aws-sdk 1.5.7 → 1.5.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/aws.rb +2 -0
- data/lib/aws/api_config/EMR-2009-03-31.yml +349 -0
- data/lib/aws/auto_scaling.rb +8 -8
- data/lib/aws/auto_scaling/group.rb +2 -2
- data/lib/aws/auto_scaling/instance.rb +1 -1
- data/lib/aws/auto_scaling/launch_configuration.rb +4 -4
- data/lib/aws/auto_scaling/launch_configuration_collection.rb +11 -11
- data/lib/aws/auto_scaling/scaling_policy.rb +1 -1
- data/lib/aws/auto_scaling/scheduled_action.rb +1 -1
- data/lib/aws/auto_scaling/tag.rb +3 -3
- data/lib/aws/cloud_formation/stack.rb +7 -7
- data/lib/aws/cloud_formation/stack_collection.rb +13 -13
- data/lib/aws/cloud_formation/stack_event_collection.rb +2 -2
- data/lib/aws/cloud_formation/stack_resource.rb +1 -1
- data/lib/aws/cloud_formation/stack_resource_summary_collection.rb +10 -18
- data/lib/aws/cloud_formation/stack_summary_collection.rb +12 -16
- data/lib/aws/core.rb +7 -1
- data/lib/aws/core/collection.rb +12 -12
- data/lib/aws/core/configuration.rb +4 -0
- data/lib/aws/core/credential_providers.rb +23 -23
- data/lib/aws/core/inflection.rb +2 -0
- data/lib/aws/core/model.rb +6 -6
- data/lib/aws/core/policy.rb +102 -102
- data/lib/aws/core/resource.rb +81 -80
- data/lib/aws/core/response.rb +23 -23
- data/lib/aws/core/xml/frame.rb +4 -2
- data/lib/aws/dynamo_db/resource.rb +2 -2
- data/lib/aws/dynamo_db/table.rb +5 -5
- data/lib/aws/ec2/availability_zone.rb +2 -3
- data/lib/aws/ec2/export_task.rb +7 -7
- data/lib/aws/ec2/image.rb +5 -5
- data/lib/aws/ec2/instance.rb +40 -40
- data/lib/aws/ec2/instance_collection.rb +5 -2
- data/lib/aws/ec2/key_pair.rb +1 -1
- data/lib/aws/ec2/network_acl.rb +1 -1
- data/lib/aws/ec2/network_interface.rb +2 -2
- data/lib/aws/ec2/region.rb +1 -1
- data/lib/aws/ec2/resource.rb +1 -1
- data/lib/aws/ec2/route_table.rb +1 -1
- data/lib/aws/ec2/security_group.rb +4 -4
- data/lib/aws/ec2/subnet.rb +1 -1
- data/lib/aws/ec2/volume.rb +1 -1
- data/lib/aws/ec2/vpn_connection.rb +1 -1
- data/lib/aws/ec2/vpn_gateway.rb +2 -2
- data/lib/aws/elb/listener_opts.rb +1 -1
- data/lib/aws/elb/load_balancer.rb +5 -5
- data/lib/aws/elb/load_balancer_collection.rb +17 -9
- data/lib/aws/elb/load_balancer_policy.rb +2 -2
- data/lib/aws/emr.rb +84 -0
- data/lib/aws/emr/client.rb +309 -0
- data/lib/aws/emr/config.rb +18 -0
- data/lib/aws/emr/errors.rb +22 -0
- data/lib/aws/emr/instance_group.rb +138 -0
- data/lib/aws/emr/instance_group_collection.rb +82 -0
- data/lib/aws/emr/job_flow.rb +296 -0
- data/lib/aws/emr/job_flow_collection.rb +185 -0
- data/lib/aws/emr/request.rb +23 -0
- data/lib/aws/iam/access_key.rb +1 -1
- data/lib/aws/iam/account_alias_collection.rb +2 -2
- data/lib/aws/iam/client.rb +1 -1
- data/lib/aws/iam/group.rb +2 -2
- data/lib/aws/iam/policy_collection.rb +1 -1
- data/lib/aws/iam/server_certificate.rb +2 -2
- data/lib/aws/iam/signing_certificate.rb +1 -1
- data/lib/aws/iam/user.rb +2 -2
- data/lib/aws/iam/virtual_mfa_device.rb +1 -1
- data/lib/aws/s3/client.rb +57 -55
- data/lib/aws/s3/config.rb +2 -0
- data/lib/aws/s3/request.rb +14 -6
- data/lib/aws/simple_email_service/identity.rb +9 -7
- data/lib/aws/simple_workflow/domain.rb +1 -1
- data/lib/aws/simple_workflow/resource.rb +2 -2
- data/lib/aws/simple_workflow/workflow_execution.rb +5 -5
- data/lib/aws/sns/subscription_collection.rb +33 -35
- data/lib/aws/sns/topic_collection.rb +13 -18
- data/lib/aws/sns/topic_subscription_collection.rb +8 -9
- data/lib/aws/sqs/queue.rb +4 -4
- data/lib/aws/sqs/queue_collection.rb +17 -13
- metadata +13 -4
- data/lib/aws/cloud_formation/stack_summary.rb +0 -71
@@ -121,6 +121,10 @@ module AWS
|
|
121
121
|
# @attr_reader [String] s3_endpoint ('s3.amazonaws.com')
|
122
122
|
# The service endpoint for Amazon S3.
|
123
123
|
#
|
124
|
+
# @attr_reader [Boolean] s3_force_path_style (false) When
|
125
|
+
# +true+, requests will always use path style. This can be useful
|
126
|
+
# for testing environments.
|
127
|
+
#
|
124
128
|
# @attr_reader [Integer] s3_multipart_max_parts (1000)
|
125
129
|
# The maximum number of parts to split a file into when uploading
|
126
130
|
# in parts to S3.
|
@@ -26,12 +26,12 @@ module AWS
|
|
26
26
|
|
27
27
|
# The list of possible keys in the hash returned by {#credentials}.
|
28
28
|
KEYS = Set[:access_key_id, :secret_access_key, :session_token]
|
29
|
-
|
29
|
+
|
30
30
|
# @return [Hash] Returns a hash of credentials containg at least
|
31
|
-
# the +:access_key_id+ and +:secret_access_key+. The hash may
|
31
|
+
# the +:access_key_id+ and +:secret_access_key+. The hash may
|
32
32
|
# also contain a +:session_token+.
|
33
33
|
#
|
34
|
-
# @raise [Errors::MissingCredentialsError] Raised when the
|
34
|
+
# @raise [Errors::MissingCredentialsError] Raised when the
|
35
35
|
# +:access_key_id+ or the +:secret_access_key+ can not be found.
|
36
36
|
#
|
37
37
|
def credentials
|
@@ -91,7 +91,7 @@ module AWS
|
|
91
91
|
# * Static credentials from AWS.config (e.g. AWS.config.access_key_id,
|
92
92
|
# AWS.config.secret_access_key)
|
93
93
|
#
|
94
|
-
# * The environment (e.g. ENV['AWS_ACCESS_KEY_ID'] or
|
94
|
+
# * The environment (e.g. ENV['AWS_ACCESS_KEY_ID'] or
|
95
95
|
# ENV['AMAZON_ACCESS_KEY_ID'])
|
96
96
|
#
|
97
97
|
# * EC2 metadata service (checks for credentials provided by
|
@@ -200,7 +200,7 @@ module AWS
|
|
200
200
|
# @private
|
201
201
|
class FailedRequestError < StandardError; end
|
202
202
|
|
203
|
-
# These are the errors we trap when attempting to talk to the
|
203
|
+
# These are the errors we trap when attempting to talk to the
|
204
204
|
# instance metadata service. Any of these imply the service
|
205
205
|
# is not present, no responding or some other non-recoverable
|
206
206
|
# error.
|
@@ -280,7 +280,7 @@ module AWS
|
|
280
280
|
end
|
281
281
|
end
|
282
282
|
|
283
|
-
# Makes an HTTP Get request with the given path. If a non-200
|
283
|
+
# Makes an HTTP Get request with the given path. If a non-200
|
284
284
|
# response is received, then a FailedRequestError is raised.
|
285
285
|
# a {FailedRequestError} is raised.
|
286
286
|
# @param [Net::HTTPSession] session
|
@@ -310,20 +310,20 @@ module AWS
|
|
310
310
|
# This session provider is currently only used for DynamoDB which
|
311
311
|
# requires session credentials.
|
312
312
|
class SessionProvider
|
313
|
-
|
313
|
+
|
314
314
|
include Provider
|
315
|
-
|
315
|
+
|
316
316
|
@create_mutex = Mutex.new
|
317
317
|
|
318
318
|
class << self
|
319
319
|
|
320
|
-
# @param [Hash] long_term_credentials A hash of credentials with
|
321
|
-
# +:access_key_id+ and +:secret_access_key+ (but not
|
320
|
+
# @param [Hash] long_term_credentials A hash of credentials with
|
321
|
+
# +:access_key_id+ and +:secret_access_key+ (but not
|
322
322
|
# +:session_token+).
|
323
323
|
def for long_term_credentials
|
324
324
|
@create_mutex.synchronize do
|
325
325
|
@session_providers ||= {}
|
326
|
-
@session_providers[long_term_credentials[:access_key_id]] =
|
326
|
+
@session_providers[long_term_credentials[:access_key_id]] =
|
327
327
|
self.new(long_term_credentials)
|
328
328
|
end
|
329
329
|
end
|
@@ -333,9 +333,9 @@ module AWS
|
|
333
333
|
protected :new
|
334
334
|
|
335
335
|
end
|
336
|
-
|
337
|
-
# @param [Hash] long_term_credentials A hash of credentials with
|
338
|
-
# +:access_key_id+ and +:secret_access_key+ (but not
|
336
|
+
|
337
|
+
# @param [Hash] long_term_credentials A hash of credentials with
|
338
|
+
# +:access_key_id+ and +:secret_access_key+ (but not
|
339
339
|
# +:session_token+).
|
340
340
|
def initialize long_term_credentials
|
341
341
|
@static = StaticProvider.new(long_term_credentials)
|
@@ -349,27 +349,27 @@ module AWS
|
|
349
349
|
# method defined in this class.
|
350
350
|
alias_method :orig_refresh, :refresh
|
351
351
|
protected :orig_refresh
|
352
|
-
|
352
|
+
|
353
353
|
# (see Provider#refresh)
|
354
354
|
def refresh
|
355
355
|
refresh_session
|
356
356
|
orig_refresh
|
357
357
|
end
|
358
|
-
|
358
|
+
|
359
359
|
protected
|
360
|
-
|
360
|
+
|
361
361
|
# (see Provider#get_credentials)
|
362
362
|
def get_credentials
|
363
363
|
session = cached_session
|
364
364
|
if session.nil?
|
365
|
-
refresh_session
|
365
|
+
refresh_session
|
366
366
|
session = cached_session
|
367
367
|
end
|
368
368
|
session.credentials
|
369
369
|
end
|
370
|
-
|
370
|
+
|
371
371
|
# Replaces the cached STS session with a new one.
|
372
|
-
# @return [nil]
|
372
|
+
# @return [nil]
|
373
373
|
def refresh_session
|
374
374
|
sts = AWS::STS.new(@static.credentials.merge(:use_ssl => true))
|
375
375
|
@session_mutex.synchronize do
|
@@ -377,7 +377,7 @@ module AWS
|
|
377
377
|
end
|
378
378
|
nil
|
379
379
|
end
|
380
|
-
|
380
|
+
|
381
381
|
# @return [nil,STS::Session] Returns nil if a session has not
|
382
382
|
# already been started.
|
383
383
|
def cached_session
|
@@ -387,14 +387,14 @@ module AWS
|
|
387
387
|
end
|
388
388
|
local_session
|
389
389
|
end
|
390
|
-
|
390
|
+
|
391
391
|
end
|
392
392
|
|
393
393
|
# Returns a set of fake credentials, should only be used for testing.
|
394
394
|
class FakeProvider < StaticProvider
|
395
395
|
|
396
396
|
# @param [Hash] options
|
397
|
-
# @option options [Boolean] :with_session_token (false) When +true+ a
|
397
|
+
# @option options [Boolean] :with_session_token (false) When +true+ a
|
398
398
|
# fake session token will also be provided.
|
399
399
|
def initialize options = {}
|
400
400
|
options[:access_key_id] ||= fake_access_key_id
|
data/lib/aws/core/inflection.rb
CHANGED
data/lib/aws/core/model.rb
CHANGED
@@ -16,8 +16,8 @@ module AWS
|
|
16
16
|
|
17
17
|
# @private
|
18
18
|
module Model
|
19
|
-
|
20
|
-
# @private
|
19
|
+
|
20
|
+
# @private
|
21
21
|
def initialize(*args)
|
22
22
|
options = args.last.kind_of?(Hash) ? args.last : {}
|
23
23
|
@config = case
|
@@ -26,10 +26,10 @@ module AWS
|
|
26
26
|
else AWS.config
|
27
27
|
end
|
28
28
|
end
|
29
|
-
|
29
|
+
|
30
30
|
# @return [Configuration] Returns the configuration for this object.
|
31
31
|
attr_reader :config
|
32
|
-
|
32
|
+
|
33
33
|
# Each class including this module has its own client class.
|
34
34
|
# Generally it is the service namespace suffixed by client:
|
35
35
|
#
|
@@ -40,13 +40,13 @@ module AWS
|
|
40
40
|
def client
|
41
41
|
@config.send("#{config_prefix}_client")
|
42
42
|
end
|
43
|
-
|
43
|
+
|
44
44
|
# @return [String] The short name of the service as used in coniguration.
|
45
45
|
# (e.g. SimpleDB::Client.config_prefix #=> 'simple_db')
|
46
46
|
def config_prefix
|
47
47
|
Inflection.ruby_name(self.class.to_s.split(/::/)[1])
|
48
48
|
end
|
49
|
-
|
49
|
+
|
50
50
|
# @return [String] A sensible default inspect string.
|
51
51
|
def inspect
|
52
52
|
"<#{self.class}>"
|
data/lib/aws/core/policy.rb
CHANGED
@@ -32,20 +32,20 @@ module AWS
|
|
32
32
|
# @see #initialize More ways to construct a policy.
|
33
33
|
# @see http://docs.amazonwebservices.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html Example policies (in JSON).
|
34
34
|
class Policy
|
35
|
-
|
35
|
+
|
36
36
|
# @see Statement
|
37
37
|
# @return [Array] An array of policy statements.
|
38
38
|
attr_reader :statements
|
39
|
-
|
40
|
-
# @return [String] The version of the policy language used in this
|
39
|
+
|
40
|
+
# @return [String] The version of the policy language used in this
|
41
41
|
# policy object.
|
42
42
|
attr_reader :version
|
43
|
-
|
43
|
+
|
44
44
|
# @return [String] A unique ID for the policy.
|
45
45
|
attr_reader :id
|
46
|
-
|
46
|
+
|
47
47
|
class Statement; end
|
48
|
-
|
48
|
+
|
49
49
|
# Constructs a policy. There are a few different ways to
|
50
50
|
# build a policy:
|
51
51
|
#
|
@@ -55,7 +55,7 @@ module AWS
|
|
55
55
|
# { :effect => :allow,
|
56
56
|
# :actions => :all,
|
57
57
|
# :principals => ["abc123"],
|
58
|
-
# :resources => "mybucket/mykey"
|
58
|
+
# :resources => "mybucket/mykey"
|
59
59
|
# }
|
60
60
|
# ])
|
61
61
|
#
|
@@ -81,7 +81,7 @@ module AWS
|
|
81
81
|
end.flatten.map do |stmt|
|
82
82
|
self.class::Statement.new(stmt)
|
83
83
|
end
|
84
|
-
|
84
|
+
|
85
85
|
if opts.has_key?(:id) or opts.has_key?("Id")
|
86
86
|
@id = opts[:id] || opts["Id"]
|
87
87
|
else
|
@@ -92,10 +92,10 @@ module AWS
|
|
92
92
|
else
|
93
93
|
@version = "2008-10-17"
|
94
94
|
end
|
95
|
-
|
95
|
+
|
96
96
|
yield(self) if block_given?
|
97
97
|
end
|
98
|
-
|
98
|
+
|
99
99
|
# @return [Boolean] Returns true if the two policies are the same.
|
100
100
|
def ==(other)
|
101
101
|
if other.kind_of?(Core::Policy)
|
@@ -105,7 +105,7 @@ module AWS
|
|
105
105
|
end
|
106
106
|
end
|
107
107
|
alias_method :eql?, :==
|
108
|
-
|
108
|
+
|
109
109
|
# Removes the ids from the policy and its statements for the purpose
|
110
110
|
# of comparing two policies for equivilence.
|
111
111
|
# @return [Hash] Returns the policy as a hash with no ids
|
@@ -118,8 +118,8 @@ module AWS
|
|
118
118
|
end
|
119
119
|
hash
|
120
120
|
end
|
121
|
-
protected :hash_without_ids
|
122
|
-
|
121
|
+
protected :hash_without_ids
|
122
|
+
|
123
123
|
# Returns a hash representation of the policy. The following
|
124
124
|
# statements are equivalent:
|
125
125
|
#
|
@@ -128,18 +128,18 @@ module AWS
|
|
128
128
|
#
|
129
129
|
# @return [Hash]
|
130
130
|
def to_h
|
131
|
-
{
|
131
|
+
{
|
132
132
|
"Version" => version,
|
133
133
|
"Id" => id,
|
134
|
-
"Statement" => statements.map { |st| st.to_h }
|
134
|
+
"Statement" => statements.map { |st| st.to_h }
|
135
135
|
}
|
136
136
|
end
|
137
|
-
|
137
|
+
|
138
138
|
# @return [String] a JSON representation of the policy.
|
139
139
|
def to_json
|
140
140
|
to_h.to_json
|
141
141
|
end
|
142
|
-
|
142
|
+
|
143
143
|
# Constructs a policy from a JSON representation.
|
144
144
|
# @see #initialize
|
145
145
|
# @return [Policy] Returns a Policy object constructed by parsing
|
@@ -147,7 +147,7 @@ module AWS
|
|
147
147
|
def self.from_json(json)
|
148
148
|
new(JSON.parse(json))
|
149
149
|
end
|
150
|
-
|
150
|
+
|
151
151
|
# Convenient syntax for expressing operators in statement
|
152
152
|
# condition blocks. For example, the following:
|
153
153
|
#
|
@@ -163,33 +163,33 @@ module AWS
|
|
163
163
|
#
|
164
164
|
# @see ConditionBlock#add
|
165
165
|
class OperatorBuilder
|
166
|
-
|
166
|
+
|
167
167
|
# @private
|
168
168
|
def initialize(condition_builder, key)
|
169
169
|
@condition_builder = condition_builder
|
170
170
|
@key = key
|
171
171
|
end
|
172
|
-
|
172
|
+
|
173
173
|
def method_missing(m, *values)
|
174
174
|
@condition_builder.conditions.add(m, @key, *values)
|
175
175
|
@condition_builder
|
176
176
|
end
|
177
|
-
|
177
|
+
|
178
178
|
end
|
179
|
-
|
179
|
+
|
180
180
|
# Convenient syntax for adding conditions to a statement.
|
181
181
|
# @see Policy#allow
|
182
182
|
# @see Policy#deny
|
183
183
|
class ConditionBuilder
|
184
|
-
|
184
|
+
|
185
185
|
# @return [Array] Returns an array of policy conditions.
|
186
186
|
attr_reader :conditions
|
187
|
-
|
187
|
+
|
188
188
|
# @private
|
189
189
|
def initialize(conditions)
|
190
190
|
@conditions = conditions
|
191
191
|
end
|
192
|
-
|
192
|
+
|
193
193
|
# Adds a condition for the given key. For example:
|
194
194
|
#
|
195
195
|
# policy.allow(...).where(:current_time).lte(Date.today + 1)
|
@@ -203,9 +203,9 @@ module AWS
|
|
203
203
|
OperatorBuilder.new(self, key)
|
204
204
|
end
|
205
205
|
end
|
206
|
-
|
206
|
+
|
207
207
|
end
|
208
|
-
|
208
|
+
|
209
209
|
# Convenience method for constructing a new statement with the
|
210
210
|
# "Allow" effect and adding it to the policy. For example:
|
211
211
|
#
|
@@ -222,7 +222,7 @@ module AWS
|
|
222
222
|
statements << stmt
|
223
223
|
ConditionBuilder.new(stmt.conditions)
|
224
224
|
end
|
225
|
-
|
225
|
+
|
226
226
|
# Convenience method for constructing a new statement with the
|
227
227
|
# "Deny" effect and adding it to the policy. For example:
|
228
228
|
#
|
@@ -240,7 +240,7 @@ module AWS
|
|
240
240
|
statements << stmt
|
241
241
|
ConditionBuilder.new(stmt.conditions)
|
242
242
|
end
|
243
|
-
|
243
|
+
|
244
244
|
# Represents the condition block of a policy. In JSON,
|
245
245
|
# condition blocks look like this:
|
246
246
|
#
|
@@ -294,13 +294,13 @@ module AWS
|
|
294
294
|
# s3:max-keys may be any of: 10
|
295
295
|
#
|
296
296
|
class ConditionBlock
|
297
|
-
|
297
|
+
|
298
298
|
# @private
|
299
299
|
def initialize(conditions = {})
|
300
300
|
# filter makes a copy
|
301
301
|
@conditions = filter_conditions(conditions)
|
302
302
|
end
|
303
|
-
|
303
|
+
|
304
304
|
# Adds a condition to the block. This method defines a
|
305
305
|
# convenient set of abbreviations for operators based on the
|
306
306
|
# type of value passed in. For example:
|
@@ -374,12 +374,12 @@ module AWS
|
|
374
374
|
raise "duplicate #{operator} conditions for #{key}" if op[key]
|
375
375
|
op[translate_key(key)] = converted_values
|
376
376
|
end
|
377
|
-
|
377
|
+
|
378
378
|
# @private
|
379
379
|
def to_h
|
380
380
|
@conditions
|
381
381
|
end
|
382
|
-
|
382
|
+
|
383
383
|
# Filters the conditions described in the block, returning a
|
384
384
|
# new ConditionBlock that contains only the matching
|
385
385
|
# conditions. Each argument is matched against either the
|
@@ -420,19 +420,19 @@ module AWS
|
|
420
420
|
end
|
421
421
|
self.class.new(filtered)
|
422
422
|
end
|
423
|
-
|
423
|
+
|
424
424
|
# @return [Array] Returns an array of operators used in this block.
|
425
425
|
def operators
|
426
426
|
@conditions.keys
|
427
427
|
end
|
428
|
-
|
428
|
+
|
429
429
|
# @return [Array] Returns an array of unique keys used in the block.
|
430
430
|
def keys
|
431
431
|
@conditions.values.map do |keys|
|
432
432
|
keys.keys if keys
|
433
433
|
end.compact.flatten.uniq
|
434
434
|
end
|
435
|
-
|
435
|
+
|
436
436
|
# Returns all values used in the block. Note that the
|
437
437
|
# values may not all be from the same condition; for example:
|
438
438
|
#
|
@@ -446,7 +446,7 @@ module AWS
|
|
446
446
|
keys.values
|
447
447
|
end.compact.flatten
|
448
448
|
end
|
449
|
-
|
449
|
+
|
450
450
|
# @private
|
451
451
|
protected
|
452
452
|
def match_triple(filter, type, op, key, value)
|
@@ -467,7 +467,7 @@ module AWS
|
|
467
467
|
end
|
468
468
|
[match, type]
|
469
469
|
end
|
470
|
-
|
470
|
+
|
471
471
|
# @private
|
472
472
|
protected
|
473
473
|
def match_operator(filter, op, value)
|
@@ -476,13 +476,13 @@ module AWS
|
|
476
476
|
value = Date.today if op =~ /^Date/
|
477
477
|
translate_operator(filter, value) == op
|
478
478
|
end
|
479
|
-
|
479
|
+
|
480
480
|
# @private
|
481
481
|
protected
|
482
482
|
def match_key(filter, key, value = nil)
|
483
483
|
translate_key(filter) == key
|
484
484
|
end
|
485
|
-
|
485
|
+
|
486
486
|
# @private
|
487
487
|
protected
|
488
488
|
def filter_conditions(conditions = @conditions)
|
@@ -495,7 +495,7 @@ module AWS
|
|
495
495
|
m
|
496
496
|
end
|
497
497
|
end
|
498
|
-
|
498
|
+
|
499
499
|
# @private
|
500
500
|
protected
|
501
501
|
def translate_key(key)
|
@@ -516,13 +516,13 @@ module AWS
|
|
516
516
|
key
|
517
517
|
end
|
518
518
|
end
|
519
|
-
|
519
|
+
|
520
520
|
# @private
|
521
521
|
MODIFIERS = {
|
522
522
|
/_ignoring_case$/ => "IgnoreCase",
|
523
523
|
/_equals$/ => "Equals"
|
524
524
|
}
|
525
|
-
|
525
|
+
|
526
526
|
# @private
|
527
527
|
protected
|
528
528
|
def valid_operator?(operator)
|
@@ -531,113 +531,113 @@ module AWS
|
|
531
531
|
rescue ArgumentError => e
|
532
532
|
false
|
533
533
|
end
|
534
|
-
|
534
|
+
|
535
535
|
# @private
|
536
536
|
protected
|
537
537
|
def translate_operator(operator, example_value)
|
538
538
|
return operator if operator.kind_of?(String)
|
539
|
-
|
539
|
+
|
540
540
|
original_operator = operator
|
541
541
|
(operator, opts) = strip_modifiers(operator)
|
542
|
-
|
542
|
+
|
543
543
|
raise ArgumentError.new("unrecognized operator #{original_operator}") unless
|
544
544
|
respond_to?("translate_#{operator}", true)
|
545
545
|
send("translate_#{operator}", example_value, opts)
|
546
546
|
end
|
547
|
-
|
547
|
+
|
548
548
|
# @private
|
549
549
|
protected
|
550
550
|
def translate_is(example, opts)
|
551
551
|
return "Bool" if type_notation(example) == "Bool"
|
552
552
|
base_translate(example, "Equals", opts[:ignore_case])
|
553
553
|
end
|
554
|
-
|
554
|
+
|
555
555
|
# @private
|
556
556
|
protected
|
557
557
|
def translate_not(example, opts)
|
558
558
|
base_translate(example, "NotEquals", opts[:ignore_case])
|
559
559
|
end
|
560
|
-
|
560
|
+
|
561
561
|
# @private
|
562
562
|
protected
|
563
563
|
def translate_like(example, opts)
|
564
564
|
base_translate(example, "Like")
|
565
565
|
end
|
566
|
-
|
566
|
+
|
567
567
|
# @private
|
568
568
|
protected
|
569
569
|
def translate_not_like(example, opts)
|
570
570
|
base_translate(example, "NotLike")
|
571
571
|
end
|
572
|
-
|
572
|
+
|
573
573
|
# @private
|
574
574
|
protected
|
575
575
|
def translate_less_than(example, opts)
|
576
576
|
base_translate(example, "LessThan", opts[:equals])
|
577
577
|
end
|
578
578
|
alias_method :translate_lt, :translate_less_than
|
579
|
-
|
579
|
+
|
580
580
|
# @private
|
581
581
|
protected
|
582
582
|
def translate_lte(example, opts)
|
583
583
|
translate_less_than(example, { :equals => "Equals" })
|
584
584
|
end
|
585
|
-
|
585
|
+
|
586
586
|
# @private
|
587
587
|
protected
|
588
588
|
def translate_greater_than(example, opts)
|
589
589
|
base_translate(example, "GreaterThan", opts[:equals])
|
590
590
|
end
|
591
591
|
alias_method :translate_gt, :translate_greater_than
|
592
|
-
|
592
|
+
|
593
593
|
# @private
|
594
594
|
protected
|
595
595
|
def translate_gte(example, opts)
|
596
596
|
translate_greater_than(example, { :equals => "Equals" })
|
597
597
|
end
|
598
|
-
|
598
|
+
|
599
599
|
# @private
|
600
600
|
protected
|
601
601
|
def translate_is_ip_address(example, opts)
|
602
602
|
"IpAddress"
|
603
603
|
end
|
604
|
-
|
604
|
+
|
605
605
|
# @private
|
606
606
|
protected
|
607
607
|
def translate_not_ip_address(example, opts)
|
608
608
|
"NotIpAddress"
|
609
609
|
end
|
610
|
-
|
610
|
+
|
611
611
|
# @private
|
612
612
|
protected
|
613
613
|
def translate_is_arn(example, opts)
|
614
614
|
"ArnEquals"
|
615
615
|
end
|
616
|
-
|
616
|
+
|
617
617
|
# @private
|
618
618
|
protected
|
619
619
|
def translate_not_arn(example, opts)
|
620
620
|
"ArnNotEquals"
|
621
621
|
end
|
622
|
-
|
622
|
+
|
623
623
|
# @private
|
624
624
|
protected
|
625
625
|
def translate_is_arn_like(example, opts)
|
626
626
|
"ArnLike"
|
627
627
|
end
|
628
|
-
|
628
|
+
|
629
629
|
# @private
|
630
630
|
protected
|
631
631
|
def translate_not_arn_like(example, opts)
|
632
632
|
"ArnNotLike"
|
633
633
|
end
|
634
|
-
|
634
|
+
|
635
635
|
# @private
|
636
636
|
protected
|
637
637
|
def base_translate(example, base_operator, *modifiers)
|
638
638
|
"#{type_notation(example)}#{base_operator}#{modifiers.join}"
|
639
639
|
end
|
640
|
-
|
640
|
+
|
641
641
|
# @private
|
642
642
|
protected
|
643
643
|
def type_notation(example)
|
@@ -652,7 +652,7 @@ module AWS
|
|
652
652
|
"Bool"
|
653
653
|
end
|
654
654
|
end
|
655
|
-
|
655
|
+
|
656
656
|
# @private
|
657
657
|
protected
|
658
658
|
def convert_value(value)
|
@@ -665,7 +665,7 @@ module AWS
|
|
665
665
|
value
|
666
666
|
end
|
667
667
|
end
|
668
|
-
|
668
|
+
|
669
669
|
# @private
|
670
670
|
protected
|
671
671
|
def strip_modifiers(operator)
|
@@ -680,40 +680,40 @@ module AWS
|
|
680
680
|
end
|
681
681
|
[operator, opts]
|
682
682
|
end
|
683
|
-
|
683
|
+
|
684
684
|
end
|
685
|
-
|
685
|
+
|
686
686
|
# Represents a statement in a policy.
|
687
687
|
#
|
688
688
|
# @see Policy#allow
|
689
689
|
# @see Policy#deny
|
690
690
|
class Statement
|
691
|
-
|
691
|
+
|
692
692
|
# @return [String] Returns the statement id
|
693
693
|
attr_accessor :sid
|
694
|
-
|
694
|
+
|
695
695
|
# @return [String] Returns the statement effect, either "Allow" or
|
696
696
|
# "Deny"
|
697
697
|
attr_accessor :effect
|
698
|
-
|
698
|
+
|
699
699
|
# @return [Array] Returns an array of principals.
|
700
700
|
attr_accessor :principals
|
701
|
-
|
701
|
+
|
702
702
|
# @return [Array] Returns an array of statement actions included
|
703
703
|
# by this policy statement.
|
704
704
|
attr_accessor :actions
|
705
|
-
|
705
|
+
|
706
706
|
# @return [Array] Returns an array of actions excluded by this
|
707
707
|
# policy statement.
|
708
708
|
attr_accessor :excluded_actions
|
709
|
-
|
709
|
+
|
710
710
|
# @return [Array] Returns an array of resources affected by this
|
711
711
|
# policy statement.
|
712
712
|
attr_accessor :resources
|
713
|
-
|
713
|
+
|
714
714
|
# @return [Array] Returns an array of conditions for this policy.
|
715
715
|
attr_accessor :conditions
|
716
|
-
|
716
|
+
|
717
717
|
# Constructs a new statement.
|
718
718
|
#
|
719
719
|
# @option opts [String] :sid The statement ID. This is optional; if
|
@@ -748,12 +748,12 @@ module AWS
|
|
748
748
|
def initialize(opts = {})
|
749
749
|
self.sid = UUIDTools::UUID.timestamp_create.to_s.tr('-','')
|
750
750
|
self.conditions = ConditionBlock.new
|
751
|
-
|
751
|
+
|
752
752
|
parse_options(opts)
|
753
|
-
|
753
|
+
|
754
754
|
yield(self) if block_given?
|
755
755
|
end
|
756
|
-
|
756
|
+
|
757
757
|
# Convenience method to add to the list of actions affected
|
758
758
|
# by this statement.
|
759
759
|
def include_actions(*actions)
|
@@ -761,7 +761,7 @@ module AWS
|
|
761
761
|
self.actions.push(*actions)
|
762
762
|
end
|
763
763
|
alias_method :include_action, :include_actions
|
764
|
-
|
764
|
+
|
765
765
|
# Convenience method to add to the list of actions
|
766
766
|
# explicitly not affected by this statement.
|
767
767
|
def exclude_actions(*actions)
|
@@ -769,7 +769,7 @@ module AWS
|
|
769
769
|
self.excluded_actions.push(*actions)
|
770
770
|
end
|
771
771
|
alias_method :exclude_action, :exclude_actions
|
772
|
-
|
772
|
+
|
773
773
|
# @private
|
774
774
|
def to_h
|
775
775
|
stmt = {
|
@@ -788,7 +788,7 @@ module AWS
|
|
788
788
|
end
|
789
789
|
stmt
|
790
790
|
end
|
791
|
-
|
791
|
+
|
792
792
|
protected
|
793
793
|
def parse_options(options)
|
794
794
|
options.each do |name, value|
|
@@ -798,47 +798,47 @@ module AWS
|
|
798
798
|
respond_to?("parse_#{name}_option", true)
|
799
799
|
end
|
800
800
|
end
|
801
|
-
|
801
|
+
|
802
802
|
protected
|
803
803
|
def parse_effect_option(value)
|
804
804
|
self.effect = value
|
805
805
|
end
|
806
|
-
|
806
|
+
|
807
807
|
protected
|
808
808
|
def parse_sid_option(value)
|
809
809
|
self.sid = value
|
810
810
|
end
|
811
|
-
|
811
|
+
|
812
812
|
protected
|
813
813
|
def parse_action_option(value)
|
814
814
|
coerce_array_option(:actions, value)
|
815
815
|
end
|
816
|
-
|
816
|
+
|
817
817
|
protected
|
818
818
|
def parse_not_action_option(value)
|
819
819
|
coerce_array_option(:excluded_actions, value)
|
820
820
|
end
|
821
821
|
alias_method :parse_excluded_action_option, :parse_not_action_option
|
822
|
-
|
822
|
+
|
823
823
|
protected
|
824
824
|
def parse_principal_option(value)
|
825
825
|
if value and value.kind_of?(Hash)
|
826
826
|
value = value["AWS"] || []
|
827
827
|
end
|
828
|
-
|
828
|
+
|
829
829
|
coerce_array_option(:principals, value)
|
830
830
|
end
|
831
|
-
|
831
|
+
|
832
832
|
protected
|
833
833
|
def parse_resource_option(value)
|
834
834
|
coerce_array_option(:resources, value)
|
835
835
|
end
|
836
|
-
|
836
|
+
|
837
837
|
protected
|
838
838
|
def parse_condition_option(value)
|
839
839
|
self.conditions = ConditionBlock.new(value)
|
840
840
|
end
|
841
|
-
|
841
|
+
|
842
842
|
protected
|
843
843
|
def coerce_array_option(attr, value)
|
844
844
|
if value.kind_of?(Array)
|
@@ -847,7 +847,7 @@ module AWS
|
|
847
847
|
send("#{attr}=", [value])
|
848
848
|
end
|
849
849
|
end
|
850
|
-
|
850
|
+
|
851
851
|
protected
|
852
852
|
def principals_hash
|
853
853
|
return nil unless principals
|
@@ -856,29 +856,29 @@ module AWS
|
|
856
856
|
principal == :any ? "*" : principal
|
857
857
|
end }
|
858
858
|
end
|
859
|
-
|
859
|
+
|
860
860
|
protected
|
861
861
|
def translate_action(action)
|
862
862
|
case action
|
863
863
|
when String then action
|
864
864
|
when :any then '*'
|
865
865
|
when Symbol
|
866
|
-
|
866
|
+
|
867
867
|
if self.class == Core::Policy::Statement
|
868
868
|
msg = 'symbolized action names are only accepted by service ' +
|
869
869
|
'specific policies (e.g. AWS::S3::Policy)'
|
870
870
|
raise ArgumentError, msg
|
871
871
|
end
|
872
|
-
|
872
|
+
|
873
873
|
unless self.class::ACTION_MAPPING.has_key?(action)
|
874
874
|
raise ArgumentError, "unrecognized action: #{action}"
|
875
875
|
end
|
876
|
-
|
876
|
+
|
877
877
|
self.class::ACTION_MAPPING[action]
|
878
|
-
|
878
|
+
|
879
879
|
end
|
880
880
|
end
|
881
|
-
|
881
|
+
|
882
882
|
protected
|
883
883
|
def translated_actions
|
884
884
|
return nil unless actions
|
@@ -886,31 +886,31 @@ module AWS
|
|
886
886
|
translate_action(action)
|
887
887
|
end
|
888
888
|
end
|
889
|
-
|
889
|
+
|
890
890
|
protected
|
891
891
|
def translated_excluded_actions
|
892
892
|
return nil unless excluded_actions
|
893
893
|
excluded_actions.map { |a| translate_action(a) }
|
894
894
|
end
|
895
|
-
|
895
|
+
|
896
896
|
protected
|
897
897
|
def resource_arns
|
898
898
|
return nil unless resources
|
899
|
-
resources.map do |resource|
|
899
|
+
resources.map do |resource|
|
900
900
|
case resource
|
901
901
|
when :any then "*"
|
902
902
|
else resource_arn(resource)
|
903
903
|
end
|
904
904
|
end
|
905
905
|
end
|
906
|
-
|
906
|
+
|
907
907
|
protected
|
908
908
|
def resource_arn resource
|
909
909
|
resource.to_s
|
910
910
|
end
|
911
|
-
|
911
|
+
|
912
912
|
end
|
913
|
-
|
913
|
+
|
914
914
|
end
|
915
915
|
end
|
916
916
|
end
|