Class: Aws::IAM::Policy
- Inherits:
-
Object
- Object
- Aws::IAM::Policy
- Defined in:
- gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb
Defined Under Namespace
Classes: Collection
Read-Only Attributes collapse
-
#arn ⇒ String
-
#attachment_count ⇒ Integer
The number of entities (users, groups, and roles) that the policy is attached to.
-
#create_date ⇒ Time
The date and time, in [ISO 8601 date-time format][1], when the policy was created.
-
#default_version_id ⇒ String
The identifier for the version of the policy that is set as the default version.
-
#description ⇒ String
A friendly description of the policy.
-
#is_attachable ⇒ Boolean
Specifies whether the policy can be attached to an IAM user, group, or role.
-
#path ⇒ String
The path to the policy.
-
#permissions_boundary_usage_count ⇒ Integer
The number of entities (users and roles) for which the policy is used to set the permissions boundary.
-
#policy_id ⇒ String
The stable and unique string identifying the policy.
-
#policy_name ⇒ String
The friendly name (not ARN) identifying the policy.
-
#tags ⇒ Array<Types::Tag>
A list of tags that are attached to the instance profile.
-
#update_date ⇒ Time
The date and time, in [ISO 8601 date-time format][1], when the policy was last updated.
Actions collapse
-
#attach_group(options = {}) ⇒ EmptyStructure
-
#attach_role(options = {}) ⇒ EmptyStructure
-
#attach_user(options = {}) ⇒ EmptyStructure
-
#create_version(options = {}) ⇒ PolicyVersion
-
#delete(options = {}) ⇒ EmptyStructure
-
#detach_group(options = {}) ⇒ EmptyStructure
-
#detach_role(options = {}) ⇒ EmptyStructure
-
#detach_user(options = {}) ⇒ EmptyStructure
Associations collapse
-
#attached_groups(options = {}) ⇒ Group::Collection
-
#attached_roles(options = {}) ⇒ Role::Collection
-
#attached_users(options = {}) ⇒ User::Collection
-
#default_version ⇒ PolicyVersion?
-
#versions(options = {}) ⇒ PolicyVersion::Collection
Instance Method Summary collapse
-
#client ⇒ Client
-
#data ⇒ Types::Policy
Returns the data for this Policy.
-
#data_loaded? ⇒ Boolean
Returns
true
if this resource is loaded. -
#initialize(*args) ⇒ Policy
constructor
A new instance of Policy.
- #load ⇒ self (also: #reload)
-
#wait_until(options = {}) {|resource| ... } ⇒ Resource
deprecated
Deprecated.
Use [Aws::IAM::Client] #wait_until instead
Constructor Details
#initialize(arn, options = {}) ⇒ Policy #initialize(options = {}) ⇒ Policy
Returns a new instance of Policy.
22 23 24 25 26 27 28 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 22 def initialize(*args) = Hash === args.last ? args.pop.dup : {} @arn = extract_arn(args, ) @data = .delete(:data) @client = .delete(:client) || Client.new() @waiter_block_warned = false end |
Instance Method Details
#arn ⇒ String
33 34 35 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 33 def arn @arn end |
#attach_group(options = {}) ⇒ EmptyStructure
305 306 307 308 309 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 305 def attach_group( = {}) = .merge(policy_arn: @arn) resp = @client.attach_group_policy() resp.data end |
#attach_role(options = {}) ⇒ EmptyStructure
329 330 331 332 333 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 329 def attach_role( = {}) = .merge(policy_arn: @arn) resp = @client.attach_role_policy() resp.data end |
#attach_user(options = {}) ⇒ EmptyStructure
354 355 356 357 358 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 354 def attach_user( = {}) = .merge(policy_arn: @arn) resp = @client.attach_user_policy() resp.data end |
#attached_groups(options = {}) ⇒ Group::Collection
543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 543 def attached_groups( = {}) batches = Enumerator.new do |y| = .merge( policy_arn: @arn, entity_filter: "Group" ) resp = @client.list_entities_for_policy() resp.each_page do |page| batch = [] page.data.policy_groups.each do |p| batch << Group.new( name: p.group_name, data: p, client: @client ) end y.yield(batch) end end Group::Collection.new(batches) end |
#attached_roles(options = {}) ⇒ Role::Collection
598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 598 def attached_roles( = {}) batches = Enumerator.new do |y| = .merge( policy_arn: @arn, entity_filter: "Role" ) resp = @client.list_entities_for_policy() resp.each_page do |page| batch = [] page.data.policy_roles.each do |p| batch << Role.new( name: p.role_name, data: p, client: @client ) end y.yield(batch) end end Role::Collection.new(batches) end |
#attached_users(options = {}) ⇒ User::Collection
653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 653 def attached_users( = {}) batches = Enumerator.new do |y| = .merge( policy_arn: @arn, entity_filter: "User" ) resp = @client.list_entities_for_policy() resp.each_page do |page| batch = [] page.data.policy_users.each do |p| batch << User.new( name: p.user_name, data: p, client: @client ) end y.yield(batch) end end User::Collection.new(batches) end |
#attachment_count ⇒ Integer
The number of entities (users, groups, and roles) that the policy is attached to.
79 80 81 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 79 def data[:attachment_count] end |
#client ⇒ Client
155 156 157 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 155 def client @client end |
#create_date ⇒ Time
The date and time, in ISO 8601 date-time format, when the policy was created.
120 121 122 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 120 def create_date data[:create_date] end |
#create_version(options = {}) ⇒ PolicyVersion
412 413 414 415 416 417 418 419 420 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 412 def create_version( = {}) = .merge(policy_arn: @arn) resp = @client.create_policy_version() PolicyVersion.new( arn: @arn, version_id: resp.data.policy_version.version_id, client: @client ) end |
#data ⇒ Types::Policy
Returns the data for this Aws::IAM::Policy. Calls
Client#get_policy if #data_loaded? is false
.
175 176 177 178 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 175 def data load unless @data @data end |
#data_loaded? ⇒ Boolean
183 184 185 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 183 def data_loaded? !!@data end |
#default_version ⇒ PolicyVersion?
676 677 678 679 680 681 682 683 684 685 686 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 676 def default_version if data[:default_version_id] PolicyVersion.new( arn: @arn, version_id: data[:default_version_id], client: @client ) else nil end end |
#default_version_id ⇒ String
The identifier for the version of the policy that is set as the default version.
72 73 74 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 72 def default_version_id data[:default_version_id] end |
#delete(options = {}) ⇒ EmptyStructure
427 428 429 430 431 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 427 def delete( = {}) = .merge(policy_arn: @arn) resp = @client.delete_policy() resp.data end |
#description ⇒ String
A friendly description of the policy.
This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
109 110 111 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 109 def description data[:description] end |
#detach_group(options = {}) ⇒ EmptyStructure
452 453 454 455 456 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 452 def detach_group( = {}) = .merge(policy_arn: @arn) resp = @client.detach_group_policy() resp.data end |
#detach_role(options = {}) ⇒ EmptyStructure
477 478 479 480 481 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 477 def detach_role( = {}) = .merge(policy_arn: @arn) resp = @client.detach_role_policy() resp.data end |
#detach_user(options = {}) ⇒ EmptyStructure
502 503 504 505 506 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 502 def detach_user( = {}) = .merge(policy_arn: @arn) resp = @client.detach_user_policy() resp.data end |
#is_attachable ⇒ Boolean
Specifies whether the policy can be attached to an IAM user, group, or role.
100 101 102 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 100 def is_attachable data[:is_attachable] end |
#load ⇒ self Also known as: reload
Loads, or reloads #data for the current Aws::IAM::Policy.
Returns self
making it possible to chain methods.
policy.reload.data
165 166 167 168 169 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 165 def load resp = @client.get_policy(policy_arn: @arn) @data = resp.policy self end |
#path ⇒ String
The path to the policy.
For more information about paths, see IAM identifiers in the IAM User Guide.
65 66 67 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 65 def path data[:path] end |
#permissions_boundary_usage_count ⇒ Integer
The number of entities (users and roles) for which the policy is used to set the permissions boundary.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
93 94 95 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 93 def data[:permissions_boundary_usage_count] end |
#policy_id ⇒ String
The stable and unique string identifying the policy.
For more information about IDs, see IAM identifiers in the IAM User Guide.
52 53 54 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 52 def policy_id data[:policy_id] end |
#policy_name ⇒ String
The friendly name (not ARN) identifying the policy.
39 40 41 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 39 def policy_name data[:policy_name] end |
#tags ⇒ Array<Types::Tag>
A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
148 149 150 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 148 def data[:tags] end |
#update_date ⇒ Time
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
136 137 138 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 136 def update_date data[:update_date] end |
#versions(options = {}) ⇒ PolicyVersion::Collection
693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 693 def versions( = {}) batches = Enumerator.new do |y| = .merge(policy_arn: @arn) resp = @client.list_policy_versions() resp.each_page do |page| batch = [] page.data.versions.each do |v| batch << PolicyVersion.new( arn: @arn, version_id: v.version_id, data: v, client: @client ) end y.yield(batch) end end PolicyVersion::Collection.new(batches) end |
#wait_until(options = {}) {|resource| ... } ⇒ Resource
Use [Aws::IAM::Client] #wait_until instead
The waiting operation is performed on a copy. The original resource remains unchanged.
Waiter polls an API operation until a resource enters a desired state.
Basic Usage
Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.
# polls in a loop until condition is true
resource.wait_until() {|resource| condition}
Example
instance.wait_until(max_attempts:10, delay:5) do |instance|
instance.state.name == 'running'
end
Configuration
You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to #wait_until:
# poll for ~25 seconds
resource.wait_until(max_attempts:5,delay:5) {|resource|...}
Callbacks
You can be notified before each polling attempt and before each
delay. If you throw :success
or :failure
from these callbacks,
it will terminate the waiter.
started_at = Time.now
# poll for 1 hour, instead of a number of attempts
proc = Proc.new do |attempts, response|
throw :failure if Time.now - started_at > 3600
end
# disable max attempts
instance.wait_until(before_wait:proc, max_attempts:nil) {...}
Handling Errors
When a waiter is successful, it returns the Resource. When a waiter fails, it raises an error.
begin
resource.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
# resource did not enter the desired state in time
end
attempts attempt in seconds invoked before each attempt invoked before each wait
267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 |
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 267 def wait_until( = {}, &block) self_copy = self.dup attempts = 0 [:max_attempts] = 10 unless .key?(:max_attempts) [:delay] ||= 10 [:poller] = Proc.new do attempts += 1 if block.call(self_copy) [:success, self_copy] else self_copy.reload unless attempts == [:max_attempts] :retry end end Aws::Waiters::Waiter.new().wait({}) end |