Class: AWS::Core::Policy::Statement

Inherits:
Object
  • Object
show all
Defined in:
lib/aws/core/policy.rb,
lib/aws/core/policy.rb

Overview

Represents a statement in a policy.

See Also:

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(opts = {}) {|_self| ... } ⇒ Statement

Constructs a new statement.

Parameters:

  • opts (Hash) (defaults to: {})

    a customizable set of options

Options Hash (opts):

  • :sid (String)

    The statement ID. This is optional; if omitted, a UUID will be generated for the statement.

  • :effect (String)

    The statement effect, which must be either “Allow” or “Deny”. @see Policy#allow @see Policy#deny

  • :principals (String or array of strings)

    The account(s) affected by the statement. These should be AWS account IDs.

  • :actions (Object)

    The action or actions affected by the statement. These can be symbols or strings. If they are strings, you can use wildcard character “*” to match zero or more characters in the action name. Symbols are expected to match methods of S3::Client.

  • :excluded_actions (Object)

    Action or actions which are explicitly not affected by this statement. As with :actions, these may be symbols or strings.

  • :resources (String or array of strings)

    The resource(s) affected by the statement. These can be expressed as ARNs (e.g. arn:aws:s3:::mybucket/mykey) or you may omit the arn:aws:s3::: prefix and just give the path as bucket_name/key. You may use the wildcard character “*” to match zero or more characters in the resource name.

  • :conditions (ConditionBlock or Hash)

    Additional conditions that narrow the effect of the statement. It's typically more convenient to use the ConditionBuilder instance returned from Policy#allow or Policy#deny to add conditions to a statement.

Yields:

  • (_self)

Yield Parameters:

See Also:


748
749
750
751
752
753
754
755
# File 'lib/aws/core/policy.rb', line 748

def initialize(opts = {})
  self.sid = UUIDTools::UUID.timestamp_create.to_s.tr('-','')
  self.conditions = ConditionBlock.new
  
  parse_options(opts)
  
  yield(self) if block_given?
end

Instance Attribute Details

#actionsArray

Returns an array of statement actions included by this policy statement.

Returns:

  • (Array)

    Returns an array of statement actions included by this policy statement.


704
705
706
# File 'lib/aws/core/policy.rb', line 704

def actions
  @actions
end

#conditionsArray

Returns an array of conditions for this policy.

Returns:

  • (Array)

    Returns an array of conditions for this policy.


715
716
717
# File 'lib/aws/core/policy.rb', line 715

def conditions
  @conditions
end

#effectString

Returns the statement effect, either “Allow” or “Deny”

Returns:

  • (String)

    Returns the statement effect, either “Allow” or “Deny”


697
698
699
# File 'lib/aws/core/policy.rb', line 697

def effect
  @effect
end

#excluded_actionsArray

Returns an array of actions excluded by this policy statement.

Returns:

  • (Array)

    Returns an array of actions excluded by this policy statement.


708
709
710
# File 'lib/aws/core/policy.rb', line 708

def excluded_actions
  @excluded_actions
end

#principalsArray

Returns an array of principals.

Returns:

  • (Array)

    Returns an array of principals.


700
701
702
# File 'lib/aws/core/policy.rb', line 700

def principals
  @principals
end

#resourcesArray

Returns an array of resources affected by this policy statement.

Returns:

  • (Array)

    Returns an array of resources affected by this policy statement.


712
713
714
# File 'lib/aws/core/policy.rb', line 712

def resources
  @resources
end

#sidString

Returns the statement id

Returns:

  • (String)

    Returns the statement id


693
694
695
# File 'lib/aws/core/policy.rb', line 693

def sid
  @sid
end

Instance Method Details

#exclude_actions(*actions) ⇒ Object Also known as: exclude_action

Convenience method to add to the list of actions explicitly not affected by this statement.


767
768
769
770
# File 'lib/aws/core/policy.rb', line 767

def exclude_actions(*actions)
  self.excluded_actions ||= []
  self.excluded_actions.push(*actions)
end

#include_actions(*actions) ⇒ Object Also known as: include_action

Convenience method to add to the list of actions affected by this statement.


759
760
761
762
# File 'lib/aws/core/policy.rb', line 759

def include_actions(*actions)
  self.actions ||= []
  self.actions.push(*actions)
end

#to_hObject


774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
# File 'lib/aws/core/policy.rb', line 774

def to_h
  stmt = {
    "Sid" => sid,
    "Effect" => Inflection.class_name(effect.to_s),
    "Principal" => principals_hash,
    "Resource" => resource_arns,
    "Condition" => (conditions.to_h if conditions)
  }
  stmt.delete("Condition") if !conditions || conditions.to_h.empty?
  stmt.delete("Principal") unless principals_hash
  if !translated_actions || translated_actions.empty?
    stmt["NotAction"] = translated_excluded_actions
  else
    stmt["Action"] = translated_actions
  end
  stmt
end