Class: AWS::Core::Policy
- Inherits:
-
Object
- Object
- AWS::Core::Policy
- Defined in:
- lib/aws/core/policy.rb
Overview
Represents an access policy for AWS operations and resources. For example:
policy = Policy.new do |policy|
policy.allow(:actions => ['s3:PutObject'],
:resources => "arn:aws:s3:::mybucket/mykey/*",
:principals => :any
).where(:acl).is("public-read")
end
policy.to_json # => '{ "Version":"2008-10-17", ...'
Direct Known Subclasses
IAM::Policy, S3::Policy, SNS::Policy, SQS::Policy, STS::Policy
Defined Under Namespace
Classes: ConditionBlock, ConditionBuilder, OperatorBuilder, Statement
Instance Attribute Summary collapse
-
#id ⇒ String
readonly
A unique ID for the policy.
-
#statements ⇒ Array
readonly
An array of policy statements.
-
#version ⇒ String
readonly
The version of the policy language used in this policy object.
Class Method Summary collapse
-
.from_json(json) ⇒ Policy
Constructs a policy from a JSON representation.
Instance Method Summary collapse
-
#==(other) ⇒ Boolean
(also: #eql?)
Returns true if the two policies are the same.
-
#allow(opts = {}) ⇒ ConditionBuilder
Convenience method for constructing a new statement with the “Allow” effect and adding it to the policy.
-
#deny(opts = {}) ⇒ ConditionBuilder
Convenience method for constructing a new statement with the “Deny” effect and adding it to the policy.
-
#initialize(opts = {}) {|_self| ... } ⇒ Policy
constructor
Constructs a policy.
-
#to_h ⇒ Hash
Returns a hash representation of the policy.
-
#to_json ⇒ String
A JSON representation of the policy.
Constructor Details
#initialize(opts = {}) {|_self| ... } ⇒ Policy
Constructs a policy. There are a few different ways to build a policy:
-
With hash arguments:
Policy.new(:statements => [ { :effect => :allow, :actions => :all, :principals => ["abc123"], :resources => "mybucket/mykey" } ])
-
From a JSON policy document:
Policy.from_json(policy_json_string)
-
With a block:
Policy.new do |policy| policy.allow( :actions => ['s3:PutObject'], :resources => "arn:aws:s3:::mybucket/mykey/*", :principals => :any ).where(:acl).is("public-read") end
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/aws/core/policy.rb', line 78 def initialize(opts = {}) @statements = opts.values_at(:statements, "Statement").select do |a| a.kind_of?(Array) end.flatten.map do |stmt| self.class::Statement.new(stmt) end if opts.has_key?(:id) or opts.has_key?("Id") @id = opts[:id] || opts["Id"] else @id = UUIDTools::UUID..to_s.tr('-','') end if opts.has_key?(:version) or opts.has_key?("Version") @version = opts[:version] || opts["Version"] else @version = "2008-10-17" end yield(self) if block_given? end |
Instance Attribute Details
#id ⇒ String (readonly)
Returns A unique ID for the policy.
45 46 47 |
# File 'lib/aws/core/policy.rb', line 45 def id @id end |
#statements ⇒ Array (readonly)
Returns An array of policy statements.
38 39 40 |
# File 'lib/aws/core/policy.rb', line 38 def statements @statements end |
#version ⇒ String (readonly)
Returns The version of the policy language used in this policy object.
42 43 44 |
# File 'lib/aws/core/policy.rb', line 42 def version @version end |
Class Method Details
.from_json(json) ⇒ Policy
Constructs a policy from a JSON representation.
147 148 149 |
# File 'lib/aws/core/policy.rb', line 147 def self.from_json(json) new(JSON.parse(json)) end |
Instance Method Details
#==(other) ⇒ Boolean Also known as: eql?
Returns true if the two policies are the same.
100 101 102 103 104 105 106 |
# File 'lib/aws/core/policy.rb', line 100 def ==(other) if other.kind_of?(Core::Policy) self.hash_without_ids == other.hash_without_ids else false end end |
#allow(opts = {}) ⇒ ConditionBuilder
Convenience method for constructing a new statement with the “Allow” effect and adding it to the policy. For example:
policy.allow(:actions => [:put_object],
:principals => :any,
:resources => "mybucket/mykey/*").
where(:acl).is("public-read")
220 221 222 223 224 |
# File 'lib/aws/core/policy.rb', line 220 def allow(opts = {}) stmt = self.class::Statement.new(opts.merge(:effect => :allow)) statements << stmt ConditionBuilder.new(stmt.conditions) end |
#deny(opts = {}) ⇒ ConditionBuilder
Convenience method for constructing a new statement with the “Deny” effect and adding it to the policy. For example:
policy.deny(
:actions => [:put_object],
:principals => :any,
:resources => "mybucket/mykey/*"
).where(:acl).is("public-read")
238 239 240 241 242 |
# File 'lib/aws/core/policy.rb', line 238 def deny(opts = {}) stmt = self.class::Statement.new(opts.merge(:effect => :deny)) statements << stmt ConditionBuilder.new(stmt.conditions) end |
#to_h ⇒ Hash
Returns a hash representation of the policy. The following statements are equivalent:
policy.to_h.to_json
policy.to_json
130 131 132 133 134 135 136 |
# File 'lib/aws/core/policy.rb', line 130 def to_h { "Version" => version, "Id" => id, "Statement" => statements.map { |st| st.to_h } } end |
#to_json ⇒ String
Returns a JSON representation of the policy.
139 140 141 |
# File 'lib/aws/core/policy.rb', line 139 def to_json to_h.to_json end |