Class: AWS::Core::Policy

Inherits:
Object
  • Object
show all
Defined in:
lib/aws/core/policy.rb

Overview

Represents an access policy for AWS operations and resources. For example:

policy = Policy.new do |policy|
  policy.allow(:actions => ['s3:PutObject'],
               :resources => "arn:aws:s3:::mybucket/mykey/*",
               :principals => :any
  ).where(:acl).is("public-read")
end

policy.to_json               # => '{ "Version":"2008-10-17", ...'

Direct Known Subclasses

S3::Policy, SNS::Policy, SQS::Policy, STS::Policy

Defined Under Namespace

Classes: ConditionBlock, ConditionBuilder, OperatorBuilder, Statement

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(opts = {}) {|_self| ... } ⇒ Policy

Constructs a policy. There are a few different ways to build a policy:

  • With hash arguments:

    Policy.new(:statements => [
      { :effect => :allow,
        :actions => :all,
        :principals => ["abc123"],
        :resources => "mybucket/mykey" 
      }
    ])
    
  • From a JSON policy document:

    Policy.from_json(policy_json_string)
    
  • With a block:

    Policy.new do |policy|
    
      policy.allow(
        :actions => ['s3:PutObject'],
        :resources => "arn:aws:s3:::mybucket/mykey/*",
        :principals => :any
      ).where(:acl).is("public-read")
    
    end
    

Yields:

  • (_self)

Yield Parameters:



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# File 'lib/aws/core/policy.rb', line 77

def initialize(opts = {})
  @statements = opts.values_at(:statements, "Statement").select do |a|
    a.kind_of?(Array)
  end.flatten.map do |stmt|
    self.class::Statement.new(stmt)
  end
  
  if opts.has_key?(:id) or opts.has_key?("Id")
    @id = opts[:id] || opts["Id"]
  else
    @id = UUIDTools::UUID.timestamp_create.to_s.tr('-','')
  end
  if opts.has_key?(:version) or opts.has_key?("Version")
    @version = opts[:version] || opts["Version"]
  else
    @version = "2008-10-17"
  end
  
  yield(self) if block_given?
end

Instance Attribute Details

#idString (readonly)

Returns A unique ID for the policy.

Returns:

  • (String)

    A unique ID for the policy.



44
45
46
# File 'lib/aws/core/policy.rb', line 44

def id
  @id
end

#statementsArray (readonly)

Returns An array of policy statements.

Returns:

  • (Array)

    An array of policy statements.

See Also:



37
38
39
# File 'lib/aws/core/policy.rb', line 37

def statements
  @statements
end

#versionString (readonly)

Returns The version of the policy language used in this policy object.

Returns:

  • (String)

    The version of the policy language used in this policy object.



41
42
43
# File 'lib/aws/core/policy.rb', line 41

def version
  @version
end

Class Method Details

.from_json(json) ⇒ Policy

Constructs a policy from a JSON representation.

Returns:

  • (Policy)

    Returns a Policy object constructed by parsing the passed JSON policy.

See Also:



146
147
148
# File 'lib/aws/core/policy.rb', line 146

def self.from_json(json)
  new(JSON.parse(json))
end

Instance Method Details

#==(other) ⇒ Boolean Also known as: eql?

Returns true if the two policies are the same.

Returns:

  • (Boolean)

    Returns true if the two policies are the same.



99
100
101
102
103
104
105
# File 'lib/aws/core/policy.rb', line 99

def ==(other)
  if other.kind_of?(Core::Policy)
    self.hash_without_ids == other.hash_without_ids
  else
    false
  end
end

#allow(opts = {}) ⇒ ConditionBuilder

Convenience method for constructing a new statement with the “Allow” effect and adding it to the policy. For example:

policy.allow(:actions => [:put_object],
             :principals => :any,
             :resources => "mybucket/mykey/*").
  where(:acl).is("public-read")


219
220
221
222
223
# File 'lib/aws/core/policy.rb', line 219

def allow(opts = {})
  stmt = self.class::Statement.new(opts.merge(:effect => :allow))
  statements << stmt
  ConditionBuilder.new(stmt.conditions)
end

#deny(opts = {}) ⇒ ConditionBuilder

Convenience method for constructing a new statement with the “Deny” effect and adding it to the policy. For example:

policy.deny(
  :actions => [:put_object],
  :principals => :any,
  :resources => "mybucket/mykey/*"
).where(:acl).is("public-read")


237
238
239
240
241
# File 'lib/aws/core/policy.rb', line 237

def deny(opts = {})
  stmt = self.class::Statement.new(opts.merge(:effect => :deny))
  statements << stmt
  ConditionBuilder.new(stmt.conditions)
end

#to_hHash

Returns a hash representation of the policy. The following statements are equivalent:

policy.to_h.to_json
policy.to_json

Returns:

  • (Hash)


129
130
131
132
133
134
135
# File 'lib/aws/core/policy.rb', line 129

def to_h
  { 
    "Version" => version,
    "Id" => id,
    "Statement" => statements.map { |st| st.to_h } 
  }
end

#to_jsonString

Returns a JSON representation of the policy.

Returns:

  • (String)

    a JSON representation of the policy.



138
139
140
# File 'lib/aws/core/policy.rb', line 138

def to_json
  to_h.to_json
end