aws-sdk 1.5.7 → 1.5.8
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/aws.rb +2 -0
- data/lib/aws/api_config/EMR-2009-03-31.yml +349 -0
- data/lib/aws/auto_scaling.rb +8 -8
- data/lib/aws/auto_scaling/group.rb +2 -2
- data/lib/aws/auto_scaling/instance.rb +1 -1
- data/lib/aws/auto_scaling/launch_configuration.rb +4 -4
- data/lib/aws/auto_scaling/launch_configuration_collection.rb +11 -11
- data/lib/aws/auto_scaling/scaling_policy.rb +1 -1
- data/lib/aws/auto_scaling/scheduled_action.rb +1 -1
- data/lib/aws/auto_scaling/tag.rb +3 -3
- data/lib/aws/cloud_formation/stack.rb +7 -7
- data/lib/aws/cloud_formation/stack_collection.rb +13 -13
- data/lib/aws/cloud_formation/stack_event_collection.rb +2 -2
- data/lib/aws/cloud_formation/stack_resource.rb +1 -1
- data/lib/aws/cloud_formation/stack_resource_summary_collection.rb +10 -18
- data/lib/aws/cloud_formation/stack_summary_collection.rb +12 -16
- data/lib/aws/core.rb +7 -1
- data/lib/aws/core/collection.rb +12 -12
- data/lib/aws/core/configuration.rb +4 -0
- data/lib/aws/core/credential_providers.rb +23 -23
- data/lib/aws/core/inflection.rb +2 -0
- data/lib/aws/core/model.rb +6 -6
- data/lib/aws/core/policy.rb +102 -102
- data/lib/aws/core/resource.rb +81 -80
- data/lib/aws/core/response.rb +23 -23
- data/lib/aws/core/xml/frame.rb +4 -2
- data/lib/aws/dynamo_db/resource.rb +2 -2
- data/lib/aws/dynamo_db/table.rb +5 -5
- data/lib/aws/ec2/availability_zone.rb +2 -3
- data/lib/aws/ec2/export_task.rb +7 -7
- data/lib/aws/ec2/image.rb +5 -5
- data/lib/aws/ec2/instance.rb +40 -40
- data/lib/aws/ec2/instance_collection.rb +5 -2
- data/lib/aws/ec2/key_pair.rb +1 -1
- data/lib/aws/ec2/network_acl.rb +1 -1
- data/lib/aws/ec2/network_interface.rb +2 -2
- data/lib/aws/ec2/region.rb +1 -1
- data/lib/aws/ec2/resource.rb +1 -1
- data/lib/aws/ec2/route_table.rb +1 -1
- data/lib/aws/ec2/security_group.rb +4 -4
- data/lib/aws/ec2/subnet.rb +1 -1
- data/lib/aws/ec2/volume.rb +1 -1
- data/lib/aws/ec2/vpn_connection.rb +1 -1
- data/lib/aws/ec2/vpn_gateway.rb +2 -2
- data/lib/aws/elb/listener_opts.rb +1 -1
- data/lib/aws/elb/load_balancer.rb +5 -5
- data/lib/aws/elb/load_balancer_collection.rb +17 -9
- data/lib/aws/elb/load_balancer_policy.rb +2 -2
- data/lib/aws/emr.rb +84 -0
- data/lib/aws/emr/client.rb +309 -0
- data/lib/aws/emr/config.rb +18 -0
- data/lib/aws/emr/errors.rb +22 -0
- data/lib/aws/emr/instance_group.rb +138 -0
- data/lib/aws/emr/instance_group_collection.rb +82 -0
- data/lib/aws/emr/job_flow.rb +296 -0
- data/lib/aws/emr/job_flow_collection.rb +185 -0
- data/lib/aws/emr/request.rb +23 -0
- data/lib/aws/iam/access_key.rb +1 -1
- data/lib/aws/iam/account_alias_collection.rb +2 -2
- data/lib/aws/iam/client.rb +1 -1
- data/lib/aws/iam/group.rb +2 -2
- data/lib/aws/iam/policy_collection.rb +1 -1
- data/lib/aws/iam/server_certificate.rb +2 -2
- data/lib/aws/iam/signing_certificate.rb +1 -1
- data/lib/aws/iam/user.rb +2 -2
- data/lib/aws/iam/virtual_mfa_device.rb +1 -1
- data/lib/aws/s3/client.rb +57 -55
- data/lib/aws/s3/config.rb +2 -0
- data/lib/aws/s3/request.rb +14 -6
- data/lib/aws/simple_email_service/identity.rb +9 -7
- data/lib/aws/simple_workflow/domain.rb +1 -1
- data/lib/aws/simple_workflow/resource.rb +2 -2
- data/lib/aws/simple_workflow/workflow_execution.rb +5 -5
- data/lib/aws/sns/subscription_collection.rb +33 -35
- data/lib/aws/sns/topic_collection.rb +13 -18
- data/lib/aws/sns/topic_subscription_collection.rb +8 -9
- data/lib/aws/sqs/queue.rb +4 -4
- data/lib/aws/sqs/queue_collection.rb +17 -13
- metadata +13 -4
- data/lib/aws/cloud_formation/stack_summary.rb +0 -71
@@ -121,6 +121,10 @@ module AWS
|
|
121
121
|
# @attr_reader [String] s3_endpoint ('s3.amazonaws.com')
|
122
122
|
# The service endpoint for Amazon S3.
|
123
123
|
#
|
124
|
+
# @attr_reader [Boolean] s3_force_path_style (false) When
|
125
|
+
# +true+, requests will always use path style. This can be useful
|
126
|
+
# for testing environments.
|
127
|
+
#
|
124
128
|
# @attr_reader [Integer] s3_multipart_max_parts (1000)
|
125
129
|
# The maximum number of parts to split a file into when uploading
|
126
130
|
# in parts to S3.
|
@@ -26,12 +26,12 @@ module AWS
|
|
26
26
|
|
27
27
|
# The list of possible keys in the hash returned by {#credentials}.
|
28
28
|
KEYS = Set[:access_key_id, :secret_access_key, :session_token]
|
29
|
-
|
29
|
+
|
30
30
|
# @return [Hash] Returns a hash of credentials containg at least
|
31
|
-
# the +:access_key_id+ and +:secret_access_key+. The hash may
|
31
|
+
# the +:access_key_id+ and +:secret_access_key+. The hash may
|
32
32
|
# also contain a +:session_token+.
|
33
33
|
#
|
34
|
-
# @raise [Errors::MissingCredentialsError] Raised when the
|
34
|
+
# @raise [Errors::MissingCredentialsError] Raised when the
|
35
35
|
# +:access_key_id+ or the +:secret_access_key+ can not be found.
|
36
36
|
#
|
37
37
|
def credentials
|
@@ -91,7 +91,7 @@ module AWS
|
|
91
91
|
# * Static credentials from AWS.config (e.g. AWS.config.access_key_id,
|
92
92
|
# AWS.config.secret_access_key)
|
93
93
|
#
|
94
|
-
# * The environment (e.g. ENV['AWS_ACCESS_KEY_ID'] or
|
94
|
+
# * The environment (e.g. ENV['AWS_ACCESS_KEY_ID'] or
|
95
95
|
# ENV['AMAZON_ACCESS_KEY_ID'])
|
96
96
|
#
|
97
97
|
# * EC2 metadata service (checks for credentials provided by
|
@@ -200,7 +200,7 @@ module AWS
|
|
200
200
|
# @private
|
201
201
|
class FailedRequestError < StandardError; end
|
202
202
|
|
203
|
-
# These are the errors we trap when attempting to talk to the
|
203
|
+
# These are the errors we trap when attempting to talk to the
|
204
204
|
# instance metadata service. Any of these imply the service
|
205
205
|
# is not present, no responding or some other non-recoverable
|
206
206
|
# error.
|
@@ -280,7 +280,7 @@ module AWS
|
|
280
280
|
end
|
281
281
|
end
|
282
282
|
|
283
|
-
# Makes an HTTP Get request with the given path. If a non-200
|
283
|
+
# Makes an HTTP Get request with the given path. If a non-200
|
284
284
|
# response is received, then a FailedRequestError is raised.
|
285
285
|
# a {FailedRequestError} is raised.
|
286
286
|
# @param [Net::HTTPSession] session
|
@@ -310,20 +310,20 @@ module AWS
|
|
310
310
|
# This session provider is currently only used for DynamoDB which
|
311
311
|
# requires session credentials.
|
312
312
|
class SessionProvider
|
313
|
-
|
313
|
+
|
314
314
|
include Provider
|
315
|
-
|
315
|
+
|
316
316
|
@create_mutex = Mutex.new
|
317
317
|
|
318
318
|
class << self
|
319
319
|
|
320
|
-
# @param [Hash] long_term_credentials A hash of credentials with
|
321
|
-
# +:access_key_id+ and +:secret_access_key+ (but not
|
320
|
+
# @param [Hash] long_term_credentials A hash of credentials with
|
321
|
+
# +:access_key_id+ and +:secret_access_key+ (but not
|
322
322
|
# +:session_token+).
|
323
323
|
def for long_term_credentials
|
324
324
|
@create_mutex.synchronize do
|
325
325
|
@session_providers ||= {}
|
326
|
-
@session_providers[long_term_credentials[:access_key_id]] =
|
326
|
+
@session_providers[long_term_credentials[:access_key_id]] =
|
327
327
|
self.new(long_term_credentials)
|
328
328
|
end
|
329
329
|
end
|
@@ -333,9 +333,9 @@ module AWS
|
|
333
333
|
protected :new
|
334
334
|
|
335
335
|
end
|
336
|
-
|
337
|
-
# @param [Hash] long_term_credentials A hash of credentials with
|
338
|
-
# +:access_key_id+ and +:secret_access_key+ (but not
|
336
|
+
|
337
|
+
# @param [Hash] long_term_credentials A hash of credentials with
|
338
|
+
# +:access_key_id+ and +:secret_access_key+ (but not
|
339
339
|
# +:session_token+).
|
340
340
|
def initialize long_term_credentials
|
341
341
|
@static = StaticProvider.new(long_term_credentials)
|
@@ -349,27 +349,27 @@ module AWS
|
|
349
349
|
# method defined in this class.
|
350
350
|
alias_method :orig_refresh, :refresh
|
351
351
|
protected :orig_refresh
|
352
|
-
|
352
|
+
|
353
353
|
# (see Provider#refresh)
|
354
354
|
def refresh
|
355
355
|
refresh_session
|
356
356
|
orig_refresh
|
357
357
|
end
|
358
|
-
|
358
|
+
|
359
359
|
protected
|
360
|
-
|
360
|
+
|
361
361
|
# (see Provider#get_credentials)
|
362
362
|
def get_credentials
|
363
363
|
session = cached_session
|
364
364
|
if session.nil?
|
365
|
-
refresh_session
|
365
|
+
refresh_session
|
366
366
|
session = cached_session
|
367
367
|
end
|
368
368
|
session.credentials
|
369
369
|
end
|
370
|
-
|
370
|
+
|
371
371
|
# Replaces the cached STS session with a new one.
|
372
|
-
# @return [nil]
|
372
|
+
# @return [nil]
|
373
373
|
def refresh_session
|
374
374
|
sts = AWS::STS.new(@static.credentials.merge(:use_ssl => true))
|
375
375
|
@session_mutex.synchronize do
|
@@ -377,7 +377,7 @@ module AWS
|
|
377
377
|
end
|
378
378
|
nil
|
379
379
|
end
|
380
|
-
|
380
|
+
|
381
381
|
# @return [nil,STS::Session] Returns nil if a session has not
|
382
382
|
# already been started.
|
383
383
|
def cached_session
|
@@ -387,14 +387,14 @@ module AWS
|
|
387
387
|
end
|
388
388
|
local_session
|
389
389
|
end
|
390
|
-
|
390
|
+
|
391
391
|
end
|
392
392
|
|
393
393
|
# Returns a set of fake credentials, should only be used for testing.
|
394
394
|
class FakeProvider < StaticProvider
|
395
395
|
|
396
396
|
# @param [Hash] options
|
397
|
-
# @option options [Boolean] :with_session_token (false) When +true+ a
|
397
|
+
# @option options [Boolean] :with_session_token (false) When +true+ a
|
398
398
|
# fake session token will also be provided.
|
399
399
|
def initialize options = {}
|
400
400
|
options[:access_key_id] ||= fake_access_key_id
|
data/lib/aws/core/inflection.rb
CHANGED
data/lib/aws/core/model.rb
CHANGED
@@ -16,8 +16,8 @@ module AWS
|
|
16
16
|
|
17
17
|
# @private
|
18
18
|
module Model
|
19
|
-
|
20
|
-
# @private
|
19
|
+
|
20
|
+
# @private
|
21
21
|
def initialize(*args)
|
22
22
|
options = args.last.kind_of?(Hash) ? args.last : {}
|
23
23
|
@config = case
|
@@ -26,10 +26,10 @@ module AWS
|
|
26
26
|
else AWS.config
|
27
27
|
end
|
28
28
|
end
|
29
|
-
|
29
|
+
|
30
30
|
# @return [Configuration] Returns the configuration for this object.
|
31
31
|
attr_reader :config
|
32
|
-
|
32
|
+
|
33
33
|
# Each class including this module has its own client class.
|
34
34
|
# Generally it is the service namespace suffixed by client:
|
35
35
|
#
|
@@ -40,13 +40,13 @@ module AWS
|
|
40
40
|
def client
|
41
41
|
@config.send("#{config_prefix}_client")
|
42
42
|
end
|
43
|
-
|
43
|
+
|
44
44
|
# @return [String] The short name of the service as used in coniguration.
|
45
45
|
# (e.g. SimpleDB::Client.config_prefix #=> 'simple_db')
|
46
46
|
def config_prefix
|
47
47
|
Inflection.ruby_name(self.class.to_s.split(/::/)[1])
|
48
48
|
end
|
49
|
-
|
49
|
+
|
50
50
|
# @return [String] A sensible default inspect string.
|
51
51
|
def inspect
|
52
52
|
"<#{self.class}>"
|
data/lib/aws/core/policy.rb
CHANGED
@@ -32,20 +32,20 @@ module AWS
|
|
32
32
|
# @see #initialize More ways to construct a policy.
|
33
33
|
# @see http://docs.amazonwebservices.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html Example policies (in JSON).
|
34
34
|
class Policy
|
35
|
-
|
35
|
+
|
36
36
|
# @see Statement
|
37
37
|
# @return [Array] An array of policy statements.
|
38
38
|
attr_reader :statements
|
39
|
-
|
40
|
-
# @return [String] The version of the policy language used in this
|
39
|
+
|
40
|
+
# @return [String] The version of the policy language used in this
|
41
41
|
# policy object.
|
42
42
|
attr_reader :version
|
43
|
-
|
43
|
+
|
44
44
|
# @return [String] A unique ID for the policy.
|
45
45
|
attr_reader :id
|
46
|
-
|
46
|
+
|
47
47
|
class Statement; end
|
48
|
-
|
48
|
+
|
49
49
|
# Constructs a policy. There are a few different ways to
|
50
50
|
# build a policy:
|
51
51
|
#
|
@@ -55,7 +55,7 @@ module AWS
|
|
55
55
|
# { :effect => :allow,
|
56
56
|
# :actions => :all,
|
57
57
|
# :principals => ["abc123"],
|
58
|
-
# :resources => "mybucket/mykey"
|
58
|
+
# :resources => "mybucket/mykey"
|
59
59
|
# }
|
60
60
|
# ])
|
61
61
|
#
|
@@ -81,7 +81,7 @@ module AWS
|
|
81
81
|
end.flatten.map do |stmt|
|
82
82
|
self.class::Statement.new(stmt)
|
83
83
|
end
|
84
|
-
|
84
|
+
|
85
85
|
if opts.has_key?(:id) or opts.has_key?("Id")
|
86
86
|
@id = opts[:id] || opts["Id"]
|
87
87
|
else
|
@@ -92,10 +92,10 @@ module AWS
|
|
92
92
|
else
|
93
93
|
@version = "2008-10-17"
|
94
94
|
end
|
95
|
-
|
95
|
+
|
96
96
|
yield(self) if block_given?
|
97
97
|
end
|
98
|
-
|
98
|
+
|
99
99
|
# @return [Boolean] Returns true if the two policies are the same.
|
100
100
|
def ==(other)
|
101
101
|
if other.kind_of?(Core::Policy)
|
@@ -105,7 +105,7 @@ module AWS
|
|
105
105
|
end
|
106
106
|
end
|
107
107
|
alias_method :eql?, :==
|
108
|
-
|
108
|
+
|
109
109
|
# Removes the ids from the policy and its statements for the purpose
|
110
110
|
# of comparing two policies for equivilence.
|
111
111
|
# @return [Hash] Returns the policy as a hash with no ids
|
@@ -118,8 +118,8 @@ module AWS
|
|
118
118
|
end
|
119
119
|
hash
|
120
120
|
end
|
121
|
-
protected :hash_without_ids
|
122
|
-
|
121
|
+
protected :hash_without_ids
|
122
|
+
|
123
123
|
# Returns a hash representation of the policy. The following
|
124
124
|
# statements are equivalent:
|
125
125
|
#
|
@@ -128,18 +128,18 @@ module AWS
|
|
128
128
|
#
|
129
129
|
# @return [Hash]
|
130
130
|
def to_h
|
131
|
-
{
|
131
|
+
{
|
132
132
|
"Version" => version,
|
133
133
|
"Id" => id,
|
134
|
-
"Statement" => statements.map { |st| st.to_h }
|
134
|
+
"Statement" => statements.map { |st| st.to_h }
|
135
135
|
}
|
136
136
|
end
|
137
|
-
|
137
|
+
|
138
138
|
# @return [String] a JSON representation of the policy.
|
139
139
|
def to_json
|
140
140
|
to_h.to_json
|
141
141
|
end
|
142
|
-
|
142
|
+
|
143
143
|
# Constructs a policy from a JSON representation.
|
144
144
|
# @see #initialize
|
145
145
|
# @return [Policy] Returns a Policy object constructed by parsing
|
@@ -147,7 +147,7 @@ module AWS
|
|
147
147
|
def self.from_json(json)
|
148
148
|
new(JSON.parse(json))
|
149
149
|
end
|
150
|
-
|
150
|
+
|
151
151
|
# Convenient syntax for expressing operators in statement
|
152
152
|
# condition blocks. For example, the following:
|
153
153
|
#
|
@@ -163,33 +163,33 @@ module AWS
|
|
163
163
|
#
|
164
164
|
# @see ConditionBlock#add
|
165
165
|
class OperatorBuilder
|
166
|
-
|
166
|
+
|
167
167
|
# @private
|
168
168
|
def initialize(condition_builder, key)
|
169
169
|
@condition_builder = condition_builder
|
170
170
|
@key = key
|
171
171
|
end
|
172
|
-
|
172
|
+
|
173
173
|
def method_missing(m, *values)
|
174
174
|
@condition_builder.conditions.add(m, @key, *values)
|
175
175
|
@condition_builder
|
176
176
|
end
|
177
|
-
|
177
|
+
|
178
178
|
end
|
179
|
-
|
179
|
+
|
180
180
|
# Convenient syntax for adding conditions to a statement.
|
181
181
|
# @see Policy#allow
|
182
182
|
# @see Policy#deny
|
183
183
|
class ConditionBuilder
|
184
|
-
|
184
|
+
|
185
185
|
# @return [Array] Returns an array of policy conditions.
|
186
186
|
attr_reader :conditions
|
187
|
-
|
187
|
+
|
188
188
|
# @private
|
189
189
|
def initialize(conditions)
|
190
190
|
@conditions = conditions
|
191
191
|
end
|
192
|
-
|
192
|
+
|
193
193
|
# Adds a condition for the given key. For example:
|
194
194
|
#
|
195
195
|
# policy.allow(...).where(:current_time).lte(Date.today + 1)
|
@@ -203,9 +203,9 @@ module AWS
|
|
203
203
|
OperatorBuilder.new(self, key)
|
204
204
|
end
|
205
205
|
end
|
206
|
-
|
206
|
+
|
207
207
|
end
|
208
|
-
|
208
|
+
|
209
209
|
# Convenience method for constructing a new statement with the
|
210
210
|
# "Allow" effect and adding it to the policy. For example:
|
211
211
|
#
|
@@ -222,7 +222,7 @@ module AWS
|
|
222
222
|
statements << stmt
|
223
223
|
ConditionBuilder.new(stmt.conditions)
|
224
224
|
end
|
225
|
-
|
225
|
+
|
226
226
|
# Convenience method for constructing a new statement with the
|
227
227
|
# "Deny" effect and adding it to the policy. For example:
|
228
228
|
#
|
@@ -240,7 +240,7 @@ module AWS
|
|
240
240
|
statements << stmt
|
241
241
|
ConditionBuilder.new(stmt.conditions)
|
242
242
|
end
|
243
|
-
|
243
|
+
|
244
244
|
# Represents the condition block of a policy. In JSON,
|
245
245
|
# condition blocks look like this:
|
246
246
|
#
|
@@ -294,13 +294,13 @@ module AWS
|
|
294
294
|
# s3:max-keys may be any of: 10
|
295
295
|
#
|
296
296
|
class ConditionBlock
|
297
|
-
|
297
|
+
|
298
298
|
# @private
|
299
299
|
def initialize(conditions = {})
|
300
300
|
# filter makes a copy
|
301
301
|
@conditions = filter_conditions(conditions)
|
302
302
|
end
|
303
|
-
|
303
|
+
|
304
304
|
# Adds a condition to the block. This method defines a
|
305
305
|
# convenient set of abbreviations for operators based on the
|
306
306
|
# type of value passed in. For example:
|
@@ -374,12 +374,12 @@ module AWS
|
|
374
374
|
raise "duplicate #{operator} conditions for #{key}" if op[key]
|
375
375
|
op[translate_key(key)] = converted_values
|
376
376
|
end
|
377
|
-
|
377
|
+
|
378
378
|
# @private
|
379
379
|
def to_h
|
380
380
|
@conditions
|
381
381
|
end
|
382
|
-
|
382
|
+
|
383
383
|
# Filters the conditions described in the block, returning a
|
384
384
|
# new ConditionBlock that contains only the matching
|
385
385
|
# conditions. Each argument is matched against either the
|
@@ -420,19 +420,19 @@ module AWS
|
|
420
420
|
end
|
421
421
|
self.class.new(filtered)
|
422
422
|
end
|
423
|
-
|
423
|
+
|
424
424
|
# @return [Array] Returns an array of operators used in this block.
|
425
425
|
def operators
|
426
426
|
@conditions.keys
|
427
427
|
end
|
428
|
-
|
428
|
+
|
429
429
|
# @return [Array] Returns an array of unique keys used in the block.
|
430
430
|
def keys
|
431
431
|
@conditions.values.map do |keys|
|
432
432
|
keys.keys if keys
|
433
433
|
end.compact.flatten.uniq
|
434
434
|
end
|
435
|
-
|
435
|
+
|
436
436
|
# Returns all values used in the block. Note that the
|
437
437
|
# values may not all be from the same condition; for example:
|
438
438
|
#
|
@@ -446,7 +446,7 @@ module AWS
|
|
446
446
|
keys.values
|
447
447
|
end.compact.flatten
|
448
448
|
end
|
449
|
-
|
449
|
+
|
450
450
|
# @private
|
451
451
|
protected
|
452
452
|
def match_triple(filter, type, op, key, value)
|
@@ -467,7 +467,7 @@ module AWS
|
|
467
467
|
end
|
468
468
|
[match, type]
|
469
469
|
end
|
470
|
-
|
470
|
+
|
471
471
|
# @private
|
472
472
|
protected
|
473
473
|
def match_operator(filter, op, value)
|
@@ -476,13 +476,13 @@ module AWS
|
|
476
476
|
value = Date.today if op =~ /^Date/
|
477
477
|
translate_operator(filter, value) == op
|
478
478
|
end
|
479
|
-
|
479
|
+
|
480
480
|
# @private
|
481
481
|
protected
|
482
482
|
def match_key(filter, key, value = nil)
|
483
483
|
translate_key(filter) == key
|
484
484
|
end
|
485
|
-
|
485
|
+
|
486
486
|
# @private
|
487
487
|
protected
|
488
488
|
def filter_conditions(conditions = @conditions)
|
@@ -495,7 +495,7 @@ module AWS
|
|
495
495
|
m
|
496
496
|
end
|
497
497
|
end
|
498
|
-
|
498
|
+
|
499
499
|
# @private
|
500
500
|
protected
|
501
501
|
def translate_key(key)
|
@@ -516,13 +516,13 @@ module AWS
|
|
516
516
|
key
|
517
517
|
end
|
518
518
|
end
|
519
|
-
|
519
|
+
|
520
520
|
# @private
|
521
521
|
MODIFIERS = {
|
522
522
|
/_ignoring_case$/ => "IgnoreCase",
|
523
523
|
/_equals$/ => "Equals"
|
524
524
|
}
|
525
|
-
|
525
|
+
|
526
526
|
# @private
|
527
527
|
protected
|
528
528
|
def valid_operator?(operator)
|
@@ -531,113 +531,113 @@ module AWS
|
|
531
531
|
rescue ArgumentError => e
|
532
532
|
false
|
533
533
|
end
|
534
|
-
|
534
|
+
|
535
535
|
# @private
|
536
536
|
protected
|
537
537
|
def translate_operator(operator, example_value)
|
538
538
|
return operator if operator.kind_of?(String)
|
539
|
-
|
539
|
+
|
540
540
|
original_operator = operator
|
541
541
|
(operator, opts) = strip_modifiers(operator)
|
542
|
-
|
542
|
+
|
543
543
|
raise ArgumentError.new("unrecognized operator #{original_operator}") unless
|
544
544
|
respond_to?("translate_#{operator}", true)
|
545
545
|
send("translate_#{operator}", example_value, opts)
|
546
546
|
end
|
547
|
-
|
547
|
+
|
548
548
|
# @private
|
549
549
|
protected
|
550
550
|
def translate_is(example, opts)
|
551
551
|
return "Bool" if type_notation(example) == "Bool"
|
552
552
|
base_translate(example, "Equals", opts[:ignore_case])
|
553
553
|
end
|
554
|
-
|
554
|
+
|
555
555
|
# @private
|
556
556
|
protected
|
557
557
|
def translate_not(example, opts)
|
558
558
|
base_translate(example, "NotEquals", opts[:ignore_case])
|
559
559
|
end
|
560
|
-
|
560
|
+
|
561
561
|
# @private
|
562
562
|
protected
|
563
563
|
def translate_like(example, opts)
|
564
564
|
base_translate(example, "Like")
|
565
565
|
end
|
566
|
-
|
566
|
+
|
567
567
|
# @private
|
568
568
|
protected
|
569
569
|
def translate_not_like(example, opts)
|
570
570
|
base_translate(example, "NotLike")
|
571
571
|
end
|
572
|
-
|
572
|
+
|
573
573
|
# @private
|
574
574
|
protected
|
575
575
|
def translate_less_than(example, opts)
|
576
576
|
base_translate(example, "LessThan", opts[:equals])
|
577
577
|
end
|
578
578
|
alias_method :translate_lt, :translate_less_than
|
579
|
-
|
579
|
+
|
580
580
|
# @private
|
581
581
|
protected
|
582
582
|
def translate_lte(example, opts)
|
583
583
|
translate_less_than(example, { :equals => "Equals" })
|
584
584
|
end
|
585
|
-
|
585
|
+
|
586
586
|
# @private
|
587
587
|
protected
|
588
588
|
def translate_greater_than(example, opts)
|
589
589
|
base_translate(example, "GreaterThan", opts[:equals])
|
590
590
|
end
|
591
591
|
alias_method :translate_gt, :translate_greater_than
|
592
|
-
|
592
|
+
|
593
593
|
# @private
|
594
594
|
protected
|
595
595
|
def translate_gte(example, opts)
|
596
596
|
translate_greater_than(example, { :equals => "Equals" })
|
597
597
|
end
|
598
|
-
|
598
|
+
|
599
599
|
# @private
|
600
600
|
protected
|
601
601
|
def translate_is_ip_address(example, opts)
|
602
602
|
"IpAddress"
|
603
603
|
end
|
604
|
-
|
604
|
+
|
605
605
|
# @private
|
606
606
|
protected
|
607
607
|
def translate_not_ip_address(example, opts)
|
608
608
|
"NotIpAddress"
|
609
609
|
end
|
610
|
-
|
610
|
+
|
611
611
|
# @private
|
612
612
|
protected
|
613
613
|
def translate_is_arn(example, opts)
|
614
614
|
"ArnEquals"
|
615
615
|
end
|
616
|
-
|
616
|
+
|
617
617
|
# @private
|
618
618
|
protected
|
619
619
|
def translate_not_arn(example, opts)
|
620
620
|
"ArnNotEquals"
|
621
621
|
end
|
622
|
-
|
622
|
+
|
623
623
|
# @private
|
624
624
|
protected
|
625
625
|
def translate_is_arn_like(example, opts)
|
626
626
|
"ArnLike"
|
627
627
|
end
|
628
|
-
|
628
|
+
|
629
629
|
# @private
|
630
630
|
protected
|
631
631
|
def translate_not_arn_like(example, opts)
|
632
632
|
"ArnNotLike"
|
633
633
|
end
|
634
|
-
|
634
|
+
|
635
635
|
# @private
|
636
636
|
protected
|
637
637
|
def base_translate(example, base_operator, *modifiers)
|
638
638
|
"#{type_notation(example)}#{base_operator}#{modifiers.join}"
|
639
639
|
end
|
640
|
-
|
640
|
+
|
641
641
|
# @private
|
642
642
|
protected
|
643
643
|
def type_notation(example)
|
@@ -652,7 +652,7 @@ module AWS
|
|
652
652
|
"Bool"
|
653
653
|
end
|
654
654
|
end
|
655
|
-
|
655
|
+
|
656
656
|
# @private
|
657
657
|
protected
|
658
658
|
def convert_value(value)
|
@@ -665,7 +665,7 @@ module AWS
|
|
665
665
|
value
|
666
666
|
end
|
667
667
|
end
|
668
|
-
|
668
|
+
|
669
669
|
# @private
|
670
670
|
protected
|
671
671
|
def strip_modifiers(operator)
|
@@ -680,40 +680,40 @@ module AWS
|
|
680
680
|
end
|
681
681
|
[operator, opts]
|
682
682
|
end
|
683
|
-
|
683
|
+
|
684
684
|
end
|
685
|
-
|
685
|
+
|
686
686
|
# Represents a statement in a policy.
|
687
687
|
#
|
688
688
|
# @see Policy#allow
|
689
689
|
# @see Policy#deny
|
690
690
|
class Statement
|
691
|
-
|
691
|
+
|
692
692
|
# @return [String] Returns the statement id
|
693
693
|
attr_accessor :sid
|
694
|
-
|
694
|
+
|
695
695
|
# @return [String] Returns the statement effect, either "Allow" or
|
696
696
|
# "Deny"
|
697
697
|
attr_accessor :effect
|
698
|
-
|
698
|
+
|
699
699
|
# @return [Array] Returns an array of principals.
|
700
700
|
attr_accessor :principals
|
701
|
-
|
701
|
+
|
702
702
|
# @return [Array] Returns an array of statement actions included
|
703
703
|
# by this policy statement.
|
704
704
|
attr_accessor :actions
|
705
|
-
|
705
|
+
|
706
706
|
# @return [Array] Returns an array of actions excluded by this
|
707
707
|
# policy statement.
|
708
708
|
attr_accessor :excluded_actions
|
709
|
-
|
709
|
+
|
710
710
|
# @return [Array] Returns an array of resources affected by this
|
711
711
|
# policy statement.
|
712
712
|
attr_accessor :resources
|
713
|
-
|
713
|
+
|
714
714
|
# @return [Array] Returns an array of conditions for this policy.
|
715
715
|
attr_accessor :conditions
|
716
|
-
|
716
|
+
|
717
717
|
# Constructs a new statement.
|
718
718
|
#
|
719
719
|
# @option opts [String] :sid The statement ID. This is optional; if
|
@@ -748,12 +748,12 @@ module AWS
|
|
748
748
|
def initialize(opts = {})
|
749
749
|
self.sid = UUIDTools::UUID.timestamp_create.to_s.tr('-','')
|
750
750
|
self.conditions = ConditionBlock.new
|
751
|
-
|
751
|
+
|
752
752
|
parse_options(opts)
|
753
|
-
|
753
|
+
|
754
754
|
yield(self) if block_given?
|
755
755
|
end
|
756
|
-
|
756
|
+
|
757
757
|
# Convenience method to add to the list of actions affected
|
758
758
|
# by this statement.
|
759
759
|
def include_actions(*actions)
|
@@ -761,7 +761,7 @@ module AWS
|
|
761
761
|
self.actions.push(*actions)
|
762
762
|
end
|
763
763
|
alias_method :include_action, :include_actions
|
764
|
-
|
764
|
+
|
765
765
|
# Convenience method to add to the list of actions
|
766
766
|
# explicitly not affected by this statement.
|
767
767
|
def exclude_actions(*actions)
|
@@ -769,7 +769,7 @@ module AWS
|
|
769
769
|
self.excluded_actions.push(*actions)
|
770
770
|
end
|
771
771
|
alias_method :exclude_action, :exclude_actions
|
772
|
-
|
772
|
+
|
773
773
|
# @private
|
774
774
|
def to_h
|
775
775
|
stmt = {
|
@@ -788,7 +788,7 @@ module AWS
|
|
788
788
|
end
|
789
789
|
stmt
|
790
790
|
end
|
791
|
-
|
791
|
+
|
792
792
|
protected
|
793
793
|
def parse_options(options)
|
794
794
|
options.each do |name, value|
|
@@ -798,47 +798,47 @@ module AWS
|
|
798
798
|
respond_to?("parse_#{name}_option", true)
|
799
799
|
end
|
800
800
|
end
|
801
|
-
|
801
|
+
|
802
802
|
protected
|
803
803
|
def parse_effect_option(value)
|
804
804
|
self.effect = value
|
805
805
|
end
|
806
|
-
|
806
|
+
|
807
807
|
protected
|
808
808
|
def parse_sid_option(value)
|
809
809
|
self.sid = value
|
810
810
|
end
|
811
|
-
|
811
|
+
|
812
812
|
protected
|
813
813
|
def parse_action_option(value)
|
814
814
|
coerce_array_option(:actions, value)
|
815
815
|
end
|
816
|
-
|
816
|
+
|
817
817
|
protected
|
818
818
|
def parse_not_action_option(value)
|
819
819
|
coerce_array_option(:excluded_actions, value)
|
820
820
|
end
|
821
821
|
alias_method :parse_excluded_action_option, :parse_not_action_option
|
822
|
-
|
822
|
+
|
823
823
|
protected
|
824
824
|
def parse_principal_option(value)
|
825
825
|
if value and value.kind_of?(Hash)
|
826
826
|
value = value["AWS"] || []
|
827
827
|
end
|
828
|
-
|
828
|
+
|
829
829
|
coerce_array_option(:principals, value)
|
830
830
|
end
|
831
|
-
|
831
|
+
|
832
832
|
protected
|
833
833
|
def parse_resource_option(value)
|
834
834
|
coerce_array_option(:resources, value)
|
835
835
|
end
|
836
|
-
|
836
|
+
|
837
837
|
protected
|
838
838
|
def parse_condition_option(value)
|
839
839
|
self.conditions = ConditionBlock.new(value)
|
840
840
|
end
|
841
|
-
|
841
|
+
|
842
842
|
protected
|
843
843
|
def coerce_array_option(attr, value)
|
844
844
|
if value.kind_of?(Array)
|
@@ -847,7 +847,7 @@ module AWS
|
|
847
847
|
send("#{attr}=", [value])
|
848
848
|
end
|
849
849
|
end
|
850
|
-
|
850
|
+
|
851
851
|
protected
|
852
852
|
def principals_hash
|
853
853
|
return nil unless principals
|
@@ -856,29 +856,29 @@ module AWS
|
|
856
856
|
principal == :any ? "*" : principal
|
857
857
|
end }
|
858
858
|
end
|
859
|
-
|
859
|
+
|
860
860
|
protected
|
861
861
|
def translate_action(action)
|
862
862
|
case action
|
863
863
|
when String then action
|
864
864
|
when :any then '*'
|
865
865
|
when Symbol
|
866
|
-
|
866
|
+
|
867
867
|
if self.class == Core::Policy::Statement
|
868
868
|
msg = 'symbolized action names are only accepted by service ' +
|
869
869
|
'specific policies (e.g. AWS::S3::Policy)'
|
870
870
|
raise ArgumentError, msg
|
871
871
|
end
|
872
|
-
|
872
|
+
|
873
873
|
unless self.class::ACTION_MAPPING.has_key?(action)
|
874
874
|
raise ArgumentError, "unrecognized action: #{action}"
|
875
875
|
end
|
876
|
-
|
876
|
+
|
877
877
|
self.class::ACTION_MAPPING[action]
|
878
|
-
|
878
|
+
|
879
879
|
end
|
880
880
|
end
|
881
|
-
|
881
|
+
|
882
882
|
protected
|
883
883
|
def translated_actions
|
884
884
|
return nil unless actions
|
@@ -886,31 +886,31 @@ module AWS
|
|
886
886
|
translate_action(action)
|
887
887
|
end
|
888
888
|
end
|
889
|
-
|
889
|
+
|
890
890
|
protected
|
891
891
|
def translated_excluded_actions
|
892
892
|
return nil unless excluded_actions
|
893
893
|
excluded_actions.map { |a| translate_action(a) }
|
894
894
|
end
|
895
|
-
|
895
|
+
|
896
896
|
protected
|
897
897
|
def resource_arns
|
898
898
|
return nil unless resources
|
899
|
-
resources.map do |resource|
|
899
|
+
resources.map do |resource|
|
900
900
|
case resource
|
901
901
|
when :any then "*"
|
902
902
|
else resource_arn(resource)
|
903
903
|
end
|
904
904
|
end
|
905
905
|
end
|
906
|
-
|
906
|
+
|
907
907
|
protected
|
908
908
|
def resource_arn resource
|
909
909
|
resource.to_s
|
910
910
|
end
|
911
|
-
|
911
|
+
|
912
912
|
end
|
913
|
-
|
913
|
+
|
914
914
|
end
|
915
915
|
end
|
916
916
|
end
|