| 145a649d |
(in-package :mfa-tool.aws-utils)
(defclass cj-organization-role ()
((account :initarg :account
:reader account
:initform (error "must pass an account"))))
(fw.lu:defclass+ cj-developer-role ((cj-organization-role (account)))
())
|
| edb09ea2 |
(fw.lu:defclass+ cj-provisioner-role ((cj-organization-role (account)))
())
|
| 145a649d |
(defgeneric arn-for (type account resource)
(:method-combination list :most-specific-last)
(:documentation "get the arn for an aws resource")
(:method :around (-t account u)
(format nil "arn:aws:iam::~a:~a"
account
(serapeum:string-join (call-next-method)
"/")))
(:method list ((type (eql :mfa)) account user)
"mfa")
(:method list ((type (eql :mfa)) account (user string))
user)
(:method list ((type (eql :role)) account role)
"role")
(:method list ((type (eql :role)) account (role cj-organization-role))
"cjorganization")
(:method list ((type (eql :role)) account (role cj-developer-role))
"CJDeveloperAccessRole")
|
| edb09ea2 |
(:method list ((type (eql :role)) account (role cj-provisioner-role))
"CJProvisionerAccessRole")
|
| 145a649d |
(:method list ((type (eql :role)) account (role string))
role))
(defun cj-organization-role-arn (role)
(arn-for :role (account role) role))
|
| edb09ea2 |
(defgeneric session-duration (role)
(:method ((role cj-developer-role))
:max)
(:method ((role cj-provisioner-role))
#.(* 60 60)))
|