Class: S3Secure::Policy::Document::ForceSSLOnlyAccessRemove

Inherits:
Base
  • Object
show all
Defined in:
lib/s3_secure/policy/document/force_ssl_only_access_remove.rb

Instance Method Summary collapse

Methods inherited from Base

#checker

Constructor Details

#initialize(bucket, bucket_policy) ⇒ ForceSSLOnlyAccessRemove

Returns a new instance of ForceSSLOnlyAccessRemove.



3
4
5
6
 
# File 'lib/s3_secure/policy/document/force_ssl_only_access_remove.rb', line 3

def initialize(bucket, bucket_policy)
  # @bucket_policy is existing document policy
  @bucket, @bucket_policy = bucket, bucket_policy
end

Instance Method Details

#policy_documentObject 



8
9
10
11
12
 
# File 'lib/s3_secure/policy/document/force_ssl_only_access_remove.rb', line 8

def policy_document
  return nil if @bucket_policy.blank?

  updated_policy_document
end

#updated_policy_documentObject 



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/s3_secure/policy/document/force_ssl_only_access_remove.rb', line 14

def updated_policy_document
  policy = JSON.load(@bucket_policy)

  statements = policy["Statement"]
  has_force_ssl = !!statements.detect { |s| s["Sid"] == "ForceSSLOnlyAccess" }
  unless has_force_ssl
    raise "Bucket policy does not have ForceSSLOnlyAccess"
  end

  if statements.size == 1
    return nil # to signal for the entire bucket policy to be deleted
  else
    statements.delete_if { |s| s["Sid"] == "ForceSSLOnlyAccess" }
    policy["Statement"] = statements
  end

  policy
end