class Statement

Attributes

actions[RW]
condition[RW]
effect[RW]
not_actions[RW]
not_principal[RW]
not_resources[RW]
principal[RW]
resources[RW]
sid[RW]

Public Class Methods

new() click to toggle source
# File lib/cfn-model/model/statement.rb, line 12
def initialize
  @actions = []
  @not_actions = []
  @resources = []
  @not_resources = []
end

Public Instance Methods

==(another_statement) click to toggle source
# File lib/cfn-model/model/statement.rb, line 50
def ==(another_statement)
  @effect == another_statement.effect &&
    @actions == another_statement.actions &&
    @not_actions == another_statement.not_actions &&
    @resources == another_statement.resources &&
    @not_resources == another_statement.not_resources &&
    @principal == another_statement.principal &&
    @not_principal == another_statement.not_principal &&
    @condition == another_statement.condition
end
allows_action?(action, wildcard=true) click to toggle source

allows_action?

Checks if policy document allows the given action

arg action (str): Action string to check
arg wildcard (bool): Whether to apply 'wildcard_patterns' to action

return: boolean
# File lib/cfn-model/model/statement.rb, line 38
def allows_action?(action, wildcard=true)
  if wildcard
    patterns = wildcard_patterns(action.split(':')[1]).map! { |x| action.split(':')[0] + ':' + x } + ['*']
  else
    patterns = [action]
  end

  matching_actions = @actions.select { |statement_action| patterns.include? statement_action }

  !matching_actions.empty? && @effect == 'Allow'
end
wildcard_actions() click to toggle source
# File lib/cfn-model/model/statement.rb, line 19
def wildcard_actions
  @actions.select { |action| action.to_s == '*' || action.to_s =~ /^.+:\*$/ }
end
wildcard_principal?() click to toggle source
# File lib/cfn-model/model/statement.rb, line 23
def wildcard_principal?
  Principal.wildcard? @principal
end
wildcard_resources() click to toggle source
# File lib/cfn-model/model/statement.rb, line 27
def wildcard_resources
  @resources.select { |resource| resource.to_s == '*' }
end