Class: AWS::Core::Policy::ConditionBlock

Inherits:
Object
  • Object
show all
Defined in:
lib/aws/core/policy.rb

Overview

Represents the condition block of a policy. In JSON, condition blocks look like this:

{ "StringLike": { "s3:prefix": ["photos/*", "photos.html"] } }

ConditionBlock lets you specify conditions like the above example using the add method, for example:

conditions.add(:like, :s3_prefix, "photos/*", "photos.html")

See the add method documentation for more details about how to specify keys and operators.

This class also provides a convenient way to query a condition block to see what operators, keys, and values it has. For example, consider the following condition block (in JSON):

{
  "StringEquals": {
    "s3:prefix": "photos/index.html"
  },
  "DateEquals": {
    "aws:CurrentTime": ["2010-10-12", "2011-01-02"]
  },
  "NumericEquals": {
    "s3:max-keys": 10
  }
}

You can get access to the condition data using #[], #keys, #operators, and #values – for example:

conditions["DateEquals"]["aws:CurrentTime"].values
  # => ["2010-10-12", "2011-01-02"]

You can also perform more sophisticated queries, like this one:

conditions[:is].each do |equality_conditions|
  equality_conditions.keys.each do |key|
    puts("#{key} may be any of: " +
         equality_conditions[key].values.join(" ")
  end
end

This would print the following lines:

s3:prefix may be any of: photos/index.html
aws:CurrentTime may be any of: 2010-10-12 2011-01-02
s3:max-keys may be any of: 10

Instance Method Summary collapse

Constructor Details

#initialize(conditions = {}) ⇒ ConditionBlock

Returns a new instance of ConditionBlock.


299
300
301
302
# File 'lib/aws/core/policy.rb', line 299

def initialize(conditions = {})
  # filter makes a copy
  @conditions = filter_conditions(conditions)
end

Instance Method Details

#[](*args) ⇒ ConditionBlock

Filters the conditions described in the block, returning a new ConditionBlock that contains only the matching conditions. Each argument is matched against either the keys or the operators in the block, and you can specify the key or operator in any way that's valid for the #add method. Some examples:

# all conditions using the StringLike operator
conditions["StringLike"]

# all conditions using StringEquals, DateEquals, NumericEquals, or Bool
conditions[:is]

# all conditions on the s3:prefix key
conditions["s3:prefix"]

# all conditions on the aws:CurrentTime key
conditions[:current_time]

Multiple conditions are ANDed together, so the following are equivalent:

conditions[:s3_prefix][:is]
conditions[:is][:s3_prefix]
conditions[:s3_prefix, :is]

Returns:

  • (ConditionBlock)

    A new set of conditions filtered by the given conditions.

See Also:


412
413
414
415
416
417
418
419
420
421
422
# File 'lib/aws/core/policy.rb', line 412

def [](*args)
  filtered = @conditions
  args.each do |filter|
    type = valid_operator?(filter) ? nil : :key
    filtered = filter_conditions(filtered) do |op, key, value|
      (match, type) = match_triple(filter, type, op, key, value)
      match
    end
  end
  self.class.new(filtered)
end

#add(operator, key, *values) ⇒ Object

Adds a condition to the block. This method defines a convenient set of abbreviations for operators based on the type of value passed in. For example:

conditions.add(:is, :secure_transport, true)

Maps to:

{ "Bool": { "aws:SecureTransport": true } }

While:

conditions.add(:is, :s3_prefix, "photos/")

Maps to:

{ "StringEquals": { "s3:prefix": "photos/" } }

The following list shows which operators are accepted as symbols and how they are represented in the JSON policy:

  • :is (StringEquals, NumericEquals, DateEquals, or Bool)

  • :like (StringLike)

  • :not_like (StringNotLike)

  • :not (StringNotEquals, NumericNotEquals, or DateNotEquals)

  • :greater_than, :gt (NumericGreaterThan or DateGreaterThan)

  • :greater_than_equals, :gte (NumericGreaterThanEquals or DateGreaterThanEquals)

  • :less_than, :lt (NumericLessThan or DateLessThan)

  • :less_than_equals, :lte (NumericLessThanEquals or DateLessThanEquals)

  • :is_ip_address (IpAddress)

  • :not_ip_address (NotIpAddress)

  • :is_arn (ArnEquals)

  • :not_arn (ArnNotEquals)

  • :is_arn_like (ArnLike)

  • :not_arn_like (ArnNotLike)

Parameters:

  • operator (Symbol or String)

    The operator used to compare the key with the value. See above for valid values and their interpretations.

  • key (Symbol or String)

    The key to compare. Symbol keys are inflected to match AWS conventions. By default, the key is assumed to be in the “aws” namespace, but if you prefix the symbol name with “s3_” it will be sent in the “s3” namespace. For example, :s3_prefix is sent as “s3:prefix” while :secure_transport is sent as “aws:SecureTransport”. See docs.amazonwebservices.com/AmazonS3/latest/dev/UsingResOpsConditions.html for a list of the available keys for each action in S3.

  • values (Mixed)

    The value to compare against. This can be:

    • a String

    • a number

    • a Date, DateTime, or Time

    • a boolean value

    This method does not attempt to validate that the values are valid for the operators or keys they are used with.


366
367
368
369
370
371
372
373
374
375
376
# File 'lib/aws/core/policy.rb', line 366

def add(operator, key, *values)
  if operator.kind_of?(Symbol)
    converted_values = values.map { |v| convert_value(v) }
  else
    converted_values = values
  end
  operator = translate_operator(operator, values.first)
  op = (@conditions[operator] ||= {})
  raise "duplicate #{operator} conditions for #{key}" if op[key]
  op[translate_key(key)] = converted_values
end

#keysArray

Returns an array of unique keys used in the block.

Returns:

  • (Array)

    Returns an array of unique keys used in the block.


430
431
432
433
434
# File 'lib/aws/core/policy.rb', line 430

def keys
  @conditions.values.map do |keys|
    keys.keys if keys
  end.compact.flatten.uniq
end

#operatorsArray

Returns an array of operators used in this block.

Returns:

  • (Array)

    Returns an array of operators used in this block.


425
426
427
# File 'lib/aws/core/policy.rb', line 425

def operators
  @conditions.keys
end

#to_hObject


379
380
381
# File 'lib/aws/core/policy.rb', line 379

def to_h
  @conditions
end

#valuesArray

Returns all values used in the block. Note that the values may not all be from the same condition; for example:

conditions.add(:like, :user_agent, "mozilla", "explorer")
conditions.add(:lt, :s3_max_keys, 12)
conditions.values # => ["mozilla", "explorer", 12]

Returns:

  • (Array)

    Returns an array of values used in this condition block.


444
445
446
447
448
# File 'lib/aws/core/policy.rb', line 444

def values
  @conditions.values.map do |keys|
    keys.values
  end.compact.flatten
end