)
+    end
+    memoize :iam_policy
+
+    # Example: PostsControllerShowLambdaFunction
+    # There should be no namespace in the logical_id.
+    def logical_id
+      classify_name("#{@app_class}_#{@task.meth}_iam_role")
+    end
+
+    # There should be namespace in the role_name.
+    def role_name
+      classify_name("#{namespace}_#{@app_class}_#{@task.meth}_iam_role").underscore.dasherize
+    end
+  end
+end

data/lib/jets/cfn/template_mappers/lambda_function_mapper.rb

@@ -13,7 +13,9 @@ class Jets::Cfn::TemplateMappers
 
     def environment
       env = Jets.config.environment ? Jets.config.environment.to_h : {}
-      env.deep_merge(JETS_ENV: Jets.env.to_s)
+      jets_env_options = {JETS_ENV: Jets.env.to_s}
+      jets_env_options[:JETS_ENV_EXTRA] = Jets.config.env_extra if Jets.config.env_extra
+      env.deep_merge(jets_env_options)
     end
 
     # Example: PostsControllerIndex or SleepJobPerform

data/lib/jets/commands/build.rb

@@ -41,7 +41,7 @@ module Jets::Commands
 
     def build_all_templates
       clean_templates
-      # TODO: move this build.rb logic to cfn/builder.rb
+      # TODO: Maybe  move this tbuild.rb template related logic to cfn/builder.rb
       ## CloudFormation templates
       puts "Building Lambda functions as CloudFormation templates."
       # 1. Shared templates - child templates needs them
@@ -107,7 +107,7 @@ module Jets::Commands
     # Crucial that the Dir.pwd is in the tmp_app_root because for
     # because Jets.boot set ups autoload_paths and this is how project
     # classes are loaded.
-    # TODO: rework code so this is not the case.
+    # TODO: rework code so that Dir.pwd does not have to be in tmp_app_root for build to work.
     def self.app_files
       paths = []
       expression = "#{Jets.root}app/**/**/*.rb"

data/lib/jets/commands/call.rb

@@ -146,9 +146,9 @@ class Jets::Commands::Call
     puts "Pro tip: The Lambda Console Link to the #{function_name} function has been added to your clipboard." unless @options[:mute]
   end
 
+  # TODO: Hook client_context up and maek sure it works. Think I've figure out how to sign client_context below.
   # Client context must be a valid Base64-encoded JSON object
   # Example: http://docs.aws.amazon.com/mobileanalytics/latest/ug/PutEvents.html
-  # TODO: figure out how to sign client_context
   def client_context
     context = {
       "client" => {

data/lib/jets/core.rb

@@ -23,6 +23,10 @@ module Jets::Core
     application.config
   end
 
+  def aws
+    application.aws
+  end
+
   # Load all application base classes and project classes
   def boot
     Jets::Booter.boot!
@@ -77,7 +81,7 @@ module Jets::Core
   def version
     Jets::VERSION
   end
-  
+
   def eager_load!
     Dir.glob("#{Jets.root}app/**/*.rb").select do |path|
       next if !File.file?(path) or path =~ %r{/javascript/} or path =~ %r{/views/}

data/lib/jets/internal/app/controllers/jets/public_controller.rb

@@ -2,8 +2,7 @@ require "rack/mime"
 
 # Works for utf8 text files.
 # TODO: Add support to public_controller for binary data like images.
-# Tricky because API Gateway is not respecting the Accept header in the
-# same way as browsers.
+# Tricky because API Gateway is not respecting the Accept header the same way as browsers.
 class Jets::PublicController < Jets::Controller::Base
   layout false
   internal true

data/lib/jets/internal/app/jobs/jets/preheat_job.rb

@@ -7,6 +7,20 @@ class Jets::PreheatJob < ApplicationJob
 
   class_timeout 30
   class_memory 1024
+  class_iam_policy(
+    {
+      sid: "Statement1",
+      action: ["logs:*"],
+      effect: "Allow",
+      resource: "arn:aws:logs:#{Jets.aws.region}:#{Jets.aws.account}:log-group:#{Jets.config.project_namespace}-*",
+    },
+    {
+      sid: "Statement2",
+      action: ["lambda:InvokeFunction", "lambda:InvokeAsync"],
+      effect: "Allow",
+      resource: "arn:aws:lambda:#{Jets.aws.region}:#{Jets.aws.account}:function:#{Jets.config.project_namespace}-*",
+    }
+  )
 
   unless Jets::Commands::Build.poly_only?
     torching ? rate(PREWARM_RATE) : disable(true)

data/lib/jets/lambda/dsl.rb

@@ -76,6 +76,24 @@ module Jets::Lambda::Dsl
       end
       alias_method :props, :properties
 
+      # definitions: one more many definitions
+      def class_iam_policy(*definitions)
+        if definitions.empty?
+          @class_iam_policy
+        else
+          @class_iam_policy = definitions.flatten
+        end
+      end
+
+      # definitions: one more many definitions
+      def iam_policy(*definitions)
+        if definitions.empty?
+          @iam_policy
+        else
+          @iam_policy = definitions.flatten
+        end
+      end
+
       # meth is a Symbol
       def method_added(meth)
         return if %w[initialize method_missing].include?(meth.to_s)
@@ -89,7 +107,7 @@ module Jets::Lambda::Dsl
         # We adjust the class name when we build the functions later in
         # FunctionContstructor#adjust_tasks.
         all_tasks[meth] = Jets::Lambda::Task.new(self.name, meth,
-          properties: @properties, lang: lang)
+          properties: @properties, iam_policy: @iam_policy, lang: lang)
 
         # Done storing options, clear out for the next added method.
         clear_properties
@@ -106,6 +124,7 @@ module Jets::Lambda::Dsl
 
       def clear_properties
         @properties = nil
+        @iam_policy = nil
       end
 
       # Returns the all tasks for this class with their method names as keys.

data/lib/jets/lambda/task.rb

@@ -1,12 +1,13 @@
 class Jets::Lambda::Task
   attr_accessor :class_name, :type
-  attr_reader :meth, :properties, :lang
+  attr_reader :meth, :properties, :iam_policy, :lang
   def initialize(class_name, meth, options={})
     @class_name = class_name.to_s # use at EventsRuleMapper#full_task_name
     @meth = meth
     @options = options
     @type = options[:type] || get_type  # controller, job, or function
     @properties = options[:properties] || {}
+    @iam_policy = options[:iam_policy]
     @lang = options[:lang] || :ruby
   end
 

data/lib/jets/version.rb

@@ -1,3 +1,3 @@
 module Jets
-  VERSION = "0.5.8"
+  VERSION = "0.6.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jets
 version: !ruby/object:Gem::Version
-  version: 0.5.8
+  version: 0.6.0
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-08-17 00:00:00.000000000 Z
+date: 2018-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -400,6 +400,7 @@ files:
 - lib/jets.rb
 - lib/jets/application.rb
 - lib/jets/application/middleware.rb
+- lib/jets/aws_info.rb
 - lib/jets/aws_services.rb
 - lib/jets/booter.rb
 - lib/jets/builders.rb
@@ -423,6 +424,11 @@ files:
 - lib/jets/cfn/template_builders/function_properties/node_builder.rb
 - lib/jets/cfn/template_builders/function_properties/python_builder.rb
 - lib/jets/cfn/template_builders/function_properties/ruby_builder.rb
+- lib/jets/cfn/template_builders/iam_policy.rb
+- lib/jets/cfn/template_builders/iam_policy/application_policy.rb
+- lib/jets/cfn/template_builders/iam_policy/base_policy.rb
+- lib/jets/cfn/template_builders/iam_policy/class_policy.rb
+- lib/jets/cfn/template_builders/iam_policy/function_policy.rb
 - lib/jets/cfn/template_builders/interface.rb
 - lib/jets/cfn/template_builders/job_builder.rb
 - lib/jets/cfn/template_builders/parent_builder.rb
@@ -438,6 +444,11 @@ files:
 - lib/jets/cfn/template_mappers/function_mapper.rb
 - lib/jets/cfn/template_mappers/gateway_method_mapper.rb
 - lib/jets/cfn/template_mappers/gateway_resource_mapper.rb
+- lib/jets/cfn/template_mappers/iam_policy.rb
+- lib/jets/cfn/template_mappers/iam_policy/application_policy_mapper.rb
+- lib/jets/cfn/template_mappers/iam_policy/base_policy_mapper.rb
+- lib/jets/cfn/template_mappers/iam_policy/class_policy_mapper.rb
+- lib/jets/cfn/template_mappers/iam_policy/function_policy_mapper.rb
 - lib/jets/cfn/template_mappers/job_mapper.rb
 - lib/jets/cfn/template_mappers/lambda_function_mapper.rb
 - lib/jets/cfn/template_mappers/rule_mapper.rb