Class: S3Secure::Policy::Document::ForceSSLOnlyAccess

Inherits:
Base
  • Object
show all
Defined in:
lib/s3_secure/policy/document/force_ssl_only_access.rb

Instance Method Summary collapse

Methods inherited from Base

#checker, #initialize

Constructor Details

This class inherits a constructor from S3Secure::Policy::Document::Base

Instance Method Details

#full_policy_documentObject 



17
18
19
20
 
# File 'lib/s3_secure/policy/document/force_ssl_only_access.rb', line 17

def full_policy_document
  {"Version"=>"2012-10-17",
   "Statement"=>[ssl_enforce_statement]}
end

#policy_documentObject 



3
4
5
6
7
8
9
 
# File 'lib/s3_secure/policy/document/force_ssl_only_access.rb', line 3

def policy_document
  if @bucket_policy.blank?
    full_policy_document
  else
    updated_policy_document
  end
end

#ssl_enforce_statementObject 



22
23
24
25
26
27
28
29
30
31
 
# File 'lib/s3_secure/policy/document/force_ssl_only_access.rb', line 22

def ssl_enforce_statement
  {
    "Sid"=>"ForceSSLOnlyAccess",
    "Effect"=>"Deny",
    "Principal"=>"*",
    "Action"=>"s3:GetObject",
    "Resource"=>"arn:aws:s3:::#{@bucket}/*",
    "Condition"=>{"Bool"=>{"aws:SecureTransport"=>"false"}}
  }
end

#updated_policy_documentObject 



11
12
13
14
15
 
# File 'lib/s3_secure/policy/document/force_ssl_only_access.rb', line 11

def updated_policy_document
  policy = JSON.load(@bucket_policy)
  policy["Statement"] << ssl_enforce_statement unless checker.has?("ForceSSLOnlyAccess")
  policy
end