Class: S3Secure::Policy::Document::ForceSSLOnlyAccess
- Inherits:
-
Base
- Object
- Base
- S3Secure::Policy::Document::ForceSSLOnlyAccess
show all
- Defined in:
- lib/s3_secure/policy/document/force_ssl_only_access.rb
Instance Method Summary
collapse
Methods inherited from Base
#checker, #initialize
Instance Method Details
#full_policy_document ⇒ Object
17
18
19
20
|
# File 'lib/s3_secure/policy/document/force_ssl_only_access.rb', line 17
def full_policy_document
{"Version"=>"2012-10-17",
"Statement"=>[ssl_enforce_statement]}
end
|
#policy_document ⇒ Object
3
4
5
6
7
8
9
|
# File 'lib/s3_secure/policy/document/force_ssl_only_access.rb', line 3
def policy_document
if @bucket_policy.blank?
full_policy_document
else
updated_policy_document
end
end
|
#ssl_enforce_statement ⇒ Object
22
23
24
25
26
27
28
29
30
31
|
# File 'lib/s3_secure/policy/document/force_ssl_only_access.rb', line 22
def ssl_enforce_statement
{
"Sid"=>"ForceSSLOnlyAccess",
"Effect"=>"Deny",
"Principal"=>"*",
"Action"=>"s3:GetObject",
"Resource"=>"arn:aws:s3:::#{@bucket}/*",
"Condition"=>{"Bool"=>{"aws:SecureTransport"=>"false"}}
}
end
|
#updated_policy_document ⇒ Object
11
12
13
14
15
|
# File 'lib/s3_secure/policy/document/force_ssl_only_access.rb', line 11
def updated_policy_document
policy = JSON.load(@bucket_policy)
policy["Statement"] << ssl_enforce_statement unless checker.has?("ForceSSLOnlyAccess")
policy
end
|