aws 2.4.5 → 2.5.0

data/lib/ec2/mon_interface.rb

@@ -24,9 +24,10 @@ module Aws
     end
 
     @@bench          = Aws::AwsBenchmarkingBlock.new
- def self.bench
+    def self.bench
       @@bench
     end
+
     def self.bench_xml
       @@bench.xml
     end

data/lib/iam/iam.rb

@@ -6,16 +6,22 @@ module Aws
 
     include AwsBaseInterface
 
-    API_VERSION      = "2010-05-08"
-    DEFAULT_HOST     = "iam.amazonaws.com"
-    DEFAULT_PATH     = '/'
+    API_VERSION = "2010-05-08"
+    DEFAULT_HOST = "iam.amazonaws.com"
+    DEFAULT_PATH = '/'
     DEFAULT_PROTOCOL = 'https'
-    DEFAULT_PORT     = 443
+    DEFAULT_PORT = 443
 
-    @@bench          = AwsBenchmarkingBlock.new
- def self.bench
+    def self.connection_name
+      :iam_connection
+    end
+
+    @@bench = AwsBenchmarkingBlock.new
+
+    def self.bench
       @@bench
     end
+
     def self.bench_xml
       @@bench.xml
     end
@@ -33,12 +39,12 @@ module Aws
 
 
     def initialize(aws_access_key_id=nil, aws_secret_access_key=nil, params={})
-      init({:name             => 'IAM',
-            :default_host     => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).host : DEFAULT_HOST,
-            :default_port     => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).port : DEFAULT_PORT,
-            :default_service  => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).path : DEFAULT_PATH,
+      init({:name => 'IAM',
+            :default_host => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).host : DEFAULT_HOST,
+            :default_port => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).port : DEFAULT_PORT,
+            :default_service => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).path : DEFAULT_PATH,
             :default_protocol => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).scheme : DEFAULT_PROTOCOL,
-            :api_version      => API_VERSION},
+            :api_version => API_VERSION},
            aws_access_key_id || ENV['AWS_ACCESS_KEY_ID'],
            aws_secret_access_key|| ENV['AWS_SECRET_ACCESS_KEY'],
            params)
@@ -48,19 +54,19 @@ module Aws
       link = generate_request(action, params)
       p link[:request]
       resp = request_info_xml_simple(:iam_connection, @params, link, @logger,
-                                     :group_tags     =>{"LoadBalancersDescriptions"=>"LoadBalancersDescription",
-                                                        "DBParameterGroups"        =>"DBParameterGroup",
-                                                        "DBSecurityGroups"         =>"DBSecurityGroup",
-                                                        "EC2SecurityGroups"        =>"EC2SecurityGroup",
-                                                        "IPRanges"                 =>"IPRange"},
-                                     :force_array    =>["DBInstances",
-                                                        "DBParameterGroups",
-                                                        "DBSecurityGroups",
-                                                        "EC2SecurityGroups",
-                                                        "IPRanges"],
+                                     :group_tags =>{"LoadBalancersDescriptions"=>"LoadBalancersDescription",
+                                                    "DBParameterGroups" =>"DBParameterGroup",
+                                                    "DBSecurityGroups" =>"DBSecurityGroup",
+                                                    "EC2SecurityGroups" =>"EC2SecurityGroup",
+                                                    "IPRanges" =>"IPRange"},
+                                     :force_array =>["DBInstances",
+                                                     "DBParameterGroups",
+                                                     "DBSecurityGroups",
+                                                     "EC2SecurityGroups",
+                                                     "IPRanges"],
                                      :pull_out_array =>options[:pull_out_array],
                                      :pull_out_single=>options[:pull_out_single],
-                                     :wrapper        =>options[:wrapper])
+                                     :wrapper =>options[:wrapper])
     end
 
 
@@ -96,10 +102,10 @@ module Aws
     #    :path => specify a path you want it stored in
     #    :certificate_chain => contents of certificate chain
     def upload_server_certificate(name, public_key, private_key, options={})
-      params                          = {}
+      params = {}
       params['ServerCertificateName'] = name
-      params['PrivateKey']            = private_key
-      params['CertificateBody']       = public_key
+      params['PrivateKey'] = private_key
+      params['CertificateBody'] = public_key
 
       params['CertificateChain'] = options[:certificate_chain] if options[:certificate_chain]
       params['Path'] = options[:path] if options[:path]

data/lib/right_aws.rb

@@ -36,7 +36,7 @@ require 'right_http_connection'
 
 $:.unshift(File.dirname(__FILE__))
 require 'awsbase/benchmark_fix'
-require 'awsbase/support'
+#require 'awsbase/support'
 require 'awsbase/awsbase'
 require 'ec2/ec2'
 require 'ec2/mon_interface'

data/lib/s3/bucket.rb

@@ -85,8 +85,8 @@ module Aws
     #  bucket.enable_logging(:targetbucket=>"mylogbucket", :targetprefix=>"loggylogs/")
     #    => true
     def enable_logging(params)
-      AwsUtils.mandatory_arguments([:targetbucket, :targetprefix], params)
-      AwsUtils.allow_only([:targetbucket, :targetprefix], params)
+      Utils.mandatory_arguments([:targetbucket, :targetprefix], params)
+      Utils.allow_only([:targetbucket, :targetprefix], params)
       xmldoc = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><BucketLoggingStatus xmlns=\"http://doc.s3.amazonaws.com/2006-03-01\"><LoggingEnabled><TargetBucket>#{params[:targetbucket]}</TargetBucket><TargetPrefix>#{params[:targetprefix]}</TargetPrefix></LoggingEnabled></BucketLoggingStatus>"
       @s3.interface.put_logging(:bucket => @name, :xmldoc => xmldoc)
     end
@@ -120,7 +120,6 @@ module Aws
       opt = {}; options.each { |key, value| opt[key.to_s] = value }
       service_data = {}
       service_list = {}
-      thislist     = {}
       list         = []
       @s3.interface.incrementally_list_bucket(@name, opt) do |thislist|
         service_list = thislist
@@ -148,7 +147,7 @@ module Aws
     #  key.head
     #
     def key(key_name, head=false)
-      raise 'Key name can not be empty.' if key_name.blank?
+      raise 'Key name can not be empty.' if Aws::Utils.blank?(key_name)
       key_instance = nil
       # if this key exists - find it ....
       keys({'prefix'=>key_name}, head).each do |key|
@@ -182,9 +181,9 @@ module Aws
     #  key = bucket.get('logs/today/1.log') #=>
     #  puts key.data #=> 'sasfasfasdf'
     #
-    def get(key, headers={})
-      key = S3::Key.create(self, key.to_s) unless key.is_a?(S3::Key)
-      key.get(headers)
+    def get(key,headers={})
+      key = S3::Key.create(self, key.to_s, headers) unless key.is_a?(S3::Key)
+      return key
     end
 
     # Rename object. Returns Aws::S3::Key instance.
@@ -259,7 +258,7 @@ module Aws
     # Return a list of grantees.
     #
     def grantees
-      Grantee::grantees(self)
+      S3::Grantee::grantees(self)
     end
 
   end

data/lib/s3/grantee.rb

@@ -1,238 +1,238 @@
-module Aws
-
-  # There are 2 ways to set permissions for a bucket or key (called a +thing+ below):
-  #
-  # 1 . Use +perms+ param to set 'Canned Access Policies' when calling the <tt>bucket.create</tt>,
-  # <tt>bucket.put</tt> and <tt>key.put</tt> methods.
-  # The +perms+ param can take these values: 'private', 'public-read', 'public-read-write' and
-  # 'authenticated-read'.
-  # (see http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAccessPolicy.html).
-  #
-  #  bucket = s3.bucket('bucket_for_kd_test_13', true, 'public-read')
-  #  key.put('Woohoo!','public-read-write' )
-  #
-  # 2 . Use Grantee instances (the permission is a +String+ or an +Array+ of: 'READ', 'WRITE',
-  # 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'):
-  #
-  #  bucket  = s3.bucket('my_awesome_bucket', true)
-  #  grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL, :apply)
-  #  grantee2 = Aws::S3::Grantee.new(bucket, 'xy3v3...5fhp', [READ, WRITE], :apply)
-  #
-  # There is only one way to get and to remove permission (via Grantee instances):
-  #
-  #  grantees = bucket.grantees # a list of Grantees that have any access for this bucket
-  #  grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c')
-  #  grantee1.perms #=> returns a list of perms for this grantee to that bucket
-  #    ...
-  #  grantee1.drop             # remove all perms for this grantee
-  #  grantee2.revoke('WRITE')  # revoke write access only
-  #
-  class S3::Grantee
-    # A bucket or a key the grantee has an access to.
-    attr_reader :thing
-    # Grantee Amazon id.
-    attr_reader :id
-    # Grantee display name.
-    attr_reader :name
-    # Array of permissions.
-    attr_accessor :perms
-
-    # Retrieve Owner information and a list of Grantee instances that have
-    # a access to this thing (bucket or key).
-    #
-    #  bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
-    #   ...
-    #  Aws::S3::Grantee.owner_and_grantees(bucket) #=> [owner, grantees]
-    #
-    def self.owner_and_grantees(thing)
-      if thing.is_a?(Bucket)
-        bucket, key = thing, ''
-      else
-        bucket, key = thing.bucket, thing
-      end
-      hash     = bucket.s3.interface.get_acl_parse(bucket.to_s, key.to_s)
-      owner    = Owner.new(hash[:owner][:id], hash[:owner][:display_name])
-
-      grantees = []
-      hash[:grantees].each do |id, params|
-        grantees << new(thing, id, params[:permissions], nil, params[:display_name])
-      end
-      [owner, grantees]
-    end
-
-    # Retrieves a list of Grantees instances that have an access to this thing(bucket or key).
-    #
-    #  bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
-    #   ...
-    #  Aws::S3::Grantee.grantees(bucket) #=> grantees
-    #
-    def self.grantees(thing)
-      owner_and_grantees(thing)[1]
-    end
-
-    def self.put_acl(thing, owner, grantees) #:nodoc:
-      if thing.is_a?(Bucket)
-        bucket, key = thing, ''
-      else
-        bucket, key = thing.bucket, thing
-      end
-      body = "<AccessControlPolicy>" +
-          "<Owner>" +
-          "<ID>#{owner.id}</ID>" +
-          "<DisplayName>#{owner.name}</DisplayName>" +
-          "</Owner>" +
-          "<AccessControlList>" +
-          grantees.map { |grantee| grantee.to_xml }.join +
-          "</AccessControlList>" +
-          "</AccessControlPolicy>"
-      bucket.s3.interface.put_acl(bucket.to_s, key.to_s, body)
-    end
-
-    # Create a new Grantee instance.
-    # Grantee +id+ must exist on S3. If +action+ == :refresh, then retrieve
-    # permissions from S3 and update @perms. If +action+ == :apply, then apply
-    # perms to +thing+ at S3. If +action+ == :apply_and_refresh then it performs.
-    # both the actions. This is used for the new grantees that had no perms to
-    # this thing before. The default action is :refresh.
-    #
-    #  bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
-    #  grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL)
-    #    ...
-    #  grantee2 = Aws::S3::Grantee.new(bucket, 'abcde...asdf', [FULL_CONTROL, READ], :apply)
-    #  grantee3 = Aws::S3::Grantee.new(bucket, 'aaaaa...aaaa', 'READ', :apply_and_refresh)
-    #
-    def initialize(thing, id, perms=[], action=:refresh, name=nil)
-      @thing = thing
-      @id    = id
-      @name  = name
-      @perms = perms.to_a
-      case action
-        when :apply then
-          apply
-        when :refresh then
-          refresh
-        when :apply_and_refresh then
-          apply; refresh
-      end
-    end
-
-    # Return +true+ if the grantee has any permissions to the thing.
-    def exists?
-      self.class.grantees(@thing).each do |grantee|
-        return true if @id == grantee.id
-      end
-      false
-    end
-
-    # Return Grantee type (+String+): "Group" or "CanonicalUser".
-    def type
-      @id[/^http:/] ? "Group" : "CanonicalUser"
-    end
-
-    # Return a name or an id.
-    def to_s
-      @name || @id
-    end
-
-    # Add permissions for grantee.
-    # Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'.
-    # See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
-    # Returns +true+.
-    #
-    #  grantee.grant('FULL_CONTROL')                  #=> true
-    #  grantee.grant('FULL_CONTROL','WRITE','READ')   #=> true
-    #  grantee.grant(['WRITE_ACP','READ','READ_ACP']) #=> true
-    #
-    def grant(*permissions)
-      permissions.flatten!
-      old_perms = @perms.dup
-      @perms    += permissions
-      @perms.uniq!
-      return true if @perms == old_perms
-      apply
-    end
-
-    # Revoke permissions for grantee.
-    # Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'
-    # See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
-    # Default value is 'FULL_CONTROL'.
-    # Returns +true+.
-    #
-    #  grantee.revoke('READ')                   #=> true
-    #  grantee.revoke('FULL_CONTROL','WRITE')   #=> true
-    #  grantee.revoke(['READ_ACP','WRITE_ACP']) #=> true
-    #
-    def revoke(*permissions)
-      permissions.flatten!
-      old_perms = @perms.dup
-      @perms    -= permissions
-      @perms.uniq!
-      return true if @perms == old_perms
-      apply
-    end
-
-    # Revoke all permissions for this grantee.
-    # Returns +true+.
-    #
-    #  grantee.drop #=> true
-    #
-    def drop
-      @perms = []
-      apply
-    end
-
-    # Refresh grantee perms for its +thing+.
-    # Returns +true+ if the grantee has perms for this +thing+ or
-    # +false+ otherwise, and updates @perms value as a side-effect.
-    #
-    #  grantee.grant('FULL_CONTROL') #=> true
-    #  grantee.refresh               #=> true
-    #  grantee.drop                  #=> true
-    #  grantee.refresh               #=> false
-    #
-    def refresh
-      @perms = []
-      self.class.grantees(@thing).each do |grantee|
-        if @id == grantee.id
-          @name  = grantee.name
-          @perms = grantee.perms
-          return true
-        end
-      end
-      false
-    end
-
-    # Apply current grantee @perms to +thing+. This method is called internally by the +grant+
-    # and +revoke+ methods. In normal use this method should not
-    # be called directly.
-    #
-    #  grantee.perms = ['FULL_CONTROL']
-    #  grantee.apply #=> true
-    #
-    def apply
-      @perms.uniq!
-      owner, grantees = self.class.owner_and_grantees(@thing)
-      # walk through all the grantees and replace the data for the current one and ...
-      grantees.map! { |grantee| grantee.id == @id ? self : grantee }
-      # ... if this grantee is not known - add this bad boy to a list
-      grantees << self unless grantees.include?(self)
-      # set permissions
-      self.class.put_acl(@thing, owner, grantees)
-    end
-
-    def to_xml # :nodoc:
-      id_str = @id[/^http/] ? "<URI>#{@id}</URI>" : "<ID>#{@id}</ID>"
-      grants = ''
-      @perms.each do |perm|
-        grants << "<Grant>" +
-            "<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " +
-            "xsi:type=\"#{type}\">#{id_str}</Grantee>" +
-            "<Permission>#{perm}</Permission>" +
-            "</Grant>"
-      end
-      grants
-    end
-
-  end
-
-end
+module Aws
+
+  # There are 2 ways to set permissions for a bucket or key (called a +thing+ below):
+  #
+  # 1 . Use +perms+ param to set 'Canned Access Policies' when calling the <tt>bucket.create</tt>,
+  # <tt>bucket.put</tt> and <tt>key.put</tt> methods.
+  # The +perms+ param can take these values: 'private', 'public-read', 'public-read-write' and
+  # 'authenticated-read'.
+  # (see http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAccessPolicy.html).
+  #
+  #  bucket = s3.bucket('bucket_for_kd_test_13', true, 'public-read')
+  #  key.put('Woohoo!','public-read-write' )
+  #
+  # 2 . Use Grantee instances (the permission is a +String+ or an +Array+ of: 'READ', 'WRITE',
+  # 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'):
+  #
+  #  bucket  = s3.bucket('my_awesome_bucket', true)
+  #  grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL, :apply)
+  #  grantee2 = Aws::S3::Grantee.new(bucket, 'xy3v3...5fhp', [READ, WRITE], :apply)
+  #
+  # There is only one way to get and to remove permission (via Grantee instances):
+  #
+  #  grantees = bucket.grantees # a list of Grantees that have any access for this bucket
+  #  grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c')
+  #  grantee1.perms #=> returns a list of perms for this grantee to that bucket
+  #    ...
+  #  grantee1.drop             # remove all perms for this grantee
+  #  grantee2.revoke('WRITE')  # revoke write access only
+  #
+  class S3::Grantee
+    # A bucket or a key the grantee has an access to.
+    attr_reader :thing
+    # Grantee Amazon id.
+    attr_reader :id
+    # Grantee display name.
+    attr_reader :name
+    # Array of permissions.
+    attr_accessor :perms
+
+    # Retrieve Owner information and a list of Grantee instances that have
+    # a access to this thing (bucket or key).
+    #
+    #  bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
+    #   ...
+    #  Aws::S3::Grantee.owner_and_grantees(bucket) #=> [owner, grantees]
+    #
+    def self.owner_and_grantees(thing)
+      if thing.is_a?(S3::Bucket)
+        bucket, key = thing, ''
+      else
+        bucket, key = thing.bucket, thing
+      end
+      hash     = bucket.s3.interface.get_acl_parse(bucket.to_s, key.to_s)
+      owner    = S3::Owner.new(hash[:owner][:id], hash[:owner][:display_name])
+
+      grantees = []
+      hash[:grantees].each do |id, params|
+        grantees << new(thing, id, params[:permissions], nil, params[:display_name])
+      end
+      [owner, grantees]
+    end
+
+    # Retrieves a list of Grantees instances that have an access to this thing(bucket or key).
+    #
+    #  bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
+    #   ...
+    #  Aws::S3::Grantee.grantees(bucket) #=> grantees
+    #
+    def self.grantees(thing)
+      owner_and_grantees(thing)[1]
+    end
+
+    def self.put_acl(thing, owner, grantees) #:nodoc:
+      if thing.is_a?(S3::Bucket)
+        bucket, key = thing, ''
+      else
+        bucket, key = thing.bucket, thing
+      end
+      body = "<AccessControlPolicy>" +
+          "<Owner>" +
+          "<ID>#{owner.id}</ID>" +
+          "<DisplayName>#{owner.name}</DisplayName>" +
+          "</Owner>" +
+          "<AccessControlList>" +
+          grantees.map { |grantee| grantee.to_xml }.join +
+          "</AccessControlList>" +
+          "</AccessControlPolicy>"
+      bucket.s3.interface.put_acl(bucket.to_s, key.to_s, body)
+    end
+
+    # Create a new Grantee instance.
+    # Grantee +id+ must exist on S3. If +action+ == :refresh, then retrieve
+    # permissions from S3 and update @perms. If +action+ == :apply, then apply
+    # perms to +thing+ at S3. If +action+ == :apply_and_refresh then it performs.
+    # both the actions. This is used for the new grantees that had no perms to
+    # this thing before. The default action is :refresh.
+    #
+    #  bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
+    #  grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL)
+    #    ...
+    #  grantee2 = Aws::S3::Grantee.new(bucket, 'abcde...asdf', [FULL_CONTROL, READ], :apply)
+    #  grantee3 = Aws::S3::Grantee.new(bucket, 'aaaaa...aaaa', 'READ', :apply_and_refresh)
+    #
+    def initialize(thing, id, perms=[], action=:refresh, name=nil)
+      @thing = thing
+      @id    = id
+      @name  = name
+      @perms = perms.to_a
+      case action
+        when :apply then
+          apply
+        when :refresh then
+          refresh
+        when :apply_and_refresh then
+          apply; refresh
+      end
+    end
+
+    # Return +true+ if the grantee has any permissions to the thing.
+    def exists?
+      self.class.grantees(@thing).each do |grantee|
+        return true if @id == grantee.id
+      end
+      false
+    end
+
+    # Return Grantee type (+String+): "Group" or "CanonicalUser".
+    def type
+      @id[/^http:/] ? "Group" : "CanonicalUser"
+    end
+
+    # Return a name or an id.
+    def to_s
+      @name || @id
+    end
+
+    # Add permissions for grantee.
+    # Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'.
+    # See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
+    # Returns +true+.
+    #
+    #  grantee.grant('FULL_CONTROL')                  #=> true
+    #  grantee.grant('FULL_CONTROL','WRITE','READ')   #=> true
+    #  grantee.grant(['WRITE_ACP','READ','READ_ACP']) #=> true
+    #
+    def grant(*permissions)
+      permissions.flatten!
+      old_perms = @perms.dup
+      @perms    += permissions
+      @perms.uniq!
+      return true if @perms == old_perms
+      apply
+    end
+
+    # Revoke permissions for grantee.
+    # Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'
+    # See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
+    # Default value is 'FULL_CONTROL'.
+    # Returns +true+.
+    #
+    #  grantee.revoke('READ')                   #=> true
+    #  grantee.revoke('FULL_CONTROL','WRITE')   #=> true
+    #  grantee.revoke(['READ_ACP','WRITE_ACP']) #=> true
+    #
+    def revoke(*permissions)
+      permissions.flatten!
+      old_perms = @perms.dup
+      @perms    -= permissions
+      @perms.uniq!
+      return true if @perms == old_perms
+      apply
+    end
+
+    # Revoke all permissions for this grantee.
+    # Returns +true+.
+    #
+    #  grantee.drop #=> true
+    #
+    def drop
+      @perms = []
+      apply
+    end
+
+    # Refresh grantee perms for its +thing+.
+    # Returns +true+ if the grantee has perms for this +thing+ or
+    # +false+ otherwise, and updates @perms value as a side-effect.
+    #
+    #  grantee.grant('FULL_CONTROL') #=> true
+    #  grantee.refresh               #=> true
+    #  grantee.drop                  #=> true
+    #  grantee.refresh               #=> false
+    #
+    def refresh
+      @perms = []
+      self.class.grantees(@thing).each do |grantee|
+        if @id == grantee.id
+          @name  = grantee.name
+          @perms = grantee.perms
+          return true
+        end
+      end
+      false
+    end
+
+    # Apply current grantee @perms to +thing+. This method is called internally by the +grant+
+    # and +revoke+ methods. In normal use this method should not
+    # be called directly.
+    #
+    #  grantee.perms = ['FULL_CONTROL']
+    #  grantee.apply #=> true
+    #
+    def apply
+      @perms.uniq!
+      owner, grantees = self.class.owner_and_grantees(@thing)
+      # walk through all the grantees and replace the data for the current one and ...
+      grantees.map! { |grantee| grantee.id == @id ? self : grantee }
+      # ... if this grantee is not known - add this bad boy to a list
+      grantees << self unless grantees.include?(self)
+      # set permissions
+      self.class.put_acl(@thing, owner, grantees)
+    end
+
+    def to_xml # :nodoc:
+      id_str = @id[/^http/] ? "<URI>#{@id}</URI>" : "<ID>#{@id}</ID>"
+      grants = ''
+      @perms.each do |perm|
+        grants << "<Grant>" +
+            "<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " +
+            "xsi:type=\"#{type}\">#{id_str}</Grantee>" +
+            "<Permission>#{perm}</Permission>" +
+            "</Grant>"
+      end
+      grants
+    end
+
+  end
+
+end