aws-sdk 1.32.0 → 1.67.0

data/lib/aws/core/options/json_serializer.rb

@@ -1,82 +0,0 @@
-# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You
-# may not use this file except in compliance with the License. A copy of
-# the License is located at
-#
-#     http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is
-# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
-# ANY KIND, either express or implied. See the License for the specific
-# language governing permissions and limitations under the License.
-
-require 'json'
-require 'base64'
-
-module AWS
-  module Core
-    module Options
-
-      # Given a hash of serialization rules, a JSONSerializer can convert
-      # a hash of request options into a JSON document.  The request options
-      # are validated before returning JSON.
-      class JSONSerializer
-
-        # @param [Hash] rules A hash of option rules to validate against.
-        # @param [String,nil] payload_param
-        def initialize rules, payload_param
-          @payload_param = payload_param
-          @rules = @payload_param ? rules[@payload_param][:members] : rules
-        end
-
-        # @return [String] Returns the name of the API operation.
-        attr_reader :operation_name
-
-        # @return [String]
-        attr_reader :namespace
-
-        # @return [Hash]
-        attr_reader :rules
-
-        # @overload serialize!(request_options)
-        #   @param [Hash] request_options A hash of already validated
-        #     request options with normalized values.
-        #   @return [String] Returns an string of the request parameters
-        #     serialized into XML.
-        def serialize request_options
-          request_options = request_options[@payload_param] if @payload_param
-          data = normalize_keys(request_options, rules)
-          if rules.any?{|k,v| v[:location] == 'body' }
-            data = data.values.first
-          end
-          JSON.pretty_generate(data)
-        end
-
-        protected
-
-        def normalize_keys values, rules
-          values.inject({}) do |h,(k,v)|
-            child_rules = rules[k]
-            child_name = child_rules[:name] || Inflection.class_name(k.to_s)
-            h.merge(child_name => normalize_value(v, child_rules))
-          end
-        end
-
-        def normalize_value value, rules
-          case rules[:type]
-          when :hash then normalize_keys(value, rules[:members])
-          when :array then value.map{|v| normalize_value(v, rules[:members]) }
-          when :map
-            value.inject({}) do |h,(k,v)|
-              h.merge(k => normalize_value(v, rules[:members]))
-            end
-          when :blob then Base64.encode64(value.read).strip
-          else value
-          end
-        end
-
-      end
-    end
-  end
-end

data/lib/aws/core/options/validator.rb

@@ -1,155 +0,0 @@
-# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You
-# may not use this file except in compliance with the License. A copy of
-# the License is located at
-#
-#     http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is
-# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
-# ANY KIND, either express or implied. See the License for the specific
-# language governing permissions and limitations under the License.
-
-module AWS
-  module Core
-    module Options
-
-      # Given a hash of validation rules, a validator validate request
-      # options.  Validations support:
-      #
-      #   * rejecting unknown options
-      #   * ensuring presence of required options
-      #   * validating expected option types (e.g. hash, array, string,
-      #     integer, etc).
-      #
-      # After validating, a hash of request options is returned with
-      # with normalized values (with converted types).
-      class Validator
-
-        # @param [Hash] rules A hash of option rules to validate against.
-        def initialize rules
-          @rules = rules
-        end
-
-        # @return [Hash]
-        attr_reader :rules
-
-        # @overload validate!(request_options)
-        #   @param [Hash] request_options The hash of options to validate.
-        #   @raise [ArgumentError] Raised when the options do not validate.
-        #   @return [Hash]
-        def validate! request_options, rules = @rules
-
-          # Verify all required options are present.
-          rules.each_pair do |opt_name, opt_rules|
-            if opt_rules[:required]
-              unless request_options.key?(opt_name)
-                raise ArgumentError, "missing required option #{opt_name.inspect}"
-              end
-            end
-          end
-
-          request_options.inject({}) do |options, (opt_name, value)|
-
-            # Ensure this is a valid/accepted option
-            unless rules.key?(opt_name)
-              raise ArgumentError, "unexpected option #{opt_name.inspect}"
-            end
-
-            # Validate and convert the value
-            valid_value = validate_value(rules[opt_name], value, opt_name)
-
-            options.merge(opt_name => valid_value)
-
-          end
-        end
-
-        protected
-
-        # Proxies calls to the correct validation method based on the
-        # rules[:type].
-        def validate_value *args
-          send("validate_#{args.first[:type]}", *args)
-        end
-
-        # Ensures the value is a hash and validates the hash context.
-        def validate_hash rules, value, opt_name, context = nil
-          unless value.respond_to?(:to_hash)
-            format_error('hash value', opt_name, context)
-          end
-          validate!(value.to_hash, rules[:members])
-        end
-
-        def validate_map rules, value, opt_name, context = nil
-          unless value.respond_to?(:to_hash)
-            format_error('hash value', opt_name, context)
-          end
-          value.inject({}) do |values,(k,v)|
-            context = "member #{k.inspect} of :#{opt_name}"
-            values[k] = validate_value(rules[:members], v, opt_name, context)
-            values
-          end
-        end
-
-        # Ensures the value is an array (or at least enumerable) and
-        # that the yielded values are valid.
-        def validate_array rules, value, opt_name, context = nil
-          unless value.respond_to?(:each)
-            format_error('enumerable value', opt_name, context)
-          end
-          values = []
-          value.each do |v|
-            context = "member #{values.size} of :#{opt_name}"
-            values << validate_value(rules[:members], v, opt_name, context)
-          end
-          values
-        end
-
-        # Ensures the value is a string.
-        def validate_string rules, value, opt_name, context = nil
-
-          unless value.respond_to?(:to_str)
-            format_error('string value', opt_name, context)
-          end
-
-          rules[:lstrip] ?
-            value.to_str.sub(/^#{rules[:lstrip]}/, '') :
-            value.to_str
-        end
-
-        # Ensures the value is a boolean.
-        def validate_boolean rules, value, opt_name, context = nil
-          unless [true, false].include?(value)
-            format_error('true or false', opt_name, context)
-          end
-          value
-        end
-
-        # Ensures the value is an integer.
-        def validate_integer rules, value, opt_name, context = nil
-          unless value.respond_to?(:to_int)
-            format_error('integer value', opt_name, context)
-          end
-          value.to_int
-        end
-
-        # Ensures the value is a timestamp.
-        def validate_timestamp rules, value, opt_name, context = nil
-          # TODO : add validation to timestamps values
-          value.to_s
-        end
-
-        def validate_blob rules, value, opt_name, context = nil
-          value
-        end
-
-        def format_error description, opt_name, context
-          context = context || "option :#{opt_name}"
-          raise ArgumentError, "expected #{description} for #{context}"
-        end
-
-      end
-    end
-  end
-end

data/lib/aws/core/options/xml_serializer.rb

@@ -1,118 +0,0 @@
-# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You
-# may not use this file except in compliance with the License. A copy of
-# the License is located at
-#
-#     http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is
-# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
-# ANY KIND, either express or implied. See the License for the specific
-# language governing permissions and limitations under the License.
-
-require 'nokogiri'
-
-module AWS
-  module Core
-    module Options
-
-      # Given a hash of serialization rules, an XMLSerializer can convert
-      # a hash of request options into XML.  The request options are
-      # validated before returning XML.
-      class XMLSerializer
-
-        # @param [String] namespace
-        # @param [String] operation_name
-        # @param [Hash] operation
-        def initialize namespace, operation_name, operation
-          @namespace = namespace
-          @operation_name = operation_name
-          @rules = operation[:inputs]
-          @http = operation[:http]
-          @validator = Validator.new(rules)
-        end
-
-        # @return [String] Returns the name of the API operation.
-        attr_reader :operation_name
-
-        # @return [String]
-        attr_reader :namespace
-
-        # @return [Hash]
-        attr_reader :rules
-
-        # @return [Hash,nil]
-        attr_reader :http
-
-        # @return [Validator]
-        attr_reader :validator
-
-        # @overload serialize!(request_options)
-        #   @param [Hash] request_options A hash of already validated
-        #     request options with normalized values.
-        #   @return [String] Returns an string of the request parameters
-        #     serialized into XML.
-        def serialize request_options
-          if http && http[:request_payload]
-            payload = http[:request_payload]
-            root_node_name = rules[payload][:name]
-            params = request_options[payload]
-            rules = self.rules[payload][:members]
-          else
-            root_node_name = "#{operation_name}Request"
-            params = request_options
-            rules = self.rules
-          end
-          xml = Nokogiri::XML::Builder.new
-          xml.send(root_node_name, :xmlns => namespace) do |xml|
-            hash_members_xml(params, rules, xml)
-          end
-          xml.doc.root.to_xml
-        end
-
-        protected
-
-        def to_xml builder, opt_name, rules, value
-
-          xml_name = rules[:name]
-          xml_name ||= opt_name.is_a?(String) ?
-            opt_name : Inflection.class_name(opt_name.to_s)
-
-          case value
-          when Hash
-
-            builder.send(xml_name) do |builder|
-              hash_members_xml(value, rules[:members], builder)
-            end
-
-          when Array
-            builder.send(xml_name) do
-              value.each do |member_value|
-                to_xml(builder, 'member', rules[:members], member_value)
-              end
-            end
-          else builder.send(xml_name, value)
-          end
-
-        end
-
-        def hash_members_xml hash, rules, builder
-          xml_ordered_members(rules).each do |member_name|
-            if hash.key?(member_name)
-              value = hash[member_name]
-              to_xml(builder, member_name, rules[member_name], value)
-            end
-          end
-        end
-
-        def xml_ordered_members members
-          members.inject([]) do |list,(member_name, member)|
-            list << [member[:position] || 0, member_name]
-          end.sort_by(&:first).map(&:last)
-        end
-
-      end
-    end
-  end
-end

data/lib/aws/core/page_result.rb

@@ -1,75 +0,0 @@
-# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You
-# may not use this file except in compliance with the License. A copy of
-# the License is located at
-#
-#     http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is
-# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
-# ANY KIND, either express or implied. See the License for the specific
-# language governing permissions and limitations under the License.
-
-module AWS
-  module Core
-    class PageResult < Array
-
-      # @return [Collection] Returns the collection that was used to
-      #   populated this page of results.
-      attr_reader :collection
-
-      # @return [Integer] Returns the maximum number of results per page.
-      #   The final page in a collection may return fewer than `:per_page`
-      #   items (e.g. `:per_page` is 10 and there are only 7 items).
-      attr_reader :per_page
-
-      # @return [String] An opaque token that can be passed the #page method
-      #   of the collection that returned this page of results.  This next
-      #   token behaves as a pseudo offset.  If `next_token` is `nil` then
-      #   there are no more results for the collection.
-      attr_reader :next_token
-
-      # @param [Collection] collection The collection that was used to
-      #   request this page of results.  The collection should respond to
-      #   #page and accept a :next_token option.
-      #
-      # @param [Array] items An array of result items that represent a
-      #   page of results.
-      #
-      # @param [Integer] per_page The number of requested items for this
-      #   page of results.  If the count of items is smaller than `per_page`
-      #   then this is the last page of results.
-      #
-      # @param [String] next_token (nil) A token that can be passed to the
-      #
-      def initialize collection, items, per_page, next_token
-        @collection = collection
-        @per_page = per_page
-        @next_token = next_token
-        super(items)
-      end
-
-      # @return [PageResult]
-      # @raise [RuntimeError] Raises a runtime error when called against
-      #   a collection that has no more results (i.e. #last_page? == true).
-      def next_page
-        if last_page?
-          raise 'unable to get the next page, already at the last page'
-        end
-        collection.page(:per_page => per_page, :next_token => next_token)
-      end
-
-      # @return [Boolean] Returns `true` if this is the last page of results.
-      def last_page?
-        next_token.nil?
-      end
-
-      # @return [Boolean] Returns `true` if there are more pages of results.
-      def more?
-        !!next_token
-      end
-
-    end
-  end
-end

data/lib/aws/core/policy.rb

@@ -1,942 +0,0 @@
-# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You
-# may not use this file except in compliance with the License. A copy of
-# the License is located at
-#
-#     http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is
-# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
-# ANY KIND, either express or implied. See the License for the specific
-# language governing permissions and limitations under the License.
-
-require 'uuidtools'
-require 'date'
-require 'json'
-
-module AWS
-  module Core
-
-    # Represents an access policy for AWS operations and resources.  For example:
-    #
-    #     policy = Policy.new
-    #     policy.allow(
-    #       :actions => ['s3:PutObject'],
-    #       :resources => "arn:aws:s3:::mybucket/mykey/*",
-    #       :principals => :any
-    #     ).where(:acl).is("public-read")
-    #
-    #     policy.to_json # => '{ "Version":"2008-10-17", ...'
-    #
-    # @see #initialize More ways to construct a policy.
-    # @see http://docs.amazonwebservices.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html Example policies (in JSON).
-    class Policy
-
-      # @see Statement
-      # @return [Array] An array of policy statements.
-      attr_reader :statements
-
-      # @return [String] The version of the policy language used in this
-      #   policy object.
-      attr_reader :version
-
-      # @return [String] A unique ID for the policy.
-      attr_reader :id
-
-      class Statement; end
-
-      # Constructs a policy.  There are a few different ways to
-      # build a policy:
-      #
-      # * With hash arguments:
-      #
-      #     Policy.new(:statements => [
-      #       {
-      #         :effect => :allow,
-      #         :actions => :all,
-      #         :principals => ["abc123"],
-      #         :resources => "mybucket/mykey"
-      #       }
-      #     ])
-      #
-      # * From a JSON policy document:
-      #
-      #     Policy.from_json(policy_json_string)
-      #
-      # * With a block:
-      #
-      #     Policy.new do |policy|
-      #       policy.allow(
-      #         :actions => ['s3:PutObject'],
-      #         :resources => "arn:aws:s3:::mybucket/mykey/*",
-      #         :principals => :any
-      #       ).where(:acl).is("public-read")
-      #     end
-      #
-      def initialize(opts = {})
-        @statements = opts.values_at(:statements, "Statement").select do |a|
-          a.kind_of?(Array)
-        end.flatten.map do |stmt|
-          self.class::Statement.new(stmt)
-        end
-
-        if opts.has_key?(:id) or opts.has_key?("Id")
-          @id = opts[:id] || opts["Id"]
-        else
-          @id = UUIDTools::UUID.timestamp_create.to_s.tr('-','')
-        end
-        if opts.has_key?(:version) or opts.has_key?("Version")
-          @version = opts[:version] || opts["Version"]
-        else
-          @version = "2008-10-17"
-        end
-
-        yield(self) if block_given?
-      end
-
-      # @return [Boolean] Returns true if the two policies are the same.
-      def ==(other)
-        if other.kind_of?(Core::Policy)
-          self.hash_without_ids == other.hash_without_ids
-        else
-          false
-        end
-      end
-      alias_method :eql?, :==
-
-      # Removes the ids from the policy and its statements for the purpose
-      # of comparing two policies for equivilence.
-      # @return [Hash] Returns the policy as a hash with no ids
-      # @api private
-      def hash_without_ids
-        hash = self.to_h
-        hash.delete('Id')
-        hash['Statement'].each do |statement|
-          statement.delete('Sid')
-        end
-        hash
-      end
-      protected :hash_without_ids
-
-      # Returns a hash representation of the policy. The following
-      # statements are equivalent:
-      #
-      #     policy.to_h.to_json
-      #     policy.to_json
-      #
-      # @return [Hash]
-      def to_h
-        {
-          "Version" => version,
-          "Id" => id,
-          "Statement" => statements.map { |st| st.to_h }
-        }
-      end
-
-      # @return [String] a JSON representation of the policy.
-      def to_json
-        to_h.to_json
-      end
-
-      # Constructs a policy from a JSON representation.
-      # @see #initialize
-      # @return [Policy] Returns a Policy object constructed by parsing
-      #   the passed JSON policy.
-      def self.from_json(json)
-        new(JSON.parse(json))
-      end
-
-      # Convenient syntax for expressing operators in statement
-      # condition blocks.  For example, the following:
-      #
-      #     policy.allow.where(:s3_prefix).not("forbidden").
-      #       where(:current_time).lte(Date.today+1)
-      #
-      # is equivalent to:
-      #
-      #     conditions = Policy::ConditionBlock.new
-      #     conditions.add(:not, :s3_prefix, "forbidden")
-      #     conditions.add(:lte, :current_time, Date.today+1)
-      #     policy.allow(:conditions => conditions)
-      #
-      # @see ConditionBlock#add
-      class OperatorBuilder
-
-        # @api private
-        def initialize(condition_builder, key)
-          @condition_builder = condition_builder
-          @key = key
-        end
-
-        def method_missing(m, *values)
-          @condition_builder.conditions.add(m, @key, *values)
-          @condition_builder
-        end
-
-      end
-
-      # Convenient syntax for adding conditions to a statement.
-      # @see Policy#allow
-      # @see Policy#deny
-      class ConditionBuilder
-
-        # @return [Array] Returns an array of policy conditions.
-        attr_reader :conditions
-
-        # @api private
-        def initialize(conditions)
-          @conditions = conditions
-        end
-
-        # Adds a condition for the given key.  For example:
-        #
-        #     policy.allow(...).where(:current_time).lte(Date.today + 1)
-        #
-        # @return [OperatorBuilder]
-        def where(key, operator = nil, *values)
-          if operator
-            @conditions.add(operator, key, *values)
-            self
-          else
-            OperatorBuilder.new(self, key)
-          end
-        end
-
-      end
-
-      # Convenience method for constructing a new statement with the
-      # "Allow" effect and adding it to the policy.  For example:
-      #
-      #     policy.allow(
-      #       :actions => [:put_object],
-      #       :principals => :any,
-      #       :resources => "mybucket/mykey/*").
-      #     where(:acl).is("public-read")
-      #
-      # @option (see Statement#initialize)
-      # @see Statement#initialize
-      # @return [ConditionBuilder]
-      def allow(opts = {})
-        stmt = self.class::Statement.new(opts.merge(:effect => :allow))
-        statements << stmt
-        ConditionBuilder.new(stmt.conditions)
-      end
-
-      # Convenience method for constructing a new statement with the
-      # "Deny" effect and adding it to the policy.  For example:
-      #
-      #     policy.deny(
-      #       :actions => [:put_object],
-      #       :principals => :any,
-      #       :resources => "mybucket/mykey/*"
-      #     ).where(:acl).is("public-read")
-      #
-      # @param (see Statement#initialize)
-      # @see Statement#initialize
-      # @return [ConditionBuilder]
-      def deny(opts = {})
-        stmt = self.class::Statement.new(opts.merge(:effect => :deny))
-        statements << stmt
-        ConditionBuilder.new(stmt.conditions)
-      end
-
-      # Represents the condition block of a policy.  In JSON,
-      # condition blocks look like this:
-      #
-      #     { "StringLike": { "s3:prefix": ["photos/*", "photos.html"] } }
-      #
-      # ConditionBlock lets you specify conditions like the above
-      # example using the add method, for example:
-      #
-      #     conditions.add(:like, :s3_prefix, "photos/*", "photos.html")
-      #
-      # See the add method documentation for more details about how
-      # to specify keys and operators.
-      #
-      # This class also provides a convenient way to query a
-      # condition block to see what operators, keys, and values it
-      # has.  For example, consider the following condition block
-      # (in JSON):
-      #
-      #   {
-      #     "StringEquals": {
-      #       "s3:prefix": "photos/index.html"
-      #     },
-      #     "DateEquals": {
-      #       "aws:CurrentTime": ["2010-10-12", "2011-01-02"]
-      #     },
-      #     "NumericEquals": {
-      #       "s3:max-keys": 10
-      #     }
-      #   }
-      #
-      # You can get access to the condition data using #[], #keys,
-      # #operators, and #values -- for example:
-      #
-      #   conditions["DateEquals"]["aws:CurrentTime"].values
-      #     # => ["2010-10-12", "2011-01-02"]
-      #
-      # You can also perform more sophisticated queries, like this
-      # one:
-      #
-      #   conditions[:is].each do |equality_conditions|
-      #     equality_conditions.keys.each do |key|
-      #       puts("#{key} may be any of: " +
-      #            equality_conditions[key].values.join(" ")
-      #     end
-      #   end
-      #
-      # This would print the following lines:
-      #
-      #   s3:prefix may be any of: photos/index.html
-      #   aws:CurrentTime may be any of: 2010-10-12 2011-01-02
-      #   s3:max-keys may be any of: 10
-      #
-      class ConditionBlock
-
-        # @api private
-        def initialize(conditions = {})
-          # filter makes a copy
-          @conditions = filter_conditions(conditions)
-        end
-
-        # Adds a condition to the block.  This method defines a
-        # convenient set of abbreviations for operators based on the
-        # type of value passed in.  For example:
-        #
-        #   conditions.add(:is, :secure_transport, true)
-        #
-        # Maps to:
-        #
-        #   { "Bool": { "aws:SecureTransport": true } }
-        #
-        # While:
-        #
-        #   conditions.add(:is, :s3_prefix, "photos/")
-        #
-        # Maps to:
-        #
-        #   { "StringEquals": { "s3:prefix": "photos/" } }
-        #
-        # The following list shows which operators are accepted as
-        # symbols and how they are represented in the JSON policy:
-        #
-        # * `:is` (StringEquals, NumericEquals, DateEquals, or Bool)
-        # * `:like` (StringLike)
-        # * `:not_like` (StringNotLike)
-        # * `:not` (StringNotEquals, NumericNotEquals, or DateNotEquals)
-        # * `:greater_than`, `:gt` (NumericGreaterThan or DateGreaterThan)
-        # * `:greater_than_equals`, `:gte`
-        #   (NumericGreaterThanEquals or DateGreaterThanEquals)
-        # * `:less_than`, `:lt` (NumericLessThan or DateLessThan)
-        # * `:less_than_equals`, `:lte`
-        #   (NumericLessThanEquals or DateLessThanEquals)
-        # * `:is_ip_address` (IpAddress)
-        # * `:not_ip_address` (NotIpAddress)
-        # * `:is_arn` (ArnEquals)
-        # * `:not_arn` (ArnNotEquals)
-        # * `:is_arn_like` (ArnLike)
-        # * `:not_arn_like` (ArnNotLike)
-        #
-        # @param [Symbol or String] operator The operator used to
-        #   compare the key with the value.  See above for valid
-        #   values and their interpretations.
-        #
-        # @param [Symbol or String] key The key to compare.  Symbol
-        #   keys are inflected to match AWS conventions.  By
-        #   default, the key is assumed to be in the "aws"
-        #   namespace, but if you prefix the symbol name with "s3_"
-        #   it will be sent in the "s3" namespace.  For example,
-        #   `:s3_prefix` is sent as "s3:prefix" while
-        #   `:secure_transport` is sent as "aws:SecureTransport".
-        #   See
-        #   http://docs.amazonwebservices.com/AmazonS3/latest/dev/UsingResOpsConditions.html
-        #   for a list of the available keys for each action in S3.
-        #
-        # @param [Mixed] values The value to compare against.
-        #   This can be:
-        #   * a String
-        #   * a number
-        #   * a Date, DateTime, or Time
-        #   * a boolean value
-        #   This method does not attempt to validate that the values
-        #   are valid for the operators or keys they are used with.
-        #
-        def add(operator, key, *values)
-          if operator.kind_of?(Symbol)
-            converted_values = values.map { |v| convert_value(v) }
-          else
-            converted_values = values
-          end
-          operator = translate_operator(operator, values.first)
-          op = (@conditions[operator] ||= {})
-          raise "duplicate #{operator} conditions for #{key}" if op[key]
-          op[translate_key(key)] = converted_values
-        end
-
-        # @api private
-        def to_h
-          @conditions
-        end
-
-        # Filters the conditions described in the block, returning a
-        # new ConditionBlock that contains only the matching
-        # conditions.  Each argument is matched against either the
-        # keys or the operators in the block, and you can specify
-        # the key or operator in any way that's valid for the #add
-        # method.  Some examples:
-        #
-        #   # all conditions using the StringLike operator
-        #   conditions["StringLike"]
-        #
-        #   # all conditions using StringEquals, DateEquals, NumericEquals, or Bool
-        #   conditions[:is]
-        #
-        #   # all conditions on the s3:prefix key
-        #   conditions["s3:prefix"]
-        #
-        #   # all conditions on the aws:CurrentTime key
-        #   conditions[:current_time]
-        #
-        # Multiple conditions are ANDed together, so the following
-        # are equivalent:
-        #
-        #   conditions[:s3_prefix][:is]
-        #   conditions[:is][:s3_prefix]
-        #   conditions[:s3_prefix, :is]
-        #
-        # @see #add
-        # @return [ConditionBlock] A new set of conditions filtered by the
-        #   given conditions.
-        def [](*args)
-          filtered = @conditions
-          args.each do |filter|
-            type = valid_operator?(filter) ? nil : :key
-            filtered = filter_conditions(filtered) do |op, key, value|
-              (match, type) = match_triple(filter, type, op, key, value)
-              match
-            end
-          end
-          self.class.new(filtered)
-        end
-
-        # @return [Array] Returns an array of operators used in this block.
-        def operators
-          @conditions.keys
-        end
-
-        # @return [Array] Returns an array of unique keys used in the block.
-        def keys
-          @conditions.values.map do |keys|
-            keys.keys if keys
-          end.compact.flatten.uniq
-        end
-
-        # Returns all values used in the block.  Note that the
-        # values may not all be from the same condition; for example:
-        #
-        #   conditions.add(:like, :user_agent, "mozilla", "explorer")
-        #   conditions.add(:lt, :s3_max_keys, 12)
-        #   conditions.values # => ["mozilla", "explorer", 12]
-        #
-        # @return [Array] Returns an array of values used in this condition block.
-        def values
-          @conditions.values.map do |keys|
-            keys.values
-          end.compact.flatten
-        end
-
-        # @api private
-        protected
-        def match_triple(filter, type, op, key, value)
-          value = [value].flatten.first
-          if type
-            target = (type == :operator ? op : key)
-            match = send("match_#{type}", filter, target, value)
-          else
-            if match_operator(filter, op, value)
-              match = true
-              type = :operator
-            elsif match_key(filter, key)
-              match = true
-              type = :key
-            else
-              match = false
-            end
-          end
-          [match, type]
-        end
-
-        # @api private
-        protected
-        def match_operator(filter, op, value)
-          # dates are the only values that don't come back as native types in JSON
-          # but where we use the type as a cue to the operator translation
-          value = Date.today if op =~ /^Date/
-          translate_operator(filter, value) == op
-        end
-
-        # @api private
-        protected
-        def match_key(filter, key, value = nil)
-          translate_key(filter) == key
-        end
-
-        # @api private
-        protected
-        def filter_conditions(conditions = @conditions)
-          conditions.inject({}) do |m, (op, keys)|
-            m[op] = keys.inject({}) do |m2, (key, value)|
-              m2[key] = value if !block_given? or yield(op, key, value)
-              m2
-            end
-            m.delete(op) if m[op].empty?
-            m
-          end
-        end
-
-        # @api private
-        protected
-        def translate_key(key)
-          if key.kind_of?(Symbol)
-            if key.to_s =~ /^s3_(.*)$/
-              s3_name = $1
-              if s3_name == "version_id" or
-                  s3_name == "location_constraint"
-                s3_name = Inflection.class_name(s3_name)
-              else
-                s3_name.tr!('_', '-')
-              end
-              "s3:#{s3_name}"
-            else
-              "aws:#{Inflection.class_name(key.to_s)}"
-            end
-          else
-            key
-          end
-        end
-
-        # @api private
-        MODIFIERS = {
-          /_ignoring_case$/ => "IgnoreCase",
-          /_equals$/ => "Equals"
-        }
-
-        # @api private
-        protected
-        def valid_operator?(operator)
-          translate_operator(operator, "")
-          true
-        rescue ArgumentError => e
-          false
-        end
-
-        # @api private
-        protected
-        def translate_operator(operator, example_value)
-          return operator if operator.kind_of?(String)
-
-          original_operator = operator
-          (operator, opts) = strip_modifiers(operator)
-
-          raise ArgumentError.new("unrecognized operator #{original_operator}") unless
-            respond_to?("translate_#{operator}", true)
-          send("translate_#{operator}", example_value, opts)
-        end
-
-        # @api private
-        protected
-        def translate_is(example, opts)
-          return "Bool" if type_notation(example) == "Bool"
-          base_translate(example, "Equals", opts[:ignore_case])
-        end
-
-        # @api private
-        protected
-        def translate_not(example, opts)
-          base_translate(example, "NotEquals", opts[:ignore_case])
-        end
-
-        # @api private
-        protected
-        def translate_like(example, opts)
-          base_translate(example, "Like")
-        end
-
-        # @api private
-        protected
-        def translate_not_like(example, opts)
-          base_translate(example, "NotLike")
-        end
-
-        # @api private
-        protected
-        def translate_less_than(example, opts)
-          base_translate(example, "LessThan", opts[:equals])
-        end
-        alias_method :translate_lt, :translate_less_than
-
-        # @api private
-        protected
-        def translate_lte(example, opts)
-          translate_less_than(example, { :equals => "Equals" })
-        end
-
-        # @api private
-        protected
-        def translate_greater_than(example, opts)
-          base_translate(example, "GreaterThan", opts[:equals])
-        end
-        alias_method :translate_gt, :translate_greater_than
-
-        # @api private
-        protected
-        def translate_gte(example, opts)
-          translate_greater_than(example, { :equals => "Equals" })
-        end
-
-        # @api private
-        protected
-        def translate_is_ip_address(example, opts)
-          "IpAddress"
-        end
-
-        # @api private
-        protected
-        def translate_not_ip_address(example, opts)
-          "NotIpAddress"
-        end
-
-        # @api private
-        protected
-        def translate_is_arn(example, opts)
-          "ArnEquals"
-        end
-
-        # @api private
-        protected
-        def translate_not_arn(example, opts)
-          "ArnNotEquals"
-        end
-
-        # @api private
-        protected
-        def translate_is_arn_like(example, opts)
-          "ArnLike"
-        end
-
-        # @api private
-        protected
-        def translate_not_arn_like(example, opts)
-          "ArnNotLike"
-        end
-
-        # @api private
-        protected
-        def base_translate(example, base_operator, *modifiers)
-          "#{type_notation(example)}#{base_operator}#{modifiers.join}"
-        end
-
-        # @api private
-        protected
-        def type_notation(example)
-          case example
-          when String
-            "String"
-          when Numeric
-            "Numeric"
-          when Time, Date
-            "Date"
-          when true, false
-            "Bool"
-          end
-        end
-
-        # @api private
-        protected
-        def convert_value(value)
-          case value
-          when DateTime, Time
-            Time.parse(value.to_s).iso8601
-          when Date
-            value.strftime("%Y-%m-%d")
-          else
-            value
-          end
-        end
-
-        # @api private
-        protected
-        def strip_modifiers(operator)
-          opts = {}
-          MODIFIERS.each do |(regex, mod)|
-            ruby_name = Inflection.ruby_name(mod).to_sym
-            opts[ruby_name] = ""
-            if operator.to_s =~ regex
-              opts[ruby_name] = mod
-              operator = operator.to_s.sub(regex, '').to_sym
-            end
-          end
-          [operator, opts]
-        end
-
-      end
-
-      # Represents a statement in a policy.
-      #
-      # @see Policy#allow
-      # @see Policy#deny
-      class Statement
-
-        # @return [String] Returns the statement id
-        attr_accessor :sid
-
-        # @return [String] Returns the statement effect, either "Allow" or
-        #   "Deny"
-        attr_accessor :effect
-
-        # @return [Array] Returns an array of principals.
-        attr_accessor :principals
-
-        # @return [Array] Returns an array of statement actions included
-        #   by this policy statement.
-        attr_accessor :actions
-
-        # @return [Array] Returns an array of actions excluded by this
-        #   policy statement.
-        attr_accessor :excluded_actions
-
-        # @return [Array] Returns an array of resources affected by this
-        #   policy statement.
-        attr_accessor :resources
-
-        # @return [Array] Returns an array of conditions for this policy.
-        attr_accessor :conditions
-
-        attr_accessor :excluded_resources
-
-        # Constructs a new statement.
-        #
-        # @option opts [String] :sid The statement ID.  This is optional; if
-        #   omitted, a UUID will be generated for the statement.
-        # @option opts [String] :effect The statement effect, which must be either
-        #   "Allow" or "Deny".
-        #   @see Policy#allow
-        #   @see Policy#deny
-        # @option opts [String or array of strings] :principals The account(s)
-        #   affected by the statement.  These should be AWS account IDs.
-        # @option opts :actions The action or actions affected by
-        #   the statement.  These can be symbols or strings.  If
-        #   they are strings, you can use wildcard character "*"
-        #   to match zero or more characters in the action name.
-        #   Symbols are expected to match methods of S3::Client.
-        # @option opts :excluded_actions Action or actions which are
-        #   explicitly not affected by this statement.  As with
-        #   `:actions`, these may be symbols or strings.
-        # @option opts [String or array of strings] :resources The
-        #   resource(s) affected by the statement.  These can be
-        #   expressed as ARNs (e.g. `arn:aws:s3:::mybucket/mykey`)
-        #   or you may omit the `arn:aws:s3:::` prefix and just give
-        #   the path as `bucket_name/key`.  You may use the wildcard
-        #   character "*" to match zero or more characters in the
-        #   resource name.
-        # @option opts [ConditionBlock or Hash] :conditions
-        #   Additional conditions that narrow the effect of the
-        #   statement.  It's typically more convenient to use the
-        #   ConditionBuilder instance returned from Policy#allow or
-        #   Policy#deny to add conditions to a statement.
-        # @see S3::Client
-        def initialize(opts = {})
-          self.sid = UUIDTools::UUID.timestamp_create.to_s.tr('-','')
-          self.conditions = ConditionBlock.new
-
-          parse_options(opts)
-
-          yield(self) if block_given?
-        end
-
-        # Convenience method to add to the list of actions affected
-        # by this statement.
-        def include_actions(*actions)
-          self.actions ||= []
-          self.actions.push(*actions)
-        end
-        alias_method :include_action, :include_actions
-
-        # Convenience method to add to the list of actions
-        # explicitly not affected by this statement.
-        def exclude_actions(*actions)
-          self.excluded_actions ||= []
-          self.excluded_actions.push(*actions)
-        end
-        alias_method :exclude_action, :exclude_actions
-
-        # @api private
-        def to_h
-          stmt = {
-            "Sid" => sid,
-            "Effect" => Inflection.class_name(effect.to_s),
-            "Principal" => principals_hash,
-            "Resource" => (resource_arns if resource_arns),
-            "NotResource" => (excluded_resource_arns if excluded_resource_arns),
-            "Condition" => (conditions.to_h if conditions)
-          }
-          stmt.delete("Condition") if !conditions || conditions.to_h.empty?
-          stmt.delete("Principal") unless principals_hash
-          stmt.delete("Resource") unless resource_arns
-          stmt.delete("NotResource") unless excluded_resource_arns
-          if !translated_actions || translated_actions.empty?
-            stmt["NotAction"] = translated_excluded_actions
-          else
-            stmt["Action"] = translated_actions
-          end
-          stmt
-        end
-
-        protected
-        def parse_options(options)
-          options.each do |name, value|
-            name = Inflection.ruby_name(name.to_s)
-            name.sub!(/s$/,'')
-            send("parse_#{name}_option", value) if
-              respond_to?("parse_#{name}_option", true)
-          end
-        end
-
-        protected
-        def parse_effect_option(value)
-          self.effect = value
-        end
-
-        protected
-        def parse_sid_option(value)
-          self.sid = value
-        end
-
-        protected
-        def parse_action_option(value)
-          coerce_array_option(:actions, value)
-        end
-
-        protected
-        def parse_not_action_option(value)
-          coerce_array_option(:excluded_actions, value)
-        end
-        alias_method :parse_excluded_action_option, :parse_not_action_option
-
-        protected
-        def parse_principal_option(value)
-          if value and value.kind_of?(Hash)
-            value = value["AWS"] || []
-          end
-
-          coerce_array_option(:principals, value)
-        end
-
-        protected
-        def parse_resource_option(value)
-          coerce_array_option(:resources, value)
-        end
-
-        def parse_not_resource_option(value)
-          coerce_array_option(:excluded_resources, value)
-        end
-        alias_method :parse_excluded_resource_option, :parse_not_resource_option
-
-        protected
-        def parse_condition_option(value)
-          self.conditions = ConditionBlock.new(value)
-        end
-
-        protected
-        def coerce_array_option(attr, value)
-          if value.kind_of?(Array)
-            send("#{attr}=", value)
-          else
-            send("#{attr}=", [value])
-          end
-        end
-
-        protected
-        def principals_hash
-          return nil unless principals
-          { "AWS" =>
-            principals.map do |principal|
-              principal == :any ? "*" : principal
-            end }
-        end
-
-        protected
-        def translate_action(action)
-          case action
-          when String then action
-          when :any   then '*'
-          when Symbol
-
-            if self.class == Core::Policy::Statement
-              msg = 'symbolized action names are only accepted by service ' +
-              'specific policies (e.g. AWS::S3::Policy)'
-              raise ArgumentError, msg
-            end
-
-            unless self.class::ACTION_MAPPING.has_key?(action)
-              raise ArgumentError, "unrecognized action: #{action}"
-            end
-
-            self.class::ACTION_MAPPING[action]
-
-          end
-        end
-
-        protected
-        def translated_actions
-          return nil unless actions
-          actions.map do |action|
-            translate_action(action)
-          end
-        end
-
-        protected
-        def translated_excluded_actions
-          return nil unless excluded_actions
-          excluded_actions.map { |a| translate_action(a) }
-        end
-
-        protected
-        def resource_arns
-          return nil unless resources
-          resources.map do |resource|
-            case resource
-            when :any    then "*"
-            else resource_arn(resource)
-            end
-          end
-        end
-
-        protected
-        def resource_arn resource
-          resource.to_s
-        end
-
-        protected
-        def excluded_resource_arns
-          return nil unless excluded_resources
-          excluded_resources.map do |excluded_resource|
-            case excluded_resource
-            when :any    then "*"
-            else excluded_resource_arn(excluded_resource)
-            end
-          end
-        end
-
-        protected
-        def excluded_resource_arn excluded_resource
-          excluded_resource.to_s
-        end
-
-      end
-
-    end
-  end
-end