Defer fetching of resource data for IAM

Petr Tichý · Petr Tichý · commit 9927a3bdca0c · 2018-11-30T09:13:35.000+01:00
diff --git a/fixtures/vcr_cassettes/iam_group-setup.yml b/fixtures/vcr_cassettes/iam_group-setup.yml
diff --git a/lib/puppet/provider/iam_group/v2.rb b/lib/puppet/provider/iam_group/v2.rb
@@ -26,14 +26,10 @@ def self.get_groups
   def self.instances
     groups = get_groups()
     groups.collect do |group|
-      group_data = iam_client.get_group({ group_name: group.group_name })
-      member_names = group_data.users.map {|user| user.user_name }
-
       new({
         name: group.group_name,
         ensure: :present,
         path: group.path,
-        members: member_names,
       })
     end
   end
@@ -101,6 +97,11 @@ def destroy
     @property_hash[:ensure] = :absent
   end
 
+  def members
+    group_data = iam_client.get_group({ group_name: name })
+    group_data.users.map {|user| user.user_name }
+  end
+
   def members=(value)
     unless @property_hash[:ensure] == :absent
       # First all add missing members to the group
diff --git a/lib/puppet/provider/iam_policy/v2.rb b/lib/puppet/provider/iam_policy/v2.rb
@@ -10,27 +10,12 @@
   def self.instances
     policies = PuppetX::Puppetlabs::Iam_policy.get_policies
     policies.collect do |policy|
-
-      policy_document_versions = iam_client.list_policy_versions({
-        policy_arn: policy.arn,
-        max_items: 1
-      })
-
-      policy_version_data = iam_client.get_policy_version({
-        policy_arn: policy.arn,
-        version_id: policy_document_versions.versions[0].version_id
-      })
-
-      policy_data = JSON.parse(URI.unescape(policy_version_data.policy_version.document))
-      policy_document = JSON.pretty_generate(policy_data)
-
       new({
         name: policy.policy_name,
         ensure: :present,
         path: policy.path,
         description: policy.description,
         arn: policy.arn,
-        document: policy_document,
       })
     end
   end
@@ -86,6 +71,21 @@ def destroy
     @property_hash[:ensure] = :absent
   end
 
+  def document
+    policy_document_versions = iam_client.list_policy_versions({
+      policy_arn: arn,
+      max_items: 1
+    })
+
+    policy_version_data = iam_client.get_policy_version({
+      policy_arn: arn,
+      version_id: policy_document_versions.versions[0].version_id
+    })
+
+    policy_data = JSON.parse(URI.unescape(policy_version_data.policy_version.document))
+    JSON.pretty_generate(policy_data)
+  end
+
   def document=(value)
     # IAM allows up to 5 managed policies at the time of this writing.  As
     # such, if we are going to modify a policy, that is, to create a new one,
diff --git a/lib/puppet/provider/iam_policy_attachment/v2.rb b/lib/puppet/provider/iam_policy_attachment/v2.rb
@@ -39,19 +39,8 @@ def self.instances
         end
       end
 
-      response = iam_client.list_entities_for_policy({
-        policy_arn: policy.arn,
-      })
-
-      user_names = response.policy_users.collect {|user| user.user_name }
-      group_names = response.policy_groups.collect {|group| group.group_name }
-      role_names = response.policy_roles.collect {|role| role.role_name }
-
       new({
         name: policy.policy_name,
-        users: user_names,
-        groups: group_names,
-        roles: role_names,
         arn: policy.arn,
       })
     end
@@ -67,6 +56,18 @@ def self.prefetch(resources)
     end
   end
 
+  def users
+    list_entities_for_policy.policy_users.collect {|user| user.user_name }
+  end
+
+  def groups
+    list_entities_for_policy.policy_groups.collect {|group| group.group_name }
+  end
+
+  def roles
+    list_entities_for_policy.policy_roles.collect {|role| role.role_name }
+  end
+
   def users=(value)
     Array(value).flatten.each {|user|
       unless @property_hash[:users].include? user
@@ -133,4 +134,10 @@ def roles=(value)
     }
   end
 
+  private
+
+  def list_entities_for_policy
+    @list_entities_for_policy ||= iam_client.list_entities_for_policy({ policy_arn: arn, })
+  end
+
 end
