Class: S3Secure::Policy::Unforce

Inherits:
Base show all
Defined in:
lib/s3_secure/policy/unforce.rb

Instance Method Summary collapse

Methods inherited from CLI::Base

#buckets

Methods included from CLI::Say

#say

Methods included from AwsServices

#sts

Methods included from AwsServices::S3

#check_bucket!, #new_s3_regional_client, #region, #region_map, #s3, #s3_client, #s3_regional_client

Constructor Details

#initialize(options = {}) ⇒ Unforce

Returns a new instance of Unforce.



3
4
5
6
 
# File 'lib/s3_secure/policy/unforce.rb', line 3

def initialize(options={})
  super
  @sid = options[:sid]
end

Instance Method Details

#runObject 



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/s3_secure/policy/unforce.rb', line 8

def run
  show = S3Secure::Policy::Show.new(@options)

  bucket_policy = show.policy
  document = Document.new(@bucket, bucket_policy, remove: true)
  if document.has?(@sid)
    # Set encryption rules
    # Ruby docs: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#put_bucket_policy-instance_method
    # API docs: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ServerSideEncryptionByDefault.html
    #
    #    put_bucket_policy returns #<struct Aws::EmptyStructure>
    #
    policy_document = document.policy_document(@sid)

    if policy_document
      s3.put_bucket_policy(
        bucket: @bucket,
        policy: policy_document,
      )
    else
      s3.delete_bucket_policy(bucket: @bucket)
    end

    say "Remove bucket policy statement from bucket #{@bucket}:"
    say policy_document if policy_document
  else
    say "Bucket policy for #{@bucket} does not have ForceSSLOnlyAccess policy statement. Nothing to be done."
  end
end