/*
* -
* #%L
* Pipeline: AWS Steps
* %%
* Copyright (C) 2018 Taimos GmbH
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
package de.taimos.pipeline.aws;
import java.util.Set;
import org.jenkinsci.plugins.workflow.steps.Step;
import org.jenkinsci.plugins.workflow.steps.StepContext;
import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
import org.jenkinsci.plugins.workflow.steps.StepExecution;
import org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution;
import org.kohsuke.stapler.DataBoundConstructor;
import com.amazonaws.services.identitymanagement.AmazonIdentityManagement;
import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder;
import com.amazonaws.services.identitymanagement.model.UpdateAssumeRolePolicyRequest;
import com.google.common.base.Preconditions;
import de.taimos.pipeline.aws.utils.StepUtils;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.model.TaskListener;
public class UpdateTrustPolicy extends Step {
private final String roleName;
private final String policyFile;
@DataBoundConstructor
public UpdateTrustPolicy(String roleName, String policyFile) {
this.roleName = roleName;
this.policyFile = policyFile;
}
public String getRoleName() {
return this.roleName;
}
public String getPolicyFile() {
return this.policyFile;
}
@Override
public StepExecution start(StepContext context) throws Exception {
return new UpdateTrustPolicy.Execution(this, context);
}
@Extension
public static class DescriptorImpl extends StepDescriptor {
@Override
public Set<? extends Class<?>> getRequiredContext() {
return StepUtils.requires(TaskListener.class, EnvVars.class, FilePath.class);
}
@Override
public String getFunctionName() {
return "updateTrustPolicy";
}
@Override
public String getDisplayName() {
return "Update trust policy of IAM roles";
}
}
public static class Execution extends SynchronousNonBlockingStepExecution<Void> {
private final transient UpdateTrustPolicy step;
public Execution(UpdateTrustPolicy step, StepContext context) {
super(context);
this.step = step;
}
@Override
protected Void run() throws Exception {
final String roleName = this.step.getRoleName();
final String policyFile = this.step.getPolicyFile();
Preconditions.checkArgument(roleName != null && !roleName.isEmpty(), "roleName must not be null or empty");
Preconditions.checkArgument(policyFile != null && !policyFile.isEmpty(), "policyFile must not be null or empty");
AmazonIdentityManagement iamClient = AWSClientFactory.create(AmazonIdentityManagementClientBuilder.standard(), Execution.this.getContext());
UpdateAssumeRolePolicyRequest request = new UpdateAssumeRolePolicyRequest();
request.withRoleName(roleName);
request.withPolicyDocument(Execution.this.getContext().get(FilePath.class).child(policyFile).readToString());
iamClient.updateAssumeRolePolicy(request);
Execution.this.getContext().get(TaskListener.class).getLogger().format("Updated trust policy of role %s %n", roleName);
return null;
}
private static final long serialVersionUID = 1L;
}
}
