Browse code
Add new AWS arn generator
Edward Langley authored on 25/10/2019 22:06:58Showing 1 changed files
| ... | ... |
@@ -15,6 +15,36 @@ |
| 15 | 15 |
(format nil "arn:aws:iam::~a:role/cjorganization/~a" |
| 16 | 16 |
account |
| 17 | 17 |
role)) |
| 18 |
+(defclass cj-organization-role () |
|
| 19 |
+ ((account :initarg :account |
|
| 20 |
+ :reader account |
|
| 21 |
+ :initform (error "must pass an account")))) |
|
| 22 |
+(fw.lu:defclass+ cj-developer-role ((cj-organization-role (account))) |
|
| 23 |
+ ()) |
|
| 24 |
+ |
|
| 25 |
+(defgeneric arn-for (type account resource) |
|
| 26 |
+ (:method-combination list :most-specific-last) |
|
| 27 |
+ (:documentation "get the arn for an aws resource") |
|
| 28 |
+ (:method :around (-t account u) |
|
| 29 |
+ (format nil "arn:aws:iam::~a:~a" |
|
| 30 |
+ account |
|
| 31 |
+ (serapeum:string-join (call-next-method) |
|
| 32 |
+ "/"))) |
|
| 33 |
+ (:method list ((type (eql :mfa)) account user) |
|
| 34 |
+ "mfa") |
|
| 35 |
+ (:method list ((type (eql :mfa)) account (user string)) |
|
| 36 |
+ user) |
|
| 37 |
+ (:method list ((type (eql :role)) account role) |
|
| 38 |
+ "role") |
|
| 39 |
+ (:method list ((type (eql :role)) account (role cj-organization-role)) |
|
| 40 |
+ "cjorganization") |
|
| 41 |
+ (:method list ((type (eql :role)) account (role cj-developer-role)) |
|
| 42 |
+ "CJDeveloperAccessRole") |
|
| 43 |
+ (:method list ((type (eql :role)) account (role string)) |
|
| 44 |
+ role)) |
|
| 45 |
+ |
|
| 46 |
+(defun cj-organization-role-arn (role) |
|
| 47 |
+ (arn-for :role (account role) role)) |
|
| 18 | 48 |
|
| 19 | 49 |
(defun read-new-mfa-token () |
| 20 | 50 |
(format *query-io* "~&New MFA token: ") |