jets 0.6.9 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +1 -1
- data/lib/jets/cfn/template_builders.rb +1 -0
- data/lib/jets/cfn/template_builders/base_child_builder.rb +7 -3
- data/lib/jets/cfn/template_builders/function_properties/base_builder.rb +2 -2
- data/lib/jets/cfn/template_builders/iam_policy/application_policy.rb +2 -1
- data/lib/jets/cfn/template_builders/managed_iam_policy.rb +6 -0
- data/lib/jets/cfn/template_builders/managed_iam_policy/application_policy.rb +11 -0
- data/lib/jets/cfn/template_builders/managed_iam_policy/base_policy.rb +22 -0
- data/lib/jets/cfn/template_builders/managed_iam_policy/class_policy.rb +10 -0
- data/lib/jets/cfn/template_builders/managed_iam_policy/function_policy.rb +10 -0
- data/lib/jets/cfn/template_mappers/iam_policy/application_policy_mapper.rb +9 -0
- data/lib/jets/cfn/template_mappers/iam_policy/base_policy_mapper.rb +6 -1
- data/lib/jets/cfn/template_mappers/iam_policy/class_policy_mapper.rb +10 -0
- data/lib/jets/cfn/template_mappers/iam_policy/function_policy_mapper.rb +10 -0
- data/lib/jets/lambda/dsl.rb +32 -6
- data/lib/jets/lambda/task.rb +6 -1
- data/lib/jets/version.rb +1 -1
- metadata +7 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9aa29acf2df1aa6895322b3ca3b552ec19588dfbf30572c1c48669c49476fa5b
|
|
4
|
+
data.tar.gz: f8447813c033772d32e7799f6163cebfb5db60d2e44b7538a500e90c4750db6f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 55c640eb1ce2bce89e4e8d22756491c0bef3d29a692ffa67ece43f8a9be202e0f79853347b02fba4e29272c98bbdda08f048cdffd0bfd4ce8ba6aa2898850ba3
|
|
7
|
+
data.tar.gz: ccd75d822e8289486b14839499c6bf69e907fcd7b8a22a138f25189bb31ae5d78db3adcf2763c31cb0acb6ece0a7892ed5d27a3353af10ec7d36533fc52f2463
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,10 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
|
5
5
|
|
|
6
|
+
## [0.7.0]
|
|
7
|
+
- add managed_iam_policy concept, pull request #19
|
|
8
|
+
- bump to 0.7.0, enough changes since 0.6.x
|
|
9
|
+
|
|
6
10
|
## [0.6.9]
|
|
7
11
|
- add aws managed rule support, pull request #18
|
|
8
12
|
|
data/Gemfile.lock
CHANGED
|
@@ -20,5 +20,6 @@ class Jets::Cfn
|
|
|
20
20
|
# separate beasts:
|
|
21
21
|
autoload :FunctionProperties, "jets/cfn/template_builders/function_properties" # sort of a builder
|
|
22
22
|
autoload :IamPolicy, "jets/cfn/template_builders/iam_policy" # resource only
|
|
23
|
+
autoload :ManagedIamPolicy, "jets/cfn/template_builders/managed_iam_policy" # resource only
|
|
23
24
|
end
|
|
24
25
|
end
|
|
@@ -20,10 +20,10 @@ class Jets::Cfn::TemplateBuilders
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def add_functions
|
|
23
|
-
add_class_iam_policy
|
|
23
|
+
add_class_iam_policy
|
|
24
24
|
@app_klass.tasks.each do |task|
|
|
25
25
|
add_function(task)
|
|
26
|
-
|
|
26
|
+
add_function_iam_policy(task)
|
|
27
27
|
end
|
|
28
28
|
end
|
|
29
29
|
|
|
@@ -38,13 +38,17 @@ class Jets::Cfn::TemplateBuilders
|
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
def add_class_iam_policy
|
|
41
|
+
return unless @app_klass.build_class_iam?
|
|
42
|
+
|
|
41
43
|
map = Jets::Cfn::TemplateMappers::IamPolicy::ClassPolicyMapper.new(@app_klass)
|
|
42
44
|
logical_id = map.logical_id
|
|
43
45
|
properties = map.properties
|
|
44
46
|
add_resource(logical_id, "AWS::IAM::Role", properties)
|
|
45
47
|
end
|
|
46
48
|
|
|
47
|
-
def
|
|
49
|
+
def add_function_iam_policy(task)
|
|
50
|
+
return unless task.build_function_iam?
|
|
51
|
+
|
|
48
52
|
map = Jets::Cfn::TemplateMappers::IamPolicy::FunctionPolicyMapper.new(task)
|
|
49
53
|
logical_id = map.logical_id
|
|
50
54
|
properties = map.properties
|
|
@@ -88,7 +88,7 @@ module Jets::Cfn::TemplateBuilders::FunctionProperties
|
|
|
88
88
|
# klass is PostsController, HardJob, GameRule, Hello or HelloFunction
|
|
89
89
|
klass = Jets::Klass.from_task(@task)
|
|
90
90
|
class_properties = klass.class_properties
|
|
91
|
-
if klass.
|
|
91
|
+
if klass.build_class_iam?
|
|
92
92
|
map = Jets::Cfn::TemplateMappers::IamPolicy::ClassPolicyMapper.new(klass)
|
|
93
93
|
class_properties[:Role] = "!GetAtt #{map.logical_id}.Arn"
|
|
94
94
|
end
|
|
@@ -112,7 +112,7 @@ module Jets::Cfn::TemplateBuilders::FunctionProperties
|
|
|
112
112
|
#
|
|
113
113
|
def function_properties
|
|
114
114
|
properties = @task.properties
|
|
115
|
-
if @task.
|
|
115
|
+
if @task.build_function_iam?
|
|
116
116
|
map = Jets::Cfn::TemplateMappers::IamPolicy::FunctionPolicyMapper.new(@task)
|
|
117
117
|
properties[:Role] = "!GetAtt #{map.logical_id}.Arn"
|
|
118
118
|
end
|
|
@@ -6,7 +6,8 @@ module Jets::Cfn::TemplateBuilders::IamPolicy
|
|
|
6
6
|
class ApplicationPolicy < BasePolicy
|
|
7
7
|
def initialize
|
|
8
8
|
setup
|
|
9
|
-
@definitions = Jets.config.iam_policy
|
|
9
|
+
@definitions = Jets.config.iam_policy # config.iam_policy contains definitions
|
|
10
|
+
@definitions = [@definitions].flatten if @definitions
|
|
10
11
|
end
|
|
11
12
|
|
|
12
13
|
# Example: PostsControllerPolicy or SleepJobPolicy
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
module Jets::Cfn::TemplateBuilders::ManagedIamPolicy
|
|
2
|
+
autoload :ApplicationPolicy, "jets/cfn/template_builders/managed_iam_policy/application_policy"
|
|
3
|
+
autoload :BasePolicy, "jets/cfn/template_builders/managed_iam_policy/base_policy"
|
|
4
|
+
autoload :ClassPolicy, "jets/cfn/template_builders/managed_iam_policy/class_policy"
|
|
5
|
+
autoload :FunctionPolicy, "jets/cfn/template_builders/managed_iam_policy/function_policy"
|
|
6
|
+
end
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Implements:
|
|
2
|
+
# initialize
|
|
3
|
+
#
|
|
4
|
+
module Jets::Cfn::TemplateBuilders::ManagedIamPolicy
|
|
5
|
+
class ApplicationPolicy < BasePolicy
|
|
6
|
+
def initialize
|
|
7
|
+
@definitions = Jets.config.managed_iam_policy # config.managed_iam_policy contains definitions
|
|
8
|
+
@definitions = [@definitions].flatten if @definitions
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# Classes that inherit this Base class should implement:
|
|
2
|
+
#
|
|
3
|
+
# initialize - each initializer has a different signature
|
|
4
|
+
#
|
|
5
|
+
module Jets::Cfn::TemplateBuilders::ManagedIamPolicy
|
|
6
|
+
class BasePolicy
|
|
7
|
+
extend Memoist
|
|
8
|
+
attr_reader :definitions
|
|
9
|
+
|
|
10
|
+
def arns
|
|
11
|
+
definitions.map { |definition| standardize(definition) }
|
|
12
|
+
end
|
|
13
|
+
memoize :arns # only process arns once
|
|
14
|
+
|
|
15
|
+
# AmazonEC2ReadOnlyAccess => arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
|
|
16
|
+
def standardize(definition)
|
|
17
|
+
return definition if definition.include?('iam::aws:policy')
|
|
18
|
+
|
|
19
|
+
"arn:aws:iam::aws:policy/#{definition}"
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# initialize
|
|
4
4
|
# iam_policy
|
|
5
|
+
# managed_iam_policy
|
|
5
6
|
# logical_id
|
|
6
7
|
# role_name
|
|
7
8
|
#
|
|
@@ -9,11 +10,19 @@ module Jets::Cfn::TemplateMappers::IamPolicy
|
|
|
9
10
|
class ApplicationPolicyMapper < BasePolicyMapper
|
|
10
11
|
def initialize; end # does nothing
|
|
11
12
|
|
|
13
|
+
# Assume we always have at least some baseline iam policy permissions.
|
|
12
14
|
def iam_policy
|
|
13
15
|
Jets::Cfn::TemplateBuilders::IamPolicy::ApplicationPolicy.new
|
|
14
16
|
end
|
|
15
17
|
memoize :iam_policy
|
|
16
18
|
|
|
19
|
+
def managed_iam_policy
|
|
20
|
+
return unless Jets.config.managed_iam_policy
|
|
21
|
+
|
|
22
|
+
Jets::Cfn::TemplateBuilders::ManagedIamPolicy::ApplicationPolicy.new
|
|
23
|
+
end
|
|
24
|
+
memoize :managed_iam_policy
|
|
25
|
+
|
|
17
26
|
# Example: PostsControllerLambdaFunction
|
|
18
27
|
# Note there are is no "Show" action in the name
|
|
19
28
|
def logical_id
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# initialize
|
|
4
4
|
# iam_policy
|
|
5
|
+
# managed_iam_policy
|
|
5
6
|
# logical_id
|
|
6
7
|
# role_name
|
|
7
8
|
#
|
|
@@ -20,10 +21,14 @@ module Jets::Cfn::TemplateMappers::IamPolicy
|
|
|
20
21
|
]},
|
|
21
22
|
Path: "/"
|
|
22
23
|
}
|
|
24
|
+
|
|
23
25
|
properties[:Policies] = [
|
|
24
26
|
PolicyName: iam_policy.policy_name,
|
|
25
27
|
PolicyDocument: iam_policy.policy_document,
|
|
26
|
-
]
|
|
28
|
+
] if iam_policy
|
|
29
|
+
|
|
30
|
+
properties[:ManagedPolicyArns] = managed_iam_policy.arns if managed_iam_policy
|
|
31
|
+
|
|
27
32
|
properties[:RoleName] = role_name
|
|
28
33
|
properties.deep_stringify_keys!
|
|
29
34
|
properties
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# initialize
|
|
4
4
|
# iam_policy
|
|
5
|
+
# managed_iam_policy
|
|
5
6
|
# logical_id
|
|
6
7
|
# role_name
|
|
7
8
|
#
|
|
@@ -13,10 +14,19 @@ module Jets::Cfn::TemplateMappers::IamPolicy
|
|
|
13
14
|
end
|
|
14
15
|
|
|
15
16
|
def iam_policy
|
|
17
|
+
return unless @app_class.class_iam_policy
|
|
18
|
+
|
|
16
19
|
Jets::Cfn::TemplateBuilders::IamPolicy::ClassPolicy.new(@app_class)
|
|
17
20
|
end
|
|
18
21
|
memoize :iam_policy
|
|
19
22
|
|
|
23
|
+
def managed_iam_policy
|
|
24
|
+
return unless @app_class.class_managed_iam_policy
|
|
25
|
+
|
|
26
|
+
Jets::Cfn::TemplateBuilders::ManagedIamPolicy::ClassPolicy.new(@app_class)
|
|
27
|
+
end
|
|
28
|
+
memoize :managed_iam_policy
|
|
29
|
+
|
|
20
30
|
# Example: PostsControllerLambdaFunction
|
|
21
31
|
# Note there are is no "Show" action in the name
|
|
22
32
|
# There should be no namespace in the logical_id.
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# initialize
|
|
4
4
|
# iam_policy
|
|
5
|
+
# managed_iam_policy
|
|
5
6
|
# logical_id
|
|
6
7
|
# role_name
|
|
7
8
|
#
|
|
@@ -14,10 +15,19 @@ module Jets::Cfn::TemplateMappers::IamPolicy
|
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
def iam_policy
|
|
18
|
+
return unless @task.iam_policy
|
|
19
|
+
|
|
17
20
|
Jets::Cfn::TemplateBuilders::IamPolicy::FunctionPolicy.new(@task)
|
|
18
21
|
end
|
|
19
22
|
memoize :iam_policy
|
|
20
23
|
|
|
24
|
+
def managed_iam_policy
|
|
25
|
+
return unless @task.managed_iam_policy
|
|
26
|
+
|
|
27
|
+
Jets::Cfn::TemplateBuilders::ManagedIamPolicy::FunctionPolicy.new(@task)
|
|
28
|
+
end
|
|
29
|
+
memoize :managed_iam_policy
|
|
30
|
+
|
|
21
31
|
# Example: PostsControllerShowLambdaFunction
|
|
22
32
|
# There should be no namespace in the logical_id.
|
|
23
33
|
def logical_id
|
data/lib/jets/lambda/dsl.rb
CHANGED
|
@@ -80,7 +80,16 @@ module Jets::Lambda::Dsl
|
|
|
80
80
|
end
|
|
81
81
|
alias_method :props, :properties
|
|
82
82
|
|
|
83
|
-
# definitions: one more
|
|
83
|
+
# definitions: one or more definitions
|
|
84
|
+
def iam_policy(*definitions)
|
|
85
|
+
if definitions.empty?
|
|
86
|
+
@iam_policy
|
|
87
|
+
else
|
|
88
|
+
@iam_policy = definitions.flatten
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
# definitions: one or more definitions
|
|
84
93
|
def class_iam_policy(*definitions)
|
|
85
94
|
if definitions.empty?
|
|
86
95
|
@class_iam_policy
|
|
@@ -89,15 +98,28 @@ module Jets::Lambda::Dsl
|
|
|
89
98
|
end
|
|
90
99
|
end
|
|
91
100
|
|
|
92
|
-
# definitions: one more
|
|
93
|
-
def
|
|
101
|
+
# definitions: one or more definitions
|
|
102
|
+
def managed_iam_policy(*definitions)
|
|
94
103
|
if definitions.empty?
|
|
95
|
-
@
|
|
104
|
+
@managed_iam_policy
|
|
96
105
|
else
|
|
97
|
-
@
|
|
106
|
+
@managed_iam_policy = definitions.flatten
|
|
98
107
|
end
|
|
99
108
|
end
|
|
100
109
|
|
|
110
|
+
# definitions: one or more definitions
|
|
111
|
+
def class_managed_iam_policy(*definitions)
|
|
112
|
+
if definitions.empty?
|
|
113
|
+
@class_managed_iam_policy
|
|
114
|
+
else
|
|
115
|
+
@class_managed_iam_policy = definitions.flatten
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
def build_class_iam?
|
|
120
|
+
!!(class_iam_policy || class_managed_iam_policy)
|
|
121
|
+
end
|
|
122
|
+
|
|
101
123
|
# meth is a Symbol
|
|
102
124
|
def method_added(meth)
|
|
103
125
|
return if %w[initialize method_missing].include?(meth.to_s)
|
|
@@ -111,7 +133,10 @@ module Jets::Lambda::Dsl
|
|
|
111
133
|
# We adjust the class name when we build the functions later in
|
|
112
134
|
# FunctionContstructor#adjust_tasks.
|
|
113
135
|
all_tasks[meth] = Jets::Lambda::Task.new(self.name, meth,
|
|
114
|
-
properties: @properties,
|
|
136
|
+
properties: @properties,
|
|
137
|
+
iam_policy: @iam_policy,
|
|
138
|
+
managed_iam_policy: @managed_iam_policy,
|
|
139
|
+
lang: lang)
|
|
115
140
|
|
|
116
141
|
# Done storing options, clear out for the next added method.
|
|
117
142
|
clear_properties
|
|
@@ -129,6 +154,7 @@ module Jets::Lambda::Dsl
|
|
|
129
154
|
def clear_properties
|
|
130
155
|
@properties = nil
|
|
131
156
|
@iam_policy = nil
|
|
157
|
+
@managed_iam_policy = nil
|
|
132
158
|
end
|
|
133
159
|
|
|
134
160
|
# Returns the all tasks for this class with their method names as keys.
|
data/lib/jets/lambda/task.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class Jets::Lambda::Task
|
|
2
2
|
attr_accessor :class_name, :type
|
|
3
|
-
attr_reader :meth, :properties, :iam_policy, :lang
|
|
3
|
+
attr_reader :meth, :properties, :iam_policy, :managed_iam_policy, :lang
|
|
4
4
|
def initialize(class_name, meth, options={})
|
|
5
5
|
@class_name = class_name.to_s # use at EventsRuleMapper#full_task_name
|
|
6
6
|
@meth = meth
|
|
@@ -8,9 +8,14 @@ class Jets::Lambda::Task
|
|
|
8
8
|
@type = options[:type] || get_type # controller, job, or function
|
|
9
9
|
@properties = options[:properties] || {}
|
|
10
10
|
@iam_policy = options[:iam_policy]
|
|
11
|
+
@managed_iam_policy = options[:managed_iam_policy]
|
|
11
12
|
@lang = options[:lang] || :ruby
|
|
12
13
|
end
|
|
13
14
|
|
|
15
|
+
def build_function_iam?
|
|
16
|
+
!!(@iam_policy || @managed_iam_policy)
|
|
17
|
+
end
|
|
18
|
+
|
|
14
19
|
def name
|
|
15
20
|
@meth
|
|
16
21
|
end
|
data/lib/jets/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jets
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-08-
|
|
11
|
+
date: 2018-08-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -446,6 +446,11 @@ files:
|
|
|
446
446
|
- lib/jets/cfn/template_builders/iam_policy/function_policy.rb
|
|
447
447
|
- lib/jets/cfn/template_builders/interface.rb
|
|
448
448
|
- lib/jets/cfn/template_builders/job_builder.rb
|
|
449
|
+
- lib/jets/cfn/template_builders/managed_iam_policy.rb
|
|
450
|
+
- lib/jets/cfn/template_builders/managed_iam_policy/application_policy.rb
|
|
451
|
+
- lib/jets/cfn/template_builders/managed_iam_policy/base_policy.rb
|
|
452
|
+
- lib/jets/cfn/template_builders/managed_iam_policy/class_policy.rb
|
|
453
|
+
- lib/jets/cfn/template_builders/managed_iam_policy/function_policy.rb
|
|
449
454
|
- lib/jets/cfn/template_builders/parent_builder.rb
|
|
450
455
|
- lib/jets/cfn/template_builders/rule_builder.rb
|
|
451
456
|
- lib/jets/cfn/template_builders/templates/minimal-stack.yml
|