class S3Secure::Policy::Document::ForceSSLOnlyAccess

Public Instance Methods

full_policy_document() click to toggle source
# File lib/s3_secure/policy/document/force_ssl_only_access.rb, line 17
def full_policy_document
  {"Version"=>"2012-10-17",
   "Statement"=>[ssl_enforce_statement]}
end
policy_document() click to toggle source
# File lib/s3_secure/policy/document/force_ssl_only_access.rb, line 3
def policy_document
  if @bucket_policy.blank?
    full_policy_document
  else
    updated_policy_document
  end
end
ssl_enforce_statement() click to toggle source
# File lib/s3_secure/policy/document/force_ssl_only_access.rb, line 22
def ssl_enforce_statement
  {
    "Sid"=>"ForceSSLOnlyAccess",
    "Effect"=>"Deny",
    "Principal"=>"*",
    "Action"=>"s3:GetObject",
    "Resource"=>"arn:aws:s3:::#{@bucket}/*",
    "Condition"=>{"Bool"=>{"aws:SecureTransport"=>"false"}}
  }
end
updated_policy_document() click to toggle source
# File lib/s3_secure/policy/document/force_ssl_only_access.rb, line 11
def updated_policy_document
  policy = JSON.load(@bucket_policy)
  policy["Statement"] << ssl_enforce_statement unless checker.has?("ForceSSLOnlyAccess")
  policy
end