Class: AWS::Core::Policy::ConditionBlock
- Inherits:
-
Object
- Object
- AWS::Core::Policy::ConditionBlock
- Defined in:
- lib/aws/core/policy.rb
Overview
Represents the condition block of a policy. In JSON, condition blocks look like this:
{ "StringLike": { "s3:prefix": ["photos/*", "photos.html"] } }
ConditionBlock lets you specify conditions like the above example using the add method, for example:
conditions.add(:like, :s3_prefix, "photos/*", "photos.html")
See the add method documentation for more details about how to specify keys and operators.
This class also provides a convenient way to query a condition block to see what operators, keys, and values it has. For example, consider the following condition block (in JSON):
{
"StringEquals": {
"s3:prefix": "photos/index.html"
},
"DateEquals": {
"aws:CurrentTime": ["2010-10-12", "2011-01-02"]
},
"NumericEquals": {
"s3:max-keys": 10
}
}
You can get access to the condition data using #[], #keys, #operators, and #values – for example:
conditions["DateEquals"]["aws:CurrentTime"].values
# => ["2010-10-12", "2011-01-02"]
You can also perform more sophisticated queries, like this one:
conditions[:is].each do |equality_conditions|
equality_conditions.keys.each do |key|
puts("#{key} may be any of: " +
equality_conditions[key].values.join(" ")
end
end
This would print the following lines:
s3:prefix may be any of: photos/index.html
aws:CurrentTime may be any of: 2010-10-12 2011-01-02
s3:max-keys may be any of: 10
Instance Method Summary collapse
-
#[](*args) ⇒ ConditionBlock
Filters the conditions described in the block, returning a new ConditionBlock that contains only the matching conditions.
-
#add(operator, key, *values) ⇒ Object
Adds a condition to the block.
-
#initialize(conditions = {}) ⇒ ConditionBlock
constructor
A new instance of ConditionBlock.
-
#keys ⇒ Array
Returns an array of unique keys used in the block.
-
#operators ⇒ Array
Returns an array of operators used in this block.
- #to_h ⇒ Object
-
#values ⇒ Array
Returns all values used in the block.
Constructor Details
#initialize(conditions = {}) ⇒ ConditionBlock
Returns a new instance of ConditionBlock.
299 300 301 302 |
# File 'lib/aws/core/policy.rb', line 299 def initialize(conditions = {}) # filter makes a copy @conditions = filter_conditions(conditions) end |
Instance Method Details
#[](*args) ⇒ ConditionBlock
Filters the conditions described in the block, returning a new ConditionBlock that contains only the matching conditions. Each argument is matched against either the keys or the operators in the block, and you can specify the key or operator in any way that’s valid for the #add method. Some examples:
# all conditions using the StringLike operator
conditions["StringLike"]
# all conditions using StringEquals, DateEquals, NumericEquals, or Bool
conditions[:is]
# all conditions on the s3:prefix key
conditions["s3:prefix"]
# all conditions on the aws:CurrentTime key
conditions[:current_time]
Multiple conditions are ANDed together, so the following are equivalent:
conditions[:s3_prefix][:is]
conditions[:is][:s3_prefix]
conditions[:s3_prefix, :is]
412 413 414 415 416 417 418 419 420 421 422 |
# File 'lib/aws/core/policy.rb', line 412 def [](*args) filtered = @conditions args.each do |filter| type = valid_operator?(filter) ? nil : :key filtered = filter_conditions(filtered) do |op, key, value| (match, type) = match_triple(filter, type, op, key, value) match end end self.class.new(filtered) end |
#add(operator, key, *values) ⇒ Object
Adds a condition to the block. This method defines a convenient set of abbreviations for operators based on the type of value passed in. For example:
conditions.add(:is, :secure_transport, true)
Maps to:
{ "Bool": { "aws:SecureTransport": true } }
While:
conditions.add(:is, :s3_prefix, "photos/")
Maps to:
{ "StringEquals": { "s3:prefix": "photos/" } }
The following list shows which operators are accepted as symbols and how they are represented in the JSON policy:
-
:is
(StringEquals, NumericEquals, DateEquals, or Bool) -
:like
(StringLike) -
:not_like
(StringNotLike) -
:not
(StringNotEquals, NumericNotEquals, or DateNotEquals) -
:greater_than
,:gt
(NumericGreaterThan or DateGreaterThan) -
:greater_than_equals
,:gte
(NumericGreaterThanEquals or DateGreaterThanEquals) -
:less_than
,:lt
(NumericLessThan or DateLessThan) -
:less_than_equals
,:lte
(NumericLessThanEquals or DateLessThanEquals) -
:is_ip_address
(IpAddress) -
:not_ip_address
(NotIpAddress) -
:is_arn
(ArnEquals) -
:not_arn
(ArnNotEquals) -
:is_arn_like
(ArnLike) -
:not_arn_like
(ArnNotLike)
366 367 368 369 370 371 372 373 374 375 376 |
# File 'lib/aws/core/policy.rb', line 366 def add(operator, key, *values) if operator.kind_of?(Symbol) converted_values = values.map { |v| convert_value(v) } else converted_values = values end operator = translate_operator(operator, values.first) op = (@conditions[operator] ||= {}) raise "duplicate #{operator} conditions for #{key}" if op[key] op[translate_key(key)] = converted_values end |
#keys ⇒ Array
Returns an array of unique keys used in the block.
430 431 432 433 434 |
# File 'lib/aws/core/policy.rb', line 430 def keys @conditions.values.map do |keys| keys.keys if keys end.compact.flatten.uniq end |
#operators ⇒ Array
Returns an array of operators used in this block.
425 426 427 |
# File 'lib/aws/core/policy.rb', line 425 def operators @conditions.keys end |
#to_h ⇒ Object
379 380 381 |
# File 'lib/aws/core/policy.rb', line 379 def to_h @conditions end |
#values ⇒ Array
Returns all values used in the block. Note that the values may not all be from the same condition; for example:
conditions.add(:like, :user_agent, "mozilla", "explorer")
conditions.add(:lt, :s3_max_keys, 12)
conditions.values # => ["mozilla", "explorer", 12]
444 445 446 447 448 |
# File 'lib/aws/core/policy.rb', line 444 def values @conditions.values.map do |keys| keys.values end.compact.flatten end |