Class: Aws::S3::BucketPolicy

Inherits:
Object
  • Object
show all
Defined in:
gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb

Defined Under Namespace

Classes: Collection

Read-Only Attributes collapse

Actions collapse

Associations collapse

Instance Method Summary collapse

Constructor Details

#initialize(bucket_name, options = {}) ⇒ BucketPolicy #initialize(options = {}) ⇒ BucketPolicy

Returns a new instance of BucketPolicy.

Overloads:

  • #initialize(bucket_name, options = {}) ⇒ BucketPolicy

    Parameters:

    • bucket_name (String)

    Options Hash (options):

  • #initialize(options = {}) ⇒ BucketPolicy

    Options Hash (options):

    • :bucket_name (required, String)
    • :client (Client) 


22
23
24
25
26
27
28
 
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb', line 22

def initialize(*args)
  options = Hash === args.last ? args.pop.dup : {}
  @bucket_name = extract_bucket_name(args, options)
  @data = options.delete(:data)
  @client = options.delete(:client) || Client.new(options)
  @waiter_block_warned = false
end

Instance Method Details

#bucketBucket

Returns:



296
297
298
299
300
301
 
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb', line 296

def bucket
  Bucket.new(
    name: @bucket_name,
    client: @client
  )
end

#bucket_nameString

Returns:

  • (String) 


33
34
35
 
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb', line 33

def bucket_name
  @bucket_name
end

#clientClient

Returns:



46
47
48
 
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb', line 46

def client
  @client
end

#dataTypes::GetBucketPolicyOutput

Returns the data for this Aws::S3::BucketPolicy. Calls Client#get_bucket_policy if #data_loaded? is false.

Returns:



68
69
70
71
 
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb', line 68

def data
  load unless @data
  @data
end

#data_loaded?Boolean

Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

Returns:

  • (Boolean)

    Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.



76
77
78
 
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb', line 76

def data_loaded?
  !!@data
end

#delete(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


bucket_policy.delete({
  expected_bucket_owner: "AccountId",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :expected_bucket_owner (String)

    The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied).

    For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code 501 Not Implemented.

Returns:

  • (EmptyStructure) 


198
199
200
201
202
203
204
 
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb', line 198

def delete(options = {})
  options = options.merge(bucket: @bucket_name)
  resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    @client.delete_bucket_policy(options)
  end
  resp.data
end

#loadself Also known as: reload

Loads, or reloads #data for the current Aws::S3::BucketPolicy. Returns self making it possible to chain methods.

bucket_policy.reload.data

Returns:

  • (self) 


56
57
58
59
60
61
62
 
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb', line 56

def load
  resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    @client.get_bucket_policy(bucket: @bucket_name)
  end
  @data = resp.data
  self
end

#policyIO

The bucket policy as a JSON document.

Returns:

  • (IO) 


39
40
41
 
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb', line 39

def policy
  data[:policy]
end

#put(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


bucket_policy.put({
  content_md5: "ContentMD5",
  checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
  confirm_remove_self_bucket_access: false,
  policy: "Policy", # required
  expected_bucket_owner: "AccountId",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :content_md5 (String)

    The MD5 hash of the request body.

    For requests made using the Amazon Web Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

    This functionality is not supported for directory buckets.

  • :checksum_algorithm (String)

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request.

    For the x-amz-checksum-algorithm header, replace algorithm with the supported algorithm from the following list:

    • CRC32

    • CRC32C

    • SHA1

    • SHA256

    For more information, see Checking object integrity in the Amazon S3 User Guide.

    If the individual checksum value you provide through x-amz-checksum-algorithm doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum algorithm that matches the provided value in x-amz-checksum-algorithm.

    For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the default checksum algorithm that's used for performance.

  • :confirm_remove_self_bucket_access (Boolean)

    Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.

    This functionality is not supported for directory buckets.

  • :policy (required, String)

    The bucket policy as a JSON document.

    For directory buckets, the only IAM action supported in the bucket policy is s3express:CreateSession.

  • :expected_bucket_owner (String)

    The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied).

    For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code 501 Not Implemented.

Returns:

  • (EmptyStructure) 


285
286
287
288
289
290
291
 
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb', line 285

def put(options = {})
  options = options.merge(bucket: @bucket_name)
  resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    @client.put_bucket_policy(options)
  end
  resp.data
end

#wait_until(options = {}) {|resource| ... } ⇒ Resource

Deprecated.

Use [Aws::S3::Client] #wait_until instead

Note:

The waiting operation is performed on a copy. The original resource remains unchanged.

Waiter polls an API operation until a resource enters a desired state.

Basic Usage

Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.

# polls in a loop until condition is true
resource.wait_until(options) {|resource| condition}

Example

instance.wait_until(max_attempts:10, delay:5) do |instance|
  instance.state.name == 'running'
end

Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to #wait_until:

# poll for ~25 seconds
resource.wait_until(max_attempts:5,delay:5) {|resource|...}

Callbacks

You can be notified before each polling attempt and before each delay. If you throw :success or :failure from these callbacks, it will terminate the waiter.

started_at = Time.now
# poll for 1 hour, instead of a number of attempts
proc = Proc.new do |attempts, response|
  throw :failure if Time.now - started_at > 3600
end

  # disable max attempts
instance.wait_until(before_wait:proc, max_attempts:nil) {...}

Handling Errors

When a waiter is successful, it returns the Resource. When a waiter fails, it raises an error.

begin
  resource.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

attempts attempt in seconds invoked before each attempt invoked before each wait

Parameters:

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :max_attempts (Integer) — default: 10

    Maximum number of

  • :delay (Integer) — default: 10

    Delay between each

  • :before_attempt (Proc) — default: nil

    Callback

  • :before_wait (Proc) — default: nil

    Callback

Yield Parameters:

  • resource (Resource)

    to be used in the waiting condition.

Returns:

  • (Resource)

    if the waiter was successful

Raises:

  • (Aws::Waiters::Errors::FailureStateError)

    Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

    yet successful.

  • (Aws::Waiters::Errors::UnexpectedError)

    Raised when an error is encountered while polling for a resource that is not expected.

  • (NotImplementedError)

    Raised when the resource does not



160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
 
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/bucket_policy.rb', line 160

def wait_until(options = {}, &block)
  self_copy = self.dup
  attempts = 0
  options[:max_attempts] = 10 unless options.key?(:max_attempts)
  options[:delay] ||= 10
  options[:poller] = Proc.new do
    attempts += 1
    if block.call(self_copy)
      [:success, self_copy]
    else
      self_copy.reload unless attempts == options[:max_attempts]
      :retry
    end
  end
  Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    Aws::Waiters::Waiter.new(options).wait({})
  end
end