Class AWS::Core::Policy
In: lib/aws/core/policy.rb
Parent: Object

Represents an access policy for AWS operations and resources. For example:

    policy = Policy.new
    policy.allow(
      :actions => ['s3:PutObject'],
      :resources => "arn:aws:s3:::mybucket/mykey/*",
      :principals => :any
    ).where(:acl).is("public-read")

    policy.to_json # => '{ "Version":"2008-10-17", ...'

@see initialize More ways to construct a policy. @see docs.amazonwebservices.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html Example policies (in JSON).

Methods

==   allow   deny   eql?   from_json   hash_without_ids   new   to_h   to_json  

Classes and Modules

Class AWS::Core::Policy::ConditionBlock
Class AWS::Core::Policy::ConditionBuilder
Class AWS::Core::Policy::OperatorBuilder
Class AWS::Core::Policy::Statement

Attributes

id  [R]  @return [String] A unique ID for the policy.
statements  [R]  @see Statement @return [Array] An array of policy statements.
version  [R]  @return [String] The version of the policy language used in this
  policy object.

Public Class methods

Constructs a policy from a JSON representation. @see initialize @return [Policy] Returns a Policy object constructed by parsing

  the passed JSON policy.

Constructs a policy. There are a few different ways to build a policy:

  • With hash arguments:
      Policy.new(:statements => [
        {
          :effect => :allow,
          :actions => :all,
          :principals => ["abc123"],
          :resources => "mybucket/mykey"
        }
      ])
    
  • From a JSON policy document:
      Policy.from_json(policy_json_string)
    
  • With a block:
      Policy.new do |policy|
        policy.allow(
          :actions => ['s3:PutObject'],
          :resources => "arn:aws:s3:::mybucket/mykey/*",
          :principals => :any
        ).where(:acl).is("public-read")
      end
    

Public Instance methods

@return [Boolean] Returns true if the two policies are the same.

Convenience method for constructing a new statement with the "Allow" effect and adding it to the policy. For example:

    policy.allow(
      :actions => [:put_object],
      :principals => :any,
      :resources => "mybucket/mykey/*").
    where(:acl).is("public-read")

@option (see Statement#initialize) @see Statement#initialize @return [ConditionBuilder]

Convenience method for constructing a new statement with the "Deny" effect and adding it to the policy. For example:

    policy.deny(
      :actions => [:put_object],
      :principals => :any,
      :resources => "mybucket/mykey/*"
    ).where(:acl).is("public-read")

@param (see Statement#initialize) @see Statement#initialize @return [ConditionBuilder]

eql?(other)

Alias for #==

Returns a hash representation of the policy. The following statements are equivalent:

    policy.to_h.to_json
    policy.to_json

@return [Hash]

@return [String] a JSON representation of the policy.

Protected Instance methods

Removes the ids from the policy and its statements for the purpose of comparing two policies for equivilence. @return [Hash] Returns the policy as a hash with no ids @api private

[Validate]