class S3Secure::Policy::Document::ForceSSLOnlyAccessRemove

Public Class Methods

new(bucket, bucket_policy) click to toggle source
# File lib/s3_secure/policy/document/force_ssl_only_access_remove.rb, line 3
def initialize(bucket, bucket_policy)
  # @bucket_policy is existing document policy
  @bucket, @bucket_policy = bucket, bucket_policy
end

Public Instance Methods

policy_document() click to toggle source
# File lib/s3_secure/policy/document/force_ssl_only_access_remove.rb, line 8
def policy_document
  return nil if @bucket_policy.blank?

  updated_policy_document
end
updated_policy_document() click to toggle source
# File lib/s3_secure/policy/document/force_ssl_only_access_remove.rb, line 14
def updated_policy_document
  policy = JSON.load(@bucket_policy)

  statements = policy["Statement"]
  has_force_ssl = !!statements.detect { |s| s["Sid"] == "ForceSSLOnlyAccess" }
  unless has_force_ssl
    raise "Bucket policy does not have ForceSSLOnlyAccess"
  end

  if statements.size == 1
    return nil # to signal for the entire bucket policy to be deleted
  else
    statements.delete_if { |s| s["Sid"] == "ForceSSLOnlyAccess" }
    policy["Statement"] = statements
  end

  policy
end