sumomo 0.7.1 → 0.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: af1b2093782a8048484a483a3df1f032ffe2e975
-  data.tar.gz: 554b97c4ed4fc116fc5923937433e0266e8db3d5
+  metadata.gz: eedd627e371d22547e9f4a25f5eb7f913116a391
+  data.tar.gz: 3ed9a3f02775ede22c5072ea0b1f9136e9242489
 SHA512:
-  metadata.gz: ba55671ca59b064cfae0773e09d9093d23bb9fbb30959aeb565b47e790d1af763b3e519ed5ec548eb7f38c3321e4bee39d4d7caa162761cd681334f73a35e676
-  data.tar.gz: 8b95431d9b3e5438c5e5b81675abd319b5bac7d22bde8307ef6a74388ad2400cd523460699cd4e131862f23f1017c78d464d8b39f6dadd014dca8e2530ff2f4e
+  metadata.gz: 8a542867a471555b413c97eda75e6bf42b3d44d4b763f682982150de9b8beccffaee828930df0ada01958f70cf0f47e0e7ff5d31a93298cd9c8037fa684461c1
+  data.tar.gz: f7d7a7e77372122f0a97cef34e99bee744a6159caf8f0f675793819f2c3a74f93f39265483f377996e04708d96dacfe211c05998a44ab51dedc49d1fbb6e8871

data/lib/sumomo.rb

@@ -86,8 +86,6 @@ module Sumomo
 				Tags [{"Key" => "Name", "Value" => "dummyfordeploy#{dummy_number}"}]
 			end
 
-			make_exec_role
-
 			instance_eval(&block)
 
 			hidden_values = @hidden_values

data/lib/sumomo/api.rb

@@ -72,7 +72,7 @@ module Sumomo
       end
     end
 
-    def make_api(domain_name, name:, script:nil, dns:nil, cert:nil, &block)
+    def make_api(domain_name, name:, script:nil, dns:nil, cert:nil, with_statements:[], &block)
 
         api = make "AWS::ApiGateway::RestApi", name: name do
             Name name
@@ -95,7 +95,7 @@ module Sumomo
 
         files += [ {name:"index.js", code:script} ]
 
-        fun = make_lambda(name: "#{name}Lambda#{@version_number}", files:files)
+        fun = make_lambda(name: "#{name}Lambda#{@version_number}", files:files, with_statements:with_statements)
 
         resource = make "AWS::ApiGateway::Resource", name: "#{name}Resource" do
             ParentId api.RootResourceId

data/lib/sumomo/stack.rb

@@ -28,7 +28,7 @@ module Sumomo
 			runtime: "nodejs4.3",
 			memory_size: 128,
 			timeout: 30,
-			role: nil)
+			with_statements: [])
 
 			name ||= make_default_resource_name("Lambda")
 
@@ -47,6 +47,8 @@ module Sumomo
 
 			@store.set_raw(function_key, stringio.string)
 
+			stack = self
+
 			code_location = {"S3Bucket": @bucket_name, "S3Key": function_key}
 			fun = make "AWS::Lambda::Function", name: name do
 				Code code_location
@@ -55,7 +57,7 @@ module Sumomo
 				Handler handler
 				Runtime runtime
 				Timeout timeout
-				Role role || exec_role.Arn
+				Role stack.exec_role(with_statements: with_statements).Arn
 			end
 
 			log_group = make "AWS::Logs::LogGroup", name: "#{name}LogGroup" do
@@ -114,8 +116,17 @@ module Sumomo
 			end
 		end
 
-		def make_exec_role
-			if @exec_role == nil
+		def exec_role(with_statements: [])
+
+			if @exec_roles == nil
+				@exec_roles = {}
+			end
+
+			statement_key = JSON.parse(with_statements.to_json)
+
+			if !@exec_roles.has_key?(statement_key)
+				name = make_default_resource_name("LambdaExecRole")
+
 				role_policy_doc = {
 					"Version" => "2012-10-17",
 					"Statement" => [{
@@ -124,52 +135,58 @@ module Sumomo
 						"Action" => ["sts:AssumeRole"]
 					}]
 				}
+
 				bucket_name = @bucket_name
-				@exec_role = make "AWS::IAM::Role", name: "LambdaFunctionExecutionRole" do
+
+				statement_list = [
+					{
+						"Effect" => "Allow",
+						"Action" => ["logs:CreateLogStream","logs:PutLogEvents"],
+						"Resource" => "arn:aws:logs:*:*:*"
+					},
+					{
+						"Effect" => "Allow",
+						"Action" => ["cloudformation:DescribeStacks", "ec2:Describe*", ],
+						"Resource" => "*"
+					},
+					{
+						"Effect" => "Allow",
+						"Action" => ["s3:DeleteObject", "s3:GetObject", "s3:PutObject"],
+						"Resource" => "arn:aws:s3:::#{bucket_name}/*"
+					},
+					{
+						"Effect" => "Allow",
+						"Action" => ["cloudfront:CreateCloudFrontOriginAccessIdentity", "cloudfront:DeleteCloudFrontOriginAccessIdentity"],
+						"Resource" => "*"
+					},
+					{
+						"Effect" => "Allow",
+						"Action" => ["apigateway:*", "cloudfront:UpdateDistribution"],
+						"Resource" => "*"
+					},
+					{
+						"Effect" => "Allow",
+						"Action" => ["acm:RequestCertificate", "acm:DeleteCertificate", "acm:DescribeCertificate"],
+						"Resource" => "*"
+					}] + with_statements
+
+				@exec_roles[statement_key] = make "AWS::IAM::Role", name: name do
 					AssumeRolePolicyDocument role_policy_doc
 					Path "/"
 					Policies [
 						{
-							"PolicyName" => "lambdapolicy",
+							"PolicyName" => name,
 							"PolicyDocument" => {
 								"Version" => "2012-10-17",
-								"Statement" => [{
-									"Effect" => "Allow",
-									"Action" => ["logs:CreateLogStream","logs:PutLogEvents"],
-									"Resource" => "arn:aws:logs:*:*:*"
-								},
-								{
-									"Effect" => "Allow",
-									"Action" => ["cloudformation:DescribeStacks", "ec2:Describe*", ],
-									"Resource" => "*"
-								},
-								{
-									"Effect" => "Allow",
-									"Action" => ["s3:DeleteObject", "s3:GetObject", "s3:PutObject"],
-									"Resource" => "arn:aws:s3:::#{bucket_name}/*"
-								},
-								{
-									"Effect" => "Allow",
-									"Action" => ["cloudfront:CreateCloudFrontOriginAccessIdentity", "cloudfront:DeleteCloudFrontOriginAccessIdentity"],
-									"Resource" => "*"
-								},
-								{
-									"Effect" => "Allow",
-									"Action" => ["apigateway:*", "cloudfront:UpdateDistribution"],
-									"Resource" => "*"
-								},
-								{
-									"Effect" => "Allow",
-									"Action" => ["acm:RequestCertificate", "acm:DeleteCertificate", "acm:DescribeCertificate"],
-									"Resource" => "*"
-								}]
+								"Statement" => statement_list
 							}
 						}
 					]
 				end
 			end
-			@exec_role
-		end
 
+			@exec_roles[statement_key]
+
+		end
 	end
 end

data/lib/sumomo/version.rb

@@ -1,3 +1,3 @@
 module Sumomo
-  VERSION = "0.7.1"
+  VERSION = "0.7.2"
 end

data/sumomo.gemspec

@@ -32,7 +32,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "momo", "0.4.1"
   spec.add_dependency "s3cabinet"
-  spec.add_dependency "aws-sdk"
+  spec.add_dependency "aws-sdk", "2.10.9"
   spec.add_dependency "rubyzip"
   spec.add_dependency "activesupport"
   spec.add_dependency "hashie"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sumomo
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.7.2
 platform: ruby
 authors:
 - David Siaw
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-12-18 00:00:00.000000000 Z
+date: 2018-01-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -84,16 +84,16 @@ dependencies:
   name: aws-sdk
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.10.9
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.10.9
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -2558,7 +2558,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: An advanced infrastructure description language for AWS