Class: AWS::Core::Policy
- Inherits:
-
Object
- Object
- AWS::Core::Policy
- Defined in:
- lib/aws/core/policy.rb
Overview
Represents an access policy for AWS operations and resources. For example:
policy = Policy.new do |policy|
policy.allow(:actions => ['s3:PutObject'],
:resources => "arn:aws:s3:::mybucket/mykey/*",
:principals => :any
).where(:acl).is("public-read")
end
policy.to_json # => '{ "Version":"2008-10-17", ...'
Direct Known Subclasses
Defined Under Namespace
Classes: ConditionBlock, ConditionBuilder, OperatorBuilder, Statement
Instance Attribute Summary collapse
-
#id ⇒ String
readonly
A unique ID for the policy.
-
#statements ⇒ Array
readonly
An array of policy statements.
-
#version ⇒ String
readonly
The version of the policy language used in this policy object.
Class Method Summary collapse
-
.from_json(json) ⇒ Policy
Constructs a policy from a JSON representation.
Instance Method Summary collapse
-
#==(other) ⇒ Boolean
(also: #eql?)
Returns true if the two policies are the same.
-
#allow(opts = {}) ⇒ ConditionBuilder
Convenience method for constructing a new statement with the “Allow” effect and adding it to the policy.
-
#deny(opts = {}) ⇒ ConditionBuilder
Convenience method for constructing a new statement with the “Deny” effect and adding it to the policy.
-
#initialize(opts = {}) {|_self| ... } ⇒ Policy
constructor
Constructs a policy.
-
#to_h ⇒ Hash
Returns a hash representation of the policy.
-
#to_json ⇒ String
A JSON representation of the policy.
Constructor Details
#initialize(opts = {}) {|_self| ... } ⇒ Policy
Constructs a policy. There are a few different ways to build a policy:
-
With hash arguments:
Policy.new(:statements => [ { :effect => :allow, :actions => :all, :principals => ["abc123"], :resources => "mybucket/mykey" } ])
-
From a JSON policy document:
Policy.from_json(policy_json_string)
-
With a block:
Policy.new do |policy| policy.allow( :actions => ['s3:PutObject'], :resources => "arn:aws:s3:::mybucket/mykey/*", :principals => :any ).where(:acl).is("public-read") end
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
# File 'lib/aws/core/policy.rb', line 77 def initialize(opts = {}) @statements = opts.values_at(:statements, "Statement").select do |a| a.kind_of?(Array) end.flatten.map do |stmt| self.class::Statement.new(stmt) end if opts.has_key?(:id) or opts.has_key?("Id") @id = opts[:id] || opts["Id"] else @id = UUIDTools::UUID..to_s.tr('-','') end if opts.has_key?(:version) or opts.has_key?("Version") @version = opts[:version] || opts["Version"] else @version = "2008-10-17" end yield(self) if block_given? end |
Instance Attribute Details
#id ⇒ String (readonly)
Returns A unique ID for the policy.
44 45 46 |
# File 'lib/aws/core/policy.rb', line 44 def id @id end |
#statements ⇒ Array (readonly)
Returns An array of policy statements.
37 38 39 |
# File 'lib/aws/core/policy.rb', line 37 def statements @statements end |
#version ⇒ String (readonly)
Returns The version of the policy language used in this policy object.
41 42 43 |
# File 'lib/aws/core/policy.rb', line 41 def version @version end |
Class Method Details
.from_json(json) ⇒ Policy
Constructs a policy from a JSON representation.
146 147 148 |
# File 'lib/aws/core/policy.rb', line 146 def self.from_json(json) new(JSON.parse(json)) end |
Instance Method Details
#==(other) ⇒ Boolean Also known as: eql?
Returns true if the two policies are the same.
99 100 101 102 103 104 105 |
# File 'lib/aws/core/policy.rb', line 99 def ==(other) if other.kind_of?(Core::Policy) self.hash_without_ids == other.hash_without_ids else false end end |
#allow(opts = {}) ⇒ ConditionBuilder
Convenience method for constructing a new statement with the “Allow” effect and adding it to the policy. For example:
policy.allow(:actions => [:put_object],
:principals => :any,
:resources => "mybucket/mykey/*").
where(:acl).is("public-read")
219 220 221 222 223 |
# File 'lib/aws/core/policy.rb', line 219 def allow(opts = {}) stmt = self.class::Statement.new(opts.merge(:effect => :allow)) statements << stmt ConditionBuilder.new(stmt.conditions) end |
#deny(opts = {}) ⇒ ConditionBuilder
Convenience method for constructing a new statement with the “Deny” effect and adding it to the policy. For example:
policy.deny(
:actions => [:put_object],
:principals => :any,
:resources => "mybucket/mykey/*"
).where(:acl).is("public-read")
237 238 239 240 241 |
# File 'lib/aws/core/policy.rb', line 237 def deny(opts = {}) stmt = self.class::Statement.new(opts.merge(:effect => :deny)) statements << stmt ConditionBuilder.new(stmt.conditions) end |
#to_h ⇒ Hash
Returns a hash representation of the policy. The following statements are equivalent:
policy.to_h.to_json
policy.to_json
129 130 131 132 133 134 135 |
# File 'lib/aws/core/policy.rb', line 129 def to_h { "Version" => version, "Id" => id, "Statement" => statements.map { |st| st.to_h } } end |
#to_json ⇒ String
Returns a JSON representation of the policy.
138 139 140 |
# File 'lib/aws/core/policy.rb', line 138 def to_json to_h.to_json end |