Class: AWSCDK::IAM::CanonicalUserPrincipal
- Inherits:
-
PrincipalBase
- Object
- PrincipalBase
- AWSCDK::IAM::CanonicalUserPrincipal
- Defined in:
- iam/canonical_user_principal.rb
Overview
A policy principal for canonicalUserIds - useful for S3 bucket policies that use Origin Access identities.
See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
and
for more details.
Class Method Summary collapse
Instance Method Summary collapse
-
#add_to_assume_role_policy(document) ⇒ void
Add the principal to the AssumeRolePolicyDocument.
-
#add_to_policy(statement) ⇒ Boolean
Add to the policy of this principal.
-
#add_to_principal_policy(_statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Add to the policy of this principal.
-
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
-
#canonical_user_id ⇒ String
unique identifier assigned by AWS for every account.
-
#dedupe_string ⇒ String?
Return whether or not this principal is equal to the given principal.
-
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
-
#initialize(canonical_user_id) ⇒ CanonicalUserPrincipal
constructor
A new instance of CanonicalUserPrincipal.
-
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
-
#principal_account ⇒ String?
The AWS account ID of this principal.
-
#to_json ⇒ Hash{String => Array<String>}
JSON-ify the principal.
-
#to_string ⇒ String
Returns a string representation of an object.
-
#with_conditions(conditions) ⇒ AWSCDK::IAM::PrincipalBase
Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
-
#with_session_tags ⇒ AWSCDK::IAM::PrincipalBase
Returns a new principal using this principal as the base, with session tags enabled.
Constructor Details
#initialize(canonical_user_id) ⇒ CanonicalUserPrincipal
Returns a new instance of CanonicalUserPrincipal.
17 18 19 20 |
# File 'iam/canonical_user_principal.rb', line 17 def initialize(canonical_user_id) Jsii::Type.check_type(canonical_user_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "canonicalUserId") Jsii::Object.instance_method(:initialize).bind(self).call(canonical_user_id) end |
Class Method Details
.jsii_overridable_methods ⇒ Object
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'iam/canonical_user_principal.rb', line 22 def self.jsii_overridable_methods { :assume_role_action => { kind: :property, name: "assumeRoleAction", is_optional: false }, :grant_principal => { kind: :property, name: "grantPrincipal", is_optional: false }, :policy_fragment => { kind: :property, name: "policyFragment", is_optional: false }, :principal_account => { kind: :property, name: "principalAccount", is_optional: true }, :canonical_user_id => { kind: :property, name: "canonicalUserId", is_optional: false }, :add_to_assume_role_policy => { kind: :method, name: "addToAssumeRolePolicy", is_optional: false }, :add_to_policy => { kind: :method, name: "addToPolicy", is_optional: false }, :add_to_principal_policy => { kind: :method, name: "addToPrincipalPolicy", is_optional: false }, :dedupe_string => { kind: :method, name: "dedupeString", is_optional: false }, :to_json => { kind: :method, name: "toJSON", is_optional: false }, :to_string => { kind: :method, name: "toString", is_optional: false }, :with_conditions => { kind: :method, name: "withConditions", is_optional: false }, :with_session_tags => { kind: :method, name: "withSessionTags", is_optional: false }, } end |
Instance Method Details
#add_to_assume_role_policy(document) ⇒ void
This method returns an undefined value.
Add the principal to the AssumeRolePolicyDocument.
Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.
90 91 92 93 |
# File 'iam/canonical_user_principal.rb', line 90 def add_to_assume_role_policy(document) Jsii::Type.check_type(document, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeURvY3VtZW50In0=")), "document") jsii_call_method("addToAssumeRolePolicy", [document]) end |
#add_to_policy(statement) ⇒ Boolean
Add to the policy of this principal.
99 100 101 102 |
# File 'iam/canonical_user_principal.rb', line 99 def add_to_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToPolicy", [statement]) end |
#add_to_principal_policy(_statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Add to the policy of this principal.
108 109 110 111 |
# File 'iam/canonical_user_principal.rb', line 108 def add_to_principal_policy(_statement) Jsii::Type.check_type(_statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "_statement") jsii_call_method("addToPrincipalPolicy", [_statement]) end |
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
43 44 45 |
# File 'iam/canonical_user_principal.rb', line 43 def assume_role_action() jsii_get_property("assumeRoleAction") end |
#canonical_user_id ⇒ String
unique identifier assigned by AWS for every account.
root user and IAM users for an account all see the same ID. (i.e. 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be)
79 80 81 |
# File 'iam/canonical_user_principal.rb', line 79 def canonical_user_id() jsii_get_property("canonicalUserId") end |
#dedupe_string ⇒ String?
Return whether or not this principal is equal to the given principal.
116 117 118 |
# File 'iam/canonical_user_principal.rb', line 116 def dedupe_string() jsii_call_method("dedupeString", []) end |
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
50 51 52 |
# File 'iam/canonical_user_principal.rb', line 50 def grant_principal() jsii_get_property("grantPrincipal") end |
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
57 58 59 |
# File 'iam/canonical_user_principal.rb', line 57 def policy_fragment() jsii_get_property("policyFragment") end |
#principal_account ⇒ String?
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
69 70 71 |
# File 'iam/canonical_user_principal.rb', line 69 def principal_account() jsii_get_property("principalAccount") end |
#to_json ⇒ Hash{String => Array<String>}
JSON-ify the principal.
Used when JSON.stringify() is called
125 126 127 |
# File 'iam/canonical_user_principal.rb', line 125 def to_json() jsii_call_method("toJSON", []) end |
#to_string ⇒ String
Returns a string representation of an object.
132 133 134 |
# File 'iam/canonical_user_principal.rb', line 132 def to_string() jsii_call_method("toString", []) end |
#with_conditions(conditions) ⇒ AWSCDK::IAM::PrincipalBase
Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.
143 144 145 146 |
# File 'iam/canonical_user_principal.rb', line 143 def with_conditions(conditions) Jsii::Type.check_type(conditions, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6ImFueSJ9LCJraW5kIjoibWFwIn19")), "conditions") jsii_call_method("withConditions", [conditions]) end |
#with_session_tags ⇒ AWSCDK::IAM::PrincipalBase
Returns a new principal using this principal as the base, with session tags enabled.
151 152 153 |
# File 'iam/canonical_user_principal.rb', line 151 def () jsii_call_method("withSessionTags", []) end |