App-FargateStack
view release on metacpan or search on metacpan
lib/App/FargateStack/Builder/Events.pm view on Meta::CPAN
########################################################################
my ($self) = @_;
my ( $config, $dryrun ) = $self->common_args(qw(config dryrun));
my $iam = $self->fetch_iam;
my $role_config = $config->{events_role} // {};
my ( $role_name, $role_arn ) = $self->create_events_role();
my $policy_name = $self->create_default( 'policy-name', 'events' );
@{$role_config}{qw(name arn policy_name)} = ( $role_name, $role_arn, $policy_name );
my $policy = $iam->get_role_policy( $role_name, $policy_name );
my @statement = $self->add_events_policy();
my $role_policy = {
Version => $IAM_POLICY_VERSION,
Statement => \@statement,
};
if ( $policy && Compare( $policy, $role_policy ) ) {
$self->log_info( 'iam:role-policy: policy [%s] for [%s] exists...%s',
$policy_name, $role_name, $self->get_cache || 'skipping' );
$self->inc_existing_resources( 'iam:role-policy' => [$policy_name] );
return;
}
if ($policy) {
$self->display_diffs( $policy, $role_policy, { title => 'event policy has changed' } );
}
$self->log_warn(
'iam:role-policy: policy [%s] will be %s for [%s]...%s',
$policy_name, ( $policy ? 'updated' : 'created' ),
$role_name, $dryrun
);
$self->inc_required_resources( 'iam:policy' => [$policy_name] );
return
if $dryrun;
$iam->put_role_policy( $role_name, $policy_name, $role_policy );
$iam->check_result(
message => 'ERROR: could not %s policy [%s] for [%s]',
params => [ ( $policy ? 'update' : 'create' ), $policy_name, $role_name ]
);
$self->log_warn( 'iam:role-policy: policy [%s] %s successfully for [%s]...',
$policy_name, ( $policy ? 'updated' : 'created' ), $role_name );
return;
}
########################################################################
sub update_rule_state {
########################################################################
my ( $self, $state ) = @_;
my ( $config, $tasks, $dryrun ) = $self->common_args(qw(config tasks dryrun));
my ($task_name) = $self->get_args;
my $err;
if ( !$task_name ) {
( $task_name, $err ) = grep { defined $tasks->{$_}->{schedule} } keys %{$tasks};
}
croak sprintf "%s %s-scheduled-task task-name\n", $ENV{SCRIPT_NAME}, $state ? 'enable' : 'disable'
if !$task_name || $err;
my $rule_name = sprintf '%s-schedule', $task_name;
require App::Events;
my $event = App::Events->new( $self->get_global_options );
my $result = $event->describe_rule( $rule_name, '{state: State, schedule: ScheduleExpression}' );
log_die( $self, "could not describe rule: [%s]\n%s", $rule_name, $event->get_error )
if !$result;
$self->log_warn( 'events: current state: [%s] for rule [%s]...will be updated do [%s]...%s',
$result->{state}, $rule_name, ( $state ? 'ENABLED' : 'DISABLED' ), $dryrun );
return
if $dryrun;
$result = $state ? $event->enable_rule($rule_name) : $event->disable_rule($rule_name);
log_die( $self, "could not update rule: [%s]\n%s", $rule_name, $event->get_error )
if !$result && $event->get_error;
return;
}
########################################################################
sub create_events_role { return shift->create_role( @_, 'events' ); }
########################################################################
########################################################################
sub add_events_policy {
########################################################################
my ($self) = @_;
my @events = $self->has_events;
my $region = $self->get_region;
my $account = $self->get_account;
my $cluster_name = $self->get_config->{cluster}->{name};
my $role_arn = $self->get_config->{role}->{arn};
my @policy_statement = (
{ Effect => 'Allow',
Action => 'ecs:RunTask',
( run in 0.828 second using v1.01-cache-2.11-cpan-39bf76dae61 )