Class | AWS::Core::Policy::ConditionBlock |
In: |
lib/aws/core/policy.rb
|
Parent: | Object |
Represents the condition block of a policy. In JSON, condition blocks look like this:
{ "StringLike": { "s3:prefix": ["photos/*", "photos.html"] } }
ConditionBlock lets you specify conditions like the above example using the add method, for example:
conditions.add(:like, :s3_prefix, "photos/*", "photos.html")
See the add method documentation for more details about how to specify keys and operators.
This class also provides a convenient way to query a condition block to see what operators, keys, and values it has. For example, consider the following condition block (in JSON):
{ "StringEquals": { "s3:prefix": "photos/index.html" }, "DateEquals": { "aws:CurrentTime": ["2010-10-12", "2011-01-02"] }, "NumericEquals": { "s3:max-keys": 10 } }
You can get access to the condition data using #[], keys, operators, and values — for example:
conditions["DateEquals"]["aws:CurrentTime"].values # => ["2010-10-12", "2011-01-02"]
You can also perform more sophisticated queries, like this one:
conditions[:is].each do |equality_conditions| equality_conditions.keys.each do |key| puts("#{key} may be any of: " + equality_conditions[key].values.join(" ") end end
This would print the following lines:
s3:prefix may be any of: photos/index.html aws:CurrentTime may be any of: 2010-10-12 2011-01-02 s3:max-keys may be any of: 10
MODIFIERS | = | { /_ignoring_case$/ => "IgnoreCase", /_equals$/ => "Equals" | @private |
Filters the conditions described in the block, returning a new ConditionBlock that contains only the matching conditions. Each argument is matched against either the keys or the operators in the block, and you can specify the key or operator in any way that‘s valid for the add method. Some examples:
# all conditions using the StringLike operator conditions["StringLike"] # all conditions using StringEquals, DateEquals, NumericEquals, or Bool conditions[:is] # all conditions on the s3:prefix key conditions["s3:prefix"] # all conditions on the aws:CurrentTime key conditions[:current_time]
Multiple conditions are ANDed together, so the following are equivalent:
conditions[:s3_prefix][:is] conditions[:is][:s3_prefix] conditions[:s3_prefix, :is]
@see add @return [ConditionBlock] A new set of conditions filtered by the
given conditions.
Adds a condition to the block. This method defines a convenient set of abbreviations for operators based on the type of value passed in. For example:
conditions.add(:is, :secure_transport, true)
Maps to:
{ "Bool": { "aws:SecureTransport": true } }
While:
conditions.add(:is, :s3_prefix, "photos/")
Maps to:
{ "StringEquals": { "s3:prefix": "photos/" } }
The following list shows which operators are accepted as symbols and how they are represented in the JSON policy:
@param [Symbol or String] operator The operator used to
compare the key with the value. See above for valid values and their interpretations.
@param [Symbol or String] key The key to compare. Symbol
keys are inflected to match AWS conventions. By default, the key is assumed to be in the "aws" namespace, but if you prefix the symbol name with "s3_" it will be sent in the "s3" namespace. For example, +:s3_prefix+ is sent as "s3:prefix" while +:secure_transport+ is sent as "aws:SecureTransport". See http://docs.amazonwebservices.com/AmazonS3/latest/dev/UsingResOpsConditions.html for a list of the available keys for each action in S3.
@param value The value to compare against.
This can be: * a String * a number * a Date, DateTime, or Time * a boolean value This method does not attempt to validate that the values are valid for the operators or keys they are used with.
Returns all values used in the block. Note that the values may not all be from the same condition; for example:
conditions.add(:like, :user_agent, "mozilla", "explorer") conditions.add(:lt, :s3_max_keys, 12) conditions.values # => ["mozilla", "explorer", 12]
@return [Array] Returns an array of values used in this condition block.