Class: AWS::Policy::Statement

Inherits:

Object

• Object
• AWS::Policy::Statement

Defined in:

lib/aws/policy.rb,
lib/aws/policy.rb

Overview

Represents a statement in a policy.

See Also:

• #allow
• #deny

Direct Known Subclasses

S3::Policy::Statement, SNS::Policy::Statement, SQS::Policy::Statement

Instance Attribute Summary

• #actions ⇒ Array

  Returns an array of statement actions included by this policy statement.

• #conditions ⇒ Array

  Returns an array of conditions for this policy.

• #effect ⇒ String

  Returns the statement effect, either “Allow” or “Deny”.

• #excluded_actions ⇒ Array

  Returns an array of actions excluded by this policy statement.

• #principals ⇒ Array

  Returns an array of principals.

• #resources ⇒ Array

  Returns an array of resources affected by this policy statement.

• #sid ⇒ String

  Returns the statement id.

Instance Method Summary

• #exclude_actions(*actions) ⇒ Object (also: #exclude_action)

  Convenience method to add to the list of actions explicitly not affected by this statement.

• #include_actions(*actions) ⇒ Object (also: #include_action)

  Convenience method to add to the list of actions affected by this statement.

• #initialize(opts = {}) {|_self| ... } ⇒ Statement constructor

  Constructs a new statement.

Constructor Details

#initialize(opts = {}) {|_self| ... } ⇒ Statement

Constructs a new statement.

Parameters:

• opts (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (opts):

• :sid (String) —

  The statement ID. This is optional; if omitted, a UUID will be generated for the statement.

• :effect (String) —

  The statement effect, which must be either “Allow” or “Deny”. @see Policy#allow @see Policy#deny

• :principals (String or array of strings) —

  The account(s) affected by the statement. These should be AWS account IDs.

• :actions (Object) —

  The action or actions affected by the statement. These can be symbols or strings. If they are strings, you can use wildcard character “*” to match zero or more characters in the action name. Symbols are expected to match methods of S3::Client.

• :excluded_actions (Object) —

  Action or actions which are explicitly not affected by this statement. As with :actions, these may be symbols or strings.

• :resources (String or array of strings) —

  The resource(s) affected by the statement. These can be expressed as ARNs (e.g. arn:aws:s3:::mybucket/mykey) or you may omit the arn:aws:s3::: prefix and just give the path as bucket_name/key. You may use the wildcard character “*” to match zero or more characters in the resource name.

• :conditions (ConditionBlock or Hash) —

  Additional conditions that narrow the effect of the statement. It’s typically more convenient to use the ConditionBuilder instance returned from Policy#allow or Policy#deny to add conditions to a statement.

Yields:

• (_self)

Yield Parameters:

• _self (AWS::Policy::Statement) —

  the object that the method was called on

See Also:

• S3::Client

# File 'lib/aws/policy.rb', line 746

def initialize(opts = {})
  self.sid = UUIDTools::UUID.timestamp_create.to_s.tr('-','')
  self.conditions = ConditionBlock.new

  parse_options(opts)

  yield(self) if block_given?
end

Instance Attribute Details

#actions ⇒ Array

Returns an array of statement actions included by this policy statement.

Returns:

• (Array) —

  Returns an array of statement actions included by this policy statement.

# File 'lib/aws/policy.rb', line 702

def actions
  @actions
end

#conditions ⇒ Array

Returns an array of conditions for this policy.

Returns:

• (Array) —

  Returns an array of conditions for this policy.

# File 'lib/aws/policy.rb', line 713

def conditions
  @conditions
end

#effect ⇒ String

Returns the statement effect, either “Allow” or “Deny”

Returns:

• (String) —

  Returns the statement effect, either “Allow” or “Deny”

# File 'lib/aws/policy.rb', line 695

def effect
  @effect
end

#excluded_actions ⇒ Array

Returns an array of actions excluded by this policy statement.

Returns:

• (Array) —

  Returns an array of actions excluded by this policy statement.

# File 'lib/aws/policy.rb', line 706

def excluded_actions
  @excluded_actions
end

#principals ⇒ Array

Returns an array of principals.

Returns:

• (Array) —

  Returns an array of principals.

# File 'lib/aws/policy.rb', line 698

def principals
  @principals
end

#resources ⇒ Array

Returns an array of resources affected by this policy statement.

Returns:

• (Array) —

  Returns an array of resources affected by this policy statement.

# File 'lib/aws/policy.rb', line 710

def resources
  @resources
end

#sid ⇒ String

Returns the statement id

Returns:

• (String) —

  Returns the statement id

# File 'lib/aws/policy.rb', line 691

def sid
  @sid
end

Instance Method Details

#exclude_actions(*actions) ⇒ Object Also known as: exclude_action

Convenience method to add to the list of actions explicitly not affected by this statement.

# File 'lib/aws/policy.rb', line 765

def exclude_actions(*actions)
  self.excluded_actions ||= []
  self.excluded_actions.push(*actions)
end

#include_actions(*actions) ⇒ Object Also known as: include_action

Convenience method to add to the list of actions affected by this statement.

# File 'lib/aws/policy.rb', line 757

def include_actions(*actions)
  self.actions ||= []
  self.actions.push(*actions)
end